Author: Ivana Jeremic

Romanians Behind Cyber-Fraud Ring Plead Guilty in US

Posted on by Ivana Jeremic

Fifteen defendants including several Romanians have pleaded guilty before a US judge of involvement in a multi-million dollar scheme to defraud US citizens through online auctions of non-existing goods, a US Justice Department statement issued on Monday by the US embassy in Bucharest said.

The defendants, many of whom were extradited from Romania in 2019, are yet to be sentenced in the US. Most of them operated from the city of Alexandria in Teleorman Country near the border with Bulgaria, in the south of Romania, court documents show.

The syndicate was active from 2013 and most of its members were arrested in 2018 in Romania.

They typically made money posting ads of cars that didn’t exist and convincing American victims to “send money for the advertised goods by crafting persuasive narratives, for example, by impersonating a military member who needed to sell the advertised item before deployment,” the statement read. To carry out the fraud, they created fictitious online accounts, often using stolen identities of US citizens. 

They also delivered fake invoices issued in the name of reputable companies to make the transactions look legitimate, and went as far as setting up call centres operated by ring members who impersonated customer support agents to assure victims of the authenticity of the ads.

The latest to plead guilty did so last week before a court in Kentucky. 

One suspect, Bogdan-Stefan Popescu, 30, who operated a carwash in Bucharest at the time of the events, admitted to managing the ring’s activities by distributing “the language and photographs for fake advertisements as well as usernames and passwords for IP address anonymizing services” used to defraud its victims in the US.

Popescu said he connected members of the syndicate with those “who would impersonate eBay customer service representatives over the phone”. Starting from 2013, he also oversaw Bitcoin transactions with the money obtained from the frauds, the plea documents show.

Another who last week pleaded guilty was Liviu-Sorin Nedelcu, 34, who posted fake vehicle ads online using fictitious entities to sell vehicles. Once Nedelcu and his co-conspirators convinced victims to purchase falsely advertised goods, they sent the victims invoices for payment that appeared to be from legitimate sellers, such as eBay Motors,” the US statement read. Nedelcu and his co-defendants “engaged in a sophisticated money laundering scheme to convert the victim payment into Bitcoin”.

Weeks before, on May 19, Vlad-Calin Nistor, 33, also pleaded guilty. He confessed to being the founder of a Bitcoin exchange company based in Romania and to having “exchanged over $1.8 million worth of Bitcoin for co-defendant Bogdan Popescu.” Another member of the ring, Beniamin-Filip Ologeanu, 30, also from Romania, worked with others to post advertisements in auction websites such as eBay and classifieds online service Craiglist and conspired with the gang US-based associates to launder the proceeds.

Twitter Purges ‘Fake’ Accounts Glorifying Turkish Leader

Posted on by Ivana Jeremic

Twitter said it had removed 7,340 “fake and compromised” accounts on Friday, which were linked to the youth branch of Turkish President Recep Tayyip Erdogan’s Justice and Development Party, AKP.

“The collection of fake and compromised accounts was being used to amplify political narratives favourable to the AKP, and demonstrated strong support for President Erdogan. We’re disclosing 7,340 accounts to the archive today,” Twitter wrote.

On Friday Twitter disclosed more than 32,000 accounts in all, mostly from China – 23,750 accounts, Turkey and Russia because they were suspected of being “state-linked information operations”.

Twitter said it had worked with the Australian Strategic Policy Institute ASPI and Stanford Internet Observatory SIO and had shared relevant data with them.

“Collaborative research provides us with a way to learn from past operations and mitigate future malign efforts,” SIO wrote on Twitter’s latest decision.

According to media reports, Erdogan ruling party and its youth branch run tens of thousands of essentially fake accounts, promoting the President. These accounts are often nicknamed the “Ak Trolls”.

Twitter also said that the accounts had hacked other accounts that were more critical of President Erdogan. They were also used for commercial activities, such as cryptocurrency-related spam.

Twitter’s policy on manipulation and spam prohibits “coordinated activity that attempts to artificially influence conversations through the use of multiple accounts, fake accounts, automation and/or scripting”.

Twitter previously deleted thousands of accounts from Egypt, Honduras, Indonesia, Saudi Arabia and Serbia for similar reasons.

Serbia was by far the top country in terms of the number of removed accounts. Twitter axed almost 9,000 accounts in April that were promoting Serbia’s ruling Progressive Party and its leader, President Aleksandar Vucic, so violating company policy on manipulation and spam.

Computer Virus Stops Sarajevo Municipality Issuing Birth Certificates

Posted on by Ivana Jeremic

A Sarajevo municipality has temporarily stopped issuing birth certificates due to a computer virus that locks documents in its database for the second time in some two weeks.  

The central Centar Municipality, whose offices are next door to the Bosnian presidency building, said on its website that the problem caused by a “ransomware virus” was detected on Saturday. Such viruses typically block computer systems and their originators demand payment in exchange for removing them.  

But the municipality denied that it was the target of a hacker attack, or that the central electronic register with all birth and death certificates in Bosnia’s Federation entity was in danger of being wiped out, as the Interior Ministry of the Federation entity was quoted as saying by the media.   

“Information about a targeted attack on the IT system of the Center Municipality and the destruction of the registar and documents is not true,” the municipality said. It added the problem was reported to the police, as it was the second time in a little over two weeks that this happened.  

On May 22, the municipality reported on its website that the issue of birth, death and marriage certificates was stopped because of “an electrical problem” but added that it was soon resolved.

Bosnia lags behind with the introduction of e-government, but the Centar municipality has provided a number of services electronically. 

