Google sues Chinese hacker group which allegedly stole $1 billion from a million victims

• Google sues Lighthouse Enterprise for running a global phishing-as-a-service fraud operation
• The kit enabled 200,000 fake sites in 20 days, targeting over a million victims worldwide
• Lighthouse misused Google assets and may have compromised up to 115 million US credit cards

Google has sued the “Lighthouse Enterprise” - a major Chinese global fraud operation which facilitated the theft of millions of credit cards and hundreds of millions of dollars.

In a federal lawsuit recently filed in the Southern District of New York, Google revealed plans to sue a group of foreign criminals for running a massive phishing-as-a-service (PhaaS) operation.

According to the complaint, the group created and sold a phishing kit called Lighthouse, which allowed even newbie criminals to build fake websites that mimicked trusted institutions. The kit, advertised through Telegram and YouTube, offered hundreds of pre-made templates and tools to launch large-scale smishing and e-commerce scams, and allowed users to create fake websites spoofing government agencies, financial corporations and - among others - Google.

Unknown number of "Does"

Google alleges that over a span of 20 days, the Lighthouse platform was used to create 200,000 fake websites, which targeted more than a million victims in 121 countries.

Citing researchers, Google estimates between 12.7 million and 115 million credit cards in the US alone may have been compromised through Lighthouse-powered attacks.

The exact number of people running the operation is unknown. In the lawsuit, the individuals are labeled as “Doe” 1-25, although Google acknowledged that the actual number of people is probably a lot bigger.

In some cases, the crooks would create fake USPS package delivery texts, or would alert victims of pending toll payments. Sometimes, they would build counterfeit online stores that stole users’ payment data and often used stolen information to load victims’ credit cards into digital wallets to make unauthorized payments.

Google claims Lighthouse operators misused Google logos and trademarks, ran ads through Google Ads, and even uploaded tutorials to YouTube showing how to carry out the scams.

The hackers damaged Google’s reputation, violated its terms of service, and forced it to spend hundreds of hours investigating and shutting down fraudulent accounts, the company concluded.

This is not the first time Google has sued Chinese nationals for cybercrime, but most of the time the lawsuits come to nothing, since China rarely extradites its citizens to the US, especially when it comes to cybercrime.

Via The Register

The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.