Propaganda and Hysteria Flourish in Russo-Ukrainian War

The beginning of March saw numerous digital violations, mainly related to the ongoing war in Ukraine.

Russia’s invasion of its neighbour has electrified the digital environments in the region, and pro-Russian propaganda, misinformation and fake news are skyrocketing. The conflict has also inspired hysteria and panic among the public in North Macedonia and Romania related to energy fears.

Cybercrimes and online fraud confirmed their endemic nature, with Hungary and Croatia remaining at the top of the list of countries where such violations occur most often. Routine digital violations continued to weigh on the Serbian, Macedonian and Bosnian digital environments.

One-sided war narratives, disinformation, and fake news

The Ukraine conflict continued to provoke a wave of disinformation and fake news across the region. And the hostilities will, most likely, continue to have a huge impact on the online environments for some time. Pro-Russian propaganda, partisan manipulative episodes and massive disinformation campaigns are now at a high level in several countries following the outbreak of the war.

Due to the rapid increase in incidents of fake news, disinformation and pro-Russian propaganda related to the war, Romania started to implement some tech countermeasures.

One is the development of an IT platform to identify pro-Russian propaganda narratives on social media resulting from the collaboration between several NGOs and the Department for Emergency Situations.

However, the initiative has also attracted criticism. This is because the government has proposed a number of key terms to be associated with the algorithm which, if applied, would equate cases of “corruption” or “incompetence” related to the Prime Minister or President to pro-Russian disinformation.

In Hungary, on March 5, a pro-Russian Facebook page Orosz Hírek (‘Russian News’) published a video with Hungarian subtitles that has been watched more than 587,000 times.

In the footage, Ukrainian MP and former Socialist Party leader Ilya Kiva claimed that Ukraine’s President, Volodymyr Zelensky, was on the run. However, the news was false. President Zelensky has not left the country or the capital, Kyiv.

In North Macedonia, a case recorded on March 2 saw a Twitter user spread panic by claiming officials were recruiting soldiers for the war in Ukraine.

Fake news, misinformation and disinformation on the war have circulated widely in Croatia as well. On March 1, following a social media story that went viral, celebrating a Ukrainian fighter pilot for shooting down six Russian planes, a number of Croatian media published fake news about a so-called “Ghost of Kiev”, which turned out to be just an urban legend about a fearless Ukrainian pilot protecting the skies above Kyiv. Many users of the social network on March 7 shared a photo from a Serbian film that was falsely attributed to the war in Ukraine.

Bosnia and Herzegovina reported a case of exploitation of the Ukrainian conflict for political ends, on March 8.

Commenting on the war, the leader of the right-wing Dveri movement in Serbia and member of Serbia’s parliament, Boško Obradović, told Belgrade television that it would be “justified for the Serbian Army to get involved” in Bosnia, “to protect Serbs in [the Bosnian Serb entity] Republika Srpska, if aggression is launched against them”.

He said this Serbian military intervention would be “an obligation, both moral and historical and every other”. The video went viral, and many media published it on their pages.

Panic in North Macedonia and Romania over energy

The Ukrainian conflict has also triggered energy panics in many countries that rely heavily on gas and raw materials from Russia.

Data from the European Union Agency for the Cooperation of Energy Regulators shows that North Macedonia, Bosnia and Moldova are the most dependent countries in Europe on Russian gas.

North Macedonia, which receives gas from Russia via the TurkStream pipeline through Bulgaria, imports 100 per cent of its national gas from Russia.

This has led to episodes of mass hysteria and panic.


A man drives his motorbike next to the screen with the new prices of petrol and diesel at a petrol station of Lukoil in Skopje, Republic of North Macedonia, 02 March 2022. Photo:

On March 3, fake news on social media about shortages prompted thousands of North Macedonians to queue at gas stations. The rumours were refuted by authorities, which said there was no crisis in the supply of oil and oil derivatives.

In Romania, images of Bulgarians queuing up for petrol and buying huge quantities of cooking oil caused a panic over alleged shortages of gas there as well.