Insults, Leaks and Fraud: Digital Violations Thrive amid Pandemic

Posted on by Ivana Jeremic

From January 26 to May 26, BIRN collected information about 163 cases of breaches of digital rights in Bosnia and Herzegovina, Croatia, Hungary, North Macedonia, Romania and Serbia.

Sixty-eight of the cases related to the manipulation in digital environment, while 25 related to publishing falsehoods and unverified information with the intention to damage someone’s reputation.

BIRN’s monitoring of digital rights, developed together with the SHARE Foundation, has shown that ordinary people were the most affected by such violations, with members of the public being the target in 126 of the cases.

State institutions or state officials violated digital rights in a total of 37 cases, meanwhile.

States rarely addressed the abuses arising from these violations, and in 45 cases, the perpetrators were not identified, while 139 of the total of 163 cases were not resolved.

Eight cases were the result of pressure related to the publication of information, 12 were linked to insults and unfounded accusations and 11 were hate speech and discrimination.

Medical and personal data breaches featured in 18 cases, computer fraud was registered on 11 occasions, while the destruction and theft of data and programs happened in three cases.

Beyond the countries listed above, BIRN noticed an unprecedented rise of digital violations in Montenegro and Turkey, where there were arbitrary arrests and data breaches.

Hackers, data breaches and illegal processing


Infografic: BIRN

Leaked documents, fake websites and the publication of people’s personal and health data have been commonplaces during the ongoing pandemic, but the scale and consequences of the breaches and of the illegal processing of data has yet to be established.

Speculation about the number and identity of COVID-19-infected people led to the mass exposure of personal and private data on social media and messaging platforms. In some cases, the leaks were small in terms of data, but had potentially serious consequences, particularly in situations in which patients’ personal data was revealed.

The most serious cases were reported in Croatia, North Macedonia and Montenegro.

In March in Croatia, a message containing a list of infected patients was shared among people living on the island of Murter, mostly through messaging apps.

Illegal personal data processing and privacy breaches took place in North Macedonia as well. The country’s Agency for Personal Data Protection filed criminal charges against an unknown person for publishing the personal data of people living in the town of Kumanovo.

The public in Serbia became concerned when it was discovered that the login credentials for Serbia’s information system for analysis and storage of health data during the pandemic were publicly available on a health institution website for eight days.

Citizens of Montenegro suffered most from stigmatisation due to a number of leaks of COVID-19 patients’ records. The infected patients’ identities were revealed in posts on social media, sparking hate speech against them.

Individuals who were violated self-isolation measures were also targeted, and often, it was governments that were revealing their personal information.

In Bosnia’s Serb-dominated entity, Republika Srpska, authorities launched a website on which they published the names of people who did not follow the entity’s self-isolation measures. The list can still be found online.

As a measure against the spread of the coronavirus, Montenegro’s government published a list of individuals who were put in self-isolation after  returning home from abroad. The lists, structured by municipalities, include the individuals’ names, surnames, the date when they were put into isolation, and their home addresses. The list was only removed a month after it was published.

People were also targeted by hacker attacks and fraudulent messages or emails, usually trying to collect their personal information or request payments to foreign banks or crypto-currency accounts, as cybercriminals took advantage of the public concerns and confusion created by the pandemic.

Scams, phishing campaigns and cyber-attacks exploiting people’s fear of COVID-19 were most common in Croatia, Serbia, Hungary, North Macedonia and Romania. The Romanian cybersecurity giant Bitdefender said in March that such attempts at fraud “have risen by 475 per cent in March as compared to the previous month”, and were expected to keep increasing.

Threats, hate speech and discrimination


Infographic: BIRN 

While some countries limited the scope of the freedom of speech during the pandemic, some people used their online freedom to unleash threats, insults, discriminatory posts and hate campaigns.

BIRN’s overview looked at several categories of violations:

  • Hate speech and discrimination
  • Threatening content and the endangerment of security
  • Insults and unfounded accusations
  • Falsehoods and unverified information directed towards the damaging of reputations

In total, more than 15 per cent of all the cases that were monitored included one of these violations. The largest number –

This type of online behaviour was often combined with the use of fake accounts and the paid promotion of false content.

The people most commonly affected by the digital violations that were monitored were journalists, medical professionals and people in quarantine.

Discriminatory posts and acts were directed mostly towards refugees, Chinese and Jewish people, women and the Roma community, with the largest number of such cases occurring in Hungary.

Gender-based discrimination was reported in Serbia, where the victims were predominantly politically-engaged individuals and journalists who criticise the government.

Threats and calls for violence against the police in Serbia and Bosnia and Herzegovina were found on Facebook. In both cases, authorities reacted promptly and perpetrators were identified and detained. In North Macedonia two police officers were fined for having taunted and offended people on social networks.

Violations related to damaging reputation predominantly affected governments’ political opponents, independent media and journalists.

Serbia was the country with the largest number of posts aimed at damaging the reputation of independent journalists. In three of four cases of publishing falsehoods, the journalists who were targeted were women.

Journalists were also targeted in North Macedonia and Hungary.

Pressure and arrests for publishing information


Infographic: BIRN 

Due to the highly controlled media landscape and poor level of media literacy in the countries that were monitored, the public was overwhelmed with contradictory information and had much more difficulty in recognising false and misleading information during the pandemic than usual. At the same time, the public’s need for timely and proper information had never been bigger.

While the flow of information continued to grow immensely, states started to arrest citizens for posts on social media over the accusation they caused panic and unrest. Some countries imposed authoritarian regulations that limited the flow of information.

Members of the public, media representatives and politicians were arrested and fined for their writings on social media, often without any clear criteria. Journalists were arrested in Serbia, Kosovo and Turkey.

