Greece denies deploying spyware against investigative journalist
The head of the Athens Prosecutor’s Office, Sotiria Papageorgopoulou, has started an investigation into the apparent electronic surveillance of investigative reporter Thanasis Koukakis. Canadian research institute Citizen Lab recently confirmed that Koukakis’ mobile phone had been infected with Predator spyware, giving an unknown attacker full access to his communications for an estimated ten weeks.
Koukakis is a financial editor for CNN Greece and a regular contributor for local and international outlets. His investigations have included a series on a Greek bank, dubious expenses claims at the country’s migration ministry and defense contracts.
The journalist had noticed his mobile phone behaving strangely after clicking on an unsolicited link in summer 2021 and had requested assistance from the digital rights group Citizen Lab, who duly confirmed the presence of Predator malware in late March. The spyware, developed by Cytrox, a relatively obscure malware company based in North Macedonia, had been on Koukakis’ phone from July 2021 to September.
The Citizen Lab investigation identified the source of the suspicious link to be a Greek phone number, which sent Koukakis a text message containing an infected link to a fake website. This is not sufficient evidence on its own to confirm whether the spyware was deployed by a private or public entity in Greece.
It is not known which of Koukakis’s communications were monitored or if his sources were compromised, but the spyware of recording conversations and revealing passwords, photos, internet history and any contacts, which for a journalist could clearly include whistleblowers and other confidential sources.
In a separate report, investigative outlet Reporters United (RU) claimed to have documents showing that Koukakis was also under surveillance by Greek state intelligence service EYP a year before the Predator phone hack. Koukakis himself has called for this to be investigated.
According to the report, the EYP documents had cited reasons of “national security” for the surveillance, which had begun in June 2020 for a period of two or three months. EYP reports to Prime Minister Kyriakos Mitsotakis, whose government has attracted wide criticism from media freedom groups.
Government spokesman Giannis Economou denied any surveillance and said it was up to “the competent authorities to do their job to clear up this affair and for justice to be done.” Koukakis tweeted that statement and said he was waiting for the findings of an investigation by the ADAE, the Greek agency which oversees communications security and privacy of citizens.
An unenviable track record
This is not the first time questions have been asked about the Greek government’s willingness to commission surveillance against working journalists. In November, 2021, the Greek left-wing daily paper Efsyn published what it claimed to be memos on political activists and a journalist from the country’s intelligence service. These claims were also denied by the government at the time.
Jamie Wiseman, Europe Advocacy Officer for the Vienna-based International Press Institute told Blueprint for Free Speech that, “These cases of surveillance against Thanasis Koukakis are extremely concerning and will have a further chilling effect on public interest journalism in Greece.”
He said the Greek government needed to confirm or deny whether any of its agencies had retained commercial spyware services and that, “State authorities need to urgently answer questions about why a financial journalist in an EU country who was investigating corruption could possibly have been surveilled under national security grounds.”
IPI Deputy Director Scott Griffen added, “It is vital that the European Parliament’s new inquiry committee for Pegasus expand its focus to look beyond just NSO’s tools to the full range of spyware available on the European market, including those developed by Cytrox and its wider group, Intellexa.”