Cops make arrests and seize drugs after hacking Exclu encrypted messaging app

Clues discovered in German cyberbunker

German police began investigating Exclu in June 2020 after discovering that the service had been hosted in a notorious “cyberbunker” in Traben-Trabach. The bunker allegedly hosted drug marketplaces on the dark web before being shut down by German police in September 2019.

Exclu continued to use a server in Germany.

In a series of coordinated raids on 3 February 2023, 1,200 police officers in the Netherlands, Germany, Belgium and Poland searched 79 addresses.

Police dismantled two drug laboratories and seized €5.5m in cash, 300,000 ecstasy tablets and 200 mobile phones, which are being examined by forensics and digital experts.

Police in the Netherlands and Germany made 45 arrests. Holland’s Fiscal Information and Investigation Service (FIOD) arrested a 51-year-old man from Tilberg in southern Holland on suspicion of money laundering. Investigators seized cryptocurrency and an encrypted phone from his home.

Exclu accused of supporting organised crime

Police accuse the operators and owners of Exclu of supporting organised crime and drug trafficking by providing encrypted communications services to criminals, according to a statement by the public prosecutor’s office in Koblenz, Germany.

German police said they had executed several search warrants targeting the operators of Exclu but made no arrests.

Dutch police began an investigation, codenamed “26 Samber”, in September 2021 into the owners and managers of the Exclu service.

A second Dutch investigation, codenamed “26 Lytham”, began on 28 April 2022 into users of Exclu who were suspected of involvement in organised crime.

Innocent Exclu users urged to contact Dutch police

Dutch police have asked users who can claim legal privilege, such as lawyers, notaries and clergy, to email the Openbaar Ministrie – responsible for bringing prosecutions – to request that their data be deleted.

The international collaboration to take down Exclu follows similar operations to dismantle encrypted phone networks suspected of being used for organised crime.

French and Dutch police hacked the EncroChat encrypted phone service in 2020, obtaining millions of decrypted messages and sparking arrests in the UK, the Netherlands and Sweden, among other countries.

Belgian and Dutch Police announced they had penetrated the Sky ECC encrypted phone service in March 2021, leading to further arrests of alleged drug dealers.

In June 2021, Police in 16 countries carried out raids after Australian Police and the FBI cracked the An0m encrypted phone network in Operation Trojan Shield.

Dutch lead on encryption

The Dutch police have long-standing expertise in cracking encrypted communications services.

Computer Weekly has previously reported that the Dutch National Forensics Institute (NFI) was a key participant with French police in a two-year project with University College Dublin to study how to break passwords of encrypted systems in February 2019.

The £2.3m project, Cerberus, played a key role in helping the joint French and Dutch police operation read messages on a server used by the EncroChat encrypted phone network, according to the NFI.

Europol provided investigating police forces with real-time operational support to identify imminent threats to life and high security risks during investigations into Exclu.

Eurojust has supported judicial cooperation on the investigation into Exclu since February 2022, hosting eight meetings between Dutch and German prosecutors and law enforcement agencies.

Computer Weekly contacted Exclu for comment through its website but received no response.