Police takes down Matrix encrypted chat service used by criminals
A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created for criminals.
Matrix (Source: Dutch Police)
The Matrix encrypted chat service
Matrix – also know as Mactrix, Totalsec, X-quantum, and Q-safe – was first identified by Dutch authorities on the phone of a criminal convicted for the murder of Dutch crime journalist Peter R. de Vries in 2021, and the discovery prompted an investigation into the service.
“It was soon clear that the infrastructure of this platform was technically more complex than previous platforms such as Sky ECC and EncroChat. The founders were convinced that the service was superior and more secure than previous applications used by criminals. Users were only able to join the service if they received an invitation,” Europol said.
The service has over 8,000 users (accounts), who paid between 1,300 and 1,600 euros for a dedicated phone and a 6-month subscription. The users were mainly located in Southern Europe.
“The crypto communication service offered a whole ecosystem of applications, including the ability to make (video) calls, keep track of transactions and surf the internet anonymously. [The service] was offered in the form of an app that was mainly installed on Google Pixel phones,” the Dutch Police said.
They also made sure to note that “Matrix is also the name of a company and communication protocol of the same name, which has nothing to do with the crypto communication service Matrix.”
Operation Passionflower
By using “innovative technology”, the authorities were able to monitor the activity on the service for three months, intercept the messages sent, decrypt them, and link them to crimes such as international drug trafficking, arms trafficking, and money laundering.
A larger coordinated action also involving law enforcement agencies from other Germany, Italy, Lithuania and Spain happened on December 3 and resulted in:
- Three suspects arrested, in France and Spain
- Over 40 servers taken down across Europe (including France and Germany)
- Seizure of 145,000 euros in cash, half a million euros in cryptocurrencies, 970 telephones and 4 vehicles
According to the Dutch Police, Matrix was owned and managed from Spain by the main suspect – a 52-year-old Lithuanian man.
“Criminals using the messaging service are alerted to the interception by the authorities through a splash page. Through legal requests, authorities will now be able to access the messages for their investigations,” Europol added.
“The encrypted communication landscape has become more fragmented following the takedown of several services such as Sky ECC, EncroChat, Exclu and Ghost. Criminals, in response to the disruptions of their messaging services, have been turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity. While the new fragmented landscape poses challenges for law enforcement, the takedown of established communication channels, shows that authorities are on top of the latest technologies that criminals use.”
UPDATE (December 4, 2024, 05:20 a.m. ET):
The Matrix.org Foundation, which runs the legitimate communications service that (unfortunately) carries the same name as this one created by criminals, says that the two services are unconnected.
“This has nothing to do with the Matrix protocol, it’s just an unfortunate naming coincidence,” Matthew Hodgson, technical co-founder of the Matrix open standard, told Help Net Security.
“The takedown site has a Matrix-the-movie branding, which is a probable source of confusion. The app showcased doesn’t look like any of the Matrix clients we’re aware of,” Matrix.org said.
“A statement from the Dutch police confirms that this is unrelated: ‘Matrix is also the name of a company and communications protocol of the same name, which has nothing to do with the crypto communications service Matrix.'”