Month: January 2023

On July 26, Nikos Androulakis, head of the socialist PASOK party, Greece’s third-largest, found that his phone had been infected with Predator spyware and at the same time was being monitored by the Greek intelligence service, EYP.

After Thanasis Koukakis, a financial journalist who specializes in corruption cases and banking scandals, who was also wiretapped, filed a complaint, Androulakis decided to pursue legal action.

Funded by European grants mostly and by subscribers with no advertisement revenue, independent investigative journalist groups since April have revealed the existence of a spying network both public and private, against journalists and politicians.

As a consequence of Androulakis’s move to reveal his surveillance, two members of PM Mitsotakis’ inner circle resigned on August 5: the head of the EYP, Panagiotis Kontoleon, and the Prime Minister’s chief-of-staff (and nephew), Grigoris Dimitriadis.

In the cases of both the Socialist party leader and the financial journalist, it was revealed that the intelligence service and private software spyware predator operated complementary to one another other, although no direct connection between the two has been proven as yet.

The new Greek PASOK party leader, Nikos Androulakis speaks during a press conference after a meeting with Portuguese Socialist Party in Lisbon, Portugal, 28 March 2022. EPA-EFE/ANDRE KOSTERS

‘Protective fence’ surrounding corruption suspects

In 2019, one month after the national elections in Greece, I wrote an article for the New York Times’, arguing that Mitsotakis could never be a moderate liberal politician as he would have us believe, but would rule with a combination of aggressive neoliberal and authoritarian politics. However, my warning didn’t foresee the severity of his populist turn.

Year after year, European Commission rule of law reports have upgraded their warnings about the dysfunctional judicial system and freedom of the press in Greece. But the wiretapping scandal and the uncontrolled operation of spyware in Greece are taking the discussion to a new level.

In 2021 alone, 15,000 decisions were taken to intercept, continue or end the communications of individuals implicated in cases of national security. The numbers grew after the Greek bankruptcy crisis of 2010, but in the past three years, have reached an all-time record.

Furthermore, since 2019, it is not clear how many of them relate to crime and how many are related to national security concerns. This is because, in a series of legal actions, the government has secreted processes and the legal right to information on them.

When journalist Koukakis tried to obtain information on his surveillance, the government changed the law and forced the authorities to deny it. But when an MEP and Pasok leader discovered he was being subjected to surveillance as well, it was impossible to avoid the exposure.

When Koukakis started revealing financial scandals in banks, Mitsotakis didn’t hesitate to change the law that could have forced the judicial authorities to summon bankers who were implicated in fraud, illegal public spending, or tax evasion.

Greek Journalists Stavros Malichudis (2-L), Eliza Triantafillou (C), and Thanasis Koukakis (R) attend a hearing by the European Parliament?s Inquiry Committee amid an investigation into the use of the Pegasus surveillance spyware in Greece, in Brussels, Belgium, 08 September 2022. EPA-EFE/OLIVIER HOSLET

A sequence of events suggests that Mitsotakis may have actively tried to create a protective fence around the people investigated for financial scandals. A few examples: by amending the penal code, the crime of banking fraud is no longer prosecuted ex officio by the prosecutor, but requires a complaint from the bank. That means, that if an executive commits the crime of dishonesty, the prosecutor cannot intervene if the bank itself does not file a complaint. Guess who has benefited from having their cases archived in this way? The people Koukakis was researching.

Then came the abolition of the ex-officio prosecution of the crime of tax evasion (for over 150,000 euros) – unless a final certificate from the tax administration causes negative press headlines. Last but not least, it was revealed that the people involved in the financial scandals Koukakis was researching were also related to Interllexa, the company that runs the predator software, originally created in North Macedonia, but officially running from Athens.

On top of the 15,000 official cases that EYP is handling every year, it seems that different spyware programs are operating “in the wild”, as the intelligence agency is not in control of these programs.

According to reports, the company serves 34 customers around the world from Athens, and it still advertises on its website as “intelligence solutions for governments”. A recent leak of documents from a cybersecurity forum suggest that it still provides remote control operations for one year at a price of 8 million euros. No authority has summoned the company yet to testify.

