Greek Intelligence Service Accused After New Spyware Revelations

Left-wing opposition party SYRIZA alleged on Tuesday that the Greek National Intelligence Service collaborated in the use of the illegal spyware software Predator to monitor Artemis Seaford, a Greek-American woman who worked for social media company Meta, as well as other targets.

The New York Times on Monday confirmed a previous report by Greek media outlet Documento that the illegal spyware software Predator monitored Seaford at the same time as the intelligence service was spying on her. It was the latest in a series of spyware revelations in Greece.

“The New York Times’ revealing report on the Artemis Seaford surveillance underscores what everyone knows, but the Mitsotakis administration continues to deny. The National Intelligence Service and Predator are the same single eavesdropping centre,” SYRIZA said in a press release.

Seaford lived in Greece for part of the time from 2020 to the end of 2022. During that time, she worked as a trust and safety manager at Meta, Facebook’s parent company, where she maintained working relations with Greek and other European officials, according to the New York Times.

Seaford’s mobile phone was infected with the spyware when she clicked on a message she received which contained a contaminated link for her vaccination against COVID-19.

“Anyone, anywhere can fall prey to spyware hacking. I should know – I was a Predator target,” Seaford wrote on Twitter on Monday.

“This does not make it normal. We need our governments and international bodies to protect us,” she said.

The Greek media outlet Documento first revealed in November 2022 that she had been monitored.

Kostas Vaxevanis, journalist and publisher of Documento, published lists of politicians, ministers, businesspeople, journalists and others who had been put under surveillance; among these names was Seaford. Documento’s report said the reason why she was being monitored was unclear.

Seaford expressed bemusement in an article she wrote for Greek media outlet Kathimerini later in November.

“I am not an official of any party, a member of the press, or a business owner with close government connections,” she said.

According to the New York Times, Seaford’s monitoring by the intelligence services started in August 2021, the month before the Predator infection, and for several months into 2022.

The newspaper suggested that the simultaneous tapping of Seaford’s phone by the intelligence services and the Pegasus infection “indicate that the spy service and whoever implanted the spyware, were working hand in hand”.

Mitsotakis’ conservative government has denied any responsibility for the spyware scandal.

“The Greek authorities and security services have at no time acquired or used the Predator surveillance software. To suggest otherwise is wrong,” government spokesperson Giannis Oikonomou told the New York Times.

“The alleged use of this software by nongovernmental parties is under ongoing judicial investigation,” Oikonomou added.

In November 2021, the newspaper EFSYN reported that journalists and lawyers dealing with refugee cases, civil servants and anti-vaxxers had all been the targets of surveillance by the National Intelligence Service, including BIRN contributor Stavros Malihoudis.

In April 2022, Greek media outlet Inside Story disclosed that Predator was used to spy on journalist Thanasis Koukakis.

In July 2022, it was also revealed that Nikos Androulakis, head of PASOK-KINAL, the third-largest party in the Greek parliament, almost fell victim to the Predator surveillance software.

In the meantime, the Greek judiciary has been investigating the use of Pegasus and other surveillance spyware and the European Parliament’s PEGA Committee has launched its own investigations.

Albania Election Commission Calls on Socialists to Explain New App

Ilirjan Celibashi, head of Albania’s Central Elections Commission, CEC, said on Wednesday that it is seeking explanations from the ruling Socialist Party about an app, “Aktiv1st”, which it has offered, following queries from the opposition and civic groups.

“We have received a request from the Democratic Party regarding this matter and are evaluating what this app implies in relation to the law or the behaviour of the owner in relation to the electoral code”, he said.

He added that the CEC is only looking into the app regarding the electoral code, and not other laws – meaning that the CEC is not looking into laws such as the law for data protection.

“I believe that by next week we will have a decision or an evaluation from the CEC regarding this issue,” Celibashi concluded.

The Socialist Party presented the app a year ago as a “tool of communication” for party activists. The users win points by engaging with its content, including new stories that redirect users to the Facebook and Instagram pages of Socialist officials.

The app appears to be a means of raising the social media profile of the Socialist Party, which faces local elections in mid-May.

Critics in the past have drawn attention to the party’s use of such technology to gather data on would-be voters and manipulate social media.

They are suspicious of the latest app, citing a lack of specific Terms of Service and indications that it may not be as “voluntary” as the party insists.

As BIRN previously reported, some have seized on the Aktiv1st app as the latest way for the Socialist Party to exploit the public sector for its own electoral benefit, in a country where the state administration is widely seen as the fief of the party in power.

Aktiv1st is available for download from Play Store and App store; in a section explaining data safety, it is specified that photos, videos, files, documents, and other IDs may be shared with other companies or organisations, while the app may collect user data including location, email address, home address, phone number, and messages.

Clicking on the Terms of Service redirects the user to the Law on Data Protection, without explaining the app’s specific terms. The user must click that they accept the terms in order to use the app.

A civil society organisation called Civic Resistance, which works on issues of transparency, education, youths and politics in Tirana, has lodged a complaint with the Commission for Data Protection and the Right to Information.

Kosovo Media Regulator Struggling to Recover from Cyber-Attack

Kosovo’s media regulatory body on Wednesday said it was subjected to a severe cyber-attack in January that has resulted in a loss of data and access to official email addresses and internal systems for almost two months.

Faruk Rexhaj, acting head of the Independent Media Commission, IMC, confirmed that many electronic services had been disabled because of the attack in January.

“We have not restored [the lost material] yet because we need to go through procurement procedures to hire an expert on restoring the servers. Procedures took some time but we are almost at the end,” Rexhaj told BIRN.

According to Rexhaj, the IMC is working to restore the system after the attack and blamed delays on the procurement procedures needed before hiring an expert to deal with the issue.

“We are in procedure to restore equipment, materials and systems to normalcy. We are working on it,” he added.

The IMC is an independent institution responsible for the regulation, management and oversight of the broadcasting frequency spectrum in Kosovo.

It licenses public and private broadcasters, establishes and implements policy and regulates broadcasting rights, obligations and responsibilities of individuals and entities who provide audio and audiovisual media services.

