Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42

Police in the Netherlands broke open alleged drugs gangs by hacking an encrypted messenger service, Exclu. Lives were saved and alleged perps arrested.

But was Exclu an elaborate honeypot? Or was it merely bad crypto? Or should we thank “human factors” for the success?

I think we can assume WhatsApp and Signal are still safe. In today’s SB Blogwatch, we have nothing to hide.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Steve and Jony’s spaceship.

Exclu Sieve: Crims are Dim

What’s the craic? Zachary Newmark reports—“Dutch police take down Exclu encrypted chat service with 42 arrests, [$4] million seized”:

Prevented assassinations
For five months, police in the Netherlands have been able to read the encrypted communications criminals shared with each other using the Exclu Messenger app. Authorities in the Netherlands, Germany, and Belgium cooperated in carrying out 79 searches, leading to the arrests of … Exclu users, administrators, and the chat service’s owners, police said.

The Exclu website offered a three-month license to use the service for [$500] and a six-month license for [$900]. The encrypted communications gives people confidence that their messages cannot be viewed by anyone other than the sender and the intended recipient, making it a popular choice for the criminal underworld.

The arrests stem from two separate investigations. The first, called 26Samber, started in September 2020, and targeted the owners and managers behind Exclu. … As it turns out, German authorities had started an investigation into Exclu a few months earlier, and began sharing evidence with their Dutch counterparts. … The arrests almost certainly prevented assassinations from being carried out abroad, Dutch police stated.

Mond van het paard? The Dutch national police service is lost in translation—“Police again read along with criminals”:

Obtaining evidence
Two drug labs and a cocaine laundry were found. In addition, several kilos of narcotics, more than 4 million … in cash, various luxury goods and several firearms were seized.

The Exclu service has been dismantled and the data has been obtained by applying specialist knowledge and expertise in the field of technology and cybercrime and by using hacking skills. In addition, the criminal investigation department has also used traditional investigative methods to successfully identify … the users and developers, administrators and owner of the service.

The focus of the investigation lies with the National Criminal Investigation Service of the National Unit, with a key role for Team High Tech Crime. They did this by working intensively with various other services of the National Unit, several regional police units, FIOD and National Investigation Department. Eurojust and Europol also participated in the investigation, as did Italy, Sweden and France. The German Landeskriminalamt (LKA) Rheinland-Pfalz also started an investigation into Exclu in June 2020. In good cooperation, the Netherlands was able to conduct research in Germany with a view to obtaining evidence.

“By using hacking skills”? Color jwhyche skeptical:

Seized his laptop
I’m willing to bet … it wasn’t because the app itself isn’t secure. Most of these criminal cases law enforcement like to crow about how through highly advanced ‘techniques’ their team of ‘highly skilled’ hackers ‘broke’ encrypted communications by ‘evil’ doers. When really no such thing happened.

All they really did was exploit poor security habits of the users or some common real world weakness. If you read the official press releases where they took down the original silk road and the dread pirate roberts you would think that they employed a team of ‘elite’ professionals and employed resources on level of breaking the enigma code to bring him down. All they really did was paid off one of his administrators then rushed in at a coffee shop and seized his laptop that he left unlocked when he got up to take a ****.

Anti-social engineering? u/GivingMeAProblems agrees:

The weak link always seems to be wetware. … Usually what happens is that the police are given access to an unlocked device and go from there. The one exception (I can remember) was with EnchroChat where police we able to push malware to their servers.

Or by taking a leaf out of the Crypto AG playbook? Darwinsky evolves the thread: [You’re fired—Ed.]

Seems like yet another crypto communicator of the “let’s use something self-made that’s not Signal or Telegram” kind was taken down. … I wonder—was this a honeypot … to begin with?

Interesting question. u/Frosty-Influence988 runs with it:

I went to their website—there is no way that is not a honeypot: Vague claims about security, no details about any of the supposed “security” measures used, no Terms and Conditions or Privacy policy. Literally all the hallmarks of a honeypot and dumb****s fell for it lol.

Or could it adequately be explained by stupidity? Oh let’s let ffkom guess:

Oh let me guess, nobody reviewed the source code because it was not even published. So they paid for believing in some obscurity, which is not security.

What would the Venerable William of Occam shave with? The buggy-code theory makes perfect sense to u/shawnperly:

They rolled their own encryption. Never roll your own encryption.

Meanwhile, ****_this_place is outta here:

Maybe it’s just a war-cry of ignorance, but trusting anything connected to this here internet seems like a terrible mistake.

And Finally:

Your humble blogwatcher used to work at the old HP campus

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: G-R Mottez (via Unsplash; leveled and cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 453 posts and counting.See all posts by richi