Did the government reduce to a tool of corruption?

The political roots of this scandal go back to Mitsotakis’s appropriation of ideas about an executive state borrowed from the Reagan era in the US and put into a Balkan context in the digital age.

There is tension between the concentration of political power on the one hand that refers to populist conservative administrations and to the decentralizing tendency of the markets. In short, a powerful PM’s office does not just overlook the function of government but directs all aspects of it, aiming to control corruption within the lower and middle levels of governance.

An extended office of technocrats accountable to the PM takes control of governance and outsources all executive work to private companies to avoid bureaucracy and enhance efficiency. Emphasis is given to a powerful police and the army, which guarantee safety and order. In that context, Mitsotakis didn’t hesitate to take under his command the national press agency, the national broadcaster, and the National Intelligence Agency.

But what happens when the government itself is a source of corruption, through a clientelistic system and weak institutions, as the wiretapping scandal indicates? In Greece, the so-called executive state seems to have reduced government to a tool of corrupt power, doing business at the top level of finance and politics, while alienating itself from the people and disorganizing different aspects of social life.

Whether it is wiretapping his political opponents (and financial actors) or providing the necessary political cover-up for an autonomous intelligence service and private actors, Mitsotakis has failed to defend democracy. While there have been serious cases of wiretapping in the past, what is striking, in this case, is its banality. A connection between public and private actors has not been proven, but strong indications suggest there may be a connection.

International media are focusing on this corruption and the European Parliament hosted an audit on the case, putting Greece, next to Poland, and Hungary, in a group of countries that violate the Rule of Law. Now the Greek government says it wants to modernize the framework that regulates surveillance. But in a populist or even ultra-conservative way, it also supports the EYP’s “modernization” and has praised its contribution to handling external threats in the region of the Evros river bordering Turkey and the Aegean.

It is unclear whether the government means that it is monitoring Turkish hostile actions on the border or refugees’ phones before deportation and pushbacks, but it is clear that it has intercepted journalists and humanitarian volunteers, apparently considering them a threat to national security! Journalists Malichudis and Papangeli fell victim to this perception of the “National threat”. As for the modernization of EYP, no law allows it to use spyware so far. But none of that seems to bother Mitsotakis. His government wants to continue doing business as usual, even if that now seems impossible.

Matthaios Tsimitakis is a Greek journalist and a digital communication expert based in Athens. He is an author of the independent Greek newsletter “Το Νήμα” (The Thread)

The opinions expressed are those of the author and do not necessarily reflect the views of BIRN.

Sever believes being an active journalist during her tenure is important: “Every day, I’m in touch with the people whose rights we fight for; I know their needs and understand what pressure from owners, politicians, or advertisers means for an ordinary journalist because I am just a fellow journalist.”

One question facing her is about her gender. For the first time in the history of the EFJ, a woman is leading the organization – and a woman from the Balkans.

Many female and Balkan journalists may be placing their hopes for better treatment in the media world in her.

Media freedom remains a problem in Balkan states. Reporters Without Borders’ 2022 World Press Freedom Index, says the past year has been a significant increase in “polarisation amplified by information chaos” – a phenomenon that has also affected the troubled media environment in the Balkans.

Sever wants her presidency to send a message that the Balkan region is part of Europe, and that, regardless of differences, they must jointly develop democracy and strengthen the independence of the media.

“My colleagues at the EFJ know that I am an open and inclusive person. I know the situation in the media sector in the Balkans quite well; they know that we are cooperating on several projects, and I believe we will get a little closer and strengthen cooperation during my presidency,” she told BIRN.

Focus on women’s issues

A report published  by BIRN, “Women in Newsrooms: Perspectives on Equity, Diversity, and Resilience”, found that women journalists in the Western Balkans confront numerous obstacles in their participation and representation in news organizations.

The new EFJ president takes her female leadership seriously; an activist, she rebels against injustice. “The attitude toward women in the media is unfair. It’s not just an impression; figures show the pay gap and many other exacerbated data. It’s always easier for bullies to attack a woman. But I fight against it with all my heart. I hope my contribution to the EFJ will help to improve the situation,” she told BIRN.

