DOJ seizes domains used in spoofing and storing data of more than a million victims

The domains were used to create over 40,000 spoofing websites, and the infrastructure stored a large amount of victims’ personal data and credit cards.

Four domains that were used to create over 40,000 spoofing websites have been seized by the Department of Justice. Over one million user credentials were found, and close to 500,000 compromised credit cards.

According to court documents, the operation was part of an investigation of a spoofing service operating through the domain that resolves to a Russian internet infrastructure company. The operation was carried out in collaboration with multiple foreign law enforcement agencies, and enabled the arrest of dozens of administrators and customers of the illicit spoofing service.

“Together with our international partners, the Justice Department has disrupted another cybercrime scheme originating from Russia that enabled criminals to steal from over a million victims in the United States and around the world,” said Attorney General Merrick B Garland.

“I am grateful to the US Attorney’s Office for the Western District of Pennsylvania, the FBI, and our partners at the Secret Service for their work on this case, and to our foreign law enforcement partners whose efforts have led to the arrests of dozens of LabHost administrators and users.”

Fake Amazon, Netflix, and Wells Fargo

With LabHost’s services, customers could create and manage spoofed websites that looked like the real websites of businesses such as Amazon, Netflix, Wells Fargo, Bank of America, and Chase Bank.

Victims using the sites were then lured into disclosing personal information such as:

  • date of birth;
  • email address;
  • password;
  • address; and
  • credit card information.

With the stolen credentials, LabHost’s customers were the able to make unauthorized financial transactions. In total, the seized domains were found being used to commit violations of federal criminal law, including access device fraud, computer fraud, wire fraud, identity theft, and money laundering.

“Seizing LabHost and arresting those involved will have a systemic impact on transnational cybercrime.”

Special Agent in Charge Timothy P Burke of the US Secret Service

“The theft of personal information – and the financial ruin that often follows – should never be just another cost of using the internet for ordinary citizens,” said US Attorney Eric G Olshan for the Western District of Pennsylvania. “Today’s domain seizures show that cybercriminals’ greed will not go unchecked – no matter their sophistication and geographic reach. We will continue to work with our domestic and foreign law enforcement partners, using all available tools, to protect the global public.”

The effect of the domain seizures was to shut down the LabHost platform, and the administrators and customers of LabHost face criminal charges in more than a dozen foreign countries.

“Seizing LabHost and arresting those involved will have a systemic impact on transnational cybercrime,” added Special Agent in Charge Timothy P Burke of the US Secret Service Pittsburgh Field Office.

Besides the authorities in the US, this investigation was a collaboration with multiple law enforcement authorities in Australia, Austria, Belgium, Canada, Czechia, Estonia, Finland, Ireland, Malta, the Netherlands, New Zealand, Poland, Portugal, Romania, Spain, Sweden, and the UK.