First, Romanians started panicking over buying cooking oil, and later, they formed massive lines outside gas stations.

Adrian-Ionuț Chesnoiu, Romania’s Ministry of Agriculture and Rural Development, reassured the population, stating: “We have enough cooking oil stored in our warehouses. We have no shortage. There are a lot of oil factories in this country, we aren’t dependent on imports.”

Cybercrimes and online fraud remain endemic in many environments

Online fraud, scams, data breaches and cybercrime continue to occur frequently in many countries.

Hungary and Croatia remain at the top of the list of countries where such violations occur most frequently, with 37 and 26 cases of computer fraud recorded in our annual report, “Online Intimidation: Controlling the Narrative in the Balkans”.


A woman walks in front of Headquarter of Erste Bank in Zagreb, Croatia, 24 January 2017. Photo: EPA/ANTONIO BAT

The digital environment in Serbia saw challenges on digital rights and freedoms in the area of information security. A popular private bank warned its customers and citizens about phishing email fraud. One of the fraudulent emails had “Payment from Russia” written in the subject field.

Another episode involved singer Ana Djuric “Konstrakta”, who said her official Instagram and Facebook accounts had been hacked. Having recently won the national competition to represent Serbia at this year’s Eurovision, she has become very popular.

On March 8, the National Cybersecurity Institute of Hungary warned that several organisations had received email requests that appeared to be from the European Commission, on the “Situation at the EU’s borders with Ukraine”, but which contain harmful links and malware file attachments.

The Croatian digital environment was also affected by two different cases of computer fraud, both recorded on March 6.

In the first case, Erste bank, the third largest bank in Croatia, warned its customers about a fake internet page in its name. The bank told users not to input any personal data on the page. Similarly, RBA bank warned of fake SMS messages, which are “trying to discredit the bank and its stability”. The bank reported the incident to the Interior Ministry.

In Serbia, North Macedonia and Bosnia, routine digital violations

Threats to independent journalists and free media, political friction driven by a climate of instability, and ethnic tension, are just some of the factors behind routine violations.


Austrian Chancellor Karl Nehammer (C), members of the tripartite Presidency of Bosnia and Herzegovina Sefik Dzaferovic (L) and Milorad Dodik (R) arrive for their meeting, during Nehammer’s visits in Sarajevo, Bosnia and Herzegovina, 18 March 2022. Photo:

Miljko Stojanovic, Danas newspaper’s correspondent from Zajecar, received threats via Facebook because of an article he wrote about a Ukrainian taking refuge in Serbia. Serbian police found the person suspected of threatening Stojanovic.

On March 11, during an official visit to the UK, North Macedonia’s Defence Minister, Slavjanka Petrovska, was targeted by hate speech from users, posting derogatory remarks about her looks on Facebook and Twitter.

In Bosnia, ethnic and political tensions continue to provoke online violations. On March 7, Milorad Dodik, the Serbian member of Bosnia’s tripartite presidency and head of the main Bosnian Serb party, the Independent Social Democrats, SNSD, received threats via social media. A video in which a masked man offered a million euros for Dodik’s murder was published on the social network TikTok.

Fake allegations also spread on social networks and online media about possible riots at a rally of the right-wing Serbian nationalist Ravna Gora Chetnik movement in Visegrad, eastern Bosnia, on March 13.

Online media claimed riots were to be expected because of the arrival of some people from Bužim. However, several associations from Bužim denied the rumours, saying that no one wanted such incidents in these times.

North Macedonia Banks Targeted by Notorious Greek Hackers

A well known group of supposedly Greek-based hackers, calling themselves “Powerful Greek Army”, has claimed it took down the pages of several banks in North Macedonia on Tuesday evening for a couple of hours.

Only one bank, however, the private TTK Bank, has confirmed that its web page was in fact the target of a hacker attack, saying that it “successfully prevented” the attack and “there are no consequences”.

“Powerful Greek Army” posted on Monday that it intended to attack a range oif banks.