Rexhaj said police were informed about the attack. “We informed the police, and the Department for Cyber Crimes has taken all data they need. They have concluded that the attack was similar to some other cases and it is not related to anything specific. This kind of attack happens all over the world,” Rexhaj said.

Kosovo Police Seize Crypto-Mining Equipment After Govt Ban

In two different operations in Mitrovica South and Podujeve municipalities, Kosovo Police seized 70 items of crypto-mining equipment as part of raids following the ban on crypto-mining announced by the government last week.

In the first operation, in Mitrovica South, 67 crypto-producing machines were confiscated, Police said they identified the location in an apartment where investigators found a suspect dealing with “illegal activity”

In the second case near Podujeve, police seized three pieces of crypto-mining equipment.

“We have informed Customs officials and we will take subsequent action in coordination with them,” a police press release said.

No actual arrests, in either case, were reported.

Last week’s decision by the government to ban cryptocurrency mining, citing concerns about energy in a country with an energy crisis, has drawn questions concerning its legal basis.

The Minister of Economy, Artane Rizvanolli, announcing the ban on cryptocurrency mining, referenced emergency measures for electricity protection imposed by the government on December 24, to “restrict the energy supply, valid for a maximum of 60 days”. The government implemented power reductions on December 22 due to the serious energy crisis.

But Arber Jashari, a Kosovo-based legal expert, told BIRN: “There is not enough of a legal basis for the ban of cryptocurrency mining, considering that no special law regulates this issue.”

While the government has the legal basis to take restrictive measures on electricity, there appears to be no legal framework to ban cryptocurrency mining.

On October 2021, Kosovo announced it had drafted a law on cryptocurrency which parliament was expected to adopt by the end of the last year – but the regulation is still pending.

The chairman of parliament’s Committee on Economy, Ferat Shala, was cited as saying that most activities related to cryptocurrency were registered in northern Serb-run parts of Kosovo.

This phenomenon in the north, and associated energy costs, according to him, had pushed the committee to accelerate the drafting of a law to regulate the sector.

“The good thing about this is that all operators in this sector will know that we are working and monitoring and that at some point they will be subject to applicable law,” he was quoted as saying.

BIRN previously reported on how attics, basements, garages and even whole houses in Serb-majority northern Kosovo were being rented out for cryptomining, mainly because for 22 years, northern Kosovo has paid nothing for electricity, the vital component of crytomining.

One local crypto-miner told Reuters on condition of anonymity that “he was paying around 170 euros per month for electricity, and getting around 2,400 euros per month in profit from mining”.

Data Dominance: In Cyprus, a Chinese Outpost inside the EU

In October 2015, two years after a banking crisis left Cyprus in desperate need of new financing, President Nicos Anastasiades visited China on a charm offensive, touting the Mediterranean island’s low tax rates, its European Union membership and its readiness to take part in China’s Belt and Road Initiative, BRI.

The floodgates opened, but there was nothing sporadic about the Chinese outlay.

Today, money from Chinese state-owned or state-linked corporations has penetrated the core of just about every key Cypriot sector, from real estate to natural resources, transport to aviation, all in the name of a transcontinental infrastructure project linking countries along the route of the old Silk Road.

Thanks in part to the BRI, China is set to surpass the United States as the world’s leading economy by 2028 and become the standout superpower heading into the ‘Fourth Industrial Revolution.’

A key component of the BRI is the Digital Silk Road, DSR, through which the Chinese Communist Party seeks to develop and export key technological infrastructure – including 5G – to participating states, boosting the importance and presence of Chinese tech companies around the world and, to a degree, replicating its digital authoritarian model.


Chinese investments in Cyprus. Illustration: BIRN/Igor Vujcic

In Cyprus, according to BIRN’s findings, China now dominates the 5G networks and the island’s wider tech ecosystem, creating a key Chinese outpost inside the EU with potentially far-reaching consequences for data security and the independence of Cypriot – and by extension EU – foreign policy.

It is a state of affairs that contradicts US and EU recommendations and the island’s own claims to be pursuing a multi-vendor strategy.

5G underpins power grids, transportation and water supplies, and, in the future, will enable military tools including artificial intelligence, said Carisa Nietsche, associate fellow for the Transatlantic Security Program at the Washington-based Centre for a New American Security.

“In extreme cases, analysts suspect China could pull the plug on the network, gather intelligence from data pulsing through the networks or cut off a 5G-enabled energy grid,” Nietsche told BIRN.

Chinese investment in Cyprus

In 2015, China’s largest private copper smelter, Yanggu Xiangguang Copper, bought a 22 per cent stake in Cyprus-registered copper mining company Atalaya Mining Plc for 96.2 million euros.

In November 2019, a consortium led by state-owned China Petroleum Pipeline Engineering signed a 290 million-euro deal with the Cypriot natural gas infrastructure company ETYFA to build a liquefied natural gas terminal for electricity generation. Among the four firms in the consortium is state-owned Hudong-Zhonghua Shipbuilding, the top warship producer for the Chinese navy.

Before it pulled out in 2019, state-owned Aviation Industry Corp. of China, AVIC, was the largest shareholder in Cypriot airline Cobalt.

JimChang Global Group has invested 100 million euros in a five-star hotel and housing development near Ayia Napa via a joint venture announced in 2016 with Cyprus property group Giovani. The residential part was completed last year.

Macau-based Melco is investing $677 million in the City of Dreams Mediterranean, an ‘integrated casino resort’ in Limassol, Cyprus. It is expected to open in 2022.

Building 5G on Chinese foundations

Illustration: BIRN/Igor Vujcic

On his 2015 visit to China, Anastasiades, who was re-elected in 2018, visited the Shanghai research centre of Huawei, the world’s largest manufacturer of telecommunications equipment.

Huawei plays a key role in driving global industry standards in Beijing’s favour through the filing of patents that make the industry more likely to adopt Chinese proposals as global standards.

In terms of 5G standard essential patents, Huawei has the largest portfolio worldwide. The company claims to hold more commercial 5G contracts than any other telecom manufacturer in the world – 91. Forty-seven of these are in Europe.

