3 min Security

Police forces take down criminal communications service Matrix

Arrests, seizures and servers taken down

Police forces take down criminal communications service Matrix

Dutch and French police, in cooperation with Europol and Eurojust, have dismantled the international cryptocommunications service Matrix. The platform facilitated criminal activities and was quietly bugged for months. Two men, a Lithuanian prime suspect and a 30-year-old Dutchman, were arrested in Spain.

The police took down servers in France and Germany and seized cash, cryptocurrency, vehicles, and real estate. Matrix was a high-security platform that allowed criminal networks to communicate anonymously through messages, video calls, and financial transactions.

The system, which operated under multiple names such as Matrix and Q-Safe, was more complex than its predecessors. “The unique thing is that this service was more complex in terms of infrastructure and technology than its predecessors Sky and Encro, which led to the belief that users could safely hide their criminal affairs from the police. That belief turned out to be wrong,” said Stan Duijf, Head of Operations of the National Investigation and Interventions Unit in a statement (in Dutch).

Europol clarifies that the criminal communication service taken down has nothing to do with the legitimate Matrix protocol, which also enables secure communication. The administrators of this standard call it an ‘unfortunate coincidence’ that both share the same name.

Main servers in Germany and France

Police intercepted as many as 2.3 million messages discussing criminal activities such as drug trafficking, arms trafficking and money laundering, among others. The messages were in 33 different languages and came from about 8,000 accounts worldwide.

“This investigation shows that serious criminals mistakenly believe they can still operate in secret, out of sight of the police, and not get caught,” the police statement said. The service had users spread across southern Europe and used more than 40 servers, but the main ones were located in France and Germany.

Een smartphone met een berichten-app met versleutelde tekst. Het scherm toont een discussie over beveiliging en softwarecontrole, waarbij kwetsbaarheden in andere netwerken worden benadrukt.

The investigation into Matrix began after the murder of Dutch crime reporter Peter R. de Vries in 2021. Police discovered a phone with Matrix software in the perpetrator’s getaway car, which led to further investigation. Using specialist knowledge and expertise in digital technology, the police eventually succeeded in intercepting the sophisticated, high-security messaging service. Investigators were also able to identify users of the service through innovative data analysis.

Property, cash and phones seized

As part of today’s action, authorities visited six properties in southern Spain, seizing one worth more than 15 million euros. 145,000 euros in cash and half a million euros in cryptocurrencies were also taken. The rest of the police booty consists of four vehicles and more than 970 phones. There were also six searches in Lithuania today.

Cooperation between Dutch and French authorities created a Joint Investigation Team, which led the investigation into Matrix. Police warn that more arrests are possible through the website operation-passionflower.com, a typical scare site that also acts somewhat as a PR channel for the investigative authorities.

Update 5/12/2024: statement added from Europol and the administrators of the (legitimate) Matrix protocol.

Read also: Police take down Redline and Meta ransomware servers