Greek government ministers have been under spyware surveillance, including when communicating with their European peers, according to the latest findings. But EU institutions insist on considering the matter a national affair.
Ninety-two Greeks, including politicians, ministers, and journalists, have received infected SMS associated with the Predator spyware, the Greek Data Protection Authority said on Thursday (27 July).
As Inside Story reported, the messages contained a short text and a link to a website, which closely resembles a well-known website mainly focusing on news.
Each message was tailored to the specific person it was sent to. There were more than 350 SMSs related to the spyware to potential Predator targets, some of them through the state’s electronic platform for vaccination during the pandemic.
Using spyware in Greece is illegal, even for government agencies.
Once the Predator spyware, similar to Pegasus, is installed on the phone, it can access passwords, files, photos, browser history, or contacts. It can also activate the camera or the microphone, as well as take screenshots.
Effects on the EU
A Greek investigative journalist who fell victim to the Predator spyware before, Thanasis Koukakis, told EURACTIV that this time, “we are talking about ministers, like the minister of foreign affairs”.
“We are talking about people who participated in the European Council. While they were calling other European ministers, they were under surveillance,” he said.
In May, Greek Foreign Affairs Minister Nikos Dendias told Mega TV in an interview that in case his phone was bugged, it would be a “felony not only in Greece but in a number of countries around the world, because I don’t only chat within the country.”
Dutch MEP Sophie in ‘t Veld, who has been spearheading the work of the now-concluded Pegasus investigation in the European Parliament, thinks that this could affect the European Council, the Commission, and other EU bodies like the border agency Frontex.
She complained that “the European Union has every reason to investigate very thoroughly.” Yet, EU institutions have kept quiet about it so far, dubbing it a matter for national authorities to investigate.
In ‘t Veld has previously told EURACTIV about her dissatisfaction with the Commission’s lack of action regarding spyware. In the Commission’s view, enforcing the law on spyware is up to the member states. However, in ‘t Veld thinks that is just a “fig leaf” and a pretext for the institution not to do its job.
“We are getting to the point where the Commission doesn’t deserve the trust of the European Parliament anymore,” she said.
“People tend to shrug a little bit like ‘oh, yeah, political parties are spying on others. What’s new?’ I think if we are that careless about democracy and the rule of law, then we don’t deserve to live in a free world anymore.”
A European Commission spokesperson said that they and the Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU) are both “aware of the media reports about the ‘Predator’ malware and are constantly monitoring the situation.”
They “take this sophisticated malware very seriously and apply strict policies, both preventive and defensive, to protect our infrastructures, data and devices”.
However, at this stage, the Commission “has no indication that this malware is present in its IT infrastructure”.
EURACTIV filed an access to document request to the European Commission requesting to access internal documents related to Pegasus, Predator, and spyware in general. The request was denied based on the high sensitivity of the information.
A spokesperson of the European Council told EURACTIV that “the security of ministers’ mobile phones is a matter for which member states and their national security authorities are exclusively competent”.
The spokesperson also referred to the General Secretariat of the Council (GSC), which “ensures the protection of the European Council, the Council, and other high-level meetings in liaison with Host State authorities.”
The GSC also “liaises as appropriate with member state authorities and other EU institutions, bodies and agencies,” the Council representative added.
Greece and Predator
As EURACTIV previously reported, Tal Dilian, a former Israel Defence Forces Unit 81 commander, operated in Cyprus from 2013 until around 2020, when he moved to Greece. Among other companies, Dilian founded a consortium called Intellexa. It was Intellexa’s company Cytrox that developed Predator.
Intellexa and Cytrox have been both blacklisted by the US federal government, preventing American companies from entertaining commercial relations with the two companies, which were considered a threat to the US national security and foreign policy interests.
The administration of Greek Prime Minister Kyriakos Mitsotakis facilitated the proliferation of Predator spyware to other countries by granting export licences through the Greek Ministry of Foreign Affairs. This was at odds with the EU’s rules on dual-use technologies and the EU prosecutor is currently examining the case.
The head of Greek secret services, as well as Mitsotakis’ nephew Grigoris Dimitriadis, who was the secretary general of the prime minister’s office until August 2022, resigned after it was revealed that Nikos Androulakis, an MEP and leader of the socialist Pasok party, was placed under surveillance by the Greek intelligence service in 2021.
Mitsotakis said publicly he was not aware of this surveillance and later admitted that Androulakis does not represent any national security danger.
The Greek government denies any involvement with the Predator spyware and insists that any surveillance took place under the legal channels of secret services.
When it comes to Predator, the Greek executive says it is a matter of “individuals” that the Greek justice is currently examining. However, almost a year after the scandal erupted, the justice has produced no results.
Earlier this week, MEP Androulakis revealed in the Greek parliament that there have been three attempts to contaminate his phone with Predator. Two were detected by the special service of the European Parliament on 16 and 21 September 2021.
“The third attempt took place on 20 October 2021, while I was already under surveillance by the secret services and in the middle of the Pasok election process,” he said.
In an article on 13 July, Inside Story revealed connections between Intellexa, the Greek secret services, and the Greek prime minister’s office. The opposition had pointed out before that one of Mitsotakis’ first moves after taking office was to put the intelligence agencies under his direct supervision.
[Edited by Luca Bertuzzi/Zoran Radosavljevic]
