Στο Wired των περισσότερων από 53.1 εκατομμυρίων ‘επισκεπτών’ κάθε μήνα, υπάρχει ένα κείμενο με τίτλο “Τα σκάνδαλα spyware διασχίζουν την Ευρώπη”.
The columnists explain that "the latest crisis that shook the Greek government shows that the surveillance problem of the European Union goes beyond the notorious NSO Group".
"The text message that lured Thanasis Koukakis into what is now known as Europe's Watergate was so innocuous, he barely remembers receiving it.
The Athens-based financial journalist received the message on his iPhone 12 Pro on 12/7/2021. The sender was a number he did not know. Which was not unusual for him, as he had completed three years investigating the government's changes to financial crime regulations.
Thus, he received many text messages from numbers he had not saved, but also from his acquaintances.
Το συγκεκριμένο SMS του απευθυνόταν ονομαστικά. Ο Κουκάκης διάβασε “Θανάση, ξέρεις κάτι για αυτό το θέμα;” και ακολουθούσε ένα link. Εκείνος έκανε click και διάβασε μια είδηση για ένα σκάνδαλο των ελληνικών τραπεζών. Απάντησε λακωνικά ‘όχι’ και δεν έδωσε περαιτέρω σημασία.
Δεν γνώριζε πως το το link που είχε ‘ανοίξει’ είχε εξαφανιστεί από το Internet λίγες ημέρες αργότερα, όπως και το site που το φιλοξενούσε. Όπως δεν ήξερε πως με το click που έκανε, επέτρεψε την εγκατάσταση του Predator που στο εξής θα παρακολουθούσε ό,τι έκανε με το κινητό του.
The smartphone continued to work without problems when in December Koukakis read an article about how Facebook's parent company Meta had detected spyware being used by customers in 10 different countries. Greece was also on the list.
One of the links used to trick people into downloading the spyware was designed to look like a medium he worked on, as an editor."
Somehow fleas got into his ears. “He contacted Meta who put him in touch with researchers at Citizen Lab - a University of Toronto research unit specializing in spyware.
In March 2022, investigators informed the journalist that they were spying on him. Subsequently, Koukakis made this information public and caused an uproar. The investigation of the case by a Greek prosecutor began.
This was just the beginning.
Στις 26 Ιουλίου, ένα άλλο άτομο αποκάλυψε ότι επίσης, είχε λάβει ‘μολυσμένο’ με spyware σύνδεσμο: ήταν ο Νίκος Ανδρουλάκης, ηγέτης του ΠΑΣΟΚ, του τρίτου μεγαλύτερου πολιτικού κόμματος στην Ελλάδα.
It hadn't clicked. However, the fact that someone had tried to hack the phone of an active leader of the opposition, led the Greek government to a crisis.
Two officials have resigned so far and pressure is mounting on the prime minister, Kyriakos Mitsotakis, to explain who is behind the spyware."
Meanwhile, the parliamentary group of the ND has not reacted publicly "with this heavy silence being indicative of the climate that prevails in the background, with Ministers wondering if they themselves are being watched" as Vicky Samara writes.
The fallout from the scandal reaches to the heart of the EU
“Over the past 13 months, it has been revealed that spyware targeted opposition leaders, journalists, lawyers and activists in France, Spain, Hungary, Poland and even European Commission staff between 2019 and 2021.
The European Union has already launched an investigation into its own use of spyware, but even as the 38-strong committee works to write a report to be presented in early 2023, the number of new scandals continues to grow.
What makes the scandal in Greece special is the company behind the spyware that was used.
Μέχρι το συγκεκριμένο σκάνδαλο, το λογισμικό παρακολούθησης σε κάθε σκάνδαλο της ΕΕ είχε την ίδια ‘έδρα’: την περιβόητη ομάδα NSO".
It is an acronym for Niv, Shalev and Omri, names of the founders of the Israeli technology company best known for Pegasus.
"However, the spyware spying on Koukakis' phone was made by Cytrox, a company founded in the small European nation of North Macedonia and acquired in 2017 by Tal Dilian."
The Magazine has written since 26/7 about Dilian, which states that it is based in Greece, the presentation of the black van with equipment that could make the contents of smartphones within a radius of one kilometer - with the push of a button -, to Forbes and his companies, Cytrox and Intellexa which has a branch in our country.
“In the interview he gave to Forbes about the tracking truck, he said he had acquired Cytrox and absorbed the company into Intellexa's intelligence firm, which is now believed to be based in Greece.
The arrival of Cytrox in Europe's ongoing scandal shows that the problem is bigger than the NSO Group. The European Union has a thriving spyware industry of its own.
While the NSO Group struggles to survive intense scrutiny and is blacklisted in the US, its lesser-known European competitors are scrambling to get their customers.
Tellingly, over the past couple of months, Cytrox is not the only local company making headlines for hacking devices within the EU.
Τον Ιούνιο, η Google ανακάλυψε ότι ο Ιταλός προμηθευτής λογισμικού κατασκοπείας RCS Lab είχε ως ‘στόχο’ smartphones στην Ιταλία και το Καζακστάν. Ο διευθύνων σύμβουλος της RCS, Alberto Nobili είπε στο Wired ότι η εταιρεία καταδικάζει την κατάχρηση των προϊόντων της. Δεν δέχθηκε ωστόσο, να σχολιάσει αν οι περιπτώσεις που αναφέρει η Google ήταν παραδείγματα κακής χρήσης. Αρκέστηκε στο “το προσωπικό της RCS δεν εκτίθεται, ούτε συμμετέχει σε δραστηριότητες που διεξάγονται από τους σχετικούς πελάτες”.
In July, spyware made by Austria's DSIRF was found by Microsoft to have infiltrated law firms, banks and consultants in Austria, Great Britain and Panama.
"Europe is definitely a hub," says security intelligence researcher at cybersecurity firm Lookout, Justin Albrecht.
The creator company is revealed, but not who paid for the spyware
This upheaval in the spyware industry echoes what happened in 2015, when the well-known Italian spyware company “Hacking Team” was hacked and its emails were leaked online. "After that, we started to see different players take on some of the work that Hacking Team was doing."
Commercial spyware companies are the killers in their industry. They allow the hacking to take place but do not select the target. Instead, whoever orders this malware remains unknown.
When researchers find spyware on a person's phone, they can tell which company created it. But no, who paid for it. Which means it's hard to decipher who's really to blame."
And so discussions begin, such as those taking place in Greece "where the Government continues to deny that it is using the Predator against Koukakis and Androulakis. Although the head of the Greek intelligence services reportedly admitted that he was legally monitoring Koukakis' phone, using local telecommunications companies.
The prime minister said that Androulakis had been put under the same kind of surveillance, stressing that "what was done was not illegal, but it was wrong".
Resignations preceded admissions. First, the head of Greek intelligence, Panagiotis Kontoleon, resigned.
He was soon followed by Grigoris Dimitriadis, the prime minister's chief of staff (and his nephew). Mediated was the claim of the reporter network of Greece, Reporters United, that Dimitriadis existed in the same circles as people who sold Cytrox spyware.
Neither the Prime Minister's Office nor the Greek Intelligence Service responded to WIRED's request for comment."