BIRN has drawn up a timeline of the main events surrounding a massive cyber attack on the Albanian government and the data leaks that have followed.
“If you talk to any bank manager they’ll tell you how many daily attacks each banking facility or mobile phone has,” Balluku told reporters in October.
However, Investigators from Microsoft and the US Federal Bureau of Investigation, FBI, found that the hackers had in fact breached the system more than a year before, that the official systems were compromised and that Iranian hackers were to blame.
Iran has been angered by the fact Albania has given refuge to an opposition movement that authorities in Tehran say is a terrorist group.
Experts say the hackers’ targets can be considered “critical infrastructure”, particularly the State Police. Private emails sent and received by former Chief of Police Gledis Nano have leaked, as has a database containing the personal data of some 100,000 individuals, including names, ID numbers, and place of birth.
Printscreen from Homeland Justice webpage
Homeland Justice online presence:
1.Webpage: homeland justice
2.Telegram group: Homeland Justice
They also had an account on Twitter which can no longer be found.‘Homeland Justice’ operated through a website of the same name and which has been banned in Albania. Of late the group has been publishing material on its Telegram channel, also named Homeland Justice. The leaks recently came every Sunday night and most recently concerns two institutions: the State Police and the intelligence service, State Service Information.
BIRN has previously profiled the group and the political messages that accompany its activities. These almost exclusively pertain to the exiled Iranian dissidents of the People’s Mujahedin of Iran, MEK.
“Why did this not happen before? Because there was no ‘conflict’,” said Xhavit Shala, head of the Albania Academy of Security. “There are two cases when a cyber attack happens – for criminal reasons or political reasons. In the Albanian case, Iran asked for the destabilisation of public services in Albania because Albania has sheltered the Iranian opposition.”
Shala urged Albanian authorities to raise awareness about cyber threats.
“There is a strong need for awareness in all levels; individual, society and institutional,” he told BIRN. “There is also a need for training regarding cyber security.”
“The national security has been threatened. Their aim was to create some kind of chaos.”
No ‘secret’ or ‘top secret’ data has been leaked,” Shala said. “But if it was up to me, none of this should have been made public.”
The FBI determined that “Iranian state cyber actors” initially accessed the network some 14 months before launching a cyber attack in July that included “ransomware-style file encryption and disk wiping malware.”
Microsoft said it had identified four groups behind the attacks, “linked to the Iranian government.”
“Microsoft was able to prove with a high degree of certainty that a variety of Iranian groups were involved in this attack, with different actors responsible for different phases,” the report said.