Federal investigators in Pittsburgh help shut down Russian-linked online scams that affected over 1 million people

Federal officials in Pittsburgh announced Thursday they’ve seized four web domains with Russian ties that were used to steal the personal information of more than 1 million victims in spoofing scams.

Among the victims were two elderly Pittsburgh-area residents. According to court documents, one of those victims lost a total of $967 to the online scammers in unauthorized checking and debit transactions in August 2023 while the other lost $25 through a fraudulent credit card charge.

Warrants for the domain seizures were issued in federal court in Pittsburgh in coordination with arrests by foreign law enforcement agencies, mostly in Europe, of dozens of administrators and customers of the illicit online service.

U.S. investigators obtained authorization to seize the domains as part of an investigation of a spoofing service operated through the Lab-host.ru domain, which had links to a Russian internet infrastructure company, according to court records.

The effect of the domain seizures was to shut down the LabHost platform.

Legit websites spoofed

Investigators said customers of LabHost used its services to create and manage spoofed websites designed to look like the legitimate websites of businesses such as Amazon, Netflix, Wells Fargo, Bank of America and Chase Bank.

According to court documents, LabHost customers used the spoofed sites to lure unwitting victims into disclosing their personal information — including their birth dates, email addresses, passwords and credit card information — and used that information to make unauthorized financial transactions at the victims’ expense.

LabHost was used to create more than 40,000 spoofed websites and to store more than one million user credentials, including nearly 500,000 compromised credit cards, investigators said.

The four LabHost domains were registered to NameSilo, LLC, a third-party web-hosting service based in the United States, according to court records.

“The theft of personal information — and the financial ruin that often follows — should never be just another cost of using the internet for ordinary citizens,” U.S. Attorney Eric G. Olshan said in a press release. “Today’s domain seizures show that cybercriminals’ greed will not go unchecked — no matter their sophistication and geographic reach.”

“Seizing LabHost and arresting those involved will have a systemic impact on transnational cybercrime,” said Special Agent in Charge Timothy P. Burke of the U.S. Secret Service Pittsburgh Field Office.

“The FBI and our global partners will continue to aggressively pursue anyone who thinks they can get rich by stealing from hard-working Americans,” said FBI Pittsburgh Special Agent in Charge Kevin Rojek. “Selling cybercrime tools has ripple effects that go far beyond the businesses and borders of America. With every theft and intrusion, the public loses more and more trust in our critical digital infrastructure.”

Other countries involved

The domain seizures in the United States occurred in conjunction with the international arrests of dozens of LabHost administrators and customers facing criminal charges in more than a dozen foreign countries. The investigation involved law enforcement authorities from Australia, Austria, Belgium, Canada, the Czech Republic, Estonia, Finland, Ireland, Malta, the Netherlands, New Zealand, Poland, Portugal, Romania, Spain, Sweden and the United Kingdom.

The FBI and U.S. Secret Service conducted the investigation in the United States, and the international investigation was led by the United Kingdom’s London Metropolitan Police, with the support of Europol’s European Cybercrime Centre and Joint Cybercrime Action Taskforce.