Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
EU Crime

After Cracking Another 'Secure' Messaging App, European Police Arrest 42 (barrons.com) 38

Slashdot reader lexios shares this report from the French international news agency Agence France-Press: European police arrested 42 suspects and seized guns, drugs and millions in cash, after cracking another encrypted online messaging service used by criminals, Dutch law enforcement said Friday. Police launched raids on 79 premises in Belgium, Germany and the Netherlands following an investigation that started back in September 2020 and led to the shutting down of the covert Exclu Messenger service.

After police and prosecutors got into the Exclu secret communications system, they were able to read the messages passed between criminals for five months before the raids, said Dutch police. Those arrested include users of the app, as well as its owners and controllers. Police in France, Italy and Sweden, as well as Europol and Eurojust, its justice agency twin, also took part in the investigation. The police raids uncovered at least two drugs labs, one cocaine-processing facility, several kilograms of drugs, four million euros in cash, luxury goods and guns, Dutch police said.

The "secure" messaging app was used by around 3 000 people who paid 800 euros (roughly $866 USD) for a six-month subscription.
This discussion has been archived. No new comments can be posted.

After Cracking Another 'Secure' Messaging App, European Police Arrest 42

Comments Filter:
  • by quonset ( 4839537 ) on Saturday February 04, 2023 @01:46PM (#63265275)

    Apparently the Ukrainian security service "hacked" into a Trueconf call [twitter.com] between Russian terrorists and quislings in Ukraine. Those on the Ukrainian side were told they were both fired and charged with treason. Then everybody was made to listen to the Ukrainian national anthem.

    Trueconf [trueconf.com] touts itself as a "secure video conferencing solution that meets European cybersecurity and data protection standards."

    So much for being secure.

    • by Plugh ( 27537 ) on Saturday February 04, 2023 @02:32PM (#63265339) Homepage
      Loved that video. Epic pw0nage. Ukraine has some excellent tech folks, I have learned a lot from the few I have been lucky to work with. I assume the vuln was on one of the attendeesâ(TM) phones, not in Truconf itself. The end user device running proprietary code is the giant screaming attack surface here.
  • They "cracked" it. How? What? What did they crack? Maybe they just read the metadata that wasn't encrypted?
    Who says it was "secure"? Doesn't sound secure to me.

    I read the article/link, but still had all these questions.
    • Who says it was "secure"? Doesn't sound secure to me.

      Obviously, it's the guys behind the app said it is secure (it's proprietary code so not worth of trust anyway). Here is their ad line "Exclu Messenger is an unique world class product, featuring one of the most secure encryption used for communications." -- from exclumessenger.com exclu.chat exclu.network excluchat.cc exclu.app exclusivepgp.org I don't know why you would register so many similar domains other than some scam. I did not open any of these links, I only used the text quoted by the search engin

    • They "cracked" it. How? What? What did they crack? Maybe they just read the metadata that wasn't encrypted? Who says it was "secure"? Doesn't sound secure to me. I read the article/link, but still had all these questions.

      If you really want to know, then my advice would be to apply for a job in Homeland security. You will obviously have to sign an NDA to never reveal such information.

      • Well, colour me curious. Nearly all the second string apps use the same encryption methods as signal, afaik. WhatsApp uses it, and whenever I look, it seems that some other company is wrapping a proprietary UI around that encryption and branding it XYZ. So as a user of XYZ, I'm wondering if XYZ is "hacked", then Signal and WhatsApp are likely also subject to same vulnerability.
        As someone above mentioned, it's often social engineering used to gain access to something that then allows access to the encrypted
  • by ffkom ( 3519199 ) on Saturday February 04, 2023 @02:16PM (#63265323)
    Oh let me guess, nobody reviewed the source code because it was not even published... so they paid for believing in some obscurity, which is not security.
    • by Plugh ( 27537 ) on Saturday February 04, 2023 @02:36PM (#63265347) Homepage
      This. As I noted in a separate comment. 99 times out of 100 the vuln is with the end user device. Kind of like a Douglas Adams SEP Someone Elses Problem. Much easier to get your mark to click a malicious link than to hack an encryption protocol.
    • by mspohr ( 589790 )

      This seems to be another example of "dumb criminals".
      They were sold on a "secure" app (at a high price) which turned out not to be so secure.

      • This is the inherent nature of criminality. People who think it's OK to lie, cheat, and steal, are prime candidates as targets of others who think it's OK to lie, cheat, and steal.