Arrests and fines have become one of the main tactics to counter fake news and violations of restrictions imposed by all governments in the states that were monitored. In Hungary, Serbia, Bosnia, Croatia and North Macedonia, top state officials warned the public that they faced immediate sanctions for spreading fake news amid the pandemic.

From conspiracy theories to false measures


Illustration: BIRN 

Out of 163 cases, the largest number, 68, were linked with the misuse or manipulation of information. They mostly concerned different fake news, the use of false identities online, the sharing of conspiracy theories, or posts classified by the authorities as causing panic and disorder.

Some of the topics that were misused in this way included:

  • Medicines that can cure the coronavirus, vaccines and laboratory tests
  • Disinfection procedures
  • Tips and advices on how to cure the coronavirus
  • The number of infected people
  • Information about infected people
  • Information on medical institutions and their work
  • The start of the virus and how it developed
  • State measures and actions that have never been declared nor taken
  • Supermarkets and food shortages
  • 5G
  • Other conspiracy theories
  • Online education and information relevant for students
  • Offensive posts and videos about quarantined citizens and about people who arrived from a foreign country
  • Disturbing announcements about the COVID-19 outbreak

In some countries, such as Serbia and Hungary, levels of media freedom are low, with mainstream media often spreading disinformation, while independent media are called fabricators of lies by the authorities.

Nearly 25 per cent of all cases of the misuse or manipulation of information were resolved in some way. The outcomes included:

  • Website or content removal by the state
  • A request for the removal of the problematic post
  • Detention or arrest of a person
  • Official statement about the incident or a public apology

In Romania, most cases in this category ended in content removal. In Serbia, Hungary and Croatia, arrest was the most common outcome.

Manipulated information, conspiracy theories and unfounded claims emerged en masse on social media platforms and news website when most of the countries introduced emergency measures.

Disinformation was most intensively distributed via YouTube, where content blamed the expansion of 5G technology for the COVID-19 outbreak, or blamed multinational companies or foreign governments for the pandemic. In Croatia, one person even destroyed WiFi equipment, thinking it was 5G infrastructure. Mentions of the alleged influence of 5G networks on the pandemic was noted in Romania and Serbia, both on news websites and on social media.

News websites in Serbia, Romania, Hungary and Croatia often published manipulative content that included false information.

April was the month with the largest number of cases reported in this category. Some  30 out of the total 68 cases of manipulations in the digital environment were registered that month.

Information circulating in April and May, which was manipulated or false, mainly referred to the curfew, the number of COVID-19 patients and tests, students’ exams, people in quarantined, 5G transmitters, enforced microchipping and the funding of religious communities. In almost all cases from this category, members of the public were ones affected.

The rise of ‘unknown’ attackers


Illustration: BIRN

In comparison to the cases of online violations reported before the COVID-19 outbreak, BIRN’s monitoring noted a significant rise in cases in which the perpetrators cannot be identified. The number of these cases increased tenfold on a monthly basis.

These unknown perpetrators have been creating Facebook pages, using the virus situation to persecute independent journalists and others, send fraudulent messages in order to destroy computer software systems or steal money, and creating fake website accounts to spread conspiracy theories or medical disinformation.

Unknown perpetrators have also been responsible for computer frauds, the destruction and theft of data and for making content unavailable using technical skills. Hungary had the most cases involving unknown perpetrators, mainly related to computer fraud.

Cases have also shown how states can be violators of digital rights and freedoms. The increased number of cases which ended in arrest or detention revealed the tendency of states to use more power than was necessary, particularly to arrest journalists and citizens for posts on social media.

From having double standards when it comes to reactions to fake news to using their authority to silence people, governments often acted against the interests of their own citizens. According to the monitoring findings, in almost 25 per cent of all cases, the state itself or a state official was described as the perpetrator of a violation of certain guaranteed rights or freedoms.

On the other hand, members of the public were the victims of violations in 126 cases.

Media regulations across the region have been tightened under states of emergency and journalists have been arrested on accusation of spreading misinformation about authorities’ responses to the spread of the coronavirus. Some countries, like Serbia, sought to centralise the dissemination of official information and banned certain media from regular briefings.

The first worrying legal initiative was noted in Croatia, where the government proposed a change to the Electronic Communications Act under which, in extraordinary situations, the health minister would ask telecommunications companies to provide data on the locations of users’ terminals. The legislative change is currently pending.

In Hungary, the Bill on Protection Against Coronavirus, giving the government almost total control of the flow of information about the pandemic, was adopted at the end of March. The Hungarian government also decided to limit the application of the EU’s General Data Protection Regulation, GDPR, and to extend the deadline for public institutions to provide data requested via freedom of information regulations from 15 to 45 days.

Romanian civil society organisations also drew attention to a lack of official transparency and the possibility of media freedoms being curbed by state-of-emergency provisions. Provisions enacted as part of the state of emergency to combat the spread of the coronavirus allowed the authorities to shut down websites that publish fake news and exempted the authorities from answering urgent inquiries from journalists. Access to a dozen websites has been blocked since then.

In North Macedonia, the media faced new procedures for the issue of work permits during coronavirus curfews. The government insisted that its pandemic measures would not affect the public’s right to information, but in practice, institutions were less responsive to freedom of information requests.

In general, there was a trend among many countries to suspend freedom of information requests.

Digital rights, and rights to privacy and freedom of expression on the internet have all faced serious limitations and breaches in South-East and Central Europe. In the semi-democracies of the region, dominated by regimes with elements of authoritarianism, there is legitimate concern about disproportionate interference in citizens’ personal data and concern that recently-imposed measures are not properly tailored to achieve their objectives while causing the least possible damage to guaranteed rights.

