A DEATH IN ATHENS Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?
23 oktober 2015
JUST OUTSIDE THE MAIN DOWNTOWN part of Athens lies Kolonos, an old Athenian neighborhood near the archaeological park of Akadimia Platonos, where Plato used to teach. Along the maze of narrow streets, flower-filled balconies hang above open-air markets, and locals gather for hours at lazy sidewalk cafes, sipping demitasse cups of espresso and downing shots of Ouzo in quick gulps.
It was a neighborhood Costas Tsalikidis knew well. He lived at No. 18 Euclid Street, a loft apartment just down the hall from his parents. Slim and dark-haired, with a strong chin and a sly smile, he was born in Athens 38 years earlier to a middle-class family in the construction business. Talented in math and physics from an early age, he earned a degree in electrical engineering from the National Technical University of Athens, considered the most prestigious college in Greece, where he specialized in telecommunications, and later obtained his master’s in computer science in England. Putting his skills to good use, for the last 11 years he had worked for Vodafone-Panafon, also known as Vodafone Greece, the country’s largest cell phone company, and was promoted in 2001 to network-planning manager at the company’s headquarters in the trendy Halandri section of Athens.
On March 9, 2005, Costas’ brother, Panagiotis, dropped by the apartment. He thought he’d have a coffee before a business meeting scheduled for that morning. But as he entered the building, he found his mother, Georgia, running up and down the corridor yelling for help.
“Cut him down!” she was saying. “Cut him down!”
Panagiotis had no idea what she was talking about until he went inside his brother’s apartment and saw Costas hanging from a rope tied to pipes above the lintel of his bathroom door, an old wooden chair nearby. He and his mother cut the rope and laid Costas down on the bed.
Costas Tsalikidis Photo: Courtesy of the Tsalikidis familyThe day before his death, Costas’ boss at Vodafone had ordered that a newly discovered code — a powerful and sophisticated bug — be deactivated and removed from its systems. The wiretap, placed by persons unknown, targeted more than 100 top officials, including then Prime Minister Kostas Karamanlis and his wife, Natassa; the mayor of Athens; members of the Ministerial Cabinet; as well as journalists, capturing not only the country’s highest secrets, but also its most intimate conversations. The question was, who did it?
For a year, the eavesdropping case remained secret, but when the affair finally became public, it was regarded as Greece’s Watergate. One newspaper called it “a scandal of monumental proportions.” And at its center was the dark underside of the 2004 Summer Olympic Games in Athens. While the athletes were competing for medals as millions watched, far in the shadows spies had hacked into the country’s major telecom systems to listen and record.
A decade later, Costas’ death is caught up in an investigation into what now appears to have been a U.S. covert operation in Greece. Last February, Greek authorities took the extraordinary step of issuing an international arrest warrant for a CIA official the Greeks believe was a key figure in the operation while based in Athens. Unnoticed by the U.S. press, the warrant was a nearly unprecedented action by an allied country. The intelligence official, identified as William George Basil, was accused of espionage and eavesdropping. But by then he had already left the country, and the U.S. government, as it has done for the past 10 years, continues to stonewall Greek authorities on the agency’s involvement.
The Greek charges only touch the surface, however, and Basil may be less a key figure than simply a spy guilty of poor tradecraft. An investigation by The Intercept has uncovered not only the role of the CIA, but also that of the NSA, as well as how and why the operation was carried out. The investigation began while I was producing a documentary for PBS NOVA on cyberwarfare, scheduled to air on October 14, for which some of the interviews were conducted. In addition, I have had exclusive access to highly classified and previously unreported NSA documents released by Edward Snowden.
The Intercept, along with the Greek newspaper Kathimerini, interviewed over two dozen people familiar with the wiretapping case, ranging from U.S. intelligence officials and Greek government officials to those involved in the investigation and its aftermath. Many of those interviewed agreed to talk on condition that their names not be used, fearing criminal prosecution for speaking on intelligence matters or professional retribution. While some questions remain, the evidence points to a massive illegal eavesdropping program that may have led to Costas’ tragic death.
“COSTAS WAS ENGAGED,” his brother, Panagiotis, told me last year. “He was planning to get married.” Like Costas, who was three years younger, Panagiotis spoke fluent English, the product of frequent trips to the U.S., both on business and vacation.
After a dinner of lamb and hummus at a restaurant not far from the apartment where Costas died, Panagiotis spoke emotionally about his brother. “He had met the woman of his life and they were planning to get married really soon. And for that reason, they were looking to get a house and they had already started buying things that they could use in their new household. Costas was happy and optimistic and things had been working out really good for him.”
At the time, Panagiotis couldn’t understand what had happened; Costas was in good health and, at least until recently, seemed to love his job at Vodafone. “I thought there was no reason for him to commit suicide,” he said, although he acknowledged Costas had been under more pressure than usual. “In the last year of his life, he was working very hard because Greece had undertaken the Olympic Games of 2004,” he said. “And that meant a lot of hours at work and a lot of planning to beef up the networks.”
Given the enormous numbers of journalists and tourists who were planning to attend the events, all wanting to communicate, Costas’ workload increased enormously in the months before the games were to begin. Eventually, the technical infrastructure created by the Athens Olympics Organizing Committee for staff and media involved more than 11,000 computers, 23,000 fixed-line telephone devices, and 9,000 mobile phones. But the Olympics ended more than six months before Costas’ death, so there had to be another reason.
At work, things suddenly began to change. Costas told his brother that he wanted to quit. “He tendered his resignation to the company, but it wasn’t accepted,” Panagiotis told me. “He wanted to get out.” And he sent a text to his fiancée, a piano teacher named Sara Galanopoulou, saying he had to leave his job, adding cryptically that it was a “matter of life and death.”