At the research centre, Anastasiades lauded Huawei’s “important contributions to communications network construction in Cyprus” and called for “deeper ties”.

Huawei’s dominance, however, has unsettled the United States and others, which say the company’s equipment could be used by Beijing for spying, something Huawei has vigorously disputed.

In a rare interview with foreign media in 2019, Huawei founder and CEO Ren Zhengfei said: “I love my country. I support the Communist Party. But I will not do anything to harm the world.” He said that Beijing had never asked him or Huawei to share “improper information” about its partners and that he would “never harm the interest” of his customers.

Unconvinced, in October 2020 then US undersecretary of state for economic growth, energy and the environment, Keith Krach, visited Nicosia and, with the 5G licence application process underway in Cyprus, incorporated the island into the US ‘Clean Network’ on 5G, an initiative launched under former President Donald Trump to build a global alliance excluding technology that Washington says can be manipulated by the Chinese Communist Party.

The Americans are concerned, in part, by the proximity of Chinese-dominated 5G networks to military bases. But while on paper the Cypriots may have sided with the Americans, in practice Huawei is still very much in play.

Huawei (Nicosia)-the building in which Huawei’s main Cyprus offices reside. Photo: BIRN

The company entered the local market in 2009, taking a lead role in the upgrade of the island’s information and communications technology and the 2/3/4G infrastructure of its four telecommunications companies, CyTA, Epic, Cablenet and Primetel.

Since Cyprus uses the so-called Non-Standalone, or NSA, mode for 5G – effectively building on top of its existing 4G infrastructure – and with Huawei providing the components for 100 per cent of the telecom companies’ 4G Radio Access Network, RAN – the Chinese giant looked perfectly placed last year to take the lead in the 5G rollout as well.

The RAN is comprised of various facilities such as cell towers and masts that connect users and devices to the Core Network, which in turn encompasses all 5G data exchanges such as authentication, security, session management and traffic aggregation across devices.

In December 2020, the two biggest 5G contracts were awarded to CyTA and Epic.

But both companies, sources say, are overwhelmingly dependent on Huawei for their Core Network and their RAN infrastructure.

Semi-governmental CyTA launched its 5G Network in January 2021, catering to 70 per cent of the population on launch and aiming for 98 per cent coverage by the start of 2022.

A senior CyTA manager told BIRN that 80 per cent of the company’s Core Network and 100 per cent of its RAN is covered by Huawei infrastructure. The remaining 20 per cent of its Core Network is provided by Swedish Ericsson.

“CyTA is a governmental company and comes up with tenders for the equipment, and Huawei has been a long-term provider of infrastructure and support and offers the best prices,” said the senior manager, who asked not to be named since he was not authorised to speak to media.

Asked about the makeup of its Core Network and RAN infrastructure, CyTA told BIRN: “We inform you that any information regarding the CyTA network is a trade secret and any disclosure of it is contrary to the commercial interests of CyTA and its partners (article 34 (2) Law 184 (I) / 2017).”

Huawei also accounts for 90 per cent of Epic’s Core Network infrastructure and 100 per cent of the RAN, said a senior manager at Epic, who also spoke on condition of anonymity.

Epic’s collaboration with Huawei dates to 2009, when the company, then named MTN, sealed a 20 million-euro contract with the Chinese firm to upgrade its network.

Now owned by Monaco Telecom, Epic went on to develop Cyprus’s first 4G LTE network, leveraging Huawei’s RAN solution, on which another Cypriot telecommunications firm, Primetel, also entered into an access-sharing agreement. In February 2019, shortly before its rebranding as Epic, MTN signed a deal with Huawei for the development of its 5G network.

An Epic spokesperson did not respond to repeated requests for comment.

Nietsche, of the Centre for a New American Security, told BIRN: “For 5G to deliver on its promises of faster speeds, it requires an immense amount of data to travel through the network. And that data is pushed closer and closer to the end user, or the edge of the network.”

“In Europe, some governments have distinguished between implementation of Huawei in the Core Network and the Radio Access Network, or edge of the network. These governments argue that you can essentially create a firewall between the core and edge of the network.”

“However, we should not make such a distinction. As 5G networks develop, more and more data is pushed toward the edge of the network, and it becomes harder to distinguish between the core and edge of the network.”

Chinese ‘fusion’


Huawei section of the Gulf Information Technology Exhibition (GITEX) Global 2021. Photo: EPA-EFE/ALI HAIDER

Using Huawei components within 5G infrastructure is not a direct violation of European Union guidelines, since the EU toolbox on 5G – a common set of guidelines laid out by the bloc to limit 5G cybersecurity risks – did not explicitly ban any specific company but left it to member states to decide which providers were ‘high-risk’.

Authorities in Cyprus have not as yet identified any provider as ‘high-risk’.

The October 2020 memorandum of understanding that saw Cyprus sign up to the US Clean Network “does not imply in an implicit or explicit way that Cyprus will move away from Huawei”, said the man who signed it, Deputy Minister for Research, Innovation and Digital Policy Kyriacos Kokkinos.

“What it says is that we will collaborate with US agencies and authorities so that we ensure that the security standards are respected in the infrastructure we deploy,” Kokkinos told BIRN.

EU guidelines, however, do stress caution over suppliers “subject to interference from a non-EU country”, warning that a member state’s network could be vulnerable if there was a “strong link between the supplier and a government of a third country.”

Huawei’s state ties are considerable.

Zhengfei, the company’s founder, was a former Deputy Regimental Chief of the People’s Liberation Army; reports say that a considerable number of Huawei employees are believed to have worked for the military; and some Huawei employees have collaborated on research projects with military personnel.

But it was legislation passed in China in 2017 that really raised eyebrows.

Article 7 of China’s 2017 National Intelligence Law requires any organisation to support, provide assistance and cooperate in “national intelligence work”. Even before that, Article 22 of the 2014 Counter-Espionage Law required any “relevant organisations and individuals” to “truthfully provide” information during any “counter-espionage investigation”.

China’s “military-civil fusion” – which calls for private sector assistance in the country’s military objectives – was inscribed as a strategic priority in the Chinese Communist Party’s constitution in October 2017.