Many people’s lives during this period have completely shifted to the online world, where harmful behaviour usually remains unnoticed by authorities preoccupied by offline violations.

During BIRN’s monitoring period, the lack of a human rights-based approach towards people in the digital environment led to discrimination, hate speech and threats. Although protection of basic human rights and fundamental freedoms should be guaranteed on the internet in the same way as it is offline, in practice we have seen an increase in the number of cases of online violations. The forms that those violations take have been evolving as well.

A lack of knowledge and understanding of the online space, and the subsequent lack of internet governance have opened a Pandora’s Box, allowing various state institutions to arbitrarily, partially and unequally interpret people’s online behaviour.

The intense nature of the battle for control of the narrative about the coronavirus has made meaningful oversight of online life and practices, and establishing accountability for online actions, harder than ever.

To read the detailed overview of our digital rights monitoring click here. For individual cases, check our regional database, developed together with the SHARE Foundation.

Montenegro Court to Examine Publication of Self-Isolating Citizens’ Names

Posted on by Ivana Jeremic

Montenegro’s Constitutional court had agreed to examine whether the government violated the human rights of citizens ordered to self-isolate during the coronavirus by publishing their names.

On Friday it said it would consider the appeal brought by the local NGO Civil Alliance against the decision to publish the names of people undergoing self-isolation, which the alliance said violated their constitutional right to privacy.

The court will examine whether the decisions of National Coordination Body for Infectious Diseases violated constitutional rights,” the court said. 

The government published the names on March 21, despite warnings from opposition parties and civic society organizations that it risked violating constitutionally guaranteed human rights.

The government said it had to publish the list because some citizen were not respecting self-isolation obligations. It also claimed it had the approval of the Agency for Personal Data Protection. It stressed that security forces could not control every citizen who should be in self-isolation, and anyone who failed to self-isolate posed a threat to the entire community.

Prime Minister Dusko Markovic said no compromises would be made with those who violated preventative measures amid the global COVID-19 pandemic. He also warned that the government would continue to publish the names of citizens who had been ordered to self-isolate.

“The lives of our citizens are the priority. We have estimated that the right to health and life is above the right to unconditional protection of personal data,” Markovic said.

Opposition parties and the civil society sector urged the government not to publish the lists, insisting it would violate the constitutional right to privacy. They also warned that citizens whose names were published might sue the state before the court.

The Head of the EU Delegation to Montenegro, Aivo Orav, called on the authorities to find the right balance between protecting the health and respecting the confidentiality of health information and the right to privacy of citizens.

On April 8, the Prosecutor’s Office filed criminal charges against a medical staffer in the Health Centre in the capital, Podgorica, after he published the list of names of infected people and their ID numbers on social networks.

It said that the man, known only by the initials M.R., was not unauthorized to collect and use personal information on COVID-19 patients through the IDO system and forward them via Viber to other persons.

Facebook-Partnered Croatian Fact-Checkers Face “Huge Amount of Hatred”

Posted on by Ivana Jeremic

A leading Croatian fact-checking site, which has partnered with Facebook to weed out misinformation on the platform, says it is facing “a huge amount of hatred” for the work it does, work that the site says has increased dramatically since the onset of the COVID-19 pandemic.

Croatian politicians, websites and users of social media have all taken aim at Faktograf in recent months, accusing it of censorship.

A member of the International Fact-Checking Network, IFCN, since 2017 and the only Croatian media specialised in verifying the accuracy of claims made in public, Faktograf says anti-vaccination groups are particularly sensitive to the debunking of fake news.

Since the onset of COVID-19, “The amount of misinforming content circulating on the internet has drastically increased as people spend more time on the internet, looking for answers to questions that bother them and trying to understand the sudden changes they see in the world around them,” said Faktograf editor-in-chief Petar Vidov.

“It’s mentally stressful to watch all day long how many people spread such misinformation, how fast such things are spreading, and then after all that, you get… a huge amount of hatred, threats, directed against Faktograf because of the work we do.”

“More or less, it is going well, but the problem is that there is that certain number of people you will never reach because they are simply grounded in their own beliefs for a long time, they reject argumented dialogue,” Vidov told BIRN in an interview.

So-called ‘anti-vaxxers’ perceive the debunking of fake news “as a threat to their agenda,” he said.

Falsely accused of ‘spying’ and deleting content


Illustration. Photo: EPA-EFE/LUONG THAI LINH.

Founded in 2015 by the Croatian Journalists’ Association and democracy advocates GONG, Faktograf last year became one of more than 20 organisations in 14 European Union countries partnering with Facebook in reviewing and rating the accuracy of articles posted on the social networking giant.

Social media users, online platforms and websites in Croatia say Faktograf is effectively censoring their opinions, a claim Vidov said was the result of a “misunderstanding of Facebook’s partnership with independent fact-checkers.”

“We do our job, we are debunking those inaccurate claims that spread in the public space and therefore we have our editorial policy, we determine what we will do,” he told BIRN.

“We prioritise things that endanger human health and that reach a large number of people.”

“Under the terms of that partnership, after we check some content and mark it as inaccurate, partially inaccurate or misinforming in some other way, for example through a fake headline, Facebook should reduce the reach of such content.”

Vidov stressed, however, that Faktograf had nothing to do with Facebook’s own removal of a wave of inaccurate content since the outbreak of the novel coronavirus at the start of the year.

“Faktograf has nothing to do with these removals, we are not working to remove that content, nor do we know which content is being removed.”

“However, people have developed this assumption that it is Faktograf that spies on their profiles and deletes their content from it.” Such assumptions are fuelling “unfounded” hostility towards Faktograf, he said.