“ALL banks licensed by the National Bank of the Republic of North Macedonia/All Banks of North Macedonia will be downed … soon,” the group wrote on Twitter. On Tuesday, the group posted subsequent posts, claiming success in this.

BIRN asked North Macedonia’s central bank to comment but did not receive an answer by the time of publication.

This is not the first time the group has targeted North Macedonia’s institutions.

In February, the Education Ministry confirmed it came under attack by the group, which posted video footage of allegedly hacked video surveillance cameras from inside the ministry. However, the ministry said the camera footage was fake.

Earlier, in May 2020, “Powerful Greek Army” leaked dozens of email addresses and passwords from staffers in North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica – and bragged about its exploits on Twitter.

The hacking group was reportedly founded in 2016, when it took down the website of the Greek Prime Minister. Since then it has taken offline a number of banks in Turkey and downed the websites of Turkish Airlines and the office of the Turkish president among other targets. In a recent interview, an alleged member said they had not particular motivation or ideology and chose their targets at random, from Greece and its neighbours to Nigeria and Azerbaijan.

Montenegro Promises to Compensate for Publishing Self-Isolators’ Names

Montenegro’s government confirmed on Monday that it will pay compensation of 300 euros each, of a total of 816,000 euros, to citizens on the list of people ordered to self-isolate during 2020 whose names were published.

According to government data, 2,720 persons filed lawsuits against the state for publishing their names on lists of people ordered to self-isolate.

“Last December, the government agreed to pay 300 euros each in damages to every citizen whose name was published on those lists. The compensation will be paid for violation of personal rights by publishing personal data,” the government told BIRN.

Podgorica-based lawyer Dalibor Kavaric, who represented most of the citizens filing lawsuits, said the government had violated their human rights despite its claims that this was done in the public interest.

“The state has an obligation to protect the rights of every citizen even when it comes to the public health interest. When those lists were published, there was increased fear in the public due to the COVID-19 pandemic. Because of that, those people were stigmatized, as they were presented as a public threat,” Kavaric told BIRN.

“We are not satisfied with the amount of compensation, as it should be at least ten times higher,” he added.

The government published the names on March 21, 2020, during the first wave of the COVID-19 pandemic, despite warnings from opposition parties and civic society organisations that it risked violating their constitutionally guaranteed human rights. They also warned that citizens whose names were published might sue the state.

The government insisted it had a right to publish the names because some citizens were not respecting self-isolation obligations.

It said it had approval for its actions from the Agency for Personal Data Protection. It also stressed that the security forces could not control every citizen who should be in self-isolation and that anyone who failed to self-isolate posed a threat to the community.

On March 22, 2020, then Prime Minister Dusko Markovic said no compromises would be made with those who violated preventative measures amid the pandemic. He also warned that the government would continue to publish the names of citizens who had been ordered to self-isolate.

“The lives of our citizens are the priority. We have estimated that the right to health and life is above the right to unconditional protection of personal data,” Markovic said.

But after the Civic Alliance NGO submitted an appeal to the Constitutional Court, on July 23, 2020, the court annulled the government’s decision to publish the names of citizens ordered to self-isolate – although it did not rule that the government had violated their rights. The government then removed the list from its website.

In last year’s progress report, the European Commission urged Montenegro to award compensation for the publication of the names, warning that the government had violated people’s constitutional right to privacy.

Wave of Cyber Crimes, Political Clashes, Buffets Region

Early February’s digital violations suggested that some of them were the result of the reluctance or inability of governments to cope with an increase in cyber-attacks and online frauds.

In Hungary, political clashes continued in the online environment ahead of spring’s general elections; in Romanian, a row in parliament between the energy minister and a far-right leader Simion resulted in both a spike in online tensions and a controversial amendment to parliament’s rules.

New computer frauds and hacker attacks were recorded in North Macedonia, Croatia and Serbia, where the responses of the authorities remain far from satisfactory. Ethnic and political-related death threats marred Bosnia’s digital environment.