Some European countries have already balked.

In October, Swedish telecom regulator PTS banned Huawei from supplying 5G equipment to Swedish mobile firms due to security concerns raised by Sweden’s SAP security service, a decision upheld by a Swedish court in June this year.

Huawei has repeatedly denied posing a security threat, while China threatened “all necessary measures” in response to the Swedish ban. Beijing also told France and Germany not to “discriminate” against the company.

In the United Kingdom, a firm US ally, the government set a cap of 35 per cent limit on Huawei’s involvement in 5G RAN. It also excluded Huawei from safety-related and safety critical networks and sensitive locations such as nuclear sites and military bases.

In Cyprus, Kokkinos would not be drawn on whether Cyprus might set a similar cap.

“I don’t want to make a statement that might be misleading that this is not something that might happen in the future,” he said. “But at the moment we do not exclude any vendor.”

Critics of the Chinese government say the stakes could not be higher.

Given how much states and societies will come to depend on fifth generation technology, its security poses an unprecedented challenge, with any potential ‘hack’ snowballing into a threat to national security.

As a host to British military bases and US spy stations at the crossroads of Europe, Asia and the Middle East, Cyprus is no ‘island’ when it comes to geostrategic importance. Some experts say the threat posed by Huawei’s political and military ties and its data dominance in Cyprus cannot be ignored.

“One day Cyprus has to choose a side,” said Chen Yonglin, a former Chinese consular official in Sydney, Australia, whose work included monitoring Chinese dissidents until he defected in 2005. “One day China will take off its mask and Cyprus won’t be able to stand in the middle.”

“Cyprus needs to be careful about handing over its sovereignty to China,” he told BIRN.

John Strand, director and founder of telecommunications consultancy firm Strand Consult, concurred:

“The China we have today is a different China than we had five years ago,” he said. “China is a country which is very aggressive to countries which basically have an opinion, or have citizens who have an opinion about what is going on in China, Hong Kong or Tibet, and other places.”

“We have seen that China is not only threatening countries which go against them or criticise them, they also punish countries,” he told BIRN.

“If the Internet broke down 10 to 15 years ago, society could move on, it was not an issue. Nowadays, everything in our society is built on top of IT solutions which are connected to each other through the Internet of Things.

Cyprus embraces Chinese blockchain

Huawei, however, is not the only cause of potential concern when it comes to Cyprus.

Another is VeChain, a Chinese state-backed blockchain platform that in November 2018 entered into a national partnership with Cyprus to assist the island in the development and implementation of blockchain solutions across a range of private and public sectors.

Mediterranean Hospital of Cyprus (Limassol),one of two Cypriot hospitals to partner with VeChain store vaccination records on the VeChainThor blockchain. Photo: BIRN

It is the only such state partnership VeChain has outside of China.

The platform, launched in 2015, is a favourite of the Chinese Communist Party, which has entrusted it with contracts in, among other areas, agriculture and telecoms.

In July 2018, after thousands of children were given faulty vaccines, the Chinese government called on VeChain to create a nationwide vaccine tracking solution with health data stored on the blockchain.

When VeChain presented its solution at the China International Import Expo in November 2018, President Xi Jinping was in attendance. Xi has declared blockchain a national priority, with VeChain a co-founder of the Belt and Road Initiative Blockchain Alliance that aims to develop blockchain along the route of the BRI.

In Cyprus, VeChain developed the E-HCert App, which records COVID-19 PCR and antibody test results on the VeChain Thor Blockchain and is being expanded to serve as a wallet for all medical records of Cypriot citizens and as a vaccination certificate.

The ‘V-Pass’, a vaccination certificate sealed in the VeChain Thor, is also in the pipeline for the general public.

Two of the island’s biggest private hospitals have also struck agreements with VeChain for it to host their medical records on its blockchain.

Christiana Aristidou, co-founder and vice-chair of the Cyprus Blockchain Association, said that all necessary measures had been put in place “to maintain the safety of health data.”

“Blockchain is very secure and VeChain intends to take the lead in this sector in Cyprus,” Aristidou told BIRN.

Asked about any risks to data security, the Cypriot Health Ministry replied: “The Ministry of Health does not use blockchain technology in public hospitals.”

Golden passports and a city of dreams

But while some experts voice deep concern over the extent of China’s data presence in Cyprus, domestic scrutiny appears lacking. One reason may by the stakes involved for a number of influential political and legal figures.

In August 2020, an undercover report by Al Jazeera exposed a scam at the heart of a Cypriot policy to provide citizenship to foreign nationals who invest two million euros in the island’s economy.

According to the report, a number of high-level Cypriot officials had abused the scheme to secure passports for several thousand foreigners who did not meet the legal requirements.

Passport control at the derelict former Nicosia International Airport in Nicosia, Cyprus. Photo: EPA/JAN RAKOCZY

An official investigation, published in June this year, said that 97 per cent of the 6,546 ‘golden’ passports issued between 2007 and August 2020 had been issued since Anastasiades took power in 2013.

More than half, or 3,609, were for family members of investors and executives of companies and who were granted citizenship without actually meeting the legal criteria.

Between 2017 and 2019, the Al Jazeera report found that 482 wealthy Chinese nationals applied for passports via the scheme, more than any other nationality bar Russian. They include several members of the Chinese People’s Political Consultative Conference, an advisory body to the Communist Party.

The chief protagonist in the Al Jazeera exposé was Dimitris Syllouris, who as speaker of the parliament at the time was the country’s second highest-ranking official after the president.

Syllouris was caught helping to fast-track a Cypriot passport for a fictitious Chinese businessman despite being told the applicant had a criminal record and was therefore barred from a ‘golden’ passport under the rules of the scheme.

Syllouris, who resigned over the scandal, had been a key player in a number of deals between Nicosia and Beijing, including in the tech sector.

Property developer and MP Christakis Giovanis, whose company partnered in 2016 with Chinese group JimChang Global on a 100 million-euro hotel and luxury housing development, also resigned his public post over the scam.

Invest Cyprus, the government agency tasked with attracting foreign investment and which signed the 2018 MoU with VeChain, plays a central role in bringing Chinese money into the country.