Anti-vaxxers promoting conspiracy theories


A graffiti in Croatia’s capital that reads “Stop 5G”. Photo: BIRN. 

That has not stopped the likes of 34-year-old Croatian MP Ivan Pernar, who opposes vaccination, from taking to Facebook and YouTube on April 26 to criticise Faktograf, saying the site “determines what is true and censors those who think differently.”

In May, there were a number of small protests in Croatia calling for the suspension of all measures taken by the government to tackle the spread of COVID-19, to halt “violations of free speech” and a halt to the installation of a 5G wireless network “until it is proven not harmful.”

5G has become the focus of a widely-shared conspiracy theory linking the technology to the spread of the coronavirus. Faktograf has written extensively about the conspiracy theory and on Sunday, when another small protest was held in Zagreb against 5G one of those present held a banner describing those working for the site as “mercenaries.”

“At the very beginning of the pandemic, there was a lot of information about fake drugs [for coronavirus], theories about how you can test yourself for coronavirus and so on – misinformation that spread primarily out of ignorance, out of the people’s need to get some orientation in all this,” Vidov said.

“But very quickly, conspiracy theories have taken over the story.”

“What we now mostly see is misinformation directed against vaccines,” he said, describing the anti-vaxxer movement in Croatia and the Balkan region as “quite strong”.

“They took over the narrative about the virus and managed to form it in the direction of a big conspiracy of global elites who want to chip the entire population to be controlled, and will do so through a vaccine against coronavirus.”

Fact-checkers playing catch-up


Illustration. Photo: EPA-EFE/HARISH TYAGI.

Vidov, who previously worked at online news site Index.hr, said those who spread misinformation are usually motivated by money.

“People simply make money from it because they generate traffic which they then monetize through advertising services like Google Ad Sense and the like,” he said. They themselves are rarely the originators of such narratives, but simply pick them up “most often from propagandists trying to achieve something.”

“The problem is that this misinformation, no matter how it is created… enters the system in which there are a large number of people who want to make money on this type of content and then they expand it and actually increase the reach of that damage, of that propaganda.”

Those who end up believing the misinformation are not “actors” but “victims” in the process, he said.

“Our education systems have not educated people well enough to be consumers and readers of media content, which is why we have a problem with the fact that unfortunately, a large number of people are not able to spot the difference between a credible and a non-credible source of information”.

The low level of public trust in domestic as well as international bodies is another major factor, Vidov argued.

Fact-checkers, he said, have a tough task in front of them.

“It is frustrating that it takes a lot more time to debunk inaccurate information than it takes to place any misinformation, no matter how stupid and unconvincing it may be.”

Turkish Police Hunt Musical Minaret Hackers

Posted on by Ivana Jeremic

In last two days, unknown persons in Turkey have hacked mosques’ digital audio systems in the coastal city of Izmir and played the anti-fascist song Ciao Bella and other songs with revolutionary messages.

After videos of the stunt were widely shared, Izmir police announced that they had started an investigation on Thursday and detained several people for insulting religion.

The detainees included Banu Ozdemir a former city official of main opposition Republican People’s Party, CHP.

The Turkish Religious Authority, the Diyanet, announced that it had filed a criminal complaint about the hacking.

“These people are unknown and evil-minded. They insulted our sacred religious values in the holy month of Ramadan. We have filed a criminal complaint at the city prosecutor’s office,” the chief cleric in Izmir, Mufti Sukru Balkan, said on Thursday.

The Diyanet had to suspend all calls to prayers, known as adhans, in Izmir because of the attacks until further notice.

The digital attacks and the playing of songs from minarets angered local politicians.

“We condemn these attacks on our mosques. Whoever has a problem with mosques also has problems with the nation,” Omer Celik, the spokesperson of the ruling Justice and Development Party, said on Thursday.

Tunc Soyer, the Mayor of Izmir, from the CHP, also called the incidents provocative. “The incidents made me and the people of Izmir very sad. This is a provocative and villainous act to set us against each other. We should not fall into this trap,” Soyer told the media.

Several Turkish media outlets said the attacks were likely organised by a Marxist hacker group known as Redhack.

Redhack previously hacked several Turkish government websites, including the Ankara city police department and the Turkish parliament. The group also hacked the email account of Berat Albayrak, the Finance Minister and son-in-law of President Recep Tayyip Erdogan.

Taylan Kulacoglu, an alleged member of Redhack, was arrested on May 20 after he led a group called “Movement of the Unnamed” on social media platforms that said it intended to “stop the manipulation and disinformation spread by pro-government social media trolls”.

President Erdogan’s Islamist government had close links to the mosques, which have backed the government’s policies during the COVID-19 pandemic.

The Aegean seaport of Izmir is an industrial, touristic and agricultural centre on the coast and is a stronghold of the main opposition CHP.

Contact Tracing: Europe’s Coronavirus Tech Tangle

Posted on by Ivana Jeremic

As countries across Europe gingerly ease restrictions imposed to fight the spread of COVID-19, governments are looking for tech-based solutions to avoid a resurgence in infections.

Experts agree that one of the most effective ways to do this is to introduce some kind of social-tracing system to let people know if they have come into contact with anyone later reported infected. Once alerted, they can self-isolate before further spreading the virus.

European countries are at different stages in developing COVID-19 social-tracing apps that governments can encourage — not require — people to install on their smartphones.

Since privacy watchdogs have decried the use of location data, most nations have chosen Bluetooth-based technology as the best way of registering potential contact with those who have been infected.

