Justice Department Seizes Four Web Domains Used to Create
Over 40,000 Spoofed Websites and Store the Personal Information of More Than a
Million Victims
Thursday, April 18,
2024
Office of Public Affairs
The Justice Department announced today the seizure of four domains
used by the administrators and customers of a domain spoofing service. The
domain seizures were authorized pursuant to seizure warrants issued in the
Western District of Pennsylvania
and were executed in coordination with the arrest of
dozens of administrators and customers of the illicit service by foreign law
enforcement agencies.
“Together with our international partners, the Justice
Department has disrupted another cybercrime scheme originating from Russia
that enabled criminals to steal from over a million victims in the United
States and around the world,” said Attorney
General Merrick B. Garland. “I am grateful to the U.S. Attorney’s Office for
the Western District of Pennsylvania, the FBI, and our partners at the Secret
Service for their work on this case, and to our foreign law enforcement
partners whose efforts have led to the arrests of dozens of LabHost
administrators and users.”
According to court records, the United
States obtained authorization to seize the
domains as part of an investigation of the spoofing service operated through
the Lab-host.ru domain (LabHost), which resolves to a Russian internet
infrastructure company. LabHost provided online infrastructure and interactive
functionality for its subscription-based services. According to court records,
customers of LabHost used its services to create and manage spoofed websites
designed to look like the legitimate websites of businesses such as Amazon,
Netflix, Wells Fargo, Bank of America,
and Chase Bank. LabHost customers used the spoofed websites to lure unwitting
victims into disclosing their personally identifiable information (PII) — e.g.,
date of birth, email address, password, address, and credit card information —
on the websites the victims believed were legitimate. In turn, according to
court documents, LabHost’s customers used the stolen PII to engage in
unauthorized financial transactions at the expense of the victims. As outlined
in court records, LabHost has been used to create over 40,000 spoofed websites,
and its infrastructure has stored over one million user credentials and nearly
500,000 compromised credit cards.
The warrants authorized the seizure of the following four
domains associated with application programming interface (API) services used
to install spoofed websites and manage LabHost’s phishing and credential-theft
operations: Instapi-1xoa93z90o348fz.co, Api2-4hdfix74ks.co,
Api1-9kcpqcf7olw1w300w3m6.cc, and Api-d789342789342uy432hjf87df87dfk.cc. The
four LabHost API domains were registered to NameSilo, LLC, a third-party
webhosting service based in the United States.
According to court records, the seized domains represented property used to
commit violations of federal criminal law, including access device fraud,
computer fraud, wire fraud, identity theft, and money laundering.
The effect of the domain seizures was to shut down the
LabHost platform.
“The theft of personal information — and the financial ruin
that often follows — should never be just another cost of using the internet
for ordinary citizens,” said U.S. Attorney Eric G. Olshan for the Western
District of Pennsylvania. “Today’s domain seizures show that cybercriminals’
greed will not go unchecked — no matter their sophistication and geographic
reach. We will continue to work with our domestic and foreign law enforcement
partners, using all available tools, to protect the global public.”
“Seizing LabHost and arresting those involved will have a
systemic impact on transnational cybercrime,” said Special Agent in Charge
Timothy P. Burke of the U.S.
Secret Service (USSS) Pittsburgh Field Office. “We are proud to work with our
foreign and domestic law enforcement partners as we continue to counter those
engaged in cybercrime.”
“Behind every cybercrime-as-a-service operation lurks one
thing: financial devastation,” said Special Agent in Charge Kevin Rojek of the
FBI Pittsburgh Field Office. “The FBI and our global partners will continue to
aggressively pursue anyone who thinks they can get rich by stealing from
hard-working Americans. Selling cybercrime tools has ripple effects that go far
beyond the businesses and borders of America.
With every theft and intrusion, the public loses more and more trust in our
critical digital infrastructure.”
The domain seizures in the United
States occurred in conjunction with the
international arrests of dozens of LabHost administrators and customers facing
criminal charges in more than a dozen foreign countries. Law enforcement
authorities from the following countries participated in the investigation:
Australia, Austria, Belgium, Canada, Czechia, Estonia, Finland, Ireland, Malta,
the Netherlands, New Zealand, Poland, Portugal, Romania, Spain, Sweden, and the
United Kingdom.
Assistant U.S.
Attorney Mark V. Gurzo for the Western District of Pennsylvania
is prosecuting the case.
The FBI and USSS investigated the case in the United
States, and the United
Kingdom’s London
Metropolitan Police investigated the international case, with the support of
Europol’s European Cybercrime Centre and Joint Cybercrime Action Taskforce.
Updated April 18,
2024