Our website uses cookies to enhance your browsing experience and to collect information about how you use this site to improve our service to you. By not accepting cookies some elements of the site, such as video, will not work. Please visit our Cookie Policy page for more information on how we use cookies.

Accept All Cookies Necessary Cookies Only Manage Cookies

An Garda Síochána Participate in Operation Stargrew, as part of International Investigation Targeting Organised Fraud

Issue Date: 18th April 2024

As part of Operation Stargrew, Gardaí, in conjunction with Europol and other international Law Enforcement Agencies, conducted 12 searches at locations across counties Dublin, Kildare and Waterford between Tuesday 16th and Wednesday 17th April 2024. During these searches, €42,000 in cash, €10,000 in cryptocurrency, 82 smartphones, 25 computers, 9 tablet devices, and a Rolex watch were seized.

The searches were led by Gardaí from the Garda National Economic Crime Bureau (GNECB), with assistance from Gardaí at the Armed Support Unit, Garda National Cyber Crime Bureau, Garda National Immigration Bureau, Garda Dog Unit, Gardaí seconded to the Special Investigation Unit at the Department of Social Protection, the Criminal Assets Bureau, and local units in the DMR West and DMR South Divisions.

Operation Stargrew targets individuals suspected to be involved in organized fraud, where bulk "Phishing” or "Smishing” text messages are sent out, which are designed to deceive people into providing their personal data and credentials for the purposes of fraud. Many of these purport to be from banks and service providers. This week under Operation Stargrew, law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure. The LabHost platform, previously available on the open web, has been shut down, and now displays a law enforcement splash page.
The Irish operation, co-ordinated by the GNECB, was carried out jointly with Europol, and other Law Enforcement Agencies from participating EU and Non-EU countries.

Two males were arrested during the course of the operation. One of the males arrested has been charged, and will appear before the courts at a later date.

Operation Stargrew
Operation Stargrew is an investigation into a web-based platform called "LabHost”. LabHost is a service being provided to criminals to commit cyber-enabled offences such as smishing / phishing and account takeover. It enables the LabHost user to deploy Phishing websites that are then used to steal victims’ data and credentials for the purposes of defrauding them, either directly or through resale of the information harvested by the phishing site. There is no known legitimate purpose for any of the services it provides. It is suspected that each user pays in cryptocurrency to avail of the services of this criminal platform. Once the user joins LabHost, the user rents a cloud-based server for the purposes of getting a fake copy of a genuine company’s website set up on the server. The user is then provided with a URL (Uniform Resource Locator) type link, and this is the link that will be included in the "Phishing” messages sent out to potential victims, typically by bulk text messaging bots.

Irish Connections
It is suspected that there are approximately 116 users of this LabHost website / web service who have a connection to Ireland. Gardaí have identified in excess of 150,000 instances of a person responding to a Phishing link, and this link is suspected to be associated with the 116 users. The above LabHost users were primarily targeting Irish residents, (135,000 persons) but have also targeted persons in other countries including Australia, Finland, United Kingdom, New Zealand, Austria, Norway, Estonia and many other countries.

Types of Crime being Committed
The typical wording of Phishing text message infers that some action is promptly required on the behalf of the recipient of the message. These Smishing / Phishing messages are designed so that the recipient feels pressure to respond to the message, to prevent their bank being defrauded, or to prevent a bill from increasing, or to pay a bill such as a customs charges etc. Text messages are sent to potential victims purporting to be from the genuine companies or institutions, and when the person clicks a link in the message, they are deceived into giving data to the criminals that allow them to be defrauded. Once the victim clicks on the URL link, they are directed onto a fake website that perfectly resembles the genuine website.