Political contest haunts Hungary ahead of election

With parliamentary elections looming in Hungary, the party campaigns are becoming a battlefield in which the different options continue to attack each other.

On February 12, Prime Minister Viktor Orbán delivered his annual “state of the nation” speech, which he used to attack his Fidesz party’s political rivals. If the left wins the next elections, he claimed, “taxes and debt will be sky high, and we will have a crumbling economy: unemployment, austerity measures, mountains of debts, IMF: No money.”

Former socialist Prime Minister Ferenc Gyurcsany addresses demonstrators protesting against the policies of the Hungarian government in a street overlooking the Parliament building in Budapest, Hungary, 28 September 2018. Photo: EPA-EFE/ZOLTAN MATHE

In the first case recorded on February 9, Péter Márki-Zay, leader of Hungary’s joint opposition in the election and founder of the Everybody’s Hungary movement, on Facebook accused Fidesz ministers, including the Prime Minister, of involvement in an ongoing corruption case. The prosecutor’s office has since made it clear that the accusation had no basis in fact.

Pro-government media are meanwhile involved in political attacks and disinformation aimed at discrediting Fidesz’s opponents.

On February 13, the pro-government media launched a campaign against Ferenc Gyurcsány, president of the liberal Democratic Coalition Party, claiming he did not know the name of his own party’s candidate at an election event. To support this claim, they published a manipulated video in which Gyurcsány appeared not to know the candidate’s last name, saying: “Dr Oláh Somebody, the candidate for this constituency.” Gyurcsány had been targeted in a further case of disinformation led by pro-government media outlets Origo and Borsonline. On February 15, he won a lawsuit against an article published by the two media that claimed he was drunk at a party event.

North Macedonia still vulnerable to hacker attacks

Computer frauds and other cyberattacks jeopardized the integrity of a number of North Macedonian state websites in early February.

Despite government pledges to increase the security of the IT systems of institutional websites, weak cybercrime prevention systems remain a challenge. Lack of adequate training of IT personnel to prevent hacking attacks and raise awareness of their effects is another issue.

In a case recorded on February 4, hackers calling themselves the “Powerful Greek Army” boasted that they had hacked the Ministry of Education. The group released footage that appeared to be from the ministry’s own video cameras. However, after confirming the hacker attack, the ministry said the video footage published on Twitter by the hacker group was fake.

Days later, on February 9, scammers were sending out mass phishing emails in the name of North Macedonian Post. Several citizens reported receiving suspect messages on behalf of the Post Office, asking them to make payments through a fake website. The Post Office warned people not to open the links.

Romanian parliament clash spurs online tensions and controversial rule change

Shortly before the Romanian parliament’s Chamber of Deputies on February 9 rejected a motion of no confidence in Energy Minister Virgil Popescu, parliament was the scene of an ugly confrontation between George Simion, leader of the far-right Alliance for the Union of Romanians, AUR, and the minister.

Simion first approached the minister with threatening tones, yelling in his face: “You’re a thief.” The chairman of the meeting, Daniel Suciu, member of the Social Democratic Party PSD, suspended the session, “This is the first time in the history of the Romanian parliament that a minister has been physically assaulted while giving a speech,” he said.

Incident desfasurat in timpul sedintei ocazionate de citirea motiunii simple de cenzura impotriva ministrului energiei, in plenul Parlamentului Romaniei, 7 februarie 2022. Photo: Inquam Photos / Ilona Andrei

The digital environment was shaken by this event. In a case recorded on February 8, Energy Minister Popescu complained that he and his family were now being threatened on Facebook by the far-right party’s supporters. “Since this incident happened, I have been targeted by an avalanche of insults and threats on my personal Facebook account. These threats appeared even under pictures of my children. They went too far this time. Some of the accounts are fake, and the whole action seems organised,” he said.

The aftermath of the political clash resulted in a further episode that could have worrying implications for freedom of expression.

