FBI: Chinese hackers behind massive AI-powered phishing network that stole millions of cards

FBI, Google and Lumen dismantled Chinese phishing network that stole 3.87M credit cards, causing $1.9B in losses, using Google’s Gemini AI to create fake sites and bypass security systems, US indictment says

Related TopicsAn extensive international operation led by the FBI, in cooperation with Google and infrastructure company Lumen, has succeeded in disrupting a sophisticated Chinese cybercrime network known as Outsider Enterprise. The group operated a Phishing-as-a-Service (PhaaS) platform that enabled even criminals with no technical background to launch fraudulent websites within minutes.To put the scale into perspective, according to an indictment filed in New York, the platform created by the Chinese hackers was responsible for the theft of approximately 3.87 million credit card records and caused an estimated $1.9 billion in damages since July 2023.2 View gallery An extensive international operation has succeeded in disrupting a sophisticated Chinese cybercrime network (Photo: shutterstock)The operation, code-named Operation Ghost Hook, led to the seizure of the group's central management servers, an online store used to test its systems and cryptocurrency wallets containing roughly $100,000. In addition, thousands of fraudulent domains registered through U.S.-based hosting providers were seized and now display an official FBI warning page.The network's business model was based on a simple but dangerous concept: Scammers and hackers paid $88 per week or $200 per month through a dedicated Telegram bot, gaining access to more than 290 prebuilt templates that closely mimicked the websites of banks, mobile carriers, postal services and toll collection systems.These fake websites were capable of harvesting data in real time and displayed pop-up prompts requesting one-time verification codes and passwords, allowing operators to bypass advanced security measures such as two-factor authentication.The most troubling aspect of the case, which has raised concerns across the international technology community, is the way the platform's operators allegedly used artificial intelligence to circumvent Google's own filtering systems. The indictment states that customers who purchased the phishing kits received instructional videos explaining how to use Google's Gemini model to generate the HTML code for fraudulent websites.To evade Gemini's safety restrictions, the criminals reportedly relied on sophisticated prompt-engineering techniques, presenting their requests as harmless attempts to design a "gift redemption" page. As a result, the code appeared to the automated system to be a legitimate user request.2 View gallery To evade Gemini's safety restrictions, the criminals reportedly relied on sophisticated prompt-engineering techniques (Photo: Getty Images)The integration of AI into the fraud industry represents a significant and troubling technological leap. In the past, similar platforms such as Lighthouse, which Google sued last year after it allegedly affected 1 million users worldwide, relied on static code that had to be updated manually and was relatively easy for security companies to detect and block.Older cybercrime tools such as Evilginx required a certain level of technical expertise to configure reverse proxy servers capable of stealing users' cookie files. The current use of AI enables the creation of virtually endless variations of unique code within seconds, making it significantly more difficult for signature-based security systems to identify new phishing pages in real time.The indictment filed in federal court in Manhattan charges members of the network with racketeering, wire fraud and trademark infringement. Nevertheless, both Google and the FBI acknowledge that the chances of extraditing the defendants, who are believed to be operating from China, remain extremely slim.Alongside the legal proceedings, Google said it is working with major U.S. telecommunications providers — AT&T, T-Mobile and Verizon — to block malicious text messages before they reach users' devices. The company is also supporting federal legislation in the United States aimed at increasing penalties for fraud schemes that rely on AI tools.Comments