A joint investigation team (JIT) involving French and Dutch authorities, with support from Eurojust and Europol, has successfully dismantled an encrypted messaging service known as MATRIX.
This operation, which took place on December 3, 2024, marks a pivotal moment in the ongoing effort to disrupt the communication channels exploited by criminal syndicates for illegal activities.
The MATRIX platform first came to light during a murder investigation in 2021 when Dutch police found it on a criminal’s phone.
Subsequent analysis revealed that MATRIX was an invitation-only service designed by criminals for their illicit operations, offering greater security than its predecessors like Sky ECC and EncroChat.
The service boasted a complex infrastructure, utilizing over 40 servers across Europe, with key hubs in France and Germany.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
Operation Details:
For three months, the JIT monitored and intercepted over 2.3 million encrypted messages in 33 languages, providing unprecedented insight into criminal dealings.
The messages intercepted were linked to serious crimes such as international drug trafficking, arms trafficking, and money laundering, highlighting the platform’s role in facilitating criminal activities.
The operation concluded with simultaneous raids across four countries, leading to the shutdown of 40 servers in France and Germany, and the arrest of five suspects in Spain and France.
One of the arrested, a 52-year-old Lithuanian man, is believed to be the primary operator of MATRIX. The authorities also seized €145,000 in cash, €500,000 in cryptocurrency, over 970 encrypted phones, and several vehicles.
This operation underscores the critical role of international cooperation in combating cybercrime. The involvement of authorities from Spain, Italy, Lithuania, and Germany highlights the global nature of the effort to dismantle encrypted criminal communication networks.
Establishing an Operational Task Force (OTF) at Europol in June 2024 facilitated the exchange of information and evidence, enabling swift and coordinated actions.
The takedown of MATRIX is part of a broader trend of law enforcement disrupting encrypted platforms used by criminals. Following the dismantling of services like Sky ECC and EncroChat, the criminal communication landscape has become more fragmented, with criminals turning to less-known or custom-built tools.
However, such operations demonstrate that authorities are adapting to these evolving technologies, ensuring that they stay ahead of criminal tactics.
The operation not only disrupts a major communication tool for organized crime but also sends a strong message about the capabilities of law enforcement to infiltrate and dismantle encrypted services. The intercepted messages will now be used to support further investigations, potentially unraveling extensive criminal networks.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar