Berlin, April 12, 2022 – Greek authorities should conduct a swift and thorough investigation into the surveillance of journalist Thanasis Koukakis, determine who orchestrated that monitoring, and hold them to account, the Committee to Protect Journalists said Tuesday.
From July 12 to September 24, 2021, Koukakis, a financial editor for CNN Greece and a regular contributor for local and international outlets including The Financial Times and CNBC, had his cellphone surveilled by Predator, according to news reports and Koukakis, who disclosed the hacking on Monday, April 11, and spoke to CPJ in a phone interview.
Koukakis, who covers financial news, said he was notified about the surveillance by the digital rights group Citizen Lab in late March. Around the time of the surveillance, he covered topics including alleged money laundering and corruption, he said.
“Greek authorities must conduct a swift, thorough, and transparent investigation into the surveillance of journalist Thanasis Koukakis, find whoever orchestrated it, and hold them to account,” said Attila Mong, CPJ’s Europe representative. “Journalists must be able to protect their sources, and authorities must ensure that the are able to work without fear that hackers will gain access to their sources or details of their private lives.”
Predator spyware was originally developed by the North Macedonian company Cytrox, and can monitor a phone’s conversations, text messages, passwords, files, photos, internet history, and contacts, according to the Greek news outlet Inside Story, which said that the software is now owned by the Cyprus-based company WiSpear.
Koukakis told CPJ that Citizen Lab researchers believed his phone was infected through a text message containing a link that he clicked on July 12.
Koukakis said he previously noticed his phone acting strangely in 2020 and suspected it may have been infected with spyware. That August, he filed a complaint with the Hellenic Authority for Communication Security and Privacy, which later said it did not find any evidence of a breach of privacy on his phone. When Koukakis was targeted by spyware in 2021, he was using a new phone he had purchased since that incident, he said.
Koukakis told CPJ that on April 6, 2022, he filed a new complaint to the Hellenic Authority for Communication Security and Privacy and sent them Citizen Lab’s report on his case. He said he also planned to file a criminal complaint over the surveillance.
Greek government spokesperson Yannis Economou denied that the government had any involvement in surveilling Koukakis, according to news reports. CPJ emailed the Hellenic Authority for Communications Security and Privacy for comment, but did not immediately receive any reply.
CPJ was unable to find contact information for WiSpear, as its website did not load. In February, the company was fined in Cyprus for illegally surveilling private communications through the use of a “spy van,” according to news reports.