Commercial spyware companies have sold phone-hacking tools to governments for over a decade with virtually no criminal consequences for misuse. On February 26, an Athens court convicted four individuals behind the Predator spyware, including Intellexa founder Tal Dilian, and sentenced them to eight years in prison for illegally surveilling at least 87 Greek politicians, journalists, and military officials.
The court also ordered investigations into felony charges including espionage and state secrets violations, potentially implicating government officials who may have directed the surveillance. All four defendants were absent from court, and the sentences are suspended pending appeal. The Trump administration recently eased United States sanctions on several Intellexa-linked figures even as the multi-billion-dollar spyware industry has sold hacking tools to at least 25 countries.
Politicians, journalists, military officials, and business leaders whose phones were illegally targeted with Predator spyware in Greece between 2020 and 2022.
8 years
Maximum sentence imposed
Each defendant received a combined 126 years across all counts, capped at 8 years under Greek misdemeanor sentencing law.
25+
Countries where Predator was sold
Intellexa's spyware was deployed across Europe, the Middle East, Africa, and Asia, according to Citizen Lab and Amnesty International research.
First
Criminal convictions of spyware makers globally
No commercial spyware vendor had previously been convicted in a criminal court for the misuse of their surveillance products.
20 events
Latest: February 26th, 2026 · 4 months ago
Showing 8 of 20
JK to step
Tap a bar to jump to that date
Jump to
February 2026
Athens court convicts four Predator spyware makers
LatestLegal
The Second Single-Member Misdemeanor Court of Athens found Tal Dilian, Sara Hamou, Felix Bitzios, and Yiannis Lavranos guilty on all counts, sentencing each to a maximum of 8 years. The court ordered further prosecutions into felony charges including espionage.
U.S. senators demand explanation for lifted spyware sanctions
Political
Senators Michael Bennet, Elizabeth Warren, and colleagues pressed the Treasury and State Departments to explain the sanctions rollback, citing risks to American citizens and journalists.
December 2025
Trump administration lifts sanctions on three Intellexa-linked figures
Regulatory
The Treasury Department removed sanctions on Sara Hamou, Andrea Gambazzi, and Merom Harpaz, stating they had 'demonstrated measures to separate themselves' from the consortium. Dilian and Intellexa remain sanctioned.
Intellexa Leaks reveal continued operations despite sanctions
Revelation
An investigation by Inside Story, Haaretz, and Amnesty International published leaked internal documents showing Intellexa had continued operating, developed zero-click attack methods, and could remotely access its customers' surveillance systems.
May 2025
Jury awards WhatsApp $168 million against NSO Group
Legal
A U.S. federal jury ordered NSO Group to pay $168 million in damages for deploying Pegasus spyware against 1,400 WhatsApp users — the first financial accountability verdict against a spyware company.
July 2024
Greek Supreme Court clears intelligence service of Predator involvement
Legal
Deputy Supreme Court Prosecutor Achilleas Zisis concluded that no state agency used Predator — a finding that victims, Reporters Without Borders, and Human Rights Watch called a cover-up.
March 2024
U.S. Treasury sanctions Intellexa founder Dilian
Regulatory
The Treasury Department designated Dilian, business partner Sara Hamou, and five Intellexa entities — the first time the U.S. had sanctioned individuals for commercial spyware misuse.
July 2023
U.S. blacklists Intellexa and Cytrox
Regulatory
The Commerce Department added Intellexa and Cytrox entities in Greece, Ireland, North Macedonia, and Hungary to the Entity List for trafficking in cyber exploits.
June 2023
European Parliament adopts spyware inquiry recommendations
Regulatory
The Parliament adopted the PEGA committee's findings that Predator was used in Greece 'for political and economic gain' and called for binding EU spyware regulations. The recommendations remain non-binding.
March 2023
Biden signs executive order restricting spyware use
Regulatory
President Biden signed the first executive order banning U.S. government use of commercial spyware that poses national security or human rights risks.
August 2022
PM Mitsotakis admits EYP wiretapped Androulakis
Political
In a televised address, the Prime Minister acknowledged the intelligence service had wiretapped the opposition leader but denied personal knowledge and insisted the surveillance was legal.
PM's nephew and intelligence chief resign within an hour
Political
Grigoris Dimitriadis, the Prime Minister's nephew and chief of staff with intelligence oversight, resigned. EYP director Panagiotis Kontoleon followed less than an hour later.
July 2022
Androulakis goes public, triggering political crisis
Political
The PASOK leader publicly disclosed his surveillance and filed a complaint with the Supreme Court, igniting what became known as 'Predatorgate' — the largest political surveillance scandal in modern Greek history.
