Wiretaps: Prosecutor seeks conviction for Lavranos, Bitzios, Dyllian, and Chamos

During his address, Pavlidis asked for the conviction of the four accused—Ntilian, Chamos, Bitzios, and Lavranos—based on their proven connection with the involved companies and the software. He argued that they should be found guilty of all charges.

Pavlidis stated that the accused—Ntilian, Chamos, Bitzios, and Lavranos—either acted as de facto managers of the involved companies or had direct collaboration, and therefore, should be convicted for three misdemeanor charges, as they are accused. Specifically, he requested that they be found guilty of interference with personal data archiving systems, both completed and attempted, and of violating the confidentiality of telephone conversations, both completed and attempted. Regarding these charges, he proposed converting the charges to “serial” rather than “repeated” offenses, which would increase the penalties if accepted. “The legal interest here has a different face every time, with every message sent, a different interest is harmed,” he explained.

Regarding the illegal access to information systems or data, jointly, repeatedly, completed and attempted, he requested that the prosecution be discontinued, except for timely complaints, as a complaint is required for the offense.

The Prosecutor’s Speech

Starting his address shortly after 9 am on Friday, Prosecutor Pavlidis explained how he would structure his presentation “due to the size and complexity of the case,” emphasizing that “if the acts had been committed a little later, we wouldn’t be here. This case wasn’t for a single court, as evidenced by the number of documents and witnesses involved.”

Referring to the four accused businessmen who were charged with three misdemeanor offenses, Pavlidis clarified:

“Their referral doesn’t concern whether they created the code or pressed the button to send the message. In our criminal law, legal entities are not held accountable, so we must identify the natural person who represents the company. We do not hide criminal offenses behind corporate structures. Therefore, I will not focus on this issue, but on the responsibilities of the accused and their decisions within the companies.”

He also accepted that sending each message constitutes a separate attempt to commit an offense and not a preparatory act, explaining: “Based on the way the system operates and the necessary infrastructure, the perpetrator must create the message and send it to the target multiple times. The victim’s action is required, meaning they must click the link. However, the perpetrator has created all the conditions for the criminal plan, and the victim only makes an imperceptible collaboration. The sending of the infected link is definitely an attempt to commit the offenses, not a preparatory act.”

Illegal Use of Predator

Describing the technical framework in which the wiretaps took place through the illegal Predator software, he characterized it as “a total surveillance solution that reaches the core of data that should only be accessible by the legal holder.” He also referred to it as “the frontline of illegal software, sold only to government agencies, not to individuals,” and mentioned that its predecessor, Pegasus, was considered a weapon by the Israeli government.

He emphasized: “The use of Predator software violates the laws and deviates from the methods of lawful surveillance in Greece. Even if we say it was legal, it would require a lawful process with signatures and approvals, none of which we had in this case. It is clear that its use is illegal in this country and grossly violates the personal privacy of citizens, posing a threat to the political system because it grants powers to people who should not have them. Any use of it by services should be a wake-up call.” As for Intelexa, Pavlidis mentioned that the company “either developed or purchased spy software and not some other service” and that “it offered the Predator program among other products.”

The Involved Companies

During his presentation, Pavlidis provided a detailed explanation of how the involved companies were connected, noting that “the complexity of the companies’ network, the name changes, the transfer of assets, the change in corporate structures, and the fact that some of them were based in tax havens complicates the investigation and clarification of the relationships between the partners.” He mentioned that Cytrox was acquired in 2018 and became part of the Intelexa alliance, with infrastructures and personnel transferred to Intelexa.

Regarding Intelexa S.A., with shareholders being two of the accused, he noted that it had a wide range of activities that could include Predator-type activities. “It appears to be a regular company with some peculiarities, it has a registry with GEMI, employees, an office, and participates in exhibitions… initially, it doesn’t seem like a secret entity, partly out of necessity and partly out of strategy. On the other hand, it has some barriers, employees present products that they don’t know if agreements have been concluded or how the products are connected according to confidentiality.”

For Krikel, which signed contracts with the Greek government worth millions of euros, he said: “The company was founded in 2017 with an office in Athens by Stamatis Trimpalis, who was assigned by Lavranos for 700 euros a month. Lavranos was the real legal representative. He had an upscale office in the building. Trimpalis (who testified about this in court) appeared once a month and did small jobs and signed contracts with the Hellenic Police as a legal representative, without having participated in the negotiations handled by Lavranos for serious matters and by Ntalas for daily matters. Trimpalis testified that he signed papers without reading them, he didn’t have the company’s Taxisnet codes, and didn’t handle accounting books and invoices.”

The Accused

Pavlidis also referred to the roles of the four accused, trying to explain how the legal entities and, by extension, the natural persons were connected. “There is no doubt that the interests of Intelexa in Cyprus, Greece, or Ireland are not separated. They are part of the web of companies of the same individuals, and from the financial control with the Greek Intelexa, the relationship and transactions between them were revealed,” he emphasized.

Historical Review

The prosecutor then proceeded to analyze all the data and events that contributed to the investigation. He referred to the 2018 law on the government framework and the appointment of Grigoris Dimitriadis as the General Secretary of the Prime Minister, who was responsible for EYP, and the appointment of Panagiotis Kontoleon and the doubts about his formal qualifications.

He cited the testimonies of T. Teloglou and Vasilis Lampropoulos, stating that Predator arrived in Greece in the fall of 2019 and mentioned the role of arms dealer Stavros Komnopoulos “who had contacts with Bitzios, who had contacts with Lavranos, who had contacts with Dimitriadis, that’s how it goes…” adding, “in 2021, mass development occurred with messages sent from Dimitriadis’ number, the day after his name day, including Prosecutor Vlachou, the Chief of the Hellenic Police, and Dimitris Avramopoulos.”

According to Dimitris Pavlidis, regarding double surveillance: “In 2020, of 87 confirmed infections, one-third were under EYP surveillance,” calling this “a coincidence that matters.” Later, as connections to figures like Thanasis Koukakis and Nikos Androulakis began, in February 2021, a request was made to quadruple the capacity of the data center in Marousi, “which shows the escalation of the operation,” and a similar request was repeated at the end of 2021. He also pointed out that Predator—according to the process—operated until 2024 and likely continues today.

Regarding the Center for Technological Support, Development, and Innovation (KETYAK) and the raids by ADAE in two of its buildings, he commented that “it is surprising that not a single computer was found, while only 4-5 employees were present,” describing that “the most significant finding was an encrypted line connecting KETYAK with EYP, which was not unreasonable.”