As Costas Tsalikidis and his colleagues at Vodafone worked overtime in the months leading up to the games, thousands of miles away another group was also getting ready for the Summer Olympics in Greece: members of the U.S. National Security Agency. But rather than communicating, they were far more interested in listening. According to previously undisclosed documents from the Snowden archive, NSA has a long history of tapping into Olympic Games, both overseas and within the U.S. “NSA has had an active role in the Olympics since 1984 Los Angeles games,” according to a classified document from 2003, “and has seen its involvement increase with the recent games in Atlanta, Sydney, and Salt Lake City. During the 2002 Winter Olympics in Salt Lake City, the focus was on counterterrorism, and NSA acted largely in support of the FBI in a fusion cell known as the Olympics Intelligence Center (OIC). … NSA’s support to the 2004 Olympics in Athens will be much more complicated.”
In 2004, for the first time since the 9/11 attacks of 2001, the Summer Olympic Games would be held outside the U.S., and thus the difficulties would be far greater. “Several factors will make the Athens Olympics vastly different,” the document continued, “not the least of which is the fact these Olympics will not be held at a domestic location. Also different is that the security organization that NSA will support is the EYP, or Greek National Intelligence Service. NSA will gather information and tip off the EYP of possible terrorist or criminal actions. Without a doubt, the communication between NSA and EYP will take some coordination, and for that reason preparations are already underway.”
According to a former senior U.S. intelligence official involved with the operation, there was close cooperation between NSA and the Greek government. “The Greeks identified terrorist nets, so NSA put these devices in there and they told the Greeks, OK, when it’s done we’ll turn it off,” said the source. “They put them in the Athens communications system, with the knowledge and approval of the Greek government. This was to help with security during the Olympics.”
The Olympic Games ran smoothly — there were no serious terrorist threats and Greece had its best medal tally in more than a century. On August 29, 16 days after the games began, closing ceremonies were held at the Athens Olympic Stadium. As 70,000 people watched, Greek performers displayed traditional dances, a symbolic lantern was lit with the Olympic Flame, and Dr. Jacques Rogge, president of the International Olympics Committee, gave a short speech and then officially closed the games.
Two weeks later, the Paralympics ended, and at that point, keeping their promise to the Greek government, the NSA employees should have quietly disconnected their hardware and deleted their software from the local telecommunications systems, packed up their bugging equipment, and boarded a plane for Fort Meade. The problem was, they didn’t. Instead, they secretly kept the spying operation active, but instead of terrorists, they targeted top Greek officials. According to the former U.S. intelligence official involved with the operation, the NSA began conducting the operation secretly, without the approval or authorization of the CIA chief of station in Athens, the U.S. ambassador, or the Greek government.
“We had a huge problem right after the Greek Olympics,” the source said. “They [NSA] said when the Olympics is over, we’ll turn it off and take it away. And after the Olympics they turned it off but they didn’t take it away and they turned it back on and the Greeks discovered it. They triangulated some signals, anonymous signals, and it all pointed back to the embassy.”
At that point, the source said, someone from the Greek government called Richard Eric Pound, the CIA chief of station at the embassy in Athens and the person officially responsible for all intelligence operations in the country. Pound had arrived in May 2004, replacing Michael F. Walker, the agency’s former deputy director of the paramilitary Special Activities Division, as chief of station in Athens. Describing himself as “a small town boy from Indiana who set off to see the world,” Pound had joined the agency in 1976. Hefty and mustachioed, he was a veteran of the agency’s backwater posts in Africa.
Pound, according to the source, knew nothing about the operation having been turned back on, so he called his boss at CIA headquarters to ask about it. “He says, ‘What in God’s name is this all about?’” said the source (Pound declined to speak to The Intercept). Pound’s boss then immediately called his NSA counterpart. “Oh, yeah, we were going to tell you about that,” the NSA official told Pound’s CIA boss, according to the source. “They didn’t take it out and they turned it back on.”
National Security Agency Deputy Director John Chris Inglis testifies before the House Select Intelligence Committee on the NSA’s PRISM program, which tracks web traffic and US citizens’ phone records, during a hearing on Capitol Hill in Washington, DC, June 18, 2013. AFP PHOTO / Saul LOEB (Photo credit should read SAUL LOEB/AFP/Getty Images) National Security Agency Deputy Director John Chris Inglis in Washington, D.C., June 18, 2013. Photo: Saul Loeb/AFP/Getty ImagesNot informing the chief of station and the ambassador was an enormous breach of protocol. The chain of events surprised another source, a long-time veteran of the CIA’s National Clandestine Service, who was once a colleague of Basil in Athens. “I can’t think of another time in my experience when that ever happened, that’s how unusual it is,” the source said. “I’m astounded by that.”
In 2006, Chris Inglis became the NSA’s deputy director, the agency’s No. 2 official, who was thus in a position to discover what had happened. In an interview, I questioned him about the scandal and the illegal bugging operation. “Was the NSA involved?” I asked. Inglis offered no denial. “I couldn’t say whether NSA was involved in that or any other activity that might have been alleged to be conducted by an intelligence service, let alone NSA.”
Inglis did confirm, however, that NSA operations in foreign countries would normally have the approval of the CIA chief of station. “The chief of station,” he said, “would speak on intelligence matters for the nation, or essentially be expected to adjudicate matters on behalf of the nation.” He added, “So if NSA was expected to conduct an intelligence operation physically in some particular place of the world, I would expect that the chief of mission — the ambassador — and that the chief of station — the intelligence rep — would have some influence on that, some kind of ability to understand what it was and to ensure that it was done in the proper way.”
