Chinese cybercriminals are scamming the world. Over the last few years, these fraudsters have sent millions of scam text messages—often impersonating the USPS or toll-road collection firms—and allegedly made more than a billion dollars from their brazen schemes. The groups of SMS scammers are a prolific—and annoying—menace to millions of people.
Now, in one of the most high-profile actions against the scammers so far, Google is suing alleged members of one “relentless” Chinese smishing group that it claims has tried to con people in more than 120 countries around the world. In a civil lawsuit filed today in the US Southern District of New York, Google alleges that 25 unnamed individuals have operated as part of the “Lighthouse” scam network and targeted millions of Americans with texts in a “staggering” operation.
As well as “stealing” information and money from people globally, the Lighthouse Enterprise, which is sometimes known as part of the “Smishing Triad,” also “preys on the public trust in Google” by using its logos on fraudulent websites and abusing its systems and technology, the company’s lawsuit claims. “With the rise in scams, it’s largely due to the action of organized crime networks, and most of them are transnational,” Halimah DeLaine Prado, general counsel at Google, alleges in an interview with WIRED. “The Lighthouse network has an enormous reach.”
The Lighthouse group is one of several Chinese-speaking smishing groups that have emerged in recent years. Broadly, the groups blast out scam messages to thousands of people using SMS, Google’s RCS service, or Apple’s iMessage. Each scam text impersonates an organization—such as delivery firms, banks, or law enforcement services—and includes a link to a fraudulent website. If someone enters their details into these false websites, the scammers can collect their personal information and bank details in real time. Some of the groups are also known to create false online shopping websites that can also steal data.
Central to the Lighthouse operation is its scamming software, called Lighthouse. This software is developed by cybercriminals and then sold as a subscription service to less technically capable fraudsters who use it to send the scam text messages. Scammers can purchase “weekly, monthly, seasonal, annual, or permanent” subscriptions to use the software, Google’s lawsuit claims.
“The Lighthouse platform is a phishing-as-a-service tool used by cybercriminals to steal bank and card information, offering ready-made phishing templates, fake websites, and backend management tools, enabling collection of usernames, passwords, and one-time codes, and it supports large-scale message delivery via iMessage and Google Messages’ RCS (Rich Communication Services) channels rather than just SMS,” says Halit Alptekin, chief intelligence officer at security firm Prodaft, which has tracked the Chinese-speaking phishing ecosystem. “It employs advanced anti-evasion techniques such as IP- and user-agent-based filtering, time-limited URLs, and domain rotation to hamper detection,” Alptekin says.
The Lighthouse platform has been widely used, according to research from cybersecurity firm Silent Push. Across a 20-day period, Silent Push analysis alleged that activity linked to Lighthouse had targeted people in at least 121 countries and that 200,000 scam websites can be linked back to the network. It’s likely that the number of scam messages cybercriminals are sending each day is “significantly higher” than 100,000, the research says. Citing research by the CSIS Security Group, Google’s legal filings claim that the Lighthouse network may have stolen between “12.7 million and 115 million” US credit or banking card details.
Google’s lawsuit against two dozen individuals it says it has linked to the Lighthouse operation alleges how the broader network is made up of several types of cybercriminals: data brokers, who provide lists of people to target with scams; spammers, who provide the tech needed to send messages en masse; a theft group of individuals using stolen account details to access victims’ bank accounts; and administrators who organize the groups. The lawsuit claims the 25 individuals it is targeting have all “participated in the management or operation” of the Lighthouse scheme.
Lighthouse “offers” more than 600 phishing templates that scammers can use to try to steal people’s personal information, Google’s legal filing says. These impersonate more than 400 entities or organizations, the firm says in its lawsuit. “Lighthouse users can filter and search for templates by geographic region, country, official website, and update time,” its court document claims. Around 200 of these templates spoof organizations in the United States, such as the US Postal Service, New York City’s government website, New York’s E-ZPass website, multiple state-level departments of transportation websites, and more. In total, 116 phishing templates use Google’s branding or that of its Gmail, YouTube, or Google Play products, the lawsuit says.
Google’s DeLaine Prado tells WIRED that the company has spent significant time and resources trying to crack down on the scammers’ behavior. The lawsuit—while against individuals Google believes are in China and likely out of reach of proceedings—aims to give it and other companies the ability to dismantle the Lighthouse operation more broadly. The company argues that those involved have violated multiple legal statutes and is asking the court to issue a temporary restraining order and permanent injunctions against the individuals.
“Filing a case in the US actually allows us to have a deterrent impact outside of the US borders,” DeLaine Prado says. Rulings in the company’s favor would also allow it to “go to other platforms that are hosting vectors or aspects” of the Lighthouse network and ask them to take them down, she says. “It enables others to do the same as well. That court order can be used for good to help dismantle the actual infrastructure of the operation,” she adds. The company also says it is now supporting multiple bipartisan bills in the US Congress, including those against scams, robocalls, and scam compounds.
While Google’s lawsuit doesn’t name specific individuals who may be behind the Lighthouse network, and those who are outside of the US may not respond to the claims, it does list the Telegram handles of accounts allegedly promoting the software and multiple Telegram groups that the lawsuit claims they run.
Telegram did not immediately respond to WIRED’s request for comment.
Although the legal action could potentially help to dismantle what are alleged to be some of Chinese smishing groups’ operations, it is possible that the groups will adapt. In recent years, the Lighthouse software has been updated multiple times, with new capabilities being added to it and frequent additions of new phishing templates, experts say.
“The wider Chinese-speaking smishing actors and fraud ecosystem are continually evolving and growing, and they have been incredibly innovative at every step,” says Ford Merrill, a security researcher who tracks the operations at SecAlliance, which is part of the CSIS Security Group. Merrill points out that in recent years, the groups have developed their tools to be able to add stolen card details to digital wallets on iPhones and Android phones, and also use a wide range of ways to send scam messages, from phone arms to SMS blasters that can be carried around in backpacks.
“They have incredibly capable real-time modular phishing tools that allow so many possibilities for defrauding their victims,” Merrill says. “This has and continues to be a serious global problem that we continue to monitor actively as it evolves.”
Disclaimer : This story is auto aggregated by a computer programme and has not been created or edited by DOWNTHENEWS. Publisher: wired.com
