An international law enforcement operation codenamed ‘Operation Passionflower’ has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police.
It should be noted that MATRIX is a different entity from the secure open-source, decentralized, real-time communications protocol with the same name, which is perfectly legal to continue using.
The operation was conducted across Europe, including France, the Netherlands, Italy, Lithuania, Spain, and Germany, and was coordinated by Europol and Eurojust.
A crime enabler
The police tracked down MATRIX after recovering the phone of a shooter who attempted to assassinate journalist Peter R. de Vries in July 2021.
After analyzing the phone, they discovered it was customized to connect to an encrypted messaging service called Matrix.
A joint investigation team (JIT) between the Dutch and French authorities allowed the police to monitor and intercept 2.3 million messages in 33 different languages sent through the devices. However, no technical details were provided on how they could do so.
“For three months, authorities were able to monitor the messages from possible criminals, which will now be used to support other investigations.” reads an announcement by Europol.
“During a coordinated operation supported by Eurojust and Europol, the messaging service was taken down by Dutch and French authorities and follow-up actions were executed by their Italian, Lithuanian and Spanish counterparts.”
MATRIX’s 40 servers spread across Europe facilitated the communications of at least 8,000 user accounts, who paid between $1350 and $1700 in cryptocurrency for a Google Pixel-based device and a six-month subscription to the service installed on the phone.
MATRIX was also sold under the names’ Mactrix,’ ‘Totalsec,’ ‘X-quantum,’ and ‘Q-safe,’ but they all used the same infrastructure.
MATRIX also offers the ability to make encrypted video calls, track transactions, and browse the internet anonymously.
Seizures and arrests
Law enforcement conducted simultaneous raids and searches in four countries earlier today, resulting in the shutdown of 40 servers in France and Germany and the arrests of five suspects in Spain and France.
One of the arrested, a 52-year-old Lithuanian man, is suspected to be the owner and primary operator of MATRIX.
The authorities have also seized 970 encrypted phones, €145,000 ($152,500) in cash, €500,000 ($525,000) in cryptocurrency, and four vehicles.
The seizure banner posted on MATRIX’s website warns users of the service that their communications have been exposed, and the investigation will continue.
In a separate announcement, the Dutch police noted that any MATRIX users who chose the service for its privacy and anonymity and didn’t get involved in crime activities should email geheimhouders@om.nl to request an exemption from the investigations.
The takedown of MATRIX comes despite its operators’ technical sophistication and belief that it was superior to previously dismantled encrypted phone services.
However, previous law enforcement operations that took down similar encrypted phone services, like Ghost, EncroChat, Exclu, and Sky ECC, show that once law enforcement learns about their infrastructure, they can gather significant evidence of criminal acts by monitoring intercepted messages or through seized servers.
This evidence has led to the arrest of thousands of drug dealers, weapons dealers, organized criminals, murderers, and money launderers.