Introduction
On December 3, 2024 [4], an international law enforcement operation successfully dismantled MATRIX [5], an encrypted messaging platform used by organized crime groups for illicit activities [4]. This operation [1] [2] [3] [4] [5], known as Operation Passionflower [7], was a collaborative effort involving multiple European agencies and countries.
Description
An international law enforcement operation on December 3, 2024, successfully dismantled MATRIX, an encrypted messaging platform also known as Mactrix, Totalsec [7], X-quantum [7], and Q-safe [7], which was favored by organized crime groups for serious activities such as international drug trafficking, arms smuggling [4], and money laundering [1] [2] [3] [4] [5] [6] [7]. This operation [1] [2] [3] [4] [5], dubbed Operation Passionflower [7], was coordinated by Eurojust and Europol [5], executed by Dutch and French authorities [2] [4] [5], with follow-up actions from Italian [5], Lithuanian [1] [2] [3] [5] [6] [7], and Spanish counterparts [5]. MATRIX [2] [4], first identified on the phone of a criminal involved in the murder of journalist Peter R [7]. de Vries in July 2021 [6], featured advanced security measures [4], including end-to-end encryption [4], invitation-only access [4], and a complex infrastructure that allowed users to host their own servers. This made it a preferred tool for criminals seeking secure communication, complicating law enforcement’s ability to monitor its operations [4].
During the operation [5], authorities employed innovative technology to intercept and monitor MATRIX activity for three months [5], resulting in the interception and deciphering of approximately 2.3 million messages in 33 languages [4] [5], revealing extensive criminal activity [6]. This intelligence will support ongoing investigations into various criminal activities [5]. The takedown led to the arrest of individuals suspected of serious crimes [5], including a 52-year-old Lithuanian man believed to be the service’s owner and a 30-year-old Dutch man suspected of cocaine trafficking [6], both apprehended in Marbella, Spain [1] [2] [3] [5] [6] [7]. Authorities conducted searches at six locations in Spain and Lithuania [6], seizing significant assets including EUR 145,000 in cash [2], EUR 500,000 in cryptocurrencies [2], four cars [2], and over 970 phones [2] [6], along with a villa in Spain valued at EUR 15 million [2], which was subjected to a freezing order [2].
Criminals using the service were alerted to the interception through a ‘splash page.’ Cooperation between Dutch and French authorities began with a Joint Investigation Team (JIT) established at Eurojust [5]. An Operational Task Force (OTF) was formed by Europol in June 2024 [5], involving the Netherlands [5], France [1] [2] [3] [5] [6] [7], Lithuania [1] [2] [3] [5] [6] [7], Italy [5] [6], and Spain [1] [2] [3] [5] [6] [7], which played a crucial role in monitoring criminal activities on the platform and will assist with follow-up investigations based on the intelligence gathered during the operation [5]. The takedown of MATRIX effectively disrupted a rising communication channel for organized crime before it could gain widespread popularity [4], highlighting the ongoing challenges law enforcement faces in tracking cybercriminals as they shift to new [4], secure platforms [4]. The encrypted communication landscape has become more fragmented due to the takedown of several services [2], prompting criminals to seek alternative [2], less-established communication tools [2]. Approximately 8,000 users had subscribed to MATRIX, paying between EUR 1,300 and EUR 1,600 for a dedicated phone and a six-month subscription [7], which included a range of applications such as video calls and anonymous internet browsing primarily through an app installed on Google Pixel phones [7]. Further arrests are anticipated as investigations continue, necessitating advanced monitoring solutions to stay ahead of emerging risks in the evolving digital landscape [4].
Conclusion
The dismantling of MATRIX marks a significant victory in the fight against organized crime, disrupting a secure communication channel before it could become more widespread. This operation underscores the challenges law enforcement faces in adapting to the evolving digital landscape, where criminals continuously seek new, secure platforms [4]. The intelligence gathered will aid ongoing investigations, and further arrests are expected. As the encrypted communication landscape becomes more fragmented [2], law enforcement agencies must develop advanced monitoring solutions to address emerging risks and maintain an edge over cybercriminals.
References
[1] https://www.techzine.eu/news/security/126779/police-forces-take-down-criminal-communications-service-matrix/
[2] https://www.eurojust.europa.eu/news/international-operation-takes-down-another-encrypted-messaging-service-used-criminals
[3] https://www.dutchnews.nl/2024/12/dutch-french-police-take-down-matrix-encrypted-message-service/
[4] https://socradar.io/international-operation-dismantles-matrix-a-sophisticated-encrypted-messaging-service/
[5] https://www.infosecurity-magazine.com/news/police-shut-down-matrix-criminal/
[6] https://nltimes.nl/2024/12/03/dutch-french-police-take-matrix-encrypted-chat-app-23-million-messages-captured
[7] https://www.helpnetsecurity.com/2024/12/03/matrix-encrypted-chat-takedown/
