Europol on Tuesday announced taking down an invitation-only encrypted messaging service called MATRIX created by criminals for criminal purposes.
A joint operation carried out by French and Dutch authorities under the pseudonym passion flowerfollows an investigation launched in 2021 after the messaging service was discovered on the phone of a criminal convicted of murdering a Dutch journalist Peter R. de Vries.
This allowed authorities to intercept messages sent through the service for three months, accumulating a total of more than 2.3 million messages in 33 languages. According to Europol, these reports relate to serious crimes such as international drug trafficking, arms trafficking and money laundering.
At this stage, it should be noted that MATRIX is different from open, decentralized messaging app with the same name (“matrix(.)org”). Also known by other names such as Mactrix, Totalsec, X-quantum and Q-safe, it had at least 8,000 user accounts worldwide who paid between $1,360 and $1,700 in cryptocurrency for a Google Pixel phone and a six-month subscription to service installed on it.
According to Dutch police officersthe communications service offered a range of applications, such as the ability to make video calls, track transactions and browse the Internet anonymously.
The department noted that the actions of law enforcement officers were complemented by additional operations conducted by colleagues from Italy, Lithuania and Spain.
Describing the infrastructure as “technically more complex” than Sky ECC and EncroChatEuropol said the service consists of more than 40 servers in several countries, the most important of which are located in France and Germany.
As part of the coordinated effort, which began on December 3, 2024, one suspect in France and two others in Spain were arrested and 13 homes in the two countries and Lithuania were searched. In addition, the main servers in France and Germany were seized.
Among those arrested is the alleged owner and head of the service, a 52-year-old man of Lithuanian nationality, Politie reports. In addition, €145,000 ($152,000) in cash and €500,000 ($525,000) in cryptocurrency were seized, along with four cars and more than 970 mobile phones.
“The landscape of encrypted communication has become more fragmented after the elimination of several services such as Sky ECC, EncroChat, Offand Ghost“, – said Europol.
“Criminals are responding to disruptions to their messaging services by turning to a variety of lesser-known or custom-built communication tools that offer varying degrees of security and anonymity. While the new fragmented landscape poses challenges for law enforcement, the dismantling of established communication channels shows that authorities have access to the latest technologies that criminals are using.”
Germany shuts down Crimenetwork Marketplace
This comes after Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it had taken down Crimenetwork, the largest German-language cybercrime platform for illegal goods and services, and arrested one of its 29-year-old administrators, who goes by the alias Techmin.
Crimenetwork is estimated to have at least 100,000 registered users and more than 100 sellers. Most of the customers are located in German-speaking countries.
The operators, who received a commission of between 1-5% of each sale, also charged sellers a monthly fee for advertising and sales licenses. Between 2018 and 2024, transactions on the illegal service amounted to 1,000 Bitcoins and more than 20,000 Moneros (a total of more than $100 million).
“Crimenetwork served as a market for illegal goods and services, in particular for stolen data, drugs and forged documents,” the BKA notes. said. “The platform has been around since 2012 and has been one of the central trading platforms of the German-speaking underground economy for many years.”
South Korea arrests 6 people for adding DDoS functionality to satellite receivers
The crackdowns also followed a separate law enforcement exercise in South Korea that led to the arrest of six people linked to an unnamed satellite broadcast receiver maker for equipping the devices with distributed denial-of-service (DDoS) capabilities.
Malicious function, National Police Agency saidwas distributed at a customer request of 240,000 units either in the guise of firmware updates or preloaded during product shipment.
