Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

News

Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that’s created by criminals for criminal purposes.

The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted for the murder of a Dutch journalist Peter R. de Vries.

This allowed authorities to intercept messages being sent via the service for a period of three months, amassing a total of more than 2.3 million messages in 33 languages. The messages, Europol said, are associated with serious crimes such as international drug trafficking, arms trafficking, and money laundering.

It’s worth noting at this stage that MATRIX is different from the open-source, decentralized messaging app of the same name (“matrix[.]org”). Also known by other names such as Mactrix, Totalsec, X-quantum, and Q-safe, it had at least 8,000 user accounts globally, who paid anywhere between $1,360 and $1,700 in cryptocurrency for a Google Pixel phone and a six-month subscription to the service installed on it.

Cybersecurity

According to Dutch police officials, the communication service offered a whole set of applications, such as the ability to make video calls, keep track of transactions, and browse the internet anonymously.

The agency said the law enforcement action was supplemented by follow-up operations that were carried out by Italian, Lithuanian, and Spanish counterparts.

Describing the infrastructure as “technically more complex” than Sky ECC and EncroChat, Europol said the service consisted of more than 40 servers in several countries, the most important of which were located in France and Germany.

As part of the coordinated effort that commenced on December 3, 2024, one suspect in France and two others in Spain have been arrested, with 13 houses searched across the two countries and Lithuania. In addition, the main servers in France and Germany have been seized.

The arrests include the alleged owner and manager of the service, a 52-year-old man of Lithuanian nationality, per the Politie. Furthermore, €145,000 ($152,000) in cash and €500,000 ($525,000) in cryptocurrency, as well as four vehicles and more than 970 mobile phones have been confiscated.

“The encrypted communication landscape has become more fragmented following the takedown of several services such as Sky ECC, EncroChat, Exclu, and Ghost,” Europol said.

“Criminals, in response to the disruptions of their messaging services, have been turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity. While the new fragmented landscape poses challenges for law enforcement, the takedown of established communication channels shows that authorities are on top of the latest technologies that criminals use.”

Germany Shuts Down Crimenetwork Marketplace

The development comes as Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it has taken down Crimenetwork, the largest German-speaking cybercrime platform for illegal goods and services, and arrested one of its 29-year-old administrators who goes by the alias Techmin.

No less than 100,000 users and over 100 sellers are estimated to have registered on the Crimenetwork. A majority of the customers are based in German-speaking countries.

The operators, who received commission payments in the range of 1-5% on each sale, also charged the sellers a monthly fee for advertising and sales licenses. Between 2018 and 2024, transactions on the illicit service amounted to 1,000 Bitcoin and over 20,000 Monero (more than $100 million combined).

Cybersecurity

“‘Crimenetwork’ served as a marketplace for illegal goods and services, in particular for stolen data, drugs and forged documents,” the BKA said. “The platform has existed since 2012 and has been one of the central trading platforms of the German-speaking underground economy for many years.”

South Korea Arrests 6 for Adding DDoS Feature to Satellite Receivers

The takedowns also follow a separate law enforcement exercise in South Korea that has led to the arrest of six people associated with an unnamed satellite broadcasting receiver manufacturer for equipping the devices with capabilities to conduct distributed denial-of-service (DDoS) attacks.

The malicious functionality, the National Police Agency said, was distributed at the request of a customer to 240,000 units either under the guise of firmware updates or preloaded at the time of product shipment.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Ransomware Attack Disrupts Operations at US Contractor ENGlobal
Protecting Tomorrow’s World: Shaping the Cyber-Physical Future
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
GodLoader Malware Infects Thousands via Game Development Tools
INC Ransom Claims Cyber-Attack on UK Children’s Hospital

Leave a Reply

Your email address will not be published. Required fields are marked *