When Invest Cyprus facilitated the arrival in 2018 of Macau-based conglomerate Melco for the development of a casino mega resort worth $667 million in Limassol, the agency’s CEO, George Campanellas, became a member of the management team overseeing the project.

Melco CEO Lawrence Ho is a member of the National Committee of the Chinese People’s Political Consultative Conference, CPPCC, an advisory body to China’s central government.

Melco is also linked to the Cypriot telecom company Cablenet via the latter’s owner, Cyprus-based CNS Group, which is the parent company of The Cyprus Phassouri (Zakaki) Limited, Melco’s partner in the Integrated Casino Resorts Cyprus Consortium behind the Limassol casino development, City of Dreams Mediterranean. The resort is expected to open in 2022.

In 2019, Melco’s Ho attended the 2nd Belt and Road Forum for International Cooperation in Beijing with Melis Shiacolas, the managing director of CNS Group and a relative of Cablenet non-executive chairman and 37 per cent owner, Nicos Shiacolas.

The Invest Cyprus board also includes Pantelis Leptos, a prominent property developer whose law firm, Leptos Group, handled the paperwork for 169 applications to the golden passport scheme between 2013 and 2019, according to interior ministry data reported by Cypriot media group Dialogos. The company also has an office in China.

A senior official at Invest Cyprus initially agreed to be interviewed for this story but then said he needed to seek authorisation to speak to the media. He subsequently did not respond to repeated efforts to arrange a meeting.

In Paphos, on the southwest coast of Cyprus, the head of the local Chamber of Commerce and Industry, Andreas Demetriades, signed a memorandum of cooperation in 2017 with the Hi Tech District and Chamber of Commerce of the eastern Chinese city of Changzhou, near Shanghai, for the development of a pharmaceutical tech park in Paphos, with tech parks – industrial zones specialising in science and technology – high on the agenda of Invest Cyprus and the government.

Demetriades’ law firm, Andreas Demetriades LLC, handled 272 golden passport applications between 2013 and 2019, more than any other firm.

Stelios Orphanides, an investigative journalist with the Organised Crime and Corruption Reporting Project, OCCRP, said China could come to dominate the telecommunications sector “because there is the lowest level of scrutiny in terms of risk management.”

“Cyprus doesn’t have the will to carry out thorough checks,” he told BIRN, “because those who manage the system – both the old elites and new elites, lawyers, accountants and so on – have learned to do just one thing, which is to prostitute the sovereignty of Cyprus in exchange for personal benefits.”

Western Balkans Roaming Charges End – With Internet Use Warning

Starting from Thursday, Serbia, Montenegro, Bosnia and Herzegovina, North Macedonia, Albania and Kosovo are dropping all roaming charges.

This means that citizens of these countries can make phone calls and send messages across the Western Balkan region without restrictions, paying the same prices as if they are in their home country.

However, the scrapping of roaming fees comes with a caveat, a warning for travelling citizens not to get too comfortable with their internet usage while abroad as there still might be some restrictions applied depending on their provider.

“Users are advised to always check their internet plans with their telecom providers, before travelling,” North Macedonia’s Agency for Electronic Telecommunications, AEK, said.

When it comes to internet traffic, in practice this means that some restrictions might apply, meaning that with some plans users might not be able to use all of their internet traffic from their home plan while abroad, the AEK explained,

Serbia’s Telenor provider explained that the use of the internet abroad will depend on the plan the users have.

“The amount [of internet traffic] depends on the monthly subscription for the tariff plan that users have, so there is no single unified amount, but it varies depending on the plan,” Telenor told N1 media outlet Thursday.

To prevent possible misuse of potentially lower prices in neighbouring countries, authorities across the region also said that while users can buy SIM cards in the neighbourhood, they will be able to use them only four months before they expire.

Roaming charges in the Western Balkan region were abolished in accordance with the Regional Roaming Agreement signed in 2019 at the second Western Balkans Digital Summit in Belgrade.

Countries from the region signalled that the next step would be mulling ways to reduce roaming charges between Western Balkans and the EU. For that purpose, a draft is expected to be prepared by the end of this year.

EU Sets Up Joint Cyber Unit to Tackle Steep Rise in Cyber-Attacks

The European Commission on Wednesday laid out plans to build a new Joint Cyber Unit to coordinate responses among members states and EU bodies to the rising number of serious cyber-incidents impacting on the bloc’s public, commercial and private arenas.

The EU, like the rest of the world, has been struggling to meet the threat of what is being called “an epoch of intensifying cyber-insecurity”. In April, a range of EU institutions, including the Commission, were hit by a significant cyber-attack, part of a growing spate of brazen attacks being committed by states conducting espionage and seeking vulnerabilities, as well as criminal gangs often operating out of Russia, Iran and China.

The true scale of the problem is hard to assess, though Bitdefender’s 2020 Consumer Threat Landscape Report estimated ransomware attacks increased by 485 per cent in 2020 from the year before. So far this year, losses of over $350 million have been incurred in ransomware attacks, according to US Homeland Security Secretary Alejandro Mayorkas.

The EU’s planned Joint Cyber Unit, to be located next to the new Brussels office of the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for EU institutions, bodies and agencies (CERT-EU), is an attempt to create a platform to ensure the bloc can provide a coordinated response to large-scale cyber-incidents and crises, as well as to offer assistance to member states in recovering from these attacks.

As such, it will bring together European cyber-security communities – including civilian, law enforcement, diplomatic and cyber-defence, as well as private sector partners – which it says too often operate separately. Invited participants will be asked to provide operational resources for mutual assistance within the Joint Cyber Unit.

Ultimately, the Joint Cyber Unit would allow for protocols for mutual assistance between member states and EU bodies, and for national and cross-border monitoring and detection.

The Commission said it wants to establish the unit on a phased basis over four steps, with plans for it become operational by June 2022 and fully established by June 2023.

“We need to pool all our resources to defeat cyber-risks and enhance our operational capacity,” Margaritis Schinas, vice-president of the Commission, told a press conference.

