"It feels like living in a dystopia," writes Tasos Telloglou about his personal experiences with surveillance. In this text, he talks about the surveillance of journalists and politicians, the violation of the secrecy of telecommunications and his research into the spy software used.
While passing through the Kolonaki neighborhood in central Athens on 27 May 2022, I realized that a young man with a waist bag and a cup of coffee in his hand was following me. It was ten o’clock in the morning and I was making my way to a meeting with an informant. “Whatever you do, come alone!” he had said. At first, I did not pay much attention, even though I had become aware of numerous individuals consistently following me on a number of occasions that month. The first thing I needed to do was determine if this person really was shadowing me. I crossed the street, and so did he. I went into a store, and he stood outside waiting for me; then I crossed the street again, and he scurried into the tower block on 37 Karneadou Street, situated next to a post office. As he began making his way past me, I grabbed hold of him and he started to scream. On asking him to identify himself while placing my hand inside his jacket to pull out his identity card, he ran off towards Vasilisis Sofias Avenue.
At lunchtime that day, I contacted a senior official working with the security authorities, but he eschewed all sense of responsibility. “Other agencies are also interested,” was his only response. A few days later, a former Greek police officer warned me to pay close attention to the multi-story parking facility where I parked my car. I asked the employee working at the parking garage in Pagrati, another centrally located Athens district, whether he had noticed anything unusual. After pressing him on this for some time, he finally responded: “A guy from the police came here and wanted to go to your car, but I didn't let him.” Prior to this, on 2 May 2022, I found out that I had been photographed in a café located in Neo Psychiko, a suburb of Athens, having previously met a journalist by the name of Thanasis Koukakis. He was the first person anywhere in Europe to fall victim to the Predator spyware. The friend who had sent the photo to both of us had asked us not to publish it as he was working for the state.
In June 2022, a source with information from the security services told me that the cellphones belonging to my colleague, Elisa Triantafyllou, the reporter, Thodoris Hondrogiannos, the journalist, Thanasis Koukakis, and my own device had been linked – through triangulation with a cell tower – to dozens of potential sources to allow the authorities to get an idea of which people were meeting up with each other.
Not long after 15 August, I found myself in a building on Kifisias Avenue in the north of Athens and briefly switched on my phone to photograph a company’s logo. That same evening, somebody who could not have known anything about my whereabouts that day, asked me whether I had been in that very building during the morning.
All of this not only represents a violation of national and European telecommunications laws but it severely obstructs our work. Who would possibly agree to a confidential meeting with me, when it is evident that I am never alone? And what risks are people subjecting themselves to by meeting with me? This is, at the same time, not only a political, legal and technical problem: it also makes investigative journalism impossible; and those of us working in this area as journalists are losing our livelihoods. It creates estrangement and isolation – especially from our families, if we do not want to risk putting them in danger.
Without a phone
In the course of the now nine-month-long journalistic investigation into the illegal wiretapping of phones belonging to the Chairman of the PASOK, Nikos Androulakis, and the journalist, Thanasis Koukakis, I, along with my colleague, Elisa Triantafyllou, had dozens of meetings to which I did not take my cellphone. Prior to each of these meetings, we needed to decide when we would share information in person and when we would do so digitally – and encrypted. The more primitive the form of communication, the more secure the method. When we decided to seek out individuals employed at Intellexa, a Greek-Israeli producer of the software used to wiretap Koukakis’ phone and which was also used in a similar attempt against PASOK Chairman Nikos Androulakis, I left my phone several kilometers away and did the same with my car. I had to cover a lengthy distance on foot, with the first, and usually last, communication taking place via the door entry intercom, just like in the 1980s when I began this type of work.
It feels like living in a dystopia, and I fear that this is not just a Greek phenomenon. A dystopia that continued to worsen when, in the course of the journalistic investigation, opposition members of parliament used the cellphone provider’s line to phone and inquire about the latest news on the wiretapping scandal (author’s note: in Greece, 16,000 “interventions” are carried out every year with the approval of a public prosecutor for reasons of national security). Or, when people finally grasped why high-ranking government officials used two different apps to make calls: one less secure, the other much more secure. The former was used to recount things that could be intercepted without the officials jeopardizing their political futures. The second app was used to communicate things that were more closely reflective of the actual truth. One minister who served in the Syriza government informed me of a meeting he was scheduled to have with a fellow politician, a conservative, in a third party’s apartment where the minister did not know which doorbell to ring. Since his conservative colleague had left his phone at home, he was unable to reach him and therefore aborted the visit. Upon receiving a phone call from the conservative politician that evening, the minister was informed that the colleague never took his phone to any such meetings.
We are not exposing anything new here — it’s an open secret that there is a system behind these things, and it would appear that the government also wants people to know about it. It serves to keep the parliamentary majority in check. Most members of the press are no different. The country’s major mass media corporations have completely ignored the case of Thanasis Koukakis. Two online media outlets with a mere ten editors between them ultimately uncovered and pursued the case (insidestory.gr and Reporters United). The other media did not want to disrupt their relations with the government. The task of passing instructions to the media, or, worse still, individual journalists, frequently falls to the office of the Prime Minister himself. And, sadly, the majority of journalists also abide by this. Major media outlets that have levied criticism against the government, such as The Economist or the NYTimes, have had to live with the consequences: despite having previously announced that he would speak at their events, Prime Minister Kyriakos Mitsotakis ultimately withdrew from these in the aftermath of articles that, by and large, were critical of him.
