What is it, how does it work and how was a tracking program discovered in Greece that “infected” N. Androulakis’ mobile phone.

This is an illegal tracking software created by Cytrox from North Macedonia. It is installed on the phone in the same way that a virus infects a computer. The user of the system sends a misleading message to the mobile phone of the target person. It contains the email address (link) of a fake site that the Predator uses to trap its victims. For example, in the case of PASOK president Nikos Androulakis, the link was to blogspot.edolio5.com, not the real edolio5.blogspot.com. In order to lure Mr. Androulakis into a click, the SMS also included the following message: “Let’s take things a little more seriously friend, we must win” (sent ahead of the PASOK internal party elections) . In the event that the target clicks on the link, illegal surveillance software is installed on the phone, which records every action of the device. That is, it does not break encryption, for example. Viber or WhatsApp applications, but gains control of the entire phone, gaining access to applications such as the camera and microphone. In a December 2021 risk analysis report, Facebook, Instagram and WhatsApp giant Meta said it had disabled 300 Facebook and Instagram accounts “associated” with the Cytrox company.

A multi-page report on the Pred-ator and the company that created it was released in December 2021 by the University of Toronto’s Citizen Lab. Citing data from open databases and accessible business registries, Citizen Lab found that Cytrox was founded in 2017 to provide governments with data collection services from electronic devices and online applications – cloud computing. The university report and an extensive publication by the American Forbes magazine also mention that Cytrox was bought in 2018 for $ 5 million by an Israeli businessman and former intelligence officer of his country, Tal Dilian. The acquisition was made through Dilian’s umbrella company under the brand name Intellexa. Citizen Lab describes Cytrox as one of at least four smaller companies in the unique Intellexa alliance of companies. The Forbes tribute was made public in August 2019. It was an extensive interview in which Dilian publicly presented the surveillance and eavesdropping capabilities of the equipment he was selling.

Intellexa had offices in Larnaca, and the publication of his interview in Forbes magazine (August 2019) provoked a scandal with the so-called “black van” in Cyprus. Listening equipment was also installed in a black converted GMC ambulance that was confiscated under pressure from the opposition in Cyprus. In addition, the country’s police began to detain Dilian’s associates who worked in two companies of interest to him. And a warrant was issued for the arrest of an Israeli, while he described the case as a “witch hunt.” However, in November 2021, the Attorney General of Cyprus dropped charges in a highly publicized case when Dilian moved the Intellexa offices to Greece, where they remain to this day.

The Forbes article also mentions that the first surveillance company an Israeli founded after leaving the Israeli special forces was Circles. Circles teamed up in 2014 with NSO, the maker of spyware Pegasus, which was at the center of an international scandal, with traces of surveillance even found on French President Emmanuel Macron’s cell phone. “Don’t blame the sellers, blame the buyers. We work with the good ones, as long as they don’t sometimes behave badly,” Dilian said, among other things, in an interview with an American magazine.

Through technical analysis, the findings of which were published in December by the security service of Meta, controlled by Facebook, Instagram, WhatsApp, they came to the following conclusion: “Our investigation identified clients in Egypt, Armenia, Greece. , Saudi Arabia, Oman, Ivory Coast, Vietnam, Philippines and Germany. Cytrox targets include politicians and journalists around the world,” the report says. Similar are the results of investigations conducted at the same time by the University of Toronto, whose specialized laboratory listed some of the forged email addresses that the Predator used to capture its targets. Many of them target Greece: Efsyn.online, Enikos.news, Fimes.gr.com, Hellasjournal.website, Kathimerini.news, paok-24.com, etc. Finally, Google’s risk analysis team also mentioned Greece in their May report.

On Tuesday, Nikos Androulakis filed an anonymous lawsuit in the Supreme Court alleging that an attempt was made to spy on his mobile phone using illegal Predator software. The European Parliament Electronic Security Service (CERT) confirms the assassination attempt with its official report. According to what was revealed during the week, at the initiative of PASOK, at the end of June, Mr. Androulakis, taking advantage of the opportunity provided by the MEPs of the information department, carried out a preventive check of his mobile phone. phone for possible infection with surveillance software. The European Parliament took the lead after successive international surveillance scandals, mainly with the Pegasus software. An audit conducted on June 28, 2022 found a message (from a Greek mobile phone) received by Mr. Androulakis in September with a fake link (linking to a Greek website) related to the Predator software. Two more thorough investigations followed in Brussels and Strasbourg, which revealed that the PASOK president’s device was not infected because Mr. Androulakis did not click on the controversial email link. However, the European Parliament’s CERT team was clear, highlighting in their report that there had been a “clear attempt” to intercept Mr Androulakis’ mobile phone. The President of PASOK himself, in a petition filed by him, described the incident as “a direct insult to a democratic state” and asked for “immediately a full clarification of the case.”

A few months ago, journalist Thanasis Koukakis denounced the surveillance of his mobile phone using the same illegal eavesdropping program. In fact, the capture of his device using the Predator was confirmed by Citizen Lab researchers, who took up the case at the insistent requests of the journalist. The phishing message was sent to the journalist’s phone between July and September 2021 and contained the same fake link as on Mr. Andrulaki’s mobile phone, namely blogspot.edolio5.com. The journalist has been at the center of an investigation by the National Intelligence Service since the summer of 2020. The investigation was conducted from June to August according to the system of meetings and according to the decision of the prosecutor’s office. It ended in August of the same year, and the break coincided with the period when the journalist complained to ADAE that he was being followed. A few days ago, Thanasis Koukakis, through lawyer Zaharias Kesse, filed an appeal with the European Court of Human Rights.

After the journalist’s initial complaint, ADAE reflexively set about setting up a committee to investigate the case. The PASOK delegation was also going to go to ADAE for the same reason on Friday, however the meeting was postponed due to the intervention of Megaros Maximos and the decision to convene the Parliamentary Committee on Institutions and Transparency as an emergency. FDA officials themselves, however, admit privately that they have neither the technical capacity nor the legal tools to determine whether Predator or other similar software is operating in the country. Moreover, the Predator, like the Pegasus of the scandalous NSO company, does not pick up phones through cellular operators, as it was before.