While most states in Western and Southern Europe are still tinkering with the technology, some countries in Central Europe have had tech-based solutions for social tracing up and running for weeks. The Czech Republic and Poland are leading the way.

Playing their own game

An Apple iPhone running a test version of the ‘Next Step’ smart phone app using Decentralized Privacy-Preserving Proximity Tracing (DP-3T) to trace COVID-19 infections, in Darmstadt, Germany, 26 April 2020. Germany has changed its course in the debate over a coronavirus tracing app, favoring decentralised data storage over a centrally managed server. Photo: EPA-EFE/BEN WENZ

In Poland, people returning from abroad are required to stay at home for two weeks of quarantine. The government asks them to download an app to verify they are complying with the rules. At random times, users are requested to take selfies and upload them to prove they have not left the house. 

The Polish Ministry of Digital Affairs is also grappling with a Bluetooth-based social-tracing app intended for wider use.

“We’re still working on the application,” Joanna Debek, a communications officer at the ministry, said in a phone interview. “It will be released very soon,” 

But it is the Czech Republic that leads the pack when it comes to “fast-track” COVID-19 measures. 

The country was one of the first EU member states to declare a state of emergency, on March 12. And only a week later, it became the first EU country to make it mandatory for everyone to wear face masks in public. 

The Czech tech sector was also quick to act. In mid-March, the country’s largest search engine, Seznam, introduced a coronavirus tracing feature on its geolocation app, Maps.cz. With a user’s permission, it draws on location data to inform people if they have crossed paths with anyone who has tested positive. 

A month later, the Czech Health Ministry released a Bluetooth-based social tracing app known as eRouska (eMask). The app anonymously detects pairings among different devices on which the app has been installed. Similar technology is now being developed all across Europe.

The app is integrated into a more complex solution called the Smart Quarantine, which combines data from cell phones and payment cards. With a user’s permission, local hygiene stations can use this data to isolate individuals who have come into contact with infected people. 

Jan Kulveit, a senior researcher at the Future of Humanity Institute at Oxford University, is one of the two main strategists for the system developed by Covid19.cz, a group of Czech tech companies and IT enthusiasts working on tech-based solutions out of the current crisis. He said developing an app is the easy part.

“The tricky part is to ensure that these technical solutions are somehow integrated into a system that local hygiene stations can obtain information from, and then act upon,” he said in a phone interview. 

“In this sense, the Czech Republic is a few weeks ahead of Germany and most other European countries. We’re actually currently in contact with several countries who expressed their interest in our model.” 

Coders without borders

A man uses a Swedish version of the COVID-19 Symptom Tracker app on his smartphone in Stockholm, Sweden, 29 April 2020. Lund University developed the application to provide information about the spread of the coronavirus disease COVID-19 in Sweden. Photo: EPA-EFE/Fredrik Sandberg

A key question is how to turn a patchwork of national systems into something that is “interoperable across the EU so that citizens are protected even when they cross borders”, as the European Commission said in a recent news release.

One initiative that sprang up to address the problem is Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT).

Headed by Hans-Christian Boos, a Swiss tech entrepreneur who sits on German Chancellor Angela Merkel’s digital expert council, PEPP-PT is an attempt to create a European-wide solution to the “coronavirus tracing problem”. 

“We’re now in contact with 40 countries worldwide,” Boos told BIRN in a phone interview. “We started as a European project, but maybe we’ll have to rename it now; there are countries from all around the world contacting us.” 

We started as a European project, but maybe we’ll have to rename it now; there are countries from all around the world contacting us.

Hans-Christian Boos, tech entrepreneur

Boos and his team of scientists from across Europe have been developing a set of standards, mechanisms and technologies that could serve as a backbone for various interoperable apps.

Many Western and Southern European governments including France, Belgium, Italy and Spain have pledged to develop their national apps using the standards put together by PEPP-PT, Boos told a news conference last month. 

But no Central or Eastern European country has publicly expressed interest in the initiative. 

“I know that there are countries among those 40 from Eastern Europe,” Boos told BIRN. “They’re interested. I mean why shouldn’t they be?” 

However, since BIRN’s interview with Boos in mid-April, PEPP-PT has had a downhill ride. 

On April 19, more than 300 scientists and researchers published an open letter urging governments not to introduce systems that could “allow unprecedented surveillance on society at large.” 

Although the open letter does not name any specific initiative, the criticism is widely seen as directed at the PEPP-PT social-tracing approach, until then favoured by key EU member states Germany and France. 

Many researchers say the PEPP-PT strategy is too centralised and vulnerable to governmental “mission creep”. This is due to the fact that, under this scheme, user data would be stored on a central server. 

Since the open letter was published, a growing number of researchers have called for the use of a decentralised contact-tracing protocol called DP-3T, developed by Swiss researchers in collaboration with a technology partnership between Apple and Google. 

This has prompted several countries to ditch PEPP-PT for DP-3T. Switzerland, Austria and Estonia are backing the decentralised approach, according to Reuters.

But the biggest blow for Boos and his team came on April 24 when Germany announced it would also adopt a “decentralised” approach, leaving France and Britain alone in the “centralisation” camp. 

Officially, the Czech Health Ministry has left the door open for cooperation with PEPP-PT. 

“We’d like to work with them in the future on standardisation and interoperability of different national solutions,” a ministry spokesperson said in an email. 

But Kulveit from the Future of Humanity Institute expressed skepticism about the pan-European PEPP-PT solution.

“I think that, in the end, the interoperability of all the individual European apps will be based on the Google-Apple solution,” he said.

“In any case, countries shouldn’t be just waiting for one, pan-European solution before developing their own domestic social-tracing apps. You can always just update the protocol later to make them [the apps] talk to each other.” 