Active in the fight against SLAPPs

Sever became EFJ president at a crucial time; press freedom is under attack, many journalists are being prosecuted with so-called strategic lawsuits against public participation, SLAPPs, while at the same time they are also being targeted by politicians. Journalist workers’ rights are routinely violated. European and Balkan journalism, whatever the differences, shares similar problems.

Sever lists some of them to BIRN. “The EFJ is working intensively on professional assistance, building a system of protection of workers’ rights and trade unions, and defining strategies for systematic improvements.

“We have been working together for a long time to connect and strengthen the defence of the independence of local media. It is a problem that binds us together. Poor solutions to local media funding, pressures from politicians and advertisers, dependence on the financing by local government units …  Together we are trying to find a way out of this vicious circle in which most of the local media are in, in these areas. The struggle for public media services also connects us,” she says.

The EFJ cooperates with other European organizations dealing with these problems, such as the Europe-wide mechanism Media Freedom Rapid Response.

“We are part of the CASE coalition and participate in the most crucial fighting processes against SLAPPs. We support individual journalists exposed to SLAPPs but also define the strategies, requirements, and participation in the public debate on the legal frameworks for the fight against SLAPPs. There is currently a review of the adoption of a Directive and recommendations on the SLAPP in EU institutions and at the national level of EU member states. EFJ members actively advocate at the EU and national levels support for these documents,” she told BIRN.

A mission, not a job

The industry globally is facing many problems. Given this situation, is it worth working as a journalist today? Sever advises the young to proceed boldly. For her, journalism is still the best job in the world, a job that can make changes for the better in every society.

“It is a mission, not a job, and it is easy to love. I spoke to many young colleagues frustrated with the editors’ comments in the newsroom. My advice was, ‘Trust yourself, fight and think for yourself, complain, and don’t surrender. It’s the only way to do it and live journalism – the most beautiful job in the world,’” she concludes.

Cuba Ransomware and other cyber-attacks rock region

In November 2021 the FBI initially identified the so-called “Cuba ransomware”, accused of compromising as many as 49 public and private entities by encryption techniques targeting data with the unique “cuba” extension. Cuba ransomware perpetrators have demanded at least US $74 million and have received at least US $43.9 million in ransom payments so far.

In the region, Montenegro was hardest hit by cyberattacks lately. As BIRN has reported, the IT systems of Montenegro’s public administration have been offline since August 22 and, after initially blaming alleged Russian hackers, authorities now do not exclude the possibility of the Cuba Ransomware’s involvement. Public Administration Minister Marash Dukaj has directly accused the criminal group linked to the Cuba Ransomware of responsibility.

A digital screen displays a live cyber hack attack during a press conference at the Federal Criminal Police Office (BKA) in Wiesbaden, Germany, 11 November 2019. Photo: EPA-EFE/RONALD WITTEK

Beyond that worrying case, cyberattacks and other online frauds occurred all over the region. In North Macedonia on August 26, after a prize game recently appeared on Facebook through the fake profile “Technomarket Fans”, Technomarket, the Bulgarian retailer of consumer electronics, warned that the prize and the website were fake and aimed to lure users into an online scam. As part of a supposed raffle, the scammers claimed to be giving away vouchers for 670 fridges and cookers.

In another incident, on August 21, a man was defrauded online of over 130,000 denars (around 2,000 euros) after he publicly appealed for humanitarian aid from citizens to rebuild his ruined house.

Public institutions continue to be victims of incidents of falsification and impersonation in the online world. In Hungary, fraudsters misused the name of the police, sending mass emails in the name of the Police Department of Budapest with malware attached.

According to the real police, a malicious file with an XLL extension was sent to citizens claiming to be a police officer seeking a price quote from the recipient’s company and asking them to open the attached document.

At the same time, in Serbia, a phishing scam targeted a number of Serbian Post users. Serbian Post warned citizens of the attempted fraud and urged them not to be tricked by the fake emails. Serbian Post stressed that it never contacts citizens in this way.

