European police have shut down an encrypted messaging service used by thousands of people including members of organised crime groups.
A joint operation led by Dutch and German police has led to more than 45 arrests following a multi-country probe into the Exclu encrypted messaging service.
Police covertly read decrypted communications on the app for five months before launching coordinated raids, according to a series of announcements on Monday 6 February 2023.
Exclu claims on its website to offer the “most secure encryption protocols”, which it says have been audited by cryptography experts to ensure they contain no backdoor vulnerabilities.
“End-to-end encryption ensures only you and the person you’re communicating with can read what’s sent, and nobody in between, not even Exclu,” it claims.
Customers could buy a six-month subscription to the service, allowing them to share text messages, pictures and videos, according to a statement by the European justice agency Eurojust.
“The application was praised by users for its high level of reliability and service,” it said.
The encrypted messaging service had 3,000 users, including 750 Dutch speakers.
Clues discovered in German cyberbunker
German police began investigating Exclu in June 2020 after discovering that the service had been hosted in a notorious “cyberbunker” in Traben-Trabach. The bunker allegedly hosted drug marketplaces on the dark web before being shut down by German police in September 2019.
Exclu continued to use a server in Germany.
In a series of coordinated raids on 3 February 2023, 1,200 police officers in the Netherlands, Germany, Belgium and Poland searched 79 addresses.
Police dismantled two drug laboratories and seized €5.5m in cash, 300,000 ecstasy tablets and 200 mobile phones, which are being examined by forensics and digital experts.
Police in the Netherlands and Germany made 45 arrests. Holland’s Fiscal Information and Investigation Service (FIOD) arrested a 51-year-old man from Tilberg in southern Holland on suspicion of money laundering. Investigators seized cryptocurrency and an encrypted phone from his home.
Exclu accused of supporting organised crime
Police accuse the operators and owners of Exclu of supporting organised crime and drug trafficking by providing encrypted communications services to criminals, according to a statement by the public prosecutor’s office in Koblenz, Germany.
German police said they had executed several search warrants targeting the operators of Exclu but made no arrests.
Dutch police began an investigation, codenamed “26 Samber”, in September 2021 into the owners and managers of the Exclu service.
A second Dutch investigation, codenamed “26 Lytham”, began on 28 April 2022 into users of Exclu who were suspected of involvement in organised crime.
Innocent Exclu users urged to contact Dutch police
Dutch police have asked users who can claim legal privilege, such as lawyers, notaries and clergy, to email the Openbaar Ministrie – responsible for bringing prosecutions – to request that their data be deleted.
The international collaboration to take down Exclu follows similar operations to dismantle encrypted phone networks suspected of being used for organised crime.
French and Dutch police hacked the EncroChat encrypted phone service in 2020, obtaining millions of decrypted messages and sparking arrests in the UK, the Netherlands and Sweden, among other countries.
Belgian and Dutch Police announced they had penetrated the Sky ECC encrypted phone service in March 2021, leading to further arrests of alleged drug dealers.
In June 2021, Police in 16 countries carried out raids after Australian Police and the FBI cracked the An0m encrypted phone network in Operation Trojan Shield.
Dutch lead on encryption
The Dutch police have long-standing expertise in cracking encrypted communications services.
Computer Weekly has previously reported that the Dutch National Forensics Institute (NFI) was a key participant with French police in a two-year project with University College Dublin to study how to break passwords of encrypted systems in February 2019.
The £2.3m project, Cerberus, played a key role in helping the joint French and Dutch police operation read messages on a server used by the EncroChat encrypted phone network, according to the NFI.
Europol provided investigating police forces with real-time operational support to identify imminent threats to life and high security risks during investigations into Exclu.
Eurojust has supported judicial cooperation on the investigation into Exclu since February 2022, hosting eight meetings between Dutch and German prosecutors and law enforcement agencies.
Computer Weekly contacted Exclu for comment through its website but received no response.
Read more about criminally dedicated communications services
- Belgian and Dutch police breach the encryption of users of Sky ECC, the world’s largest cryptophone network.
- Dutch defence lawyers say in an open letter that there is a risk of unfair trials unless they are allowed to test the reliability and legitimacy of hacked cryptophone evidence.
- Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation.
- Appeals court decides EncroChat-encrypted phone records can be used in criminal trials. Critics say the decision means phone tapping no longer has a ‘clear meaning in the digital age’.
- Police in 16 countries carry out raids after Australian Police and FBI crack an encrypted An0M communications network used by crime groups.
Read more on Hackers and cybercrime prevention
Germany: European Court opinion kicks questions over EncroChat back to national courts
French supreme court dismisses legal challenge to EncroChat cryptophone evidence
German court unclear whether intercepted EncroChat cryptophone messages are legally admissible
Germany: European Court of Justice hears arguments on lawfulness of EncroChat cryptophone evidence