Continue reading “Contact Tracing: Europe’s Coronavirus Tech Tangle”

COVID-Related Boom Reveals Video Conferencing’s Dark Side

Posted on by Ivana Jeremic

More than ever before, because of the coronavirus outbreak, use of video conferencing is on the rise.

Whether it is attending work meetings or online seminars and conferences, or taking part in leisure activities like online fitness classes and birthday parties – video conferencing and social media apps have brought huge relief, and a sense of continuity, to people feeling trapped inside their homes by government-imposed lockdowns.

However, while the coronavirus wreaks havoc outside, this time of increased online activities has also generated growing challenges. While some of the most popular video conferencing and video sharing apps, such as Zoom, Houseparty, and TikTok, have seen record-breaking growth in the numbers of users, the apps have also faced serious data breaches and other cybersecurity-related issues.

Cybersecurity experts say that while use of the apps has clearly reduced the risk of people getting infected with the virus by going outside, the same isn’t true for other viral problems, talking about cyberspace.

“Disclosure of personal data, recording sensitive information, or storing people’s profiles on unauthorized servers are some of the risks that go hand in hand with the use of video-conferencing tools,” says Skopje-based cybersecurity practitioner Daniel Trenchov.

“Greater use of virtual telecommunication tools does eliminate pandemic-induced risks,” he adds, “but not necessarily cybersecurity ones.”

Zoom ‘bombing’ is on the rise:


Illustration. Photo: EFE/MATTIA SEDDA

Last Friday, Michael Oghia, a Belgrade-based internet governance consultant, was getting ready for his weekly Zoom conference call with colleagues all over the world.

Usually, the group uses these meetings to chat and discuss ongoing social developments. This time, however, they experienced something more unpleasant.

“Around 45 minutes into the event, when one of the speakers went to share his screen, all of a sudden a child pornography video appeared. Once I realized what was happening, I immediately shut my laptop out of shock,” Oghia said.

“I couldn’t believe it. For a moment I thought that maybe it didn’t even happen. Then re-entered the Zoom call and wanted to see if the others had experienced it. Around 15 or 20 minutes later, another Zoom-bombing happened – again child porn. It was absolutely vile,” Oghia told BIRN.

“Zoom-bombing” incidents like this have become a regular occurrence for those using the app lately. In the last few months, since the coronavirus outbreak started, the app has seen the number of daily users increase hugely from 10 millio to 300 million.

After the incident, Oghia contacted Zoom to report what had happened. The company replied that it would investigate.

“Zoom-bombing is on the rise, and in this particular case, I’ve heard of multiple instances over the past few days of it happening (one group was the UK-based Open Rights Group, for instance),” Oghia explained.

“There will always be issues with safety concerns, but this is no excuse. I’ve used Zoom for years, and the ease of using the platform and the features it has have made video-conferencing easier. But they need to do an even better job at ensuring their privacy and making sure the security features are clear and easy to use.”

The incident prompted Oghia and his colleagues to prepare a short “zoom-bombing” prevention and resources guide to help others that are using Zoom and other video conferencing software.

In its latest statement, Zoom said that it would release an improved version of the app, addressing security concerns about phemonena like “bombing”, while also having upgraded encryption features.

More education in safe use of apps needed:


Illustration. Photo: EPA-EFE/AMEL PAIN

When it comes to the security of video-conferencing apps, several factors are crucial, cybersecurity experts explain. One is having a proper education in the safe use of these social tools.

“These apps have a very useful role and that is why their use should not be avoided, but it is necessary to educate ourselves more, to provide the highest possible protection,” a Skopje-based personal data protection expert, Ljubica Pendaroska, told BIRN.

It is essential to note that not every app is designed for use at home. Zoom was designed for use by large businesses with in-house IT specialists who would set up and control the software when using it, Pendaroska explained.

Now, especially during lockdowns, while Zoom is still mostly used for business purposes, people are using it more for family events such as birthdays, or even wedding celebrations.

“Potential hazards also come from the fact that these apps detect and remove issues most often on the go, or as they occur,” she said.

“What’s particularly concerning is that most of these tools are not encrypted by end-user to end-user, which increases the possibility of so-called ‘interception’ of communications by unwanted and malicious participants,” she added.

Houseparty, another popular video conferencing app, has also faced intense security scrutiny over the last months.

The app is popular with teenagers and youngsters who use it to play various group games, giving it a more fun-based approach compared to other apps. At the same time, these groups are potentially vulnerable to various security issues that can arise.

“There are also apps, for example like Houseparty, where to make it easier to find friends, you can connect your account with phone contacts and social media accounts,” Pendaroska noted. “This enormously increases the potential danger not only for your safety but also for the safety of all these contacts,” she added.

“There could be hacker attacks; during the meeting, the administrator can see details such as the operating system, IP address and location data of each of the participants; also, uninvited users in the communication, if the password is not authenticated, could use the conversation to spread malicious links or send files,” she explained.

Espionage concerns linked to China: 


Illustration. Photo: Pxhere

TikTok, a Chinese video-sharing social network, is increasingly popular in the Balkans, especially among teenagers who post various challenges to each other, such as dance-offs, sing-offs and so on.

But in some parts of the world, there are initiatives to ban it. In the US, lawmakers have introduced a bill to the Senate, which cites the company’s connection to the Chinese government, saying its potential collection of data from US citizens represents a security risk to the US.

Global cybersecurity companies have also identified many security vulnerabilities in the app that could allow malicious actors to manipulate its content and reveal the personal data of its users.

Cybersecurity experts say one way that tech companies could deal with such security risks and the consequences for their users is by having transparency reports.