On February 9, the government proposed amendments to the rules of the chamber, which would limit MPs’ rights to livestream and video-record events inside parliament. Six NGOs criticized the change. “The ban on displaying banners in the parliament, as well as the ban on recording and broadcasting live is, in our view, a restriction on freedom of expression, which is a fundamental right, all the more protected when it comes to political debate,” they warned.

Phishing scams and online intimidation of journalists in Serbia

In Serbia, the first two weeks of February saw several phishing cases and more digital violations targeting journalists.

Serbia’s digital environment remains “hostile territory” for independent journalists and media outlets and attempts to discredit and discourage the free media are a daily reality.

Workers decorate with Christmas lights the head office of Raiffeisen Bank in Pristina, Kosovo, 16 December 2020. Photo: EPA-EFE/VALDRIN XHEMA

On February 1, the Serbian branch of Raiffeisen Bank warned its clients that requests sent to customers to reactivate their mobile banking apps via email were fraudulent. The bank advised its clients not to follow such instructions. Two days later, Serbian Post informed citizens that fraudulent messages were being sent on its behalf via SMS and WhatsApp, asking people to make payments to pick up shipments. It advised people not to open these fake links or enter personal data.

Nedim Sejdinović, a journalist known for his anti-government editorials and author of various reports on social issues, reported to the country’s Cybercrime Prosecution Office that he had received threats and other insults via Facebook Messenger on February 11. One comment read: “Listen Turk [an abusive term for Muslim]… I will take care of you”.

Following a November 4 case, where Aleksandar Šapić, vice president of the ruling Serbian Progressive Party, sued Nenad Kulačin and Marko Vidojković, hosts of the podcast “Dobar, loš, zao” (“The Good, The Bad, The Ugly”) for defamation, the politician again sued the two journalists on February 13, demanding more than a million Serbian dinars in compensation for the contents of their programme.

Ethnic Death Threats in Bosnia and Herzegovina 

In Bosnia, where ethnic tensions are endemic to the social fabric and political system, new ethnic-political-related death threats marred Bosnia’s digital environment.

Ćamil Duraković, former mayor of Srebrenica, received death threats after guesting on a television program where he confronted a Republika Srpska deputy, Nebojsa Vukanovic. One message read: “Because of last night’s spitting on Serbs in the [TV] show, I can only tell you, ‘Long live Ratko Mladic’ and it’s a pity they missed you” – “they” meaning the Bosnian forces under General Mladic who killed 8,000 Muslims in Srebrenica in 1995.

Another case involved the vice president of the Federation of Bosnia and Herzegovina, the larger of Bosnia’s two entities, Milan Dunović. He reported receiving death threats from some individuals who had threatened to “cut off his head”.

“When individuals dare to threaten public figures, who are under the protection of the police, the question is what citizens can expect. Of course, I reported all threats that I consider a direct threat to the safety of me and my family to the authorities, but such threats can only be stopped by stopping policies of hatred and invoking conflict,” he said.

Computer frauds and COVID disinformation Spread in Croatia

Croatia recorded several cases of computer fraud and other cases of disinformation linked to the COVID pandemic in early February,

Following the pandemic, cyber frauds have increased in Croatia and, although Croatia has joined the EU Cybersecurity Regulation, it appears that its cybersecurity is not yet efficient. A study suggests that Croatia has yet to offer an adequate answer to the increase in cyber-threats.

A bitcoin sign is placed in front of a crypto exchange office in Pristina, Kosovo, 10 January 2022. Photo: EPA-EFE/VALDRIN XHEMAJ

On February 9, Croatian telecommunications operator A1 was subjected to a hacker attack that compromised around 10 per cent of A1’s user data. The hacker demanded a $500,000 ransom or threatened to sell the data on the dark web. One day earlier, a Croatian company became a victim of internet fraud following the interception of its email exchange with a business partner. The company then received an email with details of a fake bank account, into which it deposited funds, losing a couple of thousand kuna. A massive cryptocurrency fraud was also discovered between September 2021 and November 2021, which targeted thousands of citizens.