You may well be asking yourself: what is so different about this case? Every government uses all the means at its disposal to secure their power. One former Greek government once even succeeded in getting the National Intelligence Service to urge the German embassy to have Germany’s domestic intelligence service follow me while I was on German soil investigating Siemens’ “slush funds” together with a colleague from the Süddeutsche Zeitung.
The problem today is that, as individuals, journalists are completely unprotected: towards their editors, who don’t want to run into difficulties; the professional association, which has yet to grasp the issue at hand; or the media owners, who side with the government rather than their own editors, regardless of what the government does. A number of my colleagues have capitulated as a result. By merely expressing concerns, the EU, too, is enabling journalists to be attacked. The media are financially powerless, and, in the absence of any oversight or monitoring by international organizations, Greece’s domestic elite has reverted to its old habits.
The era of spyware
Since our life in the real world has been replaced by a digital one, however, we are far more impacted and vulnerable today than in the past. We use our devices to exchange every type of document; the rate at which we are in contact with each other is easily traceable. And, even if the content cannot always be intercepted, spyware is ensuring the emergence of a new reality: It is not just us that are being bugged, but also everybody around us who communicates with us: my wife, who may be whispering something affectionate two meters away from the phone; a supervisor uttering a critical remark about a politician; a friend with whom we are having a beer at a bar. They have everything at their disposal. But who exactly are they? Immediately after insidestory.gr broke the story that Thanasis Koukasis’ cellphone had been wiretapped, the Greek government – through its spokesperson – announced that this story was about a dispute between private individuals. In response to PASOK Chairman and MEP Nikos Androulakis disclosing that he had received a “toxic” link, the government opted to say nothing. Was this also merely a private attempt to wiretap his phone?
Later on, during the Parliamentary Committee Inquiry’s investigation into the wiretapping, the government declined to summon the Israeli company Intellexa. Its Greek shareholder, who, through his company, holds over 35% of all shares in Intellexa, was in attendance instead (author’s note: he even stated that he had sold his shares – one day before the government confirmed that Nikos Androulakis had been wiretapped). Substantial immunity just for a private dispute? One Intellexa employee countered by asking me: “Why are you paying so little attention to the government?” Spyware companies shift the blame to governments and claim that they themselves sell nothing but good software intended to assist the authorities in their pursuit of illegal activities and that it was simply being used incorrectly. The advice given by the man from Intellexa was unequivocal: Look elsewhere!
Exports – but where are the licenses?
In late July 2022, Thanasis Koukakis was presented with the National Transparency Authority’s report on his lawsuits. To his astonishment, absolutely nothing which he had presented with regard to the bank accounts of the companies ostensibly associated with the spyware, or with regard to the National Intelligence Service, had been examined. Koukakis, who has been the victim of relentless and sustained spying – over a period of three years with spyware and also “interventions” required for reasons of national security were employed to spy on him – resorted to do something extraordinary at the beginning of the first week of October: he sued the production and trading company behind the Intellexa software as well as the company’s officers for breaching telecommunications law for which he believes them to be accomplices at the very least. It will not be easy for his lawyer to prove that the software producers knew in advance that the software was going to be used against his client. But, a good prosecutor – even if he accepts that the state did not use the software – will be able to ask the Intellexa distributors to whom they sold the software produced by Cytroks, the North Macedonian company which is also a member of the same corporate group.
Should the response be that these products were destined for export to a non-EU country, they would need to present the corresponding export licenses. Tracking down such licenses from Intellexa and similar companies based within the EU, and primarily in Cyprus, has been a mission of ours over the past two months. Fanis Makridis, a colleague of mine who works for the Phileleftheros newspaper, found such a license at a different Israeli company. The investigative reporters who have focused on Tal Dilian’s Whispear company, which he owned in Cyprus until 2019, insisted, during our meeting in September, that another license existed, which had been issued to a Dilian-owned company by the government at the time.
Upon inquiry at the Ministry of Energy, Commerce and Industry of Cyprus, the responsible officials there told me that there were no licenses issued on behalf of Dilian. The Greek Ministry of Foreign Affairs responsible for exports, equally found no trace of any licenses for any member companies of the Dilian Group among the 2,000 licenses which had been issued for the export of “dual-use items”, as this software is labelled under EU legislation. If Dilian and his group had remained in Israel, they would have only been able to export to fewer than 40 countries, none of which would include countries on the African continent or in the Middle East where some governments control repressive state apparatuses. Through establishment, maintenance and operating agreements for such software, together with the corresponding training costs, it is possible to generate 40 million euros in an African country. The decision taken was therefore to take advantage of the unregulated framework within the EU Member States and to exploit the various jurisdictions (in Greece, Cyprus, and Ireland). Moreover, the tax declarations submitted by Thalestris, an Ireland-based member of the corporate group and the company through which the exports were carried out, specify high expenditures for “copyright”. Anyone working in software production knows, however, that the expenses shown for software rarely correspond to the actual level of expenditure.
Since late July, various government agencies have assured us that Intellexa will be leaving our country. This is not a real solution to the problem, however, as the company will simply set up its base in a different location from where it will continue its operations unchanged. For: the EU’s legislative framework permits it.