“This could also include independent security audits of their code looking for weaknesses and flaws – akin to what Microsoft and Apple do with their operating systems, or what Google does with its “bug bounty” program,” Oghia suggested.

When it comes to the users themselves, the best prevention is to know not only what these apps bring to the table, but just as importantly, what their software solutions and vulnerabilities are.

Research by Picodi.com, an international e-commerce platform, says interest in video messaging clients has increased by seven times since the coronavirus restrictions were introduced in many European countries.

WhatsApp was the most frequently searched messaging app in 22 European countries. It is also a favourite app in the Czech Republic, Albania, Romania and Turkey.

Worldwide interest in the Zoom video app is skyrocketing, in Europe as well, with it being the most popular app in 14 countries, including Moldova, North Macedonia and Slovenia.

Besides WhatsApp and Zoom, people were massively using Skype – in Hungary, Poland, Slovakia and Greece, Viber – in Bosnia and Herzegovina and Montenegro, and Microsoft teams – in Croatia and Bulgaria.

Picodi.com analyzed the average number of online search queries of 19 messaging clients which enable video chatting.

North Macedonia Leads Region in COVID-19 Tracing App

Posted on by Ivana Jeremic

North Macedonia has become the first country in the Western Balkans to launch a contact-tracing app to tackle the spread of COVID-19, with the government at pains to stress user data will be protected.

StopKorona! went live on April 13 as a Bluetooth-based smartphone app that warns users if they have come into contact with someone who has tested positive for the novel coronavirus, based on the distance between their mobile devices.

The app, downloaded more than 5,000 times on its first day, was developed and donated to the Macedonian authorities by Skopje-based software company Nextsense.

States are increasingly looking at digital solutions to control the spread of COVID-19 as they move to open up their economies while limiting the burden on their health services. The European Union and data protection campaigners, however, have voiced concern over the threat such technology poses to individual privacy.

Presenting the app, Health Minister Venko Filipce said North Macedonia was looking to use “all tools and possibilities” to combat a disease that, as of April 15, had killed 44 people.

Information Society Minister Damjan Manchevski said all data would be securely stored.

“This data is recorded on a secure server of the Ministry of Health,” Manchevski said at the launch. “And no other user has access to mobile numbers, nor is there any data stored about the owner of the number.”

If a person tests positive for COVID-19, they can “voluntarily” submit their data to the Ministry of Health, Manchevski said, enabling the app to warn other users if they come into contact with that person.

Data privacy concerns linger


Macedonian Minister of Health Venko Filipce accompanied by Prime Minister Oliver Spasovski in Skopje, Republic of North Macedonia, 2020. Photo: EPA-EFE/NAKE BATEV

China, Singapore, Israel and Russia are among a number of countries that have developed their own coronavirus mobile tracking apps, mainly using Bluetooth, GPS, cellular location tracking and QR codes. The Chinese government app colour codes citizens according to risk level.

The technology, however, has set alarm bells ringing among data protection campaigners and rights organisations concerned about the threat posed by mass surveillance and loosening of data protection laws.

Nextsense director Vasko Kronevski, however, said his firm’s StopKorona! app adhered to all legal requirements.

“This is a mobile app made by following best practices around the world in dealing with the coronavirus,” he said. “It guarantees the complete protection of users’ privacy.”

“The success will depend on the mass use of the application. It is important to emphasise that we used global experiences from different countries.”

One of those examples is Singapore’s TraceTogether app, which helped the Asian country successfully contain the COVID-19 outbreak within its borders while, unlike most countries, keeping businesses and schools open.

According to data privacy experts, the decentralized design of North Macedonia’s app guarantees that data will only be stored on those devices that run it, unless they voluntarily submit it to the ministry.

“The key part is that the citizen maintains full control over their data until the moment they decide to send it to the Ministry after being diagnosed,” said Danilo Krivokapic, director of the Serbia-based digital rights watchdog SHARE Foundation.

“Additionally, all data stored on the phone is being deleted after 14 days,” he told BIRN. “In that context, the app is in line with the legislation that covers Data Protection.”

Krivokapic stressed that once data is shared with the authorities, the Ministry and all data users are obliged to respect the legal framework regarding privacy and data protection.

EU countries warming up to digital solutions


People wearing face masks in Skopje, Republic of North Macedonia, 2020. Photo: EPA-EFE/GEORGI LICOVSKI

France and Germany are reported to be working on similar contact-tracing apps, while Poland has made the biggest progress within the EU.

Polish authorities have already launched a smartphone app for those in quarantine and are now working on another, similar to StopKorona!

The first app was mandatory for people in quarantine, meaning that they had to upload selfies so the authorities could track their exact location.

According to Krzysztof Izdebski, policy director at ePanstwo Foundation, a Poland-based NGO that promotes transparency and open data, the coronavirus pandemic has already posed significant threats to privacy, with governments deploying technologies primarily created for the surveillance of their citizens.

With the second app, the Bluetooth-based ProteGO, authorities have published the app’s source code online, to get feedback and opinions from IT experts before implementing it.

So ProteGO, said Izdebski, is an example of an app that is trying to meet privacy requirements.

“The data is stored on personal devices for up to two weeks, and only if the user is sick and agrees to share data with respective authorities, they are being sent to the server – without information on the location,” Izdebski told BIRN.

And while digital solutions such as these could become a game-changer in containing the outbreak, experts note that success still depends on how many people are willing to use them.

“For the technical solution to have some results, a substantial number of citizens need to run the apps and to decide to share their data in case they are diagnosed,” said SHARE Foundation’s Krivokapic. “This way, the app can serve its purpose.”

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now