I also put the question to Gen. Michael Hayden, the NSA director at the time. “Do you remember the incident that came up involving Greece?” I asked. “Not anything we’re going to talk about here,” he said. “Did that come to your attention?” I pressed. “Not something I can talk about,” he replied.
At the time of the Greek bugging operation, Hayden was also secretly running the NSA’s illegal warrantless eavesdropping and metadata dragnet surveillance programs, the largest domestic spying operations in U.S. history.
FILE – In this Dec. 6, 2002 an aerial file photo of the US embassy in Athens, Greece. Theodoros Pangalos a former foreign minister of Greece said on Tuesday, Oct. 29, 2013 the U.S. is not the only country eavesdropping on foreign diplomats: his country’s secret services did that to U.S. ambassadors in Athens and Ankara in the 1990s. (AP Photo/Thanassis Stavrakis, File) An aerial file photo of the U.S. Embassy in Athens, Greece, Dec. 6, 2002. Photo: Thanassis Stavrakis/AP
Stonewalled by the U.S., over the past decade Greek investigators were nevertheless able to follow a digital trail right to the front door of the U.S. Embassy in Athens, and then to William George Basil, a mysterious embassy official with a Greek background.
Although very little is publicly known about Basil, interviews with his relatives and childhood friends in Greece, as well as fellow embassy employees and intelligence officials in Athens and the U.S., shed light on his background.
Basil was born on December 10, 1950, in Baltimore, where many of his relatives had settled after emigrating from Greece. Much of his extended family came from the small Greek island of Karpathos in the Aegean Sea, a port of call for the Argonauts traveling between Libya and Crete, and mentioned in Homer’s Iliad. There, his ancestors worked as stonemasons and as farmhands in mountainside wheat fields.
His father, George, had emigrated to the U.S. where Basil and his sister, Maria, spent their early years. But when Basil was 9, his now-divorced father became engaged to a woman from Karpathos and they all traveled to the island for the wedding. An old snapshot shows a young Basil in a suit jacket sitting uneasily on the back of a donkey. After a few months, the family returned to the U.S., then in the 1960s, when Basil was in his early teens, moved back to Karpathos for good.
Today, childhood friends there still remember Basil as “Billy,” an Americanized youth who liked to spend time on the beach. His cousin Nikos Kritikos often played sports with him. “He played rugby when he was young,” Nikos said. “He was amazingly smart. … We grew up in the same house; his stepmother, Marigoula, raised us.” And Basil’s uncle Manolis Kritikos, a local schoolteacher, remembered him as “a happy kid who smiled.” “He was always restless as a young man, he searched things,” he said. “Most of all he liked the history of this place, the folklore. … And he loved Greece and [the Karpathos village of] Olympos more than anything.”
Basil 9 years old attending his father’s wedding on Karpathos Basil, 9 years old, attending his father’s wedding on Karpathos. After graduating from high school at the American Community Schools in Athens in 1968, Basil joined the Army for five years and was posted to Alaska. Then, according to Basil’s former CIA colleague, he took a job as a Baltimore County deputy sheriff and later joined the CIA’s Office of Security as a polygraph expert. But, after nearly two decades, said the colleague, he grew bored with strapping recruits and potential agents to lie detector machines and sought a position in the agency’s Directorate of Operations. Largely based on his Greek heritage and fluency in the language, he was accepted and quickly disappeared behind the agency’s heavy black curtain, emerging undercover as a Foreign Service Officer with the State Department.
With a black diplomatic passport in his pocket, he was soon on his way to Athens, a city he knew well; he had owned an apartment in the city for many years, which he rented out. Soon after arriving, he moved into an apartment near the beach in Glyfada, one of the most exclusive areas of the city, home to ship owners and wealthy business executives. A long-time biker, he would often cruise around the city on his motorcycle.
At the U.S. Embassy in Athens, he was officially a second secretary in the regional affairs section, later promoted to first secretary. In reality, he joined the CIA station as a terrorism expert. The station, located on the embassy’s top floor (with the forgery section in the basement), was one of the largest in Europe, because it often served smaller Middle East stations with logistical help and temporary personnel. Protected by a bulletproof vest under his shirt, a 9 mm pistol strapped to his belt, and a small M38 handgun on his ankle, Basil, who had a reputation as an Olympic-level shooter, drove around the city in an armored car looking for informants to recruit and liaising with the Greek police organization. According to a confidential report by Greek prosecutor Yiannis Diotis, obtained by The Intercept, Basil played a role in a March 2003 operation — just prior to the U.S. invasion of Iraq — that involved an informant recruited by the embassy’s CIA station. The operation, code-named “Net,” led to the discovery, by a joint U.S.-Greek team, of a small cache of guns and explosives in the basement of the Iraq Embassy in Athens.
While most CIA assignments to Athens were two years, Basil kept extending his tour, giving him an opportunity to spend time on Karpathos, visiting friends and relatives and playing backgammon. “He never withheld where he was working or what he was doing,” recalled his cousin Nikos. “A lot of times we would call each other and he would tell me, ‘I am in the Middle East.’ His job was to report on the sentiment of those countries’ society. … From what he said he had a lot of friends in high places. I understood that he was acquainted with Ministers of Interior and Ministers of Public Order in Greece.”