Two cases linked to COVID disinformation were also recorded. In the first, on February 3, false information about the cause of the recent death of Valerij Jurešić, who headed the Department of Culture, Sports and Technical Culture in Primorje-Gorski Kotar County, spread via social media and online media.

This claimed that his death by heart attack was linked to the COVID-19 vaccine. However, Jurešić’s daughter clarified that her father had been suffering from cancer, adding that anti-cancer drugs probably induced his heart attack.

On the same day, a case was recorded of a scientist who became a victim of hate speech and death threats online after he warned about the dangers of COVID-19.

Croatian Teen Suspected of Hacking Communication Company’s Data

Croatian news site Index.hr reported that the prime suspect for hacking the database of Croatia’s telecommunication operator’s, Tele Operator A1, exposing around 10 per cent of user data, is a 14-year-old primary school pupil from Slavonski Brod.

Police reportedly waited for the suspect at home after he came back from school on Monday and questioned him in the presence of his parents. They then searched his home and, according to reports, found the equipment he used to hack Tele Operator A1.

As the suspect is a minor, the police were unable to give many details, but Renato Grguric, head of the police’s Department of Cyber-Security, said there was “enough evidence that the person in question is the hacker. When the investigation is over, adequate criminal charges will be brought”.

The police also said that he had an accomplice, who was not from Croatia and who did not participate in the hacking itself.

Grguric said that when a crime perpetrator is a minor, the emphasis is not on punishment but on preventing further crimes. “People usually get three to five years in prison for a crime like this, but that’s not the point. In this case, the responsibility is on the minor, not the parents. Every person over 14 is responsible for their own actions,” Grguric explained.

On February 9, Croatian Tele Operator A1 was the target of a hacking attack that compromised round 10 per cent of A1’s user data, exposing their names, addresses, personal identification numbers and phone numbers.

The hacker demanded a $500,000 ransom or threatened to sell the data on the dark web. A1 did not pay the ransom and the hacker claimed to have sold the data anyway.

Albania Online Media Blame Cyber-Attacks on Tirana Mayor

Online media critical of Albania’s government claim that the cyber attacks that targeted them recently were likely coordinated, and possibly linked to Tirana Mayor Erion Veliaj.

They told BIRN that they suspected that the attacks happened because they published a taped conversation in which Veliaj can be heard using slurs, coarse language and threats when speaking to regional football officials.

They said the attacks made it difficult for the public to access their webpages, and that the attacks looked coordinated.

Brahim Shima, director at Ora News, a broadcaster based in Tirana, told BIRN he believed that the attack had been deliberate.

“The attack was completely intentional, to make it as difficult as possible to access the news at Ora News. There were previous attempts to hack the site, but the attack launched in January was aimed at reducing it, or maximizing our difficulty in disseminating news,” Shima told BIRN.

He added that they connected the attack to the battle between the Albania Football Federation, FSHF, and the Tirana Mayor over elections for a new head of the football governing body.

“We do not have concrete facts, but [we believe] everything has to do with pressure from Mayor Veliaj towards the FSHF,” he added.

Enton Abilekaj, who runs a local media outlet called Dosja.al, said the cyber attacks targeted his media as well, making access to its webpage difficult.

“The company that provides us with online activity informed us about a special attack, which was not done by hackers but by buying IPs abroad, so artificially increasing traffic, so that the server could not cope and the site could not be accessed,” Abilekaj told BIRN.

“From the investigation we did with colleagues who had the same problem, we realized that the attacked sites were the same ones that published the audio recording of the mayor in a meeting with members of the Tirana regional Football Assembly,” he added.

He said that the attack had finished, but had left a lot of uncertainty within the media.

Andi Bushati, who runs Lapsi.al, told BIRN that he also saw the attacks as connected with the publication of the tape in which Mayor Veliaj appeared to be pressuring the football community of the capital to interfere in the FSHF elections.