Meanwhile, in Bosnia, on 22 August, two Ukrainian citizens were convicted of international cybercrime in what is the first such sentence in the country. The two were arrested and accused of organized crime concerning computer fraud after taking out 100,000 KM (around 50,000 euros) from a 24 Sberbank BH ATM. Investigators were unable to intercept about 2.5 million KM (around 1.25 million euros) which they seem to have exported abroad, most likely to their country of origin.

Hate speech targets the Albanian minority in North Macedonia

Our latest review of the violations that took place in the first half of August highlighted that the Bulgarian minority in North Macedonia is not fully integrated into the socio-cultural context of the country. The much larger Albanian minority has meanwhile been frequently attacked on North Macedonian social networks, which further demonstrates how internal ethnic tensions are being exacerbated by far-right propaganda on the web.

An Ethnic Albanian waves Albanian flag in front of the cordon of police officers during the protest following a court decision in Skopje, North Macedonia, 26 February 2021. Photo: EPA-EFE/NAKE BATEV

Our monitors recorded widespread usage on North Macedonian social networks of the highly derogatory and insulting term “Shiptar” to target the Albanian minority. As Albanian commentator Butrim Gjonbalaj explained, “Skiftar, Siptar, or Shiptar was a derogatory term used by Yugoslavians to insult Albanians and basically the equivalent of calling people of colour the N-word.”

The slur was the subject of a Belgrade court ruling in Serbia in December 2020, following an appeal from Ragmi Mustafa, the head of the Albanian National Council, against Serbian Interior Minister Alexandar Vulin who used the slur on multiple occasions. However, the court ruled that while the term is offensive, “it does not represent an idea, information or opinion that incites inequality, violence and hatred”.

On August 25, a Twitter user, addressing North Macedonia’s ethnic Albanian minority, wrote: “Why don’t we, like the Shiptars, start not paying for electricity!” Along the same line, a Twitter account posted that he “got into a fight with a ‘shipper’”, which was followed by several users also using derogatory words about ethnic Albanians in North Macedonia. On August 23, following a tweet published by a university professor, who had criticized the government, a Twitter user replied that the country’s large ethnic Albanian minority had to be eliminated. The user said: “Only a general popular uprising can remove them from power”.

Another user, commenting on a post published on 22 August that read: “NATO today with the symbolic low flight of a B-52: This territory must not be tampered with by anyone. This is what we fought for, friends,” wrote: “No one is allowed to touch it, except for Shiptari, Bulgarians and Greeks.”

A further incident saw the online media Plusinfo.mk publishing an article titled “What awaits the Albanians?” aimed at targeting the Albanian minority. “They know their dream of Greater Albania will never come true!” it commented, adding other derogatory phrases that accused the country’s Albanians of being stateless and of working against the country. Another accusation made in the online media is that Albanians are political spies whose sole aim is to destroy Macedonian identity, state and culture.

Online gender-based violence hits the Romanian digital environment

Women continue to be targeted online by incidents of misogyny, sexism and other cases of gender hatred. Cyberviolence against women is confirmed to be a worrying trend in various digital environments. In the second half of August, Romania recorded several episodes of this kind.

Women with their eyes covered with violet scarfs participate in a flash mob in front of Romania’s Internal Affairs Minister in Bucharest, Romania, 01 March 2020. Photo: EPA-EFE/BOGDAN CRISTEL

On August 26, Andrei Selaru, aka Selly, the most popular Romanian vlogger on YouTube, became the target of online harassment after appearing in a video promoting the Romanian Army. The video, published on the Defence Ministry’s Facebook page, ignited a public debate on the way influencers cash in on public money. Journalists accused Selly of being paid for an “unprofessional campaign”, although he had collaborated for free.

In another incident, recorded on August 19, two Bucharest policewomen were attacked online after a picture taken of them without their consent went viral on Facebook. In the photo, the two women appear to drink coffee and smoke cigarettes in front of a police station in Bucharest. But what sparked the intense backlash was that the two policewomen were wearing full make-up. “These girls are some stripers, caught while preparing for a stag party,” wrote one Romanian on Facebook. Another was quick to assume that the two police officers were uneducated and had not studied at the Police Academy. “Wearing jewellery instead of police equipment. Instead of safety and protection, they offer us style,” said another Romanian.

