via image mid journey.CC BY 4.0

In December 2021, Eliza Triantafillou, a journalist for Greek independent media The Inside Story, was looking for a subject for her next article when Facebook’s parent company Meta announced earlier in the month that it had “made an offer for employment.” I learned that they released a report on “surveillance”. ” Industry.

The article she produced in response is part of a series of reports by Greek journalists that unraveled the details of a months-long wiretapping and surveillance scandal entitled “Watergate on Steroids.” These findings highlight shortcomings in government regulation and technical capacity to accommodate the rapidly evolving civilian surveillance industry. This allows these very governments to monitor their citizens.

So far, there have been four attempts to infect Greek journalists, politicians and even intelligence agencies with spyware called Predator, which is capable of advanced phone surveillance, including recording conversations and accessing encrypted chats. Confirmed.

greek connections

Last December, Triantifillou noticed that both the Meta report and another report released the same day by Toronto-based research institute Citizen Lab linked Greece. Both reports conclude that Predator, a sophisticated surveillance spyware, was purchased for use in Greece and elsewhere. Cytrox, the North Macedonian company that developed Predator, belongs to a group of mercenary surveillance providers sold under Intellexa and has been incorporated in Greece since 2020.

Triantafillou published an article in January 2022 about how Meta deleted nearly 300 Facebook and Instagram accounts linked to Cytrox and how Cytrox “fakes” real URLs, including those of trusted news outlets. focused on how These links look real at first glance, but have a slightly different syntax than real URLs (missing characters, extra symbols, etc.). They can be used to trick the target into clicking, thus activating Predator’s phone infection.

“We found an uneven percentage of Greek domains in this list, as Meta reported 310 spoofed domains, 43 of which were of Greek interest,” said Triantafillou. said in a Zoom interview. “We are a very small country. Our share of the world’s internet traffic is much smaller than the other countries included in our customers based on these two reports.”

The devil is in the details: ‘legal’ vs. ‘illegal’ surveillance

When another Greek reporter, Thanasis Koukakis, read Triantafirou’s article, he realized that many of the spoofed domains on the list were reports with which he had worked or still works. I found myself mimicking an institution. Koukakis recently uncovered a fraud case in the country. He already suspected that his conversations were being tapped and had filed a complaint with the Communications Privacy Assurance Authority (ADAE) in August 2020 asking for the necessary checks. Today we know he was tapped by the National Intelligence Agency (EYP). He received a response from ADAE in July 2021 that he hadn’t broken the law, but that didn’t mean he wasn’t being spied on, after all.

While wiretapping by EYP is technically “legal”, the use of spyware such as Predator is considered illegal in Greece. Article 19 of the Greek Constitution protects the right to privacy in correspondence. However, exceptions are made for national security reasons and to investigate serious crimes. EYP’s surveillance of Koukakis was justified by intelligence agencies using national security arguments, although it is not clear how the investigative journalist’s work undermined national security. The government has passed an amendment that would revoke the right of citizens to know if they were being monitored after the monitoring ended.

Governments have also used this legal/illegal dichotomy to protect themselves. The prime minister has publicly said that even if the oversight of politicians is wrong, it is “politically acceptable” and that the narrative around the issue should not undermine the intelligence services’ “important work.” When Kyriakos Mitsotakis became prime minister, he put his EYP under his command. Grigoris Dimitriadis, chief secretary of the Prime Minister’s Office and nephew of EYP head Mitsotakis himself, has resigned from his post, although today he claims to have no knowledge of the wiretapping.

larger pattern

In November 2021, Greek journalist Stavros Malichudis was scrutinizing the news when he saw a revealing article by the newspaper Efimerida ton Syntakton. It was about his EYP wiretapping of many citizens, including journalists. The article described his one case of a journalist working on immigration issues. Upon perusing the details, Malikdis realized he was the journalist. In response to a letter sent by the news agency AFP, with which Malikdis was working at the time, Greek authorities twice denied spying on him. Such oversight would not be acceptable and, for the avoidance of doubt, so would the Greek government,” read a response signed by the Minister of State.

