International police operation takes down iSpoof

David Strom 6 Dec 2022

As part of the takedown, 142 suspects were arrested.

Last week, an international group of law enforcement agencies took down one of the biggest criminal operators of a spoofing-as-a-service enterprise. Called iSpoof, it collected more than $120M from victims across Europe, Australia, Ukraine, Canada, and the United States. During the 16 months of the site’s operation, the group took in more than $3.8M in fees from its victims. 

The site’s principal administrator was arrested in the UK in early November and the site taken down shortly thereafter, according to a Europol announcement. As part of the takedown, 142 suspects were arrested. London’s Metropolitan Police Commissioner Sir Mark Rowley stated, “By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable people.” 

Spoofing has a long tradition. Perhaps the earliest and most infamous case was involving Paris Hilton, who allegedly used caller ID spoofing to hack into the phone and voicemail of Lindsay Lohan decades ago. 

More recently, reporters for Rupert Murdoch’s News Corp. hacked into the cell phone voice mail accounts of prominent Britons back in 2011, which resulted in shuttering the paper a few years later. And Robert Mueller’s Russian GRU indictment a few years ago shows the lengths that Russian spies went to penetrate the DNC and the Clinton campaign, including using spoofed emails purported to originate from Hillary Clinton’s staff.

Spoofing has seen a lot of sophisticated development over the years. Two years ago, Microsoft Office365 users were targets of a spearphishing attack that relied on spoofing email addresses. More recently, Microsoft wrote about another vulnerability discovered in 2021 called Local Security Authority spoofing where an attacker can accomplish man-in-the-middle attacks and force Windows domain controllers to allow for remote access. The company issued patches for this in May 2022.

What’s most troubling about the iSpoof group is their rise to prominence and the fact that they made so much money by servicing so many criminals. This is due to the fact that the iSpoof site was used to help these others to set up various spoofing processes as part of their attack workflows. 

How does spoofing work?

Spoofing refers to a hacker impersonating a trusted brand to obtain your authentication credentials so they can steal your funds, identity, or both. The impersonation happens either through a phishing email, phone call, or text message. 

We wrote about ways you can defend yourself from these sorts of spoofing attacks earlier this year, such as being “politely paranoid” and using multi-factor authentication to secure your accounts. 

However, these methods can still fall short within the ever-evolving digital threat landscape: As an example, I recently wrote about how AI technologies can create pretty close replicas of an intended voice with deepfake audio generators. This attack vector means that victims can be fooled into thinking that they are talking to a real person that they know.

Spoofing attacks can happen to anyone. Avast One includes multiple advanced features that work together to provide real-time spoofing protection as well as robust defense against malware and other online threats.

--> -->