An encrypted messaging service that has been on law enforcement’s radar since a 2019 raid on an old NATO bunker has been shut down after a sweeping series of raids across Europe last week.
In a search of 79 properties in German, The Netherlands, Belgium and Poland last Friday, Authorities in those four countries arrested 48 people who were users, operators and administrators of the Exclu crypto communications service.
Exclu, which still has an operational website that appears to still accept payments of €500 ($537/£446) or €900 ($966/£804) for three and six month licenses, respectively, was used extensively by organized criminals and drug gangs, Dutch police said.
Exclu made it possible to exchange messages, photos, notes and other communications with users, of which Dutch police said there were around 3,000 prior to the service’s seizure, 750 of whom were Dutch speakers. Exclu claims on its website that it’s end-to-end encrypted, offers remote device wiping capabilities, and other security features.
“The Exclu service has been dismantled,” said the Dutch police and Public Prosecution Service. “At the moment, no one can use Exclu’s services anymore.”
Along with ending Exclu’s use as a haven for criminals, Dutch law enforcement said it and counterparts in Belgium seized two drug labs, several kilos of narcotics, more than €4 million in cash, “various luxury goods and several firearms.”
Dutch authorities said legitimate users of Exclu who can invoke legal privilege (e.g. lawyers, civil-law notaries, doctors or clergy) can contact police to have their data deleted, pending a look to make sure it doesn’t contain any illegal information.
CB3ROB raid continues to pay dividends
Much of the arrest of Exclu’s leadership appears to have happened outside of Germany, but it was German authorities that the rest of Europe has to thank for the data that led to the raids and arrests. Dutch police specifically thanked their counterparts for allowing them “to conduct research in Germany with a view to obtaining evidence for its investigation.”
German police said that their investigation into Exclu began in 2020 and had their origin in the seizure of an old NATO bunker dubbed “Cyberbunker” or CB3ROB, which had a reputation for hosting some of the less legitimate sites on the internet, including The Pirate Bay and the back end for Exclu.
German authorities said that their investigation of the Cyberbunker gave them the data needed to decrypt Exclu’s services in order to monitor communications, which the Dutch police said they spent five months doing prior to last week’s coordinated raids.
The data retrieved from Exclu also allowed authorities to identify and trace the developers, administrators and owners of the service, many of whom were arrested in the raids.
Law enforcement agencies and lawmakers around the world have made end-to-end encryption services like Exclu a legislative bugbear, stoking fear that the only purpose of such software was to subvert the law, and that forcing a backdoor into such services was necessary. ®