“We do not have 100-per-cent verifiable evidence that the cyber attack came from the mayor, but the fact that those media outlets that gave great visibility to this news were attacked and, above all, that the FSHF website that first published this eavesdropping was attacked, leads all assumptions to Veliaj,” Bushati told BIRN.

Gerti Progni, an Albanian cyber expert, told BIRN that portals that are critical of the authorities and the government have been subjected to cyber attacks “for some time now”.

“But it has never happened that the attack was so large and at such a high cost, because the type of attack was a DDOS [denial of distribution of service],” Progni said. “It is the only attack that is almost impossible to detect, and it’s very difficult and costly to defend oneself from it,” he added.

Albania to Hire US Cybersecurity Firm After Data Breach

The Albanian government said on Tuesday that it has signed a memorandum of understanding with the US-based Jones International Group, which is expected to advise on cyber security measures after the country suffered a huge data leak in late December.

The agreement with the Virginia-based Jones International Group was made public through a decision by Albania’s Council of Ministers but no details of tender procedures or the costs involved were disclosed.

“This is just an agreement of understanding in which the parties agree that they will work with each other. The other documents [contracts] will become known in the future,” the spokesperson at the Ministry of Infrastructure and Energy, Florian Serjani, told BIRN on Tuesday when asked about the cost.

When asked what was the basis upon which the company was chosen, Serjani said that “we have experience with this company because they have worked with the OST [Albania’s transmission system operator]”.

The Jones International Group, which provides cyber security, energy, telecommunications and political consulting services and products, is run by James Logan Jones, a former US Navy general and former US National Security Advisor. Jones was also the US supreme allied commander in Europe.

The Minister of Infrastructure and Energy, Belinda Balluku, met Jones on Monday and said that he has “expressed readiness to cooperate with the Albanian government for cyber protection, as one of the companies with the greatest experience in the US and Europe”.

Quoted by local media on Tuesday, Jonas said he feels honoured to help Albania in “cyberwar.”

“…There is a clear and obvious danger…”, he was quoted as saying.

The US company, which according to the official data was established in July 2020,  plans a strategy of how to install multilayer protective systems to prevent cyberattacks in a country where people can find more than 90 per cent of their public administration services online.

Jones has previous connections with Albania. In 2019, while working as US National Security Advisor, in Albania he met the People’s Mojahedin Organisation of Iran, MEK, a controversial Iranian opposition group that has been sheltered by Albania since 2013. He has been presented as a longtime supporter of the Iranian resistance, especially the members of the MEK in Iraq.

At a NATO conference on security challenges facing technology two years ago in Tirana, he warned Albania to be vigilant about China offering to provide 5G technology.

After the huge data leak in December, the Tirana prosecution started checking a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which was circulated on WhatsApp. Four people are under investigation over the leak.

It was alleged that the data contained the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

Another data leak of salaries for the month of April was released and circulated via WhatsApp one day later.

It was followed by a further data leak that contained private information about citizens’ vehicle number plates.

In April 2021, a few days before elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, included names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Albania Announces Four Arrests Over Massive Data Leaks

The Prosecutor of Tirana, Elisabeta Imeraj, told the media on Friday that police had arrested four people in connection with the massive data leaks that have rocked Albania.

Two people from state institutions suspected of selling people’s personal data and two others from private entities suspected of buying it had been arrested.

“They are employed in the National Information Service Agency, but practice their profession in the General Directorate of Taxes”, she said referring to the two arrested from state institutions.

The Tirana prosecution in December started checking a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which has been circulated on social media.

It was alleged that the data contained the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors for January 2021.

Another data leak of salaries for the month of April was released and circulated through WhatsApp just one day later.

It was followed by another data leak that contained private information about citizens’ car plates.

Experts told BIRN that these leaks pose public security questions.

In April 2021, a few days before elections, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Massive Data Leaks in Albania Pose Public Security Question

A database circulating online containing private information of Albanian citizens’ salaries, and another with private information and comments on political preferences that circulated in April, have raised concerns about public security in the country.

