International support for a coordinated takedown
The operation, according to the statement, had begun in June 2022 after Met detectives received intelligence on LabHost from Cyber Defence Alliance (CDA), an international non-profit for cyber threat intelligence.
“Once the scale of site and the linked fraud became clear the Met’s Cyber Crime Unit joined forces with the National Crime Agency, City of London Police, Europol, Regional Organised Crime Units (ROCUs) across the country and other international police forces to take action,” Met added.
Other private platforms that supported law enforcement to bring down the platform included Chainalysis, Intel 471, Microsoft, The Shadowserver Foundation, and Trend Micro.
The 37 arrests, that were made in Essex and London, as well as Manchester and Luton airports, included searching of 70 addresses in the UK and across the world, according to the statement.
On disruption, the existing information on the site was pulled down and replaced with a notice that said law enforcement had seized the service.
Operations targeted at least 70,000 victims
After setting up shop in 2021, LabHost gained prominence, creating about 40000 fraudulent websites for phishing and picking up 2000 subscriptions by the beginning of 2024. Users paid a monthly subscription fee that ranged between $249 (£200) and $373 (£300) a month for a “WorldWide” membership that allowed targeting victims globally.