A Gmail Account and Some Makeup: How Russian Pranksters Broke Into a NATO Member's Security Council One Day Before the Summit
Three days before the NATO Ankara Summit opens, Russian pranksters Vovan and Lexus published a 12-minute video call with Greece's National Security Advisor Thanos Dokos — a man who believed he was speaking confidentially with his Ukrainian counterpart Rustem Umerov. The tool used to gain access: a Gmail account and makeup. Dokos discussed Ukrainian drones near Greek islands, Greek elections, NATO cohesion, and Ukraine's membership prospects. The Greek government called it "a hybrid attack using highly advanced artificial intelligence technology." Vladimir Kuznetsov — "Vovan" — called it a Gmail account.
The Incident — Documented Facts
Vovan and Lexus are not newcomers. Over the past decade, the Russian duo has successfully impersonated world leaders and senior officials in elaborate phone and video hoaxes — targeting Angela Merkel, Emmanuel Macron, Andrzej Duda of Poland, and numerous ministers and intelligence officials across Europe. Their method is consistent: research the target, identify a plausible contact, use available technology to make the impersonation convincing, and record everything for publication. The publication is the operation. The embarrassment is the product.
What distinguishes the Dokos incident is not the sophistication of the operation — by the pranksters' own account, it was not sophisticated. It is the timing, the content of the conversation, and the gap between what Athens claimed happened and what Vovan said actually happened.
"If a Gmail account from an unknown sender can arrange a meeting with a country's national security secretary-general, this means there is a problem with the security procedures of your country. I'm sorry on behalf of your national security procedures."
— Vladimir Kuznetsov ("Vovan"), speaking on Greek television
What Dokos Said — and Why It Matters
The published footage shows Dokos engaged in a substantive conversation that covers multiple sensitive areas of Greek foreign and security policy. On Ukrainian drones near Greek waters: "It is the tourist season. There is increased ship traffic. We understand the needs of the war, but we do not want the war to spill over into our territory." On Greek elections: he warned that another drone incident would create "very significant problems" for the government — a domestic political assessment delivered to what he believed was a foreign security official. On NATO and Ukraine membership: "I don't see that NATO is ready to discuss full membership. To be honest, I think there is a lot of concern about the US position towards NATO." On Greece-Ukraine relations: he assessed that a major rift would "negatively affect both NATO and EU cohesion."
None of this is classified in the conventional sense. But it is the kind of frank, unguarded assessment that senior officials make in private — precisely because they believe the conversation is private. The Greek government is technically correct that no state secrets were disclosed. The pranksters' point is different: the access itself, obtained via Gmail, is the security failure.
The AI Deepfake Question — What Actually Happened
Athens' characterization of the incident as an "advanced AI hybrid attack" reflects an understandable institutional instinct: when a security failure occurs, attribute it to a sophisticated external actor rather than an internal lapse. Dokos himself said on SKAI TV that he "saw his interlocutor live on screen, reacting in real time" and that "they stole both the voice and the image." He described seeing a convincing live video feed of who he believed was Umerov. "I felt that you can no longer trust your own eyes," he said.
Vovan directly contradicted this account. The pranksters used makeup, not AI. The initial contact was established via Gmail. The "highly advanced artificial intelligence technology" framing, Vovan said on Greek television, was Athens attempting to save face. The pranksters were explicit: they had not specifically targeted Dokos. He appeared on a list of Baltic and Balkan national security advisors they were contacting for a television program. He responded to the email. The meeting was scheduled. He showed up.
The NATO Timing — and What This Platform Has Been Documenting
The Dokos incident was published on July 3 — three days before the NATO Ankara Summit opens, four days after this platform's own server IP was null-routed by Turkish ISPs, fifteen days after this platform's first account was suspended on X. The pattern of the week before a NATO summit is now documented: Russian pranksters penetrate a NATO member's security council via Gmail; Turkish authorities arrest journalists at dawn; the European Parliament votes 381-107 that Turkey cannot join a democracy club; Italy blocks the summit declaration text; and an independent platform covering all of this has three accounts suspended and its IP blocked.
This platform has been making one argument since before the summit was announced: the gap between NATO's stated cyber security commitments and its operational practice is real, measurable, and consequential. The Dokos incident is the most dramatic illustration of that gap to date. A national security advisor to a NATO member prime minister was successfully impersonated in a video call — a call in which he discussed NATO membership, allied cohesion, and bilateral relations — via a Gmail account. The summit that will discuss cyber resilience opens tomorrow. The declaration will affirm that allies are investing in cyber capabilities. The Greek national security advisor spent 12 minutes talking to a man with makeup.
PASOK's Question — and This Platform's
PASOK's spokesperson asked: "Mr. Prime Minister, when you need to pick up the phone at 3 a.m. during a national crisis — will you turn to Mr. Dokos for advice?" The opposition proposed renaming Dokos's title from "Secretary-General for National Security" to "Secretary-General for National Insecurity." The government's position is that Dokos will not resign, that no classified information was disclosed, and that similar attacks have targeted other European officials.
This platform's question is different: at a summit where NATO will announce billions in cyber defense spending, sign a declaration affirming cyber resilience as a priority, and present itself as the world's most capable military alliance — how does a Gmail account reach a member state's national security advisor three days before that summit opens?
The answer to that question is the same answer to the question of how ankarasummit.org sat unregistered for a year. Not sophistication. Not AI. Not a hybrid attack. A basic institutional failure to do the simple things. The summit opens tomorrow.
FULL DECLARATION & COMPLETE RECORD
▶ WWW.SUMMITDECLARATION.COM ◀Declaration of Digital Defense · NATO Ankara Summit 2026 · July 2, 2026
THE PEN IS MIGHTIER THAN THE SWORD.
Accreditation denied? Story blocked? Send us your story.
ankarasummit@gmail.com