A former security policy manager at Meta had her phone wiretapped and hacked by Greece’s national intelligence agency, according to a report from The New York Times. Artemis Seaford, who worked for Meta while partly living in Greece, was reportedly surveilled with the help of spyware called Predator.
Seaford worked for Meta from 2020 to 2022, where she addressed cybersecurity policy issues and often spoke with Greek and other European political officials. As noted by the Times, she first became aware that she may have been hacked when she saw her name included on a leaked list of spyware targets in November 2022. Cybersecurity researchers at Citizen Lab later confirmed that her phone had been infected with Predator in September 2021 for “at least two months.” The Times reports Seaford was also a victim of a yearlong wiretap.
Predator is developed by a company based in North Macedonia called Cytrox. Like the infamous Pegasus spyware, Predator can monitor text messages, calls, photos, and videos on a target’s phone. However, as noted by a Times report from last year, Predator infects a victim’s phone when they click a link, while Pegasus can infect someone’s device just by calling it. Predator has been found to target government dissidents and journalists in the past.
In 2021, Meta notified around 50,000 Facebook and Instagram users that their accounts were getting spied on by “surveillance-for-hire” companies around the world. At the time, Meta’s cyber security report indicated that the company removed 300 accounts with links to Cytrox, although it’s unclear whether Seaford’s case is related. Meta didn’t immediately respond to The Verge’s request for comment.
In addition to Predator spyware on her phone, people with knowledge of the situation tell the Times that Seaford had been wiretapped by Greek national intelligence in August — just one month before her phone got infected — a potential explanation for the method in which her phone was hacked.
The spyware made its way onto Seaford’s phone after she scheduled an appointment to receive a covid booster shot through the Greek government’s web portal, according to the Times. Several hours after she made the appointment, she received a text message that asked for confirmation by clicking the included link. This link, the Times states, was the one that infected Seaford’s device.
“The details for the vaccination appointment in the infected text message were correct, indicating that someone had reviewed the authentic earlier confirmation and drafted the infected message accordingly,” the Times says. “The sender also appeared to be the state vaccine agency, while the infected URL mimicked that of the vaccination platform.”
It’s still not clear why Seaford became a target of Greece intelligence, and it seems she’s not entirely sure, either. “In my case, I do not know why I was targeted, but I cannot see any reasonable national security concerns behind it,” Seaford tells the Times. Seaford has since filed a lawsuit in Athens against the unknown individuals responsible for the attack. She also requested that the Greek Authority for the Protection of the Privacy of Telecommunications investigate whether the national intelligence agency wiretapped her phone.