      • by jwhyche ( 6192 )

        I'm willing to bet that while you may be right about dumb criminals, but I'm also willing to bet it wasn't because the app itself isn't secure. Most of these criminal cases law enforcement like to crow about how through highly advanced 'techniques' their team of 'highly skilled' hackers 'broke' encrypted communications by 'evil' doers. When really no such thing happened.

        All they really did was exploit poor security habits of the users or some common real world weakness. If you read the official press

    • Oh let me guess, nobody reviewed the source code because it was not even published...

      I'm willing to bet you've never done this either and simply taken the word of others on face value that someone somewhere at some point has reviewed it.

      And we've learned nothing from Heartbleed.

    • > Oh let me guess, nobody reviewed the source code because it was not even published... so they paid for believing in some obscurity, which is not security.

      Dude, it's called an Intelligence Operation.

      Many criminals are kinda dumb.

  • Fish in a barrel (Score:4, Insightful)

    by DrXym ( 126579 ) on Saturday February 04, 2023 @02:47PM (#63265375)

    If criminals were smart they'd hide their activities in a sea of mundanity - using apps where the majority of activity was banal, legal, and not likely to convince a judge to sign off on mass surveillance. The cops would have to focus on specific individuals and present probable cause which would limit their searches and who they eventually arrest.

    But criminals are fuckwits who gravitate towards apps & devices custom advertised to serve their nefarious purposes. It's kind of amusing in a way that people desperate to avoid attention end up concentrating their criminality in a way that cannot escape attention. Oh well, enjoy prison.

    • They do. This gets the lazy ones, as the low value of seizures attests.

    • Even in a sea of mundanity, criminal patterns can be found and traced. The reality is, criminals want to be able to do things that society does not want people to do, such as steal from others. This type of activity will always stand in contrast to other activity that conforms to societal norms. There isn't a sea big enough to hide in.

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Saturday February 04, 2023 @02:58PM (#63265391)
    Comment removed based on user account deletion
  • by PPH ( 736903 ) on Saturday February 04, 2023 @03:29PM (#63265449)

    European countries have some very strict gun laws. So criminals wouldn't have guns.

    • We have some strict drug laws too so there shouldn't be any drugs either.
    • Criminals have guns. So it's easier to identify them, and not shoot unarmed civilians because they're afraid of everyone carrying a gun at all times

      They won't threaten to shoot an autistic child with a toy truck, and they won't shoot the nearby unarmed black man simply because.
    • https://worldpopulationreview.... [worldpopul...review.com]

      Gun Deaths per 10k in
      USA = 10.89
      Belgium = 1.95
      Germany = 1.22
      Netherlands = 0.48

      • Getting a legal gun here: go through an extensive background check, become a provisional member at a gun range for a year, pass their proficiency tests, become a full member and buy my first .22 pistol or bolt action rifle, and after another year I can get a large calibre pistol or bolt action rifle. After 3 years I am eligible for a semi auto firearm. And have to tolerate yearly police inspections in my home, to prove that I am storing my guns correctly and that there is no way they could ever be used in s
    • European countries have some very strict gun laws. So criminals wouldn't have guns.

      Logic error. European countries have some very strict gun laws. So only criminals have guns.

      It's why we don't go around shooting each other over arguments, or suiciding, or having our kids accidentally shoot themselves. It's why the Netherlands has 1/20th of the gun deaths per capita than 'MURIKA.

      • The US is much larger than Europe. If you divide up the US into chunks the size of European countries, comparison starts to become a lot easier to show crime stats in a meaningful way.

  • by BadDoggie ( 145310 ) on Saturday February 04, 2023 @04:22PM (#63265497) Homepage Journal
    I want to know which services they were using &/or applications. Either they service (or app) they used has shit "encryption" or there's now more than the last number sieve used by RSA/PGP. Thing is, I'm really glad that criminals are stupid/ignorant. I'm a huge privacy (and Free Speech) advocate, but with some incidents over the past 25 years or and only made possible by breaking encrypted communications (like this kiddie-abusing senior Met officer [lbc.co.uk] or [pdf] these shitbag, would-be bombers [judiciary.uk], and which aren't just dog & pony shows designed to take away more of our rights.

    These and others weren't just suspects harassed by police but have been proven cases further investigated and found guilty based on overwhelming evidence, I find myself no longer the complete absolutist I used to be. Which is why I don't know if I want to know what they used for "encryption". Not so much as /.'s ever-beloved security through obscurity so much as the fact smart people will figure it out (and already have) but most criminals are dumb and I don't want to help them.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...