One person who knew Basil in passing was John Brady Kiesling, a now-retired career Foreign Service Officer who had worked as the embassy’s political officer from July 2000 to March 2003. I spoke to him in his apartment in the historic Plaka section of Athens, a labyrinth of winding streets and colorful shops in the shadow of the Acropolis. After leaving his post at the embassy, he decided to remain in Greece, where he has followed the bugging case closely. When I brought up the possibility of the NSA conducting a covert operation out of the embassy, without the knowledge of either the ambassador or the CIA chief of station, he looked surprised. “I would say that a rogue agency was performing it if it was performed without the prior clearance with the ambassador, as the president’s representative in Greece,” he said. “It definitely is something that is hanging as a sort of swinging sword blade over the U.S.-Greek relationship.”
But according to Basil’s former CIA colleague in Athens, there are occasions when an ambassador is not informed by the agency because of the sensitivity of the operation. However, there was never a time when a chief of station was kept in the dark. “There were times we didn’t inform the ambassador — it was just too sensitive — and we would have to get a waiver signed,” the source said.
william-george-basil Visa from U.S. passport of William George Basil. A half-dozen miles southwest of Athens is the city of Piraeus. The largest passenger port in Europe and the third largest in the world, it services about 20 million passengers a year. Piraeus is to ships what Chicago’s O’Hare Airport is to planes. There are long rows of ferries, endless quays, hydrofoils and mega-yachts, tankers and cruise ships. It was here, not far from the pier for ferries to Karpathos that the planning ended and the operation began. According to the Greek prosecutor’s report, on June 8, 2004, someone entered the Mobile Telecommunication Center at 31 Akti Miaouli Street, and in the name of a “Markos Petrou,” purchased the first four of what would eventually be 14 prepaid cell phones.
They would become the “shadow” phones. As normal calls from Vodafone went to and from legitimate parties, a parallel stream of digitized voice and data — an exact copy — was directed to the NSA’s shadow phones. The data would then be automatically transferred miles away to NSA receivers and computers for monitoring, analysis, and storage.
Not long after, according to the Snowden documents I reviewed, the NSA contingent began arriving at US-966G, the surveillance agency’s code for the Athens embassy. The planning had already been underway. “Although the first race, dive, and somersault are still a year away,” noted a Signals Intelligence Directorate document, “SID Today,” dated August 15, 2003, “in truth, NSA has been gearing up for the 2004 Olympics for quite some time, in anticipation of playing a larger role than ever before at the international games.” The document then noted that NSA would be sending “the largest contingent of personnel in support of the games in our history. A team of 10 NSA analysts will arrive in Greece anywhere from 30-45 days before the Olympics and stay until the flame is extinguished. … The scope of the Olympics is tremendous, and so will be the support of SID [Signals Intelligence Directorate] and NSA.”
Then, in a note of unintended irony, the writer added, “The world will be watching and so will NSA!”
A key part of the operation would be obtaining secret access to the Greek telecom network. And it is here that Costas Tsalikidis may have entered the picture. As a senior engineer in charge of network planning, working for the country’s largest cellular service provider, he would have been one of those in a position to become the team’s inside person. But he was also far from the only one. “Of course, it could have even been me,” said another Vodafone technician interviewed.
The operation could have been accomplished a number of ways. At the beginning, the installation of the bugging software, while illegal according to Greek law, had been secretly authorized by the Greek government. Thus, an inside person would have been operating outside the law in providing assistance to U.S. intelligence, but with the patriotic objective of helping protect Greece from terrorists. Also, the person may never have been told that the software was supposed to be removed following the conclusion of the games. In any case, it is unlikely that the person would have known who the targets were since they were just lists of phone numbers.
In fact, recruiting a foreign telecom employee as an “inside person” for a major bugging operation was standard operating procedure for both the NSA and the CIA, according to the senior intelligence official involved with the Athens operation. “What the NSA really doesn’t like to admit, about 70 percent of NSA’s exploitation is human enabled,” the former official said. “For example, at a foreign Ministry of Post and Telecommunications, if NSA determines it needs to get access to that system, NSA and/or the CIA in coordination would come up with a mechanism that would allow them to replicate the existing switch to be swapped out. The CIA would then go and seek out the person who had access to that switch — like a Nortel switch or a router — go in there, and then it would be the CIA that would effect the operation. And then the take from it would be exploited by the NSA.”
And according to a highly classified NSA document provided by Snowden and previously published by The Intercept, covertly recruiting employees in foreign telecom companies has long been one of the NSA’s deepest secrets. A program code-named “Sentry Owl,” for example, deals with “foreign commercial platform[s]” and “human asset[s] cooperating with the NSA/CSS [Central Security Service].” The document warns that information related to Sentry Owl must be classified at an unusually high level, known as ECI, or Exceptionally Controlled Information, well above top secret.
“Human intelligence guys can provide sometimes the needed physical access without which you just can’t do the signals intelligence activity,” Gen. Hayden, the NSA head at the time of the Athens bugging, who later ran the CIA, told me.
Basil’s ties to Greece made him very good at developing local agents. “He was the best recruiter the station had, the best,” said the former CIA associate in Athens. “[Basil] may have been in charge of recruiting the guy on the inside. He may have made the initial recruitment.”
With an agent in place inside the network, the next step would be to implant spyware capable of secretly transmitting the conversations of the NSA’s targets to the shadow phones where they could be resent to NSA computers. Developing such complex malware is the job of the NSA’s Tailored Access Operations (TAO) organization. And, according to the previously undisclosed Snowden documents, members of the group “performed CNE [Computer Network Exploitation] operations against Greek communications providers” as part of the preparations for the Olympics. In lay terms, this means they developed malware to secretly extract communications data. Also involved were members of the Special Source Operations (SSO) group, the specialists who work covertly with telecom companies, such as AT&T — or in this case Vodafone — to get secret access to their networks.