The move was broadly welcomed by cyber-security analysts, who said that if the purpose of the Joint Cyber Unit is to have a pool of IT experts which can be thrown into the frontline of cyber-warfare, then it is a positive move.

However, Marcin Zaborowski, Policy Director of Globsec’s Future of Security Programme, warns that the new agency risks becoming like the EU Battlegroups in security and defence, which were formed in 2005 but have remained on standby ever since because there was never a time when all EU members states could agree on their deployment. “I am worried you might have the same thing here, that the rules of engagement will mean it is unable to get the unanimous agreement from all member states,” he tells BIRN.

He cites this week’s cyberattack on Poland’s top politicians and officials, which Jaroslaw Kaczynski, Poland’s chairman of the Committee for National Security and Defence Affairs, said in a statement was “wide-ranging” and carried out from the territory of the Russian Federation.

Aside from continuing confusion over whether this was actually an external attack or merely sloppy internet security by key officials, there remains the question over to what extent a Eurosceptic government like Poland would be prepared to give EU bodies like the new Joint Cyber Unit access to very sensitive, privileged national information.

“I would like to see tasks of the Unit drawn up that are truly workable and practicable, and areas of operation where the EU member states do feel comfortable. If it tries to get into things that are easily blocked by member states because they do not want to share information, then you have an announcement of the Unit but nothing more than a policy,” Zaborowski says.

Jonathan Terra, a Prague-based political scientist and former US diplomat, cautioned that being very public about ramping up and coordinating your ability to respond may, paradoxically, provoke more attacks than otherwise might have happened.

“Hackers, especially those doing covert state work, will attempt to defeat any new measures to show that they can act at will. Then as the cooperative ‘EU cyber-response’ mechanism goes into action, and damage assessment takes place, it will become clear that the key to dealing with this threat is to have a strong deterrent, which the EU doesn’t really have as an independent unitary actor,” he says.

Balkan Investors Join Crypto Trading Craze

Stefan Angelovski starts his day with a cup of coffee and a browse online at which cryptocurrencies to buy and which to sell.

The 33-year-old former fitness trainer in Skopje, capital of North Macedonia, has been trading in cryptocurrency since 2017. Recently, he went full-time.

“I start and end most of my days following the crypto market trends and the daily transactions I make,” said Angelovski. “While I’ve been in this for a while, I’m now finally beginning to be satisfied with what I’ve achieved.”

The global cryptocurrency market has been going through a turbulent time in recent days, with losses estimated at more than 1.3 trillion dollars since a market peak on May 12. But in the Balkans, things are just heating up.

Local media, for example, have reported a 130 per cent increase in crypto trading in Bosnia and Herzegovina between 2019 and 2020, mirroring the global trend in which popular exchanges such as Coinbase have seen their user numbers jump from 35 million in 2020 to 56 million in the first quarter of 2021.

“I think that banks and the banking system are like dinosaurs waiting to die, and it is always a good time to enter the crypto market,” said Angelovski.

The Elon Musk effect

Stefan Angelovski. Photo: BIRN

Angelovski began in 2017 with an initial investment of just $250.

He says he has made most of his money in the past six months, when the prices of popular cryptocurrencies such as Bitcoin and Ethereum skyrocketed.

Bitcoin’s limited supply of 21 million makes it a scarce digital asset, earning it the moniker “digital gold”. Ethereum, on the other hand, is valued for its advanced blockchain technology and the faster transaction times it offers.

But there are thousands of others cryptocurrencies to buy and, as of February 2021, more than 68 million blockchain wallet users where the crypto is stored.

In the Balkans, so-called alternative coins, or altcoins, such as Dogecoin, are becoming increasingly popular.

Originally starting out as a meme coin in 2013 to poke fun at cryptocurrencies and people investing in something they might know very little about, this year its pricesurged by more than 12,000 per cent, meaning someone who invested $1,000 in January made a profit of more than $100,000 by May. The coin tumbled in value to 29 cents following the recent crash in the crypto market.

And while the rise of Bitcoin and Ethereum is based on the success of the blockchain technologies that they are based on, the popularity of Dogecoin is down to the speculative nature of the market, as well as praise from prominent supporters such as Tesla CEO and billionaire businessman Elon Musk.

How does it all work?

To buy and sell crypto on apps like Binance, a user must register a profile with an ID or passport and can then use a debit or credit card to buy from the listed cryptocurrencies and trade in them. Users can swap one crypto for another, or convert them into fiat currencies such as dollars, euros or pounds.

Popular cryptocurrencies such as Bitcoin can also be spent via Bitcoin debit cards, which can be used online or wherever credit cards are accepted.  People can also buy crypto from specialised cryptocurrency ATMs, using cards or cash, and scan the code of the required cryptocurrency so that it can be transferred to the mobile wallet where crypto are kept.

When it comes to cashing the profits made from trading cryptocurrencies, there are several ways that this can be done in the Balkans, including selling directly to interested traders for cash, or through intermediaries such as cryptocurrencies exchange offices like the BCX exchange platform in Serbia.

Elena Pupkova, a Skopje-based bookmaker, is one who hopes to cash in on the current Dogecoin craze.

“I became interested in investing in crypto a few months ago,” Pupkova said.“After I read some news that American Citibank is building a crypto trading service, and of course tweets from Elon Musk – the biggest promoter of cryptocurrencies, that was the last step that drew me to invest in crypto.”

“I also have a friend who invested in Bitcoin four years ago, and now she has more than $250,000. If I was sceptical about it then, I’m not anymore.”

Darko Ivanovski, a 33-year-old search engine specialist, first heard of Dogecoin in 2013, but, given the volatility of the market, prefers to invest in better-known currencies such as Bitcoin

“I think that it is much wiser to invest in cryptocurrencies that are known to be more expensive because you know that it is not so easy for them to collapse,” he told BIRN. “For example, it would definitely better to buy 0.0001 Bitcoin, rather than 200 XRP (Ripple cryptocurrency) that no one knows about.”

According to Vlaho Hrdalo, chairman of the Croatian Association for Blockchain and Cryptocurrencies, UBIK, while altcoins arenot necessarily bad, they tend to prey on what he describes as the “get-rich-quick-with-us-if-you’ve-missed-out-on-previous-pumpcoin.”

