Posted on 04/21/2024 5:13:04 PM PDT by ransomnote
The Justice Department announced today the seizure of four domains used by the administrators and customers of a domain spoofing service. The domain seizures were authorized pursuant to seizure warrants issued in the Western District of Pennsylvania and were executed in coordination with the arrest of dozens of administrators and customers of the illicit service by foreign law enforcement agencies.
“Together with our international partners, the Justice Department has disrupted another cybercrime scheme originating from Russia that enabled criminals to steal from over a million victims in the United States and around the world,” said Attorney General Merrick B. Garland. “I am grateful to the U.S. Attorney’s Office for the Western District of Pennsylvania, the FBI, and our partners at the Secret Service for their work on this case, and to our foreign law enforcement partners whose efforts have led to the arrests of dozens of LabHost administrators and users.”
According to court records, the United States obtained authorization to seize the domains as part of an investigation of the spoofing service operated through the Lab-host.ru domain (LabHost), which resolves to a Russian internet infrastructure company. LabHost provided online infrastructure and interactive functionality for its subscription-based services. According to court records, customers of LabHost used its services to create and manage spoofed websites designed to look like the legitimate websites of businesses such as Amazon, Netflix, Wells Fargo, Bank of America, and Chase Bank. LabHost customers used the spoofed websites to lure unwitting victims into disclosing their personally identifiable information (PII) — e.g., date of birth, email address, password, address, and credit card information — on the websites the victims believed were legitimate. In turn, according to court documents, LabHost’s customers used the stolen PII to engage in unauthorized financial transactions at the expense of the victims. As outlined in court records, LabHost has been used to create over 40,000 spoofed websites, and its infrastructure has stored over one million user credentials and nearly 500,000 compromised credit cards.
The warrants authorized the seizure of the following four domains associated with application programming interface (API) services used to install spoofed websites and manage LabHost’s phishing and credential-theft operations: Instapi-1xoa93z90o348fz.co, Api2-4hdfix74ks.co, Api1-9kcpqcf7olw1w300w3m6.cc, and Api-d789342789342uy432hjf87df87dfk.cc. The four LabHost API domains were registered to NameSilo, LLC, a third-party webhosting service based in the United States. According to court records, the seized domains represented property used to commit violations of federal criminal law, including access device fraud, computer fraud, wire fraud, identity theft, and money laundering.
The effect of the domain seizures was to shut down the LabHost platform.
“The theft of personal information — and the financial ruin that often follows — should never be just another cost of using the internet for ordinary citizens,” said U.S. Attorney Eric G. Olshan for the Western District of Pennsylvania. “Today’s domain seizures show that cybercriminals’ greed will not go unchecked — no matter their sophistication and geographic reach. We will continue to work with our domestic and foreign law enforcement partners, using all available tools, to protect the global public.”
“Seizing LabHost and arresting those involved will have a systemic impact on transnational cybercrime,” said Special Agent in Charge Timothy P. Burke of the U.S. Secret Service (USSS) Pittsburgh Field Office. “We are proud to work with our foreign and domestic law enforcement partners as we continue to counter those engaged in cybercrime.”
“Behind every cybercrime-as-a-service operation lurks one thing: financial devastation,” said Special Agent in Charge Kevin Rojek of the FBI Pittsburgh Field Office. “The FBI and our global partners will continue to aggressively pursue anyone who thinks they can get rich by stealing from hard-working Americans. Selling cybercrime tools has ripple effects that go far beyond the businesses and borders of America. With every theft and intrusion, the public loses more and more trust in our critical digital infrastructure.”
The domain seizures in the United States occurred in conjunction with the international arrests of dozens of LabHost administrators and customers facing criminal charges in more than a dozen foreign countries. Law enforcement authorities from the following countries participated in the investigation: Australia, Austria, Belgium, Canada, Czechia, Estonia, Finland, Ireland, Malta, the Netherlands, New Zealand, Poland, Portugal, Romania, Spain, Sweden, and the United Kingdom.
Assistant U.S. Attorney Mark V. Gurzo for the Western District of Pennsylvania is prosecuting the case.
The FBI and USSS investigated the case in the United States, and the United Kingdom’s London Metropolitan Police investigated the international case, with the support of Europol’s European Cybercrime Centre and Joint Cybercrime Action Taskforce.
Updated April 18, 2024ComponentPress Release Number: 24-472
"According to court records, customers of LabHost used its services to create and manage spoofed websites designed to look like the legitimate websites of businesses such as Amazon, Netflix, Wells Fargo, Bank of America, and Chase Bank. LabHost customers used the spoofed websites to lure unwitting victims into disclosing their personally identifiable information (PII) — e.g., date of birth, email address, password, address, and credit card information — on the websites the victims believed were legitimate."
Wonder how many of these stolen IDs will translate into mail out ballots?
It’s sometimes easy to spot them, but often not. When we aren’t sure we go to the site we know is legitimate. When the bank ones, we call the local branch where we know the branch manager.
how the feds outsource surveillance
The Government Tyranny Department
“When we aren’t sure we go to the site we know is legitimate.”
You should NEVER click on a link. Always go to the company’s web site and be sure to see “https”
We use a VPN and I subscribe to IdentityForce. I have all my credit cards set up to notify me of EVERY transaction. The notifications often arrive seconds after I use the credit card at a merchant. One credit card notified me yesterday of a new log on from an unrecognized device using Chrome. It turns out it was my wife.
“notified me yesterday of a new log on from an unrecognized device using Chrome. It turns out it was my wife.”
One hopes that she won’t be called “unrecognized device” from now on.
If I get something like that from my bank, I go down to my bank and talk someone there.
We’ve done that, too.
LOL...that’ll be my new pet name for her!
DOJ wants the data for themselves and that’s why they seized it.
Not really. It is a good example of how Russia enables cybercrime against Americans though.
They probably created them...
“When we aren’t sure we go to the site we know is legitimate. “
one should ALWAYS do that anyway ... NEVER click on a link in an email ...
For emails, no. We don’t click on them.
It’s mostly concerning texts containing links for websites that the web address usually doesn’t make sense.
I won’t even answer my phone if I don’t recognize the number.
Do NOT click on links in e-mail messages.
Do NOT click on links in text messages.
Bump.
Oooh, web domains! Slapped the bracelets right on 'em? That'll show 'em!
I guess it's too much to ask to ID the geographic source of robocallers and then SWAT the bastards, eh? Too busy raiding the homes of Republican officials?
So, now the GOVERNMENT has all that info..................good thing they are trustworthy..............
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.