For at least ten weeks, Thanasis Koukakis’ private and professional life was illegally penetrated by the advanced spyware known as Predator. It wasn’t until he received confirmation from the University of Toronto’s Citizen Lab that he learned hackers had managed to gain control of his mobile phone, thus granting them “access to all his outgoing and incoming calls, messages, applications, photos and emails,” according to Journalists’ Union.
The revelation prompted the Committee to Protect Journalists to call on the government to investigate the case and protect journalists from such attacks.
“Greek authorities must conduct a swift, thorough, and transparent investigation into the surveillance of journalist Thanasis Koukakis, find whoever orchestrated it, and hold them to account,” said Attila Mong, a CPJ Europe representative. “Journalists must be able to protect their sources, and authorities must ensure that they are able to work without fear that hackers will gain access to their sources or details of their private lives.”
The Greek government itself denied that it had ordered the surveillance of Koukakis, or that it had anything to do with the attack on his phone.
Koukakis tweeted on Monday that Athens Prosecutor Sotiria Papageorgopoulou ordered an investigation. “I welcome this development. It is crucial and important,” he said.
The Predator spyware turns a user’s phone into “a monitoring tool that gives its operator full and ongoing access to the target,” according to Citizen Lab. The hacker is also granted access to the target’s “passwords, files, photos, web browsing history, contacts as well as identity data.”
The threat posed by such software, unfortunately, can go even further. Through Predator, hackers have the power to record their target’s activities, take screenshots from the phone’s camera, and even activate the device’s microphone.
Essentially, this undermines the security and confidentiality of whatever activity the user engages in — as well as whoever they associate with — whenever their phone is in close proximity.
For Koukakis, his story began on July 12, 2020, when he clicked on a link that soon after resulted in his phone behaving strangely, according to the Committee to Protect Journalists.
Although he filed a complaint with the Hellenic Authority for Communication Security and Privacy the following month, he was told that there was no evidence that malicious spyware had breached his phone.
By the time Koukakis reached out to Citizen Lab, he was using a new device purchased in 2021, which the Toronto-based research laboratory confirmed was infected.
Citizen Lab also confirmed from its investigation that Predator was created by the North Macedonian surveillance company Cytrox, according to Politis.
It is unknown who purchased the spyware from Cytrox in order to illegally monitor Koukakis’ activities.