“As for the outlandish projects, they are often the result of the bull run and not its cause,” said Hrdalo. “In the long run I don’t expect every dog-themed coin to survive, but don’t underestimate them because look what happened with Dogecoin, which everyone thought couldn’t stay afloat during the bear market.”

Money-spinner or world-changer?

Illustration: Pixabay

Besides trading, there’s mining too, whereby people use computers and graphic cards to solve cryptographic equations and earn bits of the cryptocurrencies that they are mining.

Igor, a 29 year-old programmer in Skopje, started out mining for Ethereum in 2017, when the currency was worth around $700.

“At the beginning of 2018, when Ethereum reached the then top price of $1,397 dollars, it did seem like an investment from which you could earn really well,” he said. “However, over time the price began to fall sharply and reached a price that was demotivating and unprofitable to invest in.” Igor gave up, but later regretted doing so.

“By the end of 2020 when prices started to rise again, I decided to re-engage a lot more and invest in the equipment needed for mining. Additionally, I also decided to invest in various different cryptocurrencies.”

But while some see cryptocurrencies purely as a means to make money, others are won over by the belief they will transform the global financial system.

Governments and companies across the region are slowly grasping the potential.

In June, Serbia will start implementing a law on digital assets, according to which if someone owns cryptocurrency they will have to pay tax on it.

While Croatia still does not have a law on cryptocurrencies, crypto trading is regulated with the existing law on income tax, which treats crypto as a form of investment. In North Macedonia, crypto trading remains a gray area given the lack of legislation regulating the trading or ownership of cryptocurrencies.

In Serbia, the popular EXIT music festival in the northern city of Novi Sad announced in May that it wouldaccept payments in Bitcoin, while residents of the Croatian town of Sveta Nedelja have been able to pay for various goods and public services with cryptocurrencies since last summer.

“For me, getting rich from crypto is secondary, because I personally believe that crypto is also a philosophy,” said Angelovski, the Skopje-based trader.

“I understand crypto as a libertarian idea that allows you to be free.  It also speaks about personal responsibility, and that there are no limits to how far cryptocurrencies can go.”

“In general, I see countries around the world slowly embracing crypto as a new tool for payment,” he told BIRN.“I also think that people are starting to see and think of cryptocurrencies as something that is complementary to the banking system. In a best case scenario though, I think that maybe around 10 per cent of all money in the world will go into crypto.”

For Pupkova, investing in crypto is a lot more tempting than holding her money in a savings account earning very little interest.

“I think that investing in crypto is kind of like having savings,” she said. “And when I think about all the ways in which I have spent my money over the years, at least here I also have the opportunity to make a profit and maybe double my investment.”

In Offering ‘Hate-Free’ Social Media, Old Worries Haunt New Apps

For years, London-based writer and artist Mary Morgan has used social media to raise awareness and engage in debate, particularly Twitter and Instagram. Until the hate speech became too much.

“Anyone who spends time on Twitter knows it can be an absolutely horrible place,” said Morgan, whose work focuses on body politics, or the practices and policies through which powers of society regulate the human body.

So she began exploring alternative apps, settling on Clubhouse, an audio-based social network where users can join rooms and listen to, participate or moderate discussions on any topic that might interest them.

“The power of Clubhouse is that you can choose who you speak to. You can’t just randomly start messaging people with hate. I think that’s a real power to the platform,” Morgan told BIRN.

“Especially when it comes to activism, like-minded individuals and people who want to participate and learn will be drawn to houses and clubs, meaning we can all speak to and learn from each other in an environment that is encouraging of that.”

Launched in April 2020, Clubhouse currently boasts more than eight million users worldwide.

And it’s not alone in winning new users turned off by the inability of social media giants to find a way to filter out offensive content on their platforms – Mastodon, MeWe and CloutHub are just a few of the emerging names benefitting from a backlash against the likes of Twitter, Facebook and Instagram.

Experts, however, warn that while these alternative apps might be motivated by high ideals, they face the same issues that have dogged the giants – how to provide transparency, avoid hate speech and protect privacy, while also making money.

“I understand the desire that people have to move to new platforms,” said Ayden Ferdeline, a Berlin-based public interest technologist.

“We desperately need more spaces for lawful speech, but we need these new platforms to be more transparent than Facebook or Twitter are, about how they operationalise their policies and procedures, and to be designed from day one to uphold and respect fundamental human rights.”

Turned off Twitter


 A mobile phone displays the suspended status of the Twitter account of Donald J. Trump, 2021. Photo: EPA-EFE/MICHAEL REYNOLDS

Skopje-born Katarina P. spent 11 years on Twitter as an active member of the Twitter community in North Macedonia. Under an alias, Katarina, who declined to give her surname, used her profile to follow and comment on the events of any day in her home country and the wider Balkan region, engaging in sometimes heated debates.

Then, in February this year, Twitter suspended Katarina’s profile, without any specific explanation.

“I believe I got suspended because I came into a conflict with another Twitter account that was promoting misogyny through quasi-Christian Orthodox theology,” Katarina recalled.  “After my impulsive reaction to these tweets, my account got suspended.”

She appealed to Twitter’s Support Team, but, after a generic response to say they would look into it her case, Katarina never heard back. She assumed she was shut down based on the complaints of “religious fanatics”, and was frustrated at the lack of communication from Twitter.

Stung by criticism over how social media was used in the storming of the US Capitol by Donald Trump supporters on January 6, Twitter and Facebook appear to have adopted more restrictive approaches to what can and cannot be posted on their platforms.

Experts, however, say that the use of Artificial Intelligence has resulted in a litany of errors, with AI lacking the required contextual and nuanced analysis to distinguish strong criticism from defamation and radical political opinions from expressions of hatred and racism or indictment to violence, particularly in languages spoken by far fewer people than, say, English, French, German or Russian.

Katarina believes she is a victim of this, and is already looking for an alternative platform where she can engage in debate.

“I liked Twitter since it was unique for the microblogging opportunities it offered,” she said. “I hope that a new network with similar content might appear soon. And I won’t lie when I say that I am looking forward to it.”