The key to the operation was hijacking a particular piece of software, the “lawful intercept” program. Installed in most modern telecom systems, it gave a telecom company the technical capability to respond to a legal warrant from the local government to monitor a suspect’s communications. Vodafone’s central switching equipment was made by Ericsson, the large Swedish company, and on January 31, 2002, Ericsson delivered to Vodafone an upgrade containing the lawful intercept program, a piece of software known as the Remote Control Equipment Subsystem (RES). According to a report by Greece’s Authority for Communication Security and Privacy (ADAE), Costas was the Vodafone employee who accepted delivery of the upgrade.
Normally, when a lawful warrant is submitted to a company such as Vodafone Greece, the information, including the target phone numbers, would first be logged into a program called the Interception Management System (IMS). This creates a permanent record of the request that can later be audited. The information is then sent to the RES, which initiates the actual monitoring by secretly creating a duplicate communications stream for the targeted number. That duplicate stream is then transmitted, along with the metadata — date, time, and number calling or being called — to the law enforcement agency.
But despite having the capability to initiate wiretaps with the RES program, at the time of the Olympics Greece did not have laws in place to permit them. As a result, Vodafone never paid the additional fee to Ericsson for the IMS program and the digital key to activate the system. Far behind the NSA, the Greek government had only simple wiretap technology. “All they had was some primitive suitcase methods that would allow very limited surveillance of very specific targets,” said Kiesling, the former U.S. Embassy official. “From an American point of view, that was terrifyingly primitive.”
Thus, according to Greek sources, prior to the Olympics U.S. officials began asking the Greek government for permission to secretly activate the lawful intercept program, which led to the government agreeing to the U.S. bugging operation. Ironically, the presidential decree permitting widespread eavesdropping was finally enacted on March 10, 2005, the day after Costas’ death.
For NSA, the missing IMS program was the technical opening its operatives needed. In essence, they created malware that would secretly turn on the RES program and begin tapping. But without the IMS program there would be no audit trail, no indication or evidence that eavesdropping was going on as the target numbers were being tapped and transmitted to the shadow phones by the RES. “It was a very complex system, because it was invisible to detection,” Vodafone Greece CEO George Koronias told investigators. “It functioned independently of whether the lawful interception system was activated, and bypassed the security alarm.”
Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable,” the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt, and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia, and Siemens.
There are also a variety of “Access Methods” used to penetrate other countries’ lawful intercept programs. These include using the highly secret Special Collection Service. Known internally as “F-6,” it is described in another Snowden document as “a joint NSA-CIA organization whose mission is to covertly collect SIGINT [Signals Intelligence] from official U.S. establishments abroad, such as embassies and consulates.” The organization’s job, according to the PowerPoint, is to intercept microwaves, the thousands of communications-packed signals that crisscross a city. The PowerPoint also suggested using the Special Source Operations unit, the people who work out secret arrangements with the local telecom companies. And with the Tailored Access Operations unit, techniques could be developed to hack into the country’s telecom systems. For the Athens Olympics operation, it would be a full house.
With the malware installed, the NSA was set to go, with more than a dozen shadow phones purchased and a contingent of employees from at least 11 different NSA organizations poised to begin eavesdropping during “24-hour watches.” According to the ADAE report, the tappers first activated the malware at Vodafone’s communications centers on August 4, 2004, and five days later they began inserting the target phone numbers. Then on September 28, following the conclusion of the Paralympic Games, some of the malware was removed. But less than a week later, long after the Olympic Torch had been extinguished, new malware was implanted.
“And then,” said Kiesling, looking both troubled and perplexed, “the mystery becomes why it continued after the Olympics, and that’s a mystery that still has not been solved.” It was a question I asked a former senior NSA official with long involvement in worldwide eavesdropping operations. “They never [remove it],” the official said with a laugh. “Once you have access, you have access. You have the opportunity to put implants in, that’s an opportunity.”
“FEVER,” COSTAS WROTE. Several of the antennas used for the bugging operation were heating up, and to Costas, it was as if they had a fever. After the Olympic Games concluded, Costas started having problems at work. In the weeks following Costas’ death, his brother discovered one of his notebooks, dating from October and November 2004, after the Olympics, and it described a number of incidents. “In his notes he said that at certain points in time certain antennas seemed to get overworked and they were trying to figure out why that was happening,” said Panagiotis. “Now it turned out that those antennas were the same antennas that were connected with the system of the wiretapping.” In another entry, which Panagiotis submitted to the prosecutor, Costas wrote about a month before he died: “Something is not right at the company.”
Then, at 7:56 p.m. on January 24, 2005, someone installed a routine update in the NSA’s bugging software at Vodafone’s facility in the Paiania section of the city. It would turn out to be anything but routine. Within seconds, errors appeared, which caused hundreds of text messages from customers to go undelivered, and people began complaining. At the same time, an automatic failure report was sent to Vodafone management. It was as if a burglar alarm had gone off during a robbery. As normally happens, Vodafone sent the voluminous logs and data dumps to Ericsson for analysis, while those involved quietly waited — and worried. The once cheerful and upbeat Costas turned glum and angry. “We have heard that Costas was in meetings inside the company, in meetings that were very loud and a lot of people were arguing,” said Panagiotis. “He tendered his resignation to the company, but it wasn’t accepted. … He wanted to get out.”
