The Dutch police announced on Friday that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations.
The operation consisted of two separate investigations starting in September 2020 and April 2022, when the police also carried out 79 targeted searches in the Netherlands, Germany, and Belgium and arrested 42 people.
Eurojust, Europol, and the police forces in Italy, Sweden, France, and Germany assisted in the law enforcement operations.
Two of the arrested individuals are allegedly the owners and managers of the encrypted telecommunications platform. The remaining 40 were users of the Exclu service, including drug lab operators holding significant amounts of narcotics, firearms, and over 4 million euros in cash.
In the Netherlands alone, the police searched 22 locations and arrested 11 individuals believed to be connected with the Exclu platform.
The Dutch police say it has used its expertise in technology and cybercrime to hack into the Exclu service, identify its users, and eventually dismantle its infrastructure.
Exclu was selling six-month user subscriptions for €800, allowing users to exchange encrypted messages and media (voice recordings, videos, images). The police mention that the app had approximately 3,000 users, 750 based in the Netherlands.
The authorities now possess all communication data, which they are using to continue their investigations. This may lead to discovering additional illegal activity and provide evidence to support charges brought against suspects.
However, a segment of Exclu’s user base consists of professionals in sensitive fields, such as lawyers, investigators, notaries, and doctors, for whom privacy is critical. These individuals are encouraged to contact the police and request the removal of their data from the seized servers.
Some people use these obscure communication platforms instead of popular end-to-end encrypted products like Signal because they promise extreme confidentiality and multiple layers of encryption and security.
Also, lesser-known crypto-phone services like Exclu are less likely to be detected and targeted by law enforcement authorities, allowing their existence to remain a secret from the general public for years.
A notable case of a similar crypto-phone platform takedown was that of EncroChat in July 2022, when several European police forces collaborated to dismantle the service and use seized data to identify criminals.
EncroChat counted over 60,000 users worldwide and sold subscriptions for €1,500 per six months while providing 24/7 customer support.
The FBI and the Australian Federal Police also created a fake end-to-end encrypted chat platform named ANOM, allowing law enforcement to monitor the activities of criminal groups. This ultimately led to the arrest of 800 people.
Source: https://www.bleepingcomputer.com/news/security/police-hacked-exclu-secure-message-platform-to-snoop-on-criminals/