By Vasilis Papageorgiou, Senior Researcher KEDISA
It was a typical sunny morning in Athens, Greece, when Panagiotis Tsalikidis was entering the apartment of his brother in Kolonos district. It seemed like an ideal opportunity to visit him and have a coffee together since he had a business meeting scheduled later on that morning. All of a sudden, his mother’s screams interrupted his thoughts as he entered the house. Costas Tsalikidis, 38 years old, brother of Panagiotis, was found dead, with his body hanging in front of his bathroom door. It was the 9th of March 2005.
A few days before, the boss of Costas Tsalikidis at Vodafone Greece (one of the major telecommunications groups in the country) ordered the removal of a sophisticated bug, a code of 6.500 lines, from the source code of the operating system used by Vodafone to run its network. The wiretap had on its target more than 100 of top Greek officials, including the then Greek Prime Minister Costas Karamanlis, his wife, other Ministers and prominent journalists in Greece and it was labeled as the Greek Watergate scandal by the media. Ten years after Costas Tsalikidis’ death, the highly classified documents of the National Security Agency (NSA) of the US, leaked by Edward Snowden, shed light upon that serious wiretapping incident and perhaps, in favor of the argument of the family of Costas Tsalikidis, that his death was not a suicide, but it was directly linked with the abovementioned scandal.
The causes of this incident can be traced back to the Olympic Games of Athens, in 2004. The Olympic Games of 2004 were the first that took place after the September 11 terrorist attacks in the US. Concerns about security were profound and the US intelligence services started their preparation well in advance. In close collaboration with the Greek National Intelligence Service (EYP) and with the allowance of the Greek government, the NSA tapped into the telecom systems of Greece to conduct surveillance in terrorist networks and to assist with security in general during the Olympic Games. As part of the agreement between the NSA and the Greek authorities, was the commitment by the former, to remove the wiretapping mechanisms after the end of this period. Consequently, in the 4th of August 2004, the unauthorized code is added in the software of Vodafone and as a result, one of the functional subsystems that was installed in the software but remained inactive, known as the “Lawful Interception” (LI), was activated. The LI gives Law Enforcement Agencies the option to selectively wiretap individual subscribers of telecommunications companies, upon legal authorization. Wiretapped conversations are in turn being forwarded to shadow-cell phones and, apparently, to electronic data loggers for storage and also for data processing. In other words, the unauthorized software activated an otherwise legal mechanism (LI) bypassing the legal foundations needed (warrant from a Law Enforcement Agency), to wiretap its target group. According to the leaked documents of the NSA, the hacking team of the latter, participated in the Olympic Games of Athens and, likely, to the activation of the LI in Vodafone Greece.
Long after the end of the Olympic Games though, on the 24th of January 2005, a routine update was installed in Vodafone’s software. As a result, hundreds of phone messages could not be delivered, urging Vodafone to investigate the case. The leading software engineer at Vodafone Greece, Costas Tsalikidis, had already noticed some problems, observing that certain antennas seem to overwork. Indeed, those antennas were found to be connected to the wiretapping at a later date. Interestingly, Costas Tsalikidis handed his resignation on the 31st of January to his supervisors, who instead persuaded him to stay in the company until a replacement would be found. On March the 4th and after weeks of investigations, Vodafone was informed that a serious malware had been found in its software systems. On the 8th of March, the illegal software had been completely removed by Vodafone and Ericsson technicians, and therefore any possibility to track down the origins of the perpetrators and to fully evaluate the damage, was lost. It is important to note that immediately after the day of the removal of the illegal software, Costas Tsalikidis was found dead in his apartment. According to his relatives, his profile didn’t match the profile of a person likely to commit suicide. Although his relatives tried to prove that his death was not a suicide, they weren’t able to do so till today, while blaming the authorities for “leaving them on their own” in the investigation of the case.
The response of the Greek government in the Greek Watergate scandal was ambiguous. After the revelation of the scandal by some Ministers of the Greek government in a press conference, government officials admitted that almost a year of investigations gave them no clue about the identity of the perpetrators. In February 2015, almost 10 years after the revelation of the scandal, the Greek authorities issued an international arrest warrant for a Greek-American, former CIA official, named William George Basil as the human factor behind the wiretaps. The CIA official was accused of espionage, a serious accusation by an ally of the US like Greece, the importance of which was however, downplayed by the former. Regarding the company of Vodafone, the CEO of Vodafone Greece was mainly accused of mishandling the serious incident of eavesdropping. Consequently, Vodafone Greece was fined with an initial 76 million euros fine (it was later converted to a 50m one) by the Hellenic Authority for Communication Security and Privacy (ADAE).
To conclude, the wiretapping scandal in Greece raised plenty of questions about the role of intelligence agencies, their collaboration with other national intelligence agencies and the cyber capabilities of Greek authorities. In terms of cyber security governance, the Greek government handled poorly the case by giving the NSA almost full authorization to monitor the LI procedure and without properly changing or checking the software’s code by the end of the games. Moreover, while there are strong indications that the death of Costas Tsalikidis is linked to the wiretapping scandal this isn’t yet confirmed. By contrast, the cynical approach of intelligence agencies seems to be crystal clear when it comes to collecting intelligence. According to an ex-member of the NSA with experience in wiretapping “They never remove (the bugs). Once you gain access, you are in. You have the chance to put more bugs, and this is an opportunity”.
Bamford, James. 2015. “Did A Rogue NSA Operation Cause the Death Of A Greek Telecom Employee?”. The Intercept. https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/.
Petropoulos, Aggelos. 2015. “Americans And Greeks Started The 2004 Wiretaps Together”. Ekathimerini.Com. http://www.ekathimerini.com/202026/interactive/ekathimerini/special-report/americans-and-greeks-started-the-2004-wiretaps-together#secondPage.
Prevelakis, Vassilis, and Diomidis Spinellis. 2007. “The Athens Affair”. IEEE Spectrum 44 (7): 26-33. doi:10.1109/mspec.2007.376605.
Romanidis, Evripidis. 2008. “Lawful Interception and Countermeasures”. Master, Royal Institute of Technology Stockholm, Sweden.