The International Press Institute (IPI) expressed serious alarm over the confirmed surveillance of Greek journalist Thanasis Koukakis for more than two months using a powerful spyware tool, Predator. IPI calls on the competent Greek law enforcement authorities to thoroughly investigate and publicly identify the source of the surveillance.
On April 11 it was revealed via media reports that Koukakis, an experienced investigative journalist covering financial and banking issues in Greece, had his mobile phone infected for at least ten weeks in 2021 by Predator, an advanced spyware tool developed by a North Macedonian company called Cytrox.
According to a forensic analysis by experts at Citizen Lab, the device was compromised using Predator between July 12 and September 24, 2021. The investigation identified the source of the hacking to be a Greek phone number, which sent Koukakis a text message containing an infected link to a fake website.
Citizen Lab said it could not confirm whether the spyware was used by the Greek government or a private company. It is not known which of Koukakis’s communications were monitored or which of his sources were compromised.
Like the better-known Pegasus spyware developed by Israeli firm NSO Group, Predator allows the user to gain full access to a target’s phone to extract data, contacts and messages, including those sent through encrypted applications, as well as turn on the microphone and access the camera.
However, unlike the zero-click infections provided by Pegasus, Predator is malware which requires the target to first click on an infected link. Moreover, while NSO’s sales are regulated by the Israeli Ministry of Defence, Cytrox is part of a wider and under-regulated spyware-for-hire industry.
IPI Deputy Director Scott Griffen said the surveillance of Koukakis posed serious threats to source confidentiality as well as journalist safety and called for an immediate investigation by Greek law enforcement authorities to establish the source of the surveillance.