On March 4, after weeks of investigation, Ericsson notified Vodafone that it had discovered a sophisticated piece of malware, containing a hefty 6,500 lines of code — evidence of a large bugging operation. The company also turned up the target phone numbers of the prime minister and his wife, the mayor of Athens, members of the Ministerial Cabinet, and scores of high officials, as well as the numbers for the shadow phones and the metadata describing when the calls were made.
Three days later, Vodafone technicians isolated the malware. Then on March 8, before law enforcement had an opportunity to get involved, Koronias, the Vodafone Greece CEO, ordered the software deactivated and removed, thus hampering any future investigation. Apparently alerted, those involved in the bugging operation immediately turned off their shadow phones. “Vodafone’s decision to deactivate the software meant our hands were tied,” Yiannis Korandis, the chief of the EYP, the Greek National Intelligence Service, told investigators.
The next morning Panagiotis discovered his brother’s body hanging from a white rope tied to a pipe above the bathroom doorway. To this day, he is convinced that Costas was murdered to keep him quiet and prevent him from quitting and going public with the details. “He probably wanted answers there and then and I think that led to his demise,” he said. The bugging, Panagiotis suspects, may have been the reason Costas sent the text to his fiancée about leaving his job being a “matter of life and death.”
Athens, GREECE: Vodafone Greece Chief Executive Officer George Koronias holds documents 06 April 2006 before the start of a parliamentary committee hearing investigating the case of a phone-tapping scandal, which targeted Prime Minister Costas Karamanlis and top officials during and after the 2004 Athens Olympics games. AFP PHOTO / Louisa Gouliamaki (Photo credit should read LOUISA GOULIAMAKI/AFP/Getty Images) Vodafone Greece CEO George Koronias holds documents in April 2006 before the start of a parliamentary committee hearing investigating the phone-tapping scandal. Photo: Louisa Gouliamaki /AFP/Getty ImagesWithin hours of Costas’ death, Ericsson prepared a formal “Incident Case Description,” outlining technical details about the malware and how it worked. It contained the warning: “This document is to be treated as highly confidential and … all necessary steps to protect this information must be taken, including the mandatory use of Entrust encryption within Ericsson.” After seven pages of technical detail, the report concluded that someone had loaded unauthorized “corrections,” i.e. malware implants, “designed to introduce RES functionality in such a way that it is not visible to any observer. Neither Ericsson nor Vodafone have any knowledge of the corrections. Nor is it known who supplied the correction, who loaded them or how long they have been loaded in the network.” In other words, someone had introduced malware to secretly activate the lawful intercept’s tapping function while at the same time hiding the fact that it had been turned on. On March 10, the report was turned over to Vodafone Greece CEO Koronias.
The Tsalikidis family’s former lawyer, Themistoklis Sofos, believes that Costas discovered the spy software by chance and then reported it. “Some people were afraid that he would talk so they killed him in a professional manner,” he told a Greek newspaper. Although the official coroner’s report said he took his own life, no suicide note was ever found, and the initial forensic report was inconclusive.
Nevertheless, Supreme Court prosecutor Dimitris Linos said that Costas’ death was clearly tied to the eavesdropping operation. “If there had not been the phone tapping, there would not have been a suicide,” he said in June 2006. In his report, prosecutor Yiannis Diotis also said that Costas had knowledge of the illegal phone-tapping software. And Giorgos Constantinopoulos, a former colleague in charge of communications security for Vodafone, reportedly told prosecutors that he was sure Costas was in a position to know about the spy software, and that his death was likely connected to that discovery.
THROUGHOUT THIS PAST SUMMER in Athens as the debt crisis mounted, crowds of pro-government demonstrators filled Syntagma Square shouting angry chants against European creditors. A few blocks away on Panepistimiou Street, an anarchy symbol was spray-painted on the walls of the headquarters of the Bank of Greece. And behind the Doric columns and yellow neo-classical façade of the Parliament Building, nervous politicians huddled and debated what to do next.
But a mile and a half away, in a heavily guarded compound near Pedion tou Areos, one of the largest parks in Athens, prosecutors were finally bringing to a close a decade of investigations. And on June 26 the finger of guilt was pointed directly at America’s Central Intelligence Agency. Now it is up to the Justices’ Council to decide how to proceed, and it may prove very embarrassing for the United States.
From the very start, according to a former senior Greek official involved in the investigation, there was no doubt within the highest levels of government that the U.S. was behind the bugging. On Friday, March 25, 2005, two weeks after Panagiotis cut the rope from his brother’s neck, Greeks celebrated Independence Day, followed by a weekend of festivities. But in Maximos Mansion, the Greek White House, the talk was far from jubilant. As Greek Navy helicopters flew low over the Acropolis during a military parade, members of the Greek inner circle were meeting with Prime Minister Costas Karamanlis about the bugging scandal that had targeted him and his wife.
A few days before, Foreign Minister Petros Molyviatis was in Washington engaged in high-level meetings with top officials. Secretary of State Condoleezza Rice spoke of the “excellent state of relations between Greece and the United States,” and President George W. Bush issued a proclamation declaring “our special ties of friendship, history, and shared values with Greece.” He noted, “Our two Nations are founded on shared ideals of liberty.” But based on the investigation up to that point, close aides, including Foreign Minister Molyviatis, were convinced that U.S. intelligence was behind the operation. Although at least one member of the group wanted to bury the whole matter rather than cause a rupture in relations with the U.S., Karamanlis disagreed, according to the source. “No way,” Karamanlis said. “If they find this on us 10 years from now, things will prove really difficult.”