Last month, Credins Bank became the latest target as the Homeland Justice hackers hit a private entity for the first time.

Authorities say they have everything under control and have banned media from reporting on the content of the leaks. But ordinary Albanians are increasingly concerned for the security of their personal data.

This month, Progni, an IT expert, decided to act, filing a case with the Special Court Against Corruption and Organised Crime, SPAK, against the National Agency for Information Society, AKSHI, the National Authority for Electronic Certification and Cyber Security, ACESK, and a private firm responsible monitoring the implementation of standards by these bodies.

Progni, whose case has the backing of a forum of some 800 IT experts, said he was motivated by a desire to raise awareness and hold accountable those tasked with protecting private data.

“The biggest risks are the duplication of identity and the use of online data, the theft of the accounts that has already started, like Instagram, Facebook etc; these accounts are being stolen massively,” Progni told BIRN, saying he had already received thousands of messages from other concerned individuals asking about the legal avenues open to them.

“If they [SPAK] start an investigation, it’s certain that officials will be arrested,” he said.

Photo: Screeenshot from Homeland Justice webpage.

New front

Albania and outside investigators have all pointed the finger of blame at Iran, whose embassy in Tirana has been shut down as a result of the expulsion of its diplomats and ambassador. Albania has frozen diplomatic relations with Tehran.

The attack on Credins Bank appears to have opened a new front, however, as the hackers expand their targets from public to private entities.

On January 9, Homeland Justice published on Telegram a file that it claimed contains the data of business clients of the bank. A week later, another file appeared under the name ‘All Accounts Customers’. An accompanying message declared, “Credins Failed.”

Days passed between the attack and confirmation from Credins. The bank said a “peripheral system” had been affected but that the danger was isolated and the “highest IT security measures were implemented.”

One client, who asked not to be named, said she had been unable to log into her account for days and that, as of publication of this story, the bank app was still not working properly. “I wrote to the Support and they told me it doesn’t work but that it would be fixed soon,” she said.

“From an emotional perspective, at first I was very disappointed that the Support was completely unprepared; it didn’t provide any information except that it would be fixed during the following days. The information service also gave me wrong information, maybe not even the information service themselves knew what was going on, but it is very unprofessional that the customer was left without the right to know when there is a data breach.”

In its December 23 statement, the bank urged that no private data be published.

“We inform all persons that the publication of personal information without authorisation constitutes a legal violation, therefore we request that the distribution of this information be stopped immediately,” it said.

Western Balkan countries faced by cyber attacks since July (illustration). Photo: EPA-EFE/SASCHA STEINBACH

Class action lawsuit not an option in Albania

In some countries, affected individuals would be able to team up in collective action, or ‘class action’ lawsuits, to seek remedy, but under Albanian law this is not possible.

“This mechanism is not recognised in our legislation, even though there was an initiative by some civil society organisations that drafted a draft law on collective lawsuits and submitted it to parliament in 2021,” said Megi Reci, a lawyer at the Tirana-based Institute for Democracy and Mediation. “Approval remains subject to the will of the parliament.”

The only options open to individuals are criminal charges, civil lawsuits for compensation, or a complaint to the Commissioner for the Protection of Personal Data, Reci said.

As of January 18, SPAK told BIRN it had not registered any criminal proceedings with regards cyber-attacks.

The Tirana Prosecution is conducting its own investigation into the case; so far it has detained give IT employees in the public administration, but this has far from satisfied the government’s biggest critics.

As for solutions, experts say Albania may have to consider changing Albanians’ unique personal ID numbers.

“Only one recommendation solves this issue, which is to renew the citizen’s ID so that the IDs would be different,” Progni told BIRN. He also recommended 2-factor authentication for each account and greater awareness of phishing attacks.

The office of the Commissioner for the Protection of Personal Data said it had also proposed possibly changing ID numbers, but that it would be “a complex process”.

“The discussion and finding solutions for this initiative is complex and involves several institutions,” the office told BIRN in a written response. The IT breach and leak of private data “showed marked weaknesses of the structures and systems that administer them,” it said.