In the summer of 2022, Nikos Androulakis, leader of the Greek opposition party PASOK and a member of the European Parliament, received a notification from the European Parliament’s cybersecurity service stating that experts had detected an attempt to infect his mobile phone with the “Predator” spyware, one of the most powerful commercial digital surveillance tools in the world. At first glance, this appeared to be just another episode in the intelligence services’ fight against threats to national security, but it soon became clear that this was a scandal that raised questions about the surveillance of politicians not only in Greece but across the European Union as a whole.
The story, dubbed “Predatorgate,” showed that in the 21st century, political advantage is increasingly secured not by voter support, but by access to their data and communications; and if one side in a political struggle gains the ability to read opponents’ correspondence, know their strategy, sources of information, and internal plans, then the very idea of fair political competition is threatened. The European Parliament subsequently framed the issue in the strongest possible terms: the illegal use of spyware had threatened “democracy itself.” A resolution following the investigation was adopted on June 15, 2023, by a majority of 411 votes to 97. Members of Parliament demanded extensive investigations and serious restrictions on the use of such technologies.
The roots of the scandal date back to 2019. At that time, following the election of Kyriakos Mitsotakis’s government, the Greek National Intelligence Service (EYP) was placed under the direct control of the Prime Minister’s Office, a move that subsequently drew particular attention from critics due to reports of widespread wiretapping of politicians, journalists, and business leaders.
One of the first known victims was investigative journalist Thanasis Koukakis. In 2021, he was investigating the banking sector and possible corruption ties involving influential figures. Later, independent experts confirmed that his phone had been infected with the “Predator” program. This was followed by an even more high-profile incident. In July 2022, an attempt was recorded to hack the phone of Nikos Androulakis, the leader of the country’s third-largest political party, who turned out to be a target of interest for both government agencies and operators of illegal commercial “spyware.”
Further investigations by Greek and international journalists revealed that the list of potential targets was significantly broader, including more than 90 phone numbers, and that the “Predator” infrastructure was linked to more than 220 suspicious SMS messages containing malicious links. Among the potential targets were politicians, journalists, businesspeople, government officials, and even individuals close to government circles. Particular attention was drawn to the phenomenon of so-called “double surveillance,” where in some cases the same person was simultaneously under lawful wiretapping by intelligence agencies and under illegal surveillance via “Predator.”
“Predator” falls into the category of so-called “highly invasive spyware”—programs that, once installed, gain virtually complete control over the victim’s device. They are capable of accessing messages, contacts, photos, documents, and the phone’s camera and microphone. In effect, this constitutes a digital intrusion into a person’s personal and professional life. In the political sphere, such information is of immense value, as it allows one to anticipate an opponent’s strategy, identify their contacts, funding sources, and potential vulnerabilities; and even if the collected data is never published, the very fact of its existence creates a serious imbalance of power.
This creates what is known as a “chilling effect,” in which politicians become more cautious in their interactions with colleagues, journalists lose their sources, and whistleblowers refuse to cooperate with the media. As a result, democratic institutions continue to exist in name only, but without any real competition.
The Greek scandal turned out to be just part of a larger picture. In October 2023, the international consortium of journalists “European Investigative Collaborations,” in collaboration with “Amnesty International,” published the investigation “Predator Files.” Its findings revealed that the activities of the company “Intellexa” and its partners extended beyond the borders of a single country. Among the identified targets were United Nations officials, U.S. senators and congressmen, Taiwanese President Tsai Ing-wen, and European Parliament President Roberta Metsola. Particularly telling are the investigation’s quantitative data, which indicate that between February and June 2023 alone, attacks were identified on at least 50 accounts linked to 27 individuals and 23 organizations. “Predator” was used not only against individuals; international organizations, research centers, and government agencies were also targeted, turning the issue from a national scandal into a matter of European security.
The paradox is that “Predator” is not a product of the dark web’s black market, nor was it developed by criminal groups. According to an investigation by Amnesty International, a global non-governmental organization dedicated to the protection of human rights, “Intellexa” positioned itself as “a company based and regulated in the EU”; its founder, Tal Dillian, is a former Israeli army officer, and the network of companies itself spanned Greece, Cyprus, Ireland, France, the Czech Republic, and other European jurisdictions. The “Predator Files” investigation found that products from the “Intellexa” alliance were sold to at least 25 countries in Europe, the Middle East, Asia, and Africa. Among the buyers were Austria, Germany, Switzerland, Qatar, Oman, Pakistan, Kenya, the United Arab Emirates, and a number of other countries; thus, Europe turned out to be not only a victim of the digital surveillance industry but also one of its key export hubs.
Amnesty International Secretary General Agnès Callamard called this fact “evidence of the failure of the European regulatory system.” According to her, European institutions failed to prevent the spread of surveillance technologies even after the “Pegasus Project” scandal, which shook the world in 2021.
The repercussions of scandals involving the use of spyware extend beyond the right to privacy itself, because when citizens begin to suspect that political opponents are being monitored, it erodes trust in elections. This is precisely why the PEGA Committee (the European Parliament Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware), established to investigate the illegal use of spyware, concluded that the abuse of spyware poses a threat to fundamental rights and the democratic order of the European Union.
The situation is also dangerous because technology is evolving much faster than legislation. Today, commercial spyware platforms are capable of infiltrating devices almost undetectably, while mechanisms to control their use remain fragmented and often depend on national authorities. “Predator gate” served as a warning to Europe, demonstrating that digital surveillance is no longer exclusively a matter of national security; it directly affects the distribution of political power, because if one side possesses the tools for total surveillance of the other, political competition ceases to be fair.