Friendlier Facebooks


A Facebook logo. Photo: EPA-EFE/Julien de Rosa

Clubhouse might still be in its beta stage, but it has attracted huge attention.

“It is a completely new and different app, and I see it as great replacement for all of the podcasts, with the addition that you can not only listen to them, but also actively engage in the discussion,” said Marija Andrejska, a digital marketing specialist in Skopje who began using Clubhouse this year. “I believe this is one fantastic feature that has never been seen before.”

The app has an air of exclusivity to it that not everyone likes, however. As an invite-only app, a new user has to be invited by an existing member to join, and it’s only available for those using iPhones.

“On the downside, I think it’s a pretty ‘elitist’ app, and I don’t like that,” Andrejska told BIRN. “Since it functions only by invites and it’s only for iPhone users, it can create closed, in a way segregated groups, which can be dangerous in the long run. Therefore, I think that you cannot really use Clubhouse with the same intensity as Facebook, Instagram, Twitter, or even TikTok.”

Turkish journalist Dilek Kutuk said Clubhouse was a great place to exchange ideas, “especially in Turkey”, where society is deeply polarised along political lines.

“I see many voice chat rooms in Clubhouse where people talk and share their opinions, as opposed to Twitter, where all you can see is fights between those that have different political opinions,” Kutuk told BIRN.

MeWe has also seen a recent spike in user numbers, particularly in January.

Launched in 2012, the network says it is built on “trust, control and love”, and represents a secure and private alternative to Facebook with more than 16 million worldwide logging in to it use its newsfeed, private text and video chats and groups.

Then there’s CloutHub, considered an alternative to Facebook and Twitter. With some 255,000 users, CloutHub describes itself as a “non-biased social network for people engaged in meaningful civic, social and political issues.” It has also seen a growth in its user base since the beginning of the year.

Mastodon, a decentralised open-source platform,  is another under-the-radar alternative to Twitter. Users say it offers much better tools to protect privacy and fight online harassment than Twitter. Launched in 2016, the platform has more than two million users worldwide, and has been billed as a model for a “friendlier social network” dedicated to keeping out hateful content.

New apps under scrutiny


Illustration. Photo: Unsplash/Freestocks

But while such apps might bill themselves as ‘friendlier’, hate-free alternatives to Twitter and Facebook, experts say they face the same questions regarding privacy, transparency and how they moderate what’s being said, written or posted on their platforms.

“It is understandable why tech companies want to cleanse their platforms of mis- and dis- information, but neither their human moderators nor their technical measures are able to do so in a an accurate and human rights-respecting manner,” said Ferdeline.

Marcin de Kaminski, security and innovation director of Civil Rights Defenders, a Sweden-based international human rights organisation, said there is already concern.

“From our perspective, Clubhouse does allow users to speak freely, yes. But they also compromise on their users’ privacy, and there are no safeguards when it comes to protecting users from marginalised or targeted communities when it comes to verbal attacks, threats or slander,” said De Kaminski.

“Users that choose to use Clubhouse need to understand the risks, both technical and socio-legal.”

He warned of being blinded by the novelty of new features.

“It is easy to get mesmerized by new fascinating features and the possibility to have seamless voice chats with friends and colleagues may be tempting during the isolation of the ongoing pandemic,” De Kaminski told BIRN.

“However, Clubhouse has really made it possible to ask oneself very important questions – which data is harvested when you use the service and who has access to that data?”

Nor does being the new kid on the block necessarily protect against cyber attacks.

On Saturday, a report said that the personal data of 1.3 million Clubhouse users had been posted online on a popular hacker forum. Clubhouse denied being hacked and said that the data “is all public profile information from our app, which anyone can access via the app or out API [application programming interface].”

Privacy concerns have already prompted many users to migrate from messaging apps such as WhatsApp to the likes of Signal or Telegram, which claim to offer better privacy features.

Privacy and data protection strategist Lourdes M. Turrecha said any privacy failures could cost social media startups big.

“These privacy concerns are serious enough to create trouble for Clubhouse in a world where data protection enforcements have teeth – note the recent $650 million class action settlement following the $5 billion Federal Trade Commission’s fine against social media predecessor, Facebook,” said Turrecha.

“While these figures may seem like slaps on the wrist for a company like Facebook, a pre-revenue startup like Clubhouse doesn’t have the war chest to chalk these up as a cost of doing business, despite its $110 million in funding.”

Turrecha warned of the risks of users “trading” their privacy for greater freedom of speech.

“While neither speech nor privacy rights are absolute, I caution against pitting the two against each other through false tradeoffs,” she said. “We should demand technologies that protect both speech and privacy rights.”

Facebook Clamps Down on Iranian Dissident ‘Troll Farm’ In Albania

Facebook removed more than 300 Facebook and Instagram accounts belonging to members of an Iranian dissident group based in Albania that had been targeting Iran and content related to Iran.

“The network violated our policy against foreign interference which is coordinated inauthentic behavior on behalf of a foreign entity,” the social media giant said in its March report, “Coordinated Inauthentic Behavior Report”, which it published on Tuesday.

According to the report, the network now taken down was very active in 2017 and in the second half of 2020.

“The people behind this activity relied on a combination of authentic and fake accounts to post MEK-related content and comment on their own and other people’s posts, including those of international news organizations like Radio Liberty, Voice of America and BBC,” said the report.

The People’s Mujahedin of Iran, MEK, is an Iranian opposition group many of whose members moved to Albania in 2013 on the advice of the US. They live mainly in a camp on the outskirts of the capital Tirana.

Facebook added that it will continue to monitor any attempts to re-establish the network by people behind this campaign.

“The operation relied heavily on fake accounts to post and amplify its messages. Some of these accounts went through repeated name changes. Other accounts used the names of deceased members of MEK. Some claimed to be located in Iran but were operated from Albania. All the accounts were overt in their support of MEK and their criticism of the Iranian government,” the report continued.

Some of the fake accounts were a decade old but most of them were created between 2014 and 2016. They were particularly active in 2017, reduced activity in 2018–2019 and resumed in 2020.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now