Greek Government Used Predator Spyware To Spend A Year Surveilling A US Citizen (original) (raw)

from the if-it-can-be-abused,-it-will-be-abused dept

While NSO Group made most of the headlines in the cell phone malware market, it had plenty of competition back at home. Israel is also home to its competitors. Candiru — another malware company with more talent than ethics — managed to make headlines of its own while being blacklisted by the US Commerce Department following weeks of negative press involving Israeli spyware companies.

A company that managed to escape blacklisting — one with Israeli intelligence service ties of its own — is now taking some of the heat off NSO Group and Candiru. Cytrox, which manufactures a phone malware strain of its own — Predator — is at the center of a massive scandal in Greece, following revelations of its abuse by the Greek government.

Last August, the head of Greece’s intelligence agency resigned after it was discovered that a journalist and an opposition party member apparently had their phones compromised by Predator malware purchased by the Greek government. Shortly thereafter, the company’s office in Greece was raided by Greek law enforcement.

Now, there’s even more to add to that scandal, coming to us courtesy of Gizmodo’s Lucas Ropek.

A former executive on Meta’s security policy team was hacked by the Greek government using sophisticated spyware known as “Predator,” which tracked her for a whole year.

Artemis Seaford, who formerly worked as a trust and safety manager on Meta’s security policy team, had her phone digitally infected by malware in September of 2021, the New York Times reported Monday. Seaford was secretly under surveillance at the behest of the Greek national intelligence service, which deployed tracking software widely. “Predator” was developed by a secretive cyber company known as “Cytrox,” which is said to be based in North Macedonia and sells commercial spyware and other surveillance tools.

The former Meta safety manager has dual citizenship: Greek and US. So, not only does this involve a foreign company spying on a US citizen, it also involves a form of domestic spying, as the Greek government apparently targeted one of its own.

The documents obtained by the New York Times show Seaford was hacked and tracked for a year by the Greek government while she worked at Meta’s Greek office. According to the Times, this appears to be the first time someone has been targeted by a EU nation while residing in a EU nation.

This is the upshot, according to the Times:

The simultaneous tapping of the target’s phone by the national intelligence service and the way she was hacked indicate that the spy service and whoever implanted the spyware, known as Predator, were working hand in hand.

The Greek government, however, claims it was not behind this hacking and tracking.

“The Greek authorities and security services have at no time acquired or used the Predator surveillance software. To suggest otherwise is wrong,” Giannis Oikonomou, the government spokesman, said in an email. “The alleged use of this software by nongovernmental parties is under ongoing judicial investigation.”

Well, great, except that this denial is hardly plausible. The government has yet to publicly admit purchasing the spyware, but there’s a growing amount of evidence pointing towards the Greek government’s involvement in the deployment of Cytrox’s Predator malware.

There’s more circumstantial evidence in this latest report.

Two people with direct knowledge of the case said that Ms. Seaford had in fact been wiretapped by the Greek spy service from August 2021, the month before the spyware hack, and for several months into 2022.

I guess it all depends on who’s lying or what definition of “acquired” or “used” the Greek government is using. It may be that Seaford was targeted by another government, but it seems like an insanely huge coincidence that another government compromised the Meta exec’s phone while she happened to be under direct surveillance by the Greek government itself.

With competing narratives, it all comes down to time. Researchers may be able to find other evidence linking the phone infection with its source. And, thanks to a change in Greek law following the spying scandal, spy agencies must provide information to citizens targeted by their surveillance programs. But this disclosure isn’t required until three years after the expiration of a wiretap, which means the best way to avoid disclosure is to keep renewing wiretap orders indefinitely. Also, there’s no reason to believe this disclosure won’t be heavily redacted, which may make official confirmation impossible.

But whatever happened here is the direct result of malware makers not caring who they sell to or what their customers do with the products they make. Every government abuses the powers it has. Add-ons like Predator just make the inevitable easier.

Filed Under: artemis seaford, greece, predator, spyware, surveillance
Companies: cytox, meta