Additional Coverage:
Google Takes Aim at “Lighthouse” Cybercrime Ring with RICO Lawsuit
MOUNTAIN VIEW, CA – Tech giant Google has launched a federal lawsuit under the RICO Act, typically reserved for organized crime, against a sophisticated network of foreign cybercriminals based in China. The group, dubbed “Lighthouse” by Google, is accused of orchestrating massive text-message phishing, or “smishing,” attacks that have impacted millions of Americans.
In an exclusive interview with CBS News, Google revealed the lawsuit targets unknown operators, identified as John Does 1 through 25, who allegedly developed a “phishing-as-a-service” platform enabling these widespread attacks.
The text messages, designed to appear legitimate, often mislead recipients with alerts about “stuck packages” or “unpaid tolls.” However, clicking on these deceptive links can lead to the theft of sensitive personal information, including passwords and credit card numbers.
Halimah DeLaine Prado, Google’s general counsel, stated that the criminal network is estimated to have compromised between 15 million and 100 million potential credit cards within the U.S., affecting over a million victims.
While the lawsuit isn’t primarily aimed at recovering individual victim losses, DeLaine Prado emphasized its role as a “deterrent for future criminals to create similar enterprises.” Google’s investigation uncovered over 100 fake websites utilizing its logo to trick users into divulging financial and login details, with the group believed to have stolen information linked to tens of millions of U.S. credit cards.
Cybersecurity expert Kevin Gosschalk, CEO of Arkose Labs, noted that while financial recovery for victims is challenging, such lawsuits can significantly disrupt criminal operations. He explained that targeting major players can cause others in the “ecosystem” to reconsider their illicit activities.
Google’s legal action represents a significant move, testing the applicability of a 1970s racketeering law to 21st-century digital crime. Gosschalk acknowledged the difficulties in prosecuting overseas cybercriminals, particularly in countries with limited extradition laws, but highlighted that such legal action could prevent individuals from traveling to the U.S. in the future, adding an “extra risk” to their operations.
To protect themselves from text scams, users are advised to avoid clicking on suspicious links or replying to messages from unknown senders. iPhone users can enable “Filter Unknown Senders” and “Filter Junk” in their settings. Android users can activate Spam Protection and report scam texts by forwarding them to 7726 (SPAM). It’s important to periodically check filtered folders, as these settings can sometimes catch legitimate messages from non-contact numbers.