The trial proceedings around Greece’s spyware and phone-tapping scandal finally commenced on October 22 after repeated delays. At the centre of the scandal is the use of the spyware Predator by Greece’s National Intelligence Agency (EYP) to hack the phones of leading politicians (including ministers of the ruling New Democracy party), journalists, government officials as well as high ranking military, police personnel and even EYP operatives.

With the witness list exceeding 50 people, the trial is expected to continue well into next year.

In June 2022 it was revealed that an attempt had been made to infect with Predator the phone of Nikos Androulakis, leader of the social democratic PASOK. Androulakis was then a candidate in the PASOK leadership election and the surveillance reportedly stopped shortly after he was elected party leader in December 2021.

A few months before the Androulakis revelations, it emerged that EYP had also been granted permission to tap the phone of journalist Thanassis Koukakis on “national security” grounds. Analysis of Koukakis’ phone by the University of Toronto’s Citizen’s Lab subsequently confirmed that it had been infected by Predator.

The scandal led to the resignations in August 2022 of EYP chief Dimitris Kontoleon and Prime Minister Kyriakos Mitsotakis’ chief of staff and nephew, Grigoris Dimitriadis. In a televised address shortly after Mitsotakis denied any knowledge of the hacking. Claims of ignorance are belied by the fact that one of the first interventions he made after assuming power in July 2019 was to transfer the oversight of EYP from the Ministry of Civil Protection to the prime minister’s office.

Predator was developed by North Macedonian start-up Cytrox in 2017 and was acquired in 2019 by Israeli cyber-security company Intellexa. Insight into how Predator works was provided by a report published this month—based on leaked internal Intellexa documents and a forensic analysis carried out by Amnesty International’s security lab

The version of Predator at the centre of the scandal uses a so-called “1-click” attack method. This requires a malicious link to be sent and then opened on a target’s phone, which installs the spyware. The report outlines the vast amount of data available once infection has occurred “including ability to access encrypted instant messaging apps like Signal and WhatsApp, audio recordings, emails, device locations, screenshots and camera photos, stored passwords, contacts and call logs, and also to activate the device’s microphone.”

The report highlights the limitations of the “1-click” method in that it risks the attack being exposed, given that “a suspicious target may share the attack link with digital forensic experts, which could reveal the attack attempt and operator.” This is what happened in the case of Androulakis. To overcome this Intellexa has developed a new generation of Predator spyware that enables “zero-click functionality”, without the need for the target to click a link. This puts Predator on par with its main competitor Pegasus, which is developed by the NSO Group, another Israeli-based cyber-security firm. Pegasus was used to spy extensively on journalists and politicians across the globe.

The trial is the culmination of the judicial investigation carried out by Greece’s Supreme Court deputy prosecutor Achilleas Zisis, which in the end propped up Mitsotakis’ narrative. Commenting on Zisis’ report following its publication in July 2024, Supreme Court prosecutor Georgia Adeilini stated that “it is indisputably concluded that there was absolutely no involvement with the Predator spyware or any other similar software of a state agency... or any state official.”

Yet Zisis’ own investigation found that out of 116 numbers that received malicious SMS messages from Predator, 28 were confirmed as being under surveillance from EYP. The report dismissed this fact, absurdly claiming the affected numbers made up a “minor proportion” of the whole.

Unable to fully bury the affair, prosecutors chose instead to initiate criminal proceedings against senior individuals linked to Intellexa and Predator’s wider supply chain:

•         Tal Dillian founder of Intellexa and a former Israeli commander with Unit 81—the Israeli Army’s secret technology unit.

•         Dillian’s wife Sara Aleksandra Fayssal Hamou who also held a senior role at Intellexa.

•         Felix Bitzios, a Greek businessman who was Intellexa’s former deputy director in Greece.

•         Yiannis Lavranos, the owner of government-linked security firm Krikel, which is reportedly part of Predator’s supply chain in Greece.

Despite efforts to absolve the government of any wrongdoing, the incriminating evidence is so overwhelming it has proved impossible to keep a lid on it during court proceedings.

On December 2, former Intellexa employee Panagiotis Koutsios contradicted the government’s narrative by testifying that Intellexa “collaborated only with state authorities,” given that “police and army officials were always present” in state premises where the company would showcase its products.

Dimitris Terzis, an investigative journalist, testified in court on November 21, submitting evidence that Lavranos’ firm Krikel issued sham invoices to disguise the direct provision of equipment to the security services involved in the spyware’s deployment.

Asked his view on the defendants’ motivation to engage in illegal surveillance, Terzis replied: “I think that the motive was financial. My own assessment is that there is a joint EYP and Predator surveillance centre.”

Koukakis, the journalist targeted by Predator has testified multiple times during the trial. He shed light on the financial motives that saw him targeted, stating that his surveillance began in 2020. In the preceding period Koukakis had written extensively on financial irregularities involving the Bank of Piraeus with Lavranos and Bitzios named in some of his pieces.

A deposition was submitted on November 25 by Pinelopi Miniati, formerly the Greek police head of forensics. She testified that her phone became infected by Predator in 2021—around the same period she received death threats related to her work. Miniati was cashiered from her position in the spring of 2022. Asked whether she knew why, Miniati answered: “Νο. I can speculate without being sure. Various cases I was working on that annoyed certain people.”

The highest profile of these was the assassination of Star Channel’s crime reporter Giorgos Karaivaz in April 2021. Karaivaz had been investigating a ring of organised criminals and police officers involved in extorting money from nightclubs in exchange for protection.

The picture that emerges is of a ruling elite deeply steeped in criminality and rapidly moving towards the dictatorial rule associated with the military junta that ruled Greece between 1967-74. This is a manifestation in Greece of a global phenomenon. Over a decade ago former National Security Agency (NSA) intelligence contractor and whistle-blower Edward Snowden revealed the vast scale of surveillance employed by the US government and its Five Eyes counterparts in the UK, Canada, Australia and New Zealand.

As opposition grows to war and austerity policies, ruling elites in every major capitalist country are preparing to confront this by dispensing with democratic forms of rule. The spyware industry is tapping the growing demand for surveillance capabilities by governments that don’t have Washington’s resources to develop these in-house. According to a 2020 estimate by Moody’s the industry was worth $12 billion and the market growing at an estimated 25 percent a year. In a December 2021 report, Citizen’s Lab noted that its internet scanning for Predator servers across the world found “likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.”

The fallout from the Predator crisis has prompted opposition parties to posture as defenders of democratic rights, claiming that the surveillance began when Mitsotakis entered office. In his deposition to the court on November 3, Syriza (Coalition of the Radical Left) MP Christos Spirtzis—whose phone was also targeted by Predator—stated, “Kyriakos Mitsotakis was responsible for who was under surveillance and for what reason. The government wanted to build a regime in the country that would control political life, the media, the army, the police as well as economic life since businesspeople were also under surveillance.”

Facts show his own party is just as implicated.

Wiretapping increased under Mitsotakis, but it was under the 2015-19 Syriza government, in which Spirtzis served as minister that surveillance by EYP really took off. The number of approved wire-tapping requests surged from 4,871 in 2015 to 11,680 in 2019. The Syriza administration also streamlined the wire-tapping approval process in 2018 by cutting the number of prosecutors required to approve an operation from two to one. The relationship between the Ministry of Civil Protection’s and Lavranos’ Krikel was established under Syriza in 2018 when two contracts worth over €2 million were signed to maintain the Greek police’s digital radios and communication system for the next five years.