It’s like he’s been robbed by a ghost. In 2018, New York Times reporter Ben Hubbard received a WhatsApp message on his mobile phone calling for him to attend a protest outside the Saudi Arabian embassy in Washington. Although it was later revealed that the message included a link to install tracking software, the infection attempt was unsuccessful. However, a subsequent study by the Citizen Lab at the University of Toronto found that in other years, in 2020 and 2021, the same journalist was targeted by Pegasus spyware. This particular program didn’t require any interaction from the victim, they didn’t need to click on any misleading link, it was “zero click”. No matter what he did, chances are he wouldn’t escape eardrums.

The infected cell phone of an American journalist did not show any suspicious signs during use. Accordingly, journalist Thanasis Koukakis did not notice any glitches while his own mobile phone, an iPhone 12, was infected with Predator. Only during the period of his legal connection and surveillance by EYP through telecommunications providers was the behavior of his phone unusual. The battery in the iPhone 6s he was using at the time was draining quickly even after he replaced it with a new one. When calling someone, there was no call, and when talking through the Signal app, there was a strange hum in the background.

There are significant fluctuations in the ever-growing spyware market. Unlike Pegasus, which is being developed by Israeli company NSO, Intellexa’s Predator also requires the intervention of the victim to activate. In other words, the recipient of the misleading message must follow a link that leads to a blocked website.

“Indicators that a particular device is infected vary accordingly,” explains K, Mr. Vassilis Vlachos, Associate Professor of Economics at the University of Thessaly. “Battery drain, overheating, and generally strange device behavior can be signs of a malware infection. However, the most sophisticated tracking systems have been tested and greatly improved to avoid such failures.” Mr. Sotiris Ioannidis, Associate Professor of the School of Electrical and Computer Engineering at the Technical University of Crete, points to other possible signs such as “opening various websites in the browser, having applications that the user has not installed, sending messages that he has not sent himself, and increased CPU/RAM usage.”

However, if a Greek citizen suspects that his mobile phone is infected with some kind of illegal tracking program, where can he go and how can he confirm it? The police officers who spoke to “K” clarify that the E-Crime Prosecutor’s Office does not check mobile phones, which can only be suspected of surveillance, since there is no corresponding procedure. Only if the target somehow confirms, perhaps with the help of an expert, another agency or a private cybersecurity company, that they were being followed and goes to court, then the case can be referred to them for further investigation. Accordingly, the Digital Evidence Division of the Criminal Investigation Department receives evidence seized in criminal cases for examination. Even the Communications Authority can’t lab test a phone to determine if it’s the target of malware.

The Cybercrime Attorney’s Office does not check cell phones that are only suspected of surveillance.

There are bodies overseas, such as the Citizen Lab in Canada or Amnesty International’s safety lab, that can carry out appropriate checks on devices. They are capable of diagnosing attempts or successful attempts to jailbreak a device, but in most cases it is not possible to determine who has used the software in question. The Athens Daily Newspaper Editors’ Association has written to Citizen Lab since early November, asking the lab to look into possible infections with Predator software or other malware to monitor members’ mobile phones. A meeting of the two sides is inevitable to discuss this initiative.

In Greece, in connection with the persecution of PASOK President Nikos Androulakis with the Predator, the Open Technology Organization – EELLAK (a partnership of universities, research centers and public organizations) is considering the creation of a laboratory that can study such cases. “We are trying to create an interdisciplinary team, we are studying similar practices abroad in order to determine what is realistic to implement in our country,” says Mr. Alexandros Melidis, general manager of the Open Technologies Organization – EELLAK.

What are the reaction limits and security measures that Greek citizens have when they feel they have been the victim of surveillance? Mr. Vlahos notes that they are very limited. On the one hand, as he points out, you need to use a modern device, completely updated and upgraded with the latest versions of its software. “You should also minimize the number of additional apps installed, as their security is usually sub-optimal and can be exploited by hackers,” he says.

“Solution” simple device

It does not exclude as a security measure the less traditional solution in the form of a simpler device with minimal features, as this greatly reduces the attack surface. However, he mainly emphasizes that vigilance is required and that links sent from various messages should not be uncritically clicked as they are a common method of infection. “The first and most basic precaution is common sense and discipline when using a mobile device,” he says.

Mr. Ioannidis adds that users should have the latest versions of apps “running” on their mobile devices, as well as uninstall apps that come with a mobile phone purchase that don’t need them. Depending on the type of tracking software infecting the phone, resetting the device to factory settings can sometimes solve the problem. However, Mr. Ioannidis notes that some malware is reappearing as it may be hidden in pre-installed applications or even in the recovery section of a mobile phone.