The decision was made to have the police and the EYP intelligence service launch an investigation. Although far from exhaustive, with many questions left unanswered, Minister of Public Order George Voulgarakis and several other officials finally held a televised press conference in February 2006. Scribbling with a blue marker on a white board, they noted that the 14 shadow cell phones were using four mobile phone antennas with a radius of about 2 kilometers in central Athens.
Within that area was the U.S. Embassy on Vassilissis Sofias Avenue, which turned out to be a matter of great embarrassment for both the U.S. and Greek governments. “The U.S. has been fingered in the media as the culprit,” U.S. Ambassador Charles P. Ries noted in a classified memo to Washington, released by WikiLeaks. Ries suspected Voulgarakis of the leak. Calling him “a less reliable ally,” Ries said Voulgarakis “has allowed rumors to circulate that the U.S. is behind [the] major eavesdropping case in Greece.” Nevertheless, both sides wanted to pretend all was normal. Thus, Foreign Minister Molyviatis suggested to Ries that they move a previously scheduled meeting between them from the ambassador’s residence to the very public Grande Bretagne Hotel in central Athens. There, Ries noted in his memo, “All could see that the U.S.-Greece relationship was unimpaired.”
It was an odd lunch. Molyviatis was sitting across from the man whose embassy, he believed, had been listening in on his cell phone for months. And Ries, out of the loop because it was a rogue NSA/CIA operation, still may not have known of his embassy’s involvement. “Addressing the eavesdropping case,” Ries said in his memo, “Molyviatis gave his opinion that the whole hullabaloo [the press conference] had been unnecessary. It would have been sufficient to hand the matter to the judicial authorities for investigation and, if appropriate, prosecution, he said. But now, both he and the Prime Minister were keen to show that the current hysteria did not detract from excellent U.S.-Greece relations.”
For some, however, the cozy relations only seemed to increase the anger. In May, a Greek terrorist organization, “Revolutionary Struggle,” attempted to assassinate Voulgarakis with a remote-controlled bomb. Pointing to the wiretapping scandal and weakening Greek sovereignty as a key reason for the attack, the group said it opposed state-sponsored “terrorism of mass surveillance.” At the U.S. Embassy, the deputy chief of mission sent a classified cable to Washington, released by WikiLeaks, with a warning. “This group is to be taken seriously,” he said. “While there is no mention thus far of targeting foreign ‘capitalist-imperialists,’ it would not be a leap of faith for RS to focus its attention on the U.S. presence in Greece.” Ten months later, the group fired a rocket at the embassy.
Around the time the eavesdropping was discovered, Basil left the country, apparently with a quick reassignment by CIA to Sudan. Then, according to Greek documents obtained by The Intercept, on August 4, as things quieted down, he obtained a visa at the Greek Embassy in Khartoum and returned 10 days later to Athens and his cover job as first secretary for regional affairs. The diplomatic position gave him immunity from arrest.
The investigation was the first of what would be five major probes stretching over a decade in which more than 500 witnesses would be questioned, including agents of the EYP. Evidence built up slowly as investigators picked apart the telltale computer logs, traced the cell phone signals, and dissected layers and layers of software. Over the years, piece after piece, the puzzle began to come together.
In his testimony, Ericsson’s managing director for Greece, Bill Zikou, laid out the “how,” describing the method by which the bugging was accomplished. “What happened in this incident,” he said, “is that a complex, sophisticated, non-Ericsson intruder piece of software was planted into the Vodafone Greece network,” which by activating the RES function “thus made illegal interceptions possible.”
william-basil200 William George Basil. Date unknown. Photo: FacebookThen investigators turned to the “who.” At the conclusion of its operation, the NSA was hoping that it could disappear into the night without leaving a trace. “Unlike the athletes, when the Olympics are over, the NSA team is hoping you won’t even know they were there,” said one of the classified documents. It bore the ironic title, “Another Successful Olympics Story.” But as a result of sloppy intelligence tradecraft by the American spies, each step pointed the investigators closer and closer to the U.S.
One person who spent a great deal of time buying shadow phones was William Basil. “We used to call him the telephone man,” said the former CIA colleague in Athens. “All we do is we buy burner phones. Just drive in any direction you want and go to a random phone store and just buy a phone, make a call, and throw the phone away.”
But Basil wasn’t the only one buying shadow phones. According to the prosecutor’s confidential report, issued June 26, 2015 and obtained by The Intercept, investigators traced four of the shadow cell phones to the shop in Piraeus. There, the prosecutor showed pictures of Basil and his wife, Irene, to the store’s manager. “She is known” to the store, the manager said. The prosecutor then noted in his report that Irene was “acting as designated by him [Basil] and on his behalf.” And according to registered deeds, the family of Irene Basil has long owned a home in Piraeus just a few miles from the shop.
Things got even sloppier. After purchasing the four shadow phones, meant to be untraceable, the SIM card from one of them was removed and placed in a cell phone registered to the U.S. Embassy. It was a direct link between the covert operation and the U.S. government. Investigators then traced more than 40 calls to and from the U.S. Embassy involving the phone. The numbers listed in the ADAE report include the embassy’s main number, the emergency after-hours number, the Marine guard, and the FBI office. There was even a call to a women’s clothing store in Athens, Rouge Paris.
Then, on the same shadow phone using another SIM card, investigators found calls to Maryland. Based on the phone numbers, The Intercept was able to determine that those calls were made to Ellicott City, where Basil and his wife used to own property, and to neighboring Cantonsville, both bedroom communities for NSA. The implications greatly worried the investigators. “We were scared,” one told a parliamentary committee. “This is something that the Foreign and Justice Ministries should investigate.”