April 2022
Inside Story breaks the Greek Predator story
Revelation
Greek investigative outlet Inside Story reported the confirmed Predator infection of Koukakis's phone and revealed that at least 50 Greek web domains mimicking news sites had been purchased as infection vectors.
November 2021
U.S. blacklists NSO Group, signaling shift on spyware
Regulatory
The U.S. Commerce Department added NSO Group and Candiru to its Entity List for developing spyware used to target journalists and government officials — the first major regulatory action against commercial spyware vendors.
September 2021
Opposition leader Androulakis targeted by Predator
Surveillance
Weeks after declaring his candidacy for the PASOK party leadership, Androulakis received a text containing a Predator infection link. He did not click it. EYP was separately wiretapping him at the time.
July 2021
Koukakis's phone infected with Predator spyware
Surveillance
Koukakis clicked a malicious link that installed Predator on his device. Citizen Lab later confirmed the infection lasted until September 2021.
EYP placed financial journalist Thanasis Koukakis under surveillance for three months, citing 'national security reasons.' His phone was later also infected with Predator.
Dilian established Intellexa in Athens and acquired North Macedonian firm Cytrox, the original developer of Predator spyware, building a multi-jurisdictional surveillance consortium.
August 2019
Dilian demonstrates spyware capabilities in Forbes interview
Revelation
Tal Dilian sat in a surveillance van in Larnaca, Cyprus, and showed Forbes reporters how it could hack any smartphone within 500 meters — drawing international attention to his surveillance business.
Historical Context
3 moments from history that rhyme with this story — and how they unfolded.
1 of 3
July 2019 - 2023
FinFisher prosecution in Germany (2019-2023)
German prosecutors opened a criminal investigation into FinFisher, a Munich-based spyware company, after Reporters Without Borders and other organizations filed complaints that its FinSpy tool had been illegally exported to Turkey's intelligence agency via a Bulgarian front company. Formal charges were brought against four former executives in May 2023 for violating dual-use export controls.
Then
FinFisher filed for bankruptcy in 2022 after prosecutors froze its accounts, effectively dissolving the company before the trial could conclude.
Now
The case demonstrated both the viability and fragility of criminal prosecution against spyware makers — charges could be brought, but corporate dissolution could render them moot.
Why this matters now
The FinFisher case is the closest prior attempt at criminal prosecution of a spyware vendor. The Greek verdict succeeds where Germany's case collapsed: reaching an actual conviction. But the FinFisher pattern — defendants who are difficult to reach and corporate structures designed to evade jurisdiction — applies equally to the Intellexa case.
2 of 3
October 2019 - May 2025
WhatsApp v. NSO Group verdict (2019-2025)
Meta's WhatsApp subsidiary sued NSO Group in U.S. federal court after discovering that Pegasus spyware had been deployed against approximately 1,400 WhatsApp users through a vulnerability in the app's calling feature. In December 2024, a judge ruled NSO liable. In May 2025, a jury awarded WhatsApp $168 million in damages — including $167 million in punitive damages.
Then
NSO Group filed a motion for a new trial and appealed the verdict. The company faces severe financial pressure from the judgment and ongoing U.S. sanctions.
Now
The verdict established that spyware companies can be held financially liable in civil courts for how their products are used — a complementary accountability path to criminal prosecution.
Why this matters now
The Greek criminal conviction and the WhatsApp civil verdict together close a loop that spyware vendors long considered open: that making and selling surveillance tools carried no legal consequences. One path leads to prison sentences, the other to financial damages. NSO's appeal and the Greek defendants' appeal will determine whether both paths hold.
3 of 3
July 2015
Hacking Team data breach and aftermath (2015)
A hacktivist leaked over 400 gigabytes of internal data from Italian spyware company Hacking Team, revealing that the firm had sold its Remote Control System surveillance tool to governments in Sudan, Saudi Arabia, Egypt, Ethiopia, and other countries with poor human rights records — contradicting the company's public claims of compliance with export controls.
Then
The breach exposed the spyware industry's practices to unprecedented public scrutiny. Several governments temporarily suspended contracts with Hacking Team.
Now
Despite irrefutable documentation of sales to abusive regimes, Hacking Team was never criminally prosecuted for its surveillance activities. The company rebranded and continued operating. The episode became a defining example of exposure without accountability.
Why this matters now
The Hacking Team case illustrates the default outcome for spyware scandals prior to this verdict: public exposure, temporary embarrassment, and no legal consequences. The Greek ruling represents a departure from that pattern — but the Hacking Team precedent is a reminder that exposure alone, even on a massive scale, does not guarantee accountability.