Koukakis, Triantafillou, and Malichudis testifying before the EuroParl PEGA Commission about the use of spyware in Greece. Credit: Eric VIDAL/© European Union 2022 – Source: EP.

From Eavesdropping to Spyware

In January 2022, still unclear as to whether his phone conversation had been intercepted, Koukakis sent files extracted from his phone to Citizen Labs after reading the Inside Story Report, which Citizen Labs confirmed. confirmed he was targeted by the Predator. A text from an unknown number shared a link in his message that appeared to be a trustworthy blog post. In reality it was his URL for spoofing. After Koukakis clicked on it, his phone was infected with spyware.soon after that, thanks Reporters United articlehe knew it he was also eavesdropped by intelligence agencies.

The Greek government denies buying or using the Predator, but more targets have been identified. In September 2021, we discovered that we received a text message containing the same link that infected Koukakis’ phone. He didn’t click the link, so he wasn’t affected. In September, he also said that a politician, former Syriza party minister Christos Spirtzis, had also been the target of an attempt to install his Predator.

This has led to credible suspicions about the government’s role in this surveillance, and is backed up by Google’s report. Also, the timing of Koukakis’ so-called “legal” wiretapping and the timing of his phone being infected with his Predator seem to match up so closely that it’s hard to believe it’s a coincidence. After Koukakis filed a complaint, EYP stopped monitoring him, and shortly after, his phone was infected with his Predator. Koukasis, who testified before the European Parliament in early September, said he believed the spyware was used by the government. “On the other hand, according to what Citizen Lab told us and the price list found on the dark web, the cost of these services from Intellexa cannot be borne by individuals,” he said. . “can [the government have used] A private person as an intermediary? The answer is yes. “

Triantafillou tends to agree. “It’s not just a hypothesis, but our hypothesis is that you don’t have to buy it to use it,” she said of her Predator. Cytrox and its marketer, Intellexa, have a complex corporate structure spanning many countries and involving many registered entities. Intellexa’s founder, Tal Dillian, is a former Israel Defense Forces intelligence officer who moved to Greece after facing legal troubles with Cypriot authorities in his Forbes interview in 2019. In 2020, Intellexa is incorporated in Greece.

This diagram, from a lawsuit filed against Dillian in Tel Aviv by business partner Avi Rubenstein, shows the complex structure of a company that includes both Intellexa and Cytrox. Image by Eliza Triantafillou. Used with permission.

With four known attempts to target Greek citizens with the Predator, the question is whether there are more targets. Triantafillou believes so. “There is a very powerful and very expensive tool worth millions of dollars that has created and used at least 50 domains https://globalvoices.org/2022/09/26/the-greek-spyware-scandal-when-technology-outpaces-governance/ Using that amount just to target three people to target Androulakis, Koukakis and now Spirtzis is practically ridiculous,” she says.

keep up with technology

This ongoing scandal in Greece touches at the root of the problem all countries are grappling with. Regulatory mechanisms and institutions to protect citizens’ digital rights are outdated.

Today’s so-called “legal surveillance” only covers part of the communication we have on our mobile phones. Messaging on encrypted applications like WhatsApp and Signal, conversations on Zoom, and much more are outside the scope of eavesdropping. They require far more advanced surveillance technology, provided by mercenary surveillance companies like Cytrox.

The head of ADAE, Rammos Christos, addressed the European Parliament, pointing out that his organization “has powers to control only providers of telecommunications services, not public institutions or private companies”. said.

Stavros Malikdis, a journalist tapped by the government, checked his phone for spyware after a recent revelation (all clear). Also, with journalists His Triantafillou and His Koukakis, he testified before the European Parliament in early September, and from personal experience, both eavesdropping and spyware surveillance are insidious undermining fundamental rights to privacy. indicated that it was part of the attempt. A parliamentary commission of inquiry is also underway in Greece and progress continues.