Finally, after years of slow, ineffective, and politically hindered investigations that produced more fog than clarity, the determined work of the ADAE and a few others began paying off. The evidence pointed at the U.S. Embassy, and with a bit of luck and thanks to the American spies’ mistakes, prosecutors came up with a name, William Basil, and the international arrest warrant was issued last February.
But by then, he was long gone. After Athens, Basil was promoted to deputy chief of station in Islamabad, Pakistan, then sent back to a desk job at headquarters, that of director of human resources at the agency’s Counterterrorism Center. Now retired and no longer protected by diplomatic immunity, he may never see Greece again, the country where his wife currently lives in her family’s home in Piraeus. In 2012, according to a petition he signed protesting a planned marine park on Karpathos, he wrote, “I own property in Karpathos and plan to retire there next year.”
Today the two-story house near the beach in Diafani sits empty; construction materials are stacked on the porch, its exterior unpainted. Nearby, friends and relatives can’t believe that Billy from Karpathos could have secretly wiretapped their top officials, or spied on their government. “There’s no way he did what they say he did,” said Basil’s cousin Nikos. “Because of his love [for] Greece, they would know that if that thing [the wiretapping] needed to be done, they would most certainly ask somebody else to do it. No way he did it. It is well known that he was first and foremost a Greek patriot.”
Months before the arrest warrant was issued, Basil had been in touch by phone with a prominent criminal lawyer in Athens, Ilias G. Anagnostopoulos, according to a Greek source, who asked not to be named because of the confidential nature of the information. When asked by the attorney if he would be willing to testify if it came to that, Basil, according to the source, replied: “If there are questions, of course I can answer them.” The attorney met with the prosecutor, but after leaks to the press, Basil told Anagnostopoulos to drop the matter for the time being. Complicating matters, the prosecutor has filed the eavesdropping case alongside a much larger, but unconnected, conspiratorial case involving an assassination attempt on former Prime Minister Karamanlis, a key target of the wiretapping operation.
CIA Chief of Station Eric Pound left Athens in 2007, returning to headquarters to become chief of the External Operations and Cover Division, the organization responsible for creating front companies overseas for clandestine officers masquerading as business executives or other occupations. After he retired in September 2009, Pound mentioned to a college audience that the CIA has an obsession to learn the truth. He added, “But obsession does not always lead to success.”
Costas Tsalikides March 9, 2005 Costas Tsalikidis, March 9, 2005.
Panagiotis and other family members also want the truth. In 2011, Costas’ family asked two coroners to reexamine the medical records. One was Dr. Steven Karch, a forensic pathologist and former medical examiner in San Francisco, and the other was Dr. Theodoros Vougiouklakis, an associate professor of forensic medicine in Greece. Karch called the original autopsy “farcical.” Based on pictures of the body, the coroners concluded that the marks to Costas’ neck couldn’t have come from simply jumping off the chair. “Something was done to him prior,” Karch told The Intercept.
The family agrees with this conclusion. “I believe there are people who know what happened, what exactly and who exactly did it and they will give us those facts,” said Panagiotis. “I believe that as time goes by the reasons for protecting the perpetrators will fade and mouths will open.” Last March, on the 10th anniversary of Costas’ death, his mother spoke to a local Greek reporter for the first time. “I want to know what happened to my child and nobody that investigated until now, 10 years [later], gave me the slightest response,” she said. “As long as I live I will live with this suffering. I want to punish those who are guilty for what happened, and those who know [but] do not speak.”
There appears little chance that her questions will be answered, however. It is extremely unlikely the Obama administration will ever allow Basil, or any other intelligence official, to be extradited. Nor is it likely that Basil will return to Greece voluntarily with an arrest warrant waiting for him. Around 2009 he appeared in a Facebook picture, seemingly in disguise, sporting a long white beard and moustache. “Dude, Santa’s job isn’t available for what … another seven months,” a friend joked on Facebook. Though he has not responded to requests for an interview, pictures online show him in Greece in 2013 attending his daughter’s wedding, without the beard, in the Glyfada section of Athens. Multiple attempts to reach Basil by phone, and through family members, were unsuccessful. Both the CIA and NSA declined to comment on any issue surrounding the Athens wiretapping, including Basil’s indictment.
As for the NSA, a classified review of the Greek Olympics asked the now ironic question, “After this year’s gold medal performance, what comes next?” Next will certainly be the Olympics scheduled for Rio de Janeiro, Brazil, next summer. According to a previously published top-secret NSA slide, the agency has already planted malware throughout the country’s telecommunications system. And, if history is any guide, in the weeks leading up to the start of the games, teams from the SCS, SSO, TAO, and other organizations will arrive once again to begin 24/7 eavesdropping. And as in Greece, they may just happen to leave some of their monitoring equipment behind.
Sitting in his apartment overlooking Athens’ Plaka, John Brady Kiesling could make little sense of it all. “I don’t see a shred of evidence that this wiretapping did the U.S. government any good,” he said. “I think it’s just important to underscore that intelligence gathering is never free. It always comes at a human and political cost to someone. In this case it was paid by an innocent Vodafone technician.”
Aggelos Petropoulos of the Athens-based newspaper Kathimerini contributed reporting from Greece, and Ryan Gallagher, senior reporter at The Intercept, contributed research and reporting from the Snowden Archive.
Documents published with this story:
Another Successful Olympics Story
Exploiting Foreign Lawful Intercept Roundtable
Gold Medal Support for Olympic Games
NSA Team Selected for Olympics Support
SID Trains for Athens Olympics
Sep. 29 2015, 4:01 a.m.
Find this story at 29 September 2015