Prosecutors in Tirana started verification hours after a massive data breach of citizens’ private information started circulating online, initially through “Whatsapp”. The data contain the salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

The opposition Democratic Party condemned “an extraordinary scandal” and accused the Socialist government of failing to protect citizens’ private data.

The excel file that was leaked contained the salaries of the citizens for the month of January, while another which started circulating on Thursday contained salaries for April.

On Thursday Prime Minister Edi Rama called it “an attempt to create confusion and to foster instability”, implying also that the destabilization efforts came from the country’s divided opposition.

Enri Hide, a security expert and professor at the European University in Tirana, called it “an open threat to the national security” and added that “the institutional reaction “is not at all serious and proportionate to the degree of risk”.

“First of all, it shows the weaknesses of Albania’s cyber-security infrastructure. Second, it shows the lack of a response plan in such cases,” Hide told BIRN.

Asked if a specific group of people such as Intelligence or Army are more threatened than others, Hide said that the exposure “has extremely serious consequences for Intelligence” and the military.

“The long-term consequences for the Intelligence and Security and Defence system are 1. Use of the data by foreign actors in order to monitor the payment system of the sector. 2. Now that this level is being clarified, foreign intelligence agencies may attempt to ‘intervene’ or try to ‘offer rewards’ to actors in key / sensitive positions,” he told BIRN.

He added that the private sector was also at risk by making citizens vulnerable to blackmail.

“Cyber-security must be taken seriously. We need a strategy based not on letters but on modus operandi. We need a clear protocol of what should happen if we have such leaks. There is not any and it is shameful,” he said.

Fabian Zhilla, a security expert based in Tirana, said the leak of the database with the private information of citizens data that, “the public loses trust in public institutions and the loss of trust is directly related to the cooperation that citizens should have with institutions:”. If this threat is not addressed “citizens will be exposed and blackmailed and this includes employees of important state institutions”.

“If we talk about the protection of personal data, there is no doubt that the bodies that deal with the monitoring of all servers of public institutions such as  National Agency for Information Society, AKSHI, must have a protocol and if there is no protocol … AKSHI should definitely set up a working group to make an assessment of preventive measures but also measures in case of information leaks and how it can be managed in real-time to prevent their spread in public,” Zhilla told BIRN.

He confirmed that secret service employees, intelligence services, military intelligence units and counter-terrorism units were at special risk.

“It is very important that a commission be set up at the ministerial level, perhaps with the request of Parliament to make a better assessment of the protection protocol, the measures related to the status quo of the infrastructure that the official institutions have today to protect the personal data,” he added.

The head of  AKSHI, Linda Karancaj, said on Thursday that “the tax system is not certified by ISO, but we are in the process”.

According to the National Strategy of Cyber Security 2020 -2025 “any government infrastructure under the administration of AKSHI, ISO 27001standard policies are applied”.

In April 2021, a few days before elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Albanian Prosecutors Probe Huge Suspected Leak of Personal Data

The Tirana prosecution told BIRN that it has “started verifications” of a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which has been circulated on social media.

It is alleged that the data contains the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

It is suspected that the list was leaked from the tax service or the Social Insurance Institute.

Government spokesman Endri Fuga said that the Ministry of Finance was following with concern the release of data on the salaries of Albanian citizens, and described the document as “illegal”.
Fuga said in a statement that preliminary analysis has shown that “there has been no digital export of the [state] payroll database” and that the document is a “merger of several different pieces” of data.

President Ilir Meta called it “a flagrant violation of freedoms, human rights and dignity, laws and the constitution” and urged the authorities to investigate the case and find the perpetrators.

“The personal data of every citizen, which is stored by public institutions and administered in state databases, is personal, protected by law and intended to be used only for the benefit of citizens and the state only,” Meta said.

“Any other use of it is a criminal act, which endangers the social order by violating the private security of every citizen,” he added.

The deputy leader of the opposition Democratic Party, Enkelejd Alibeaj, said it was “an extraordinary scandal” and alleged that the government of Prime Minister Edi Rama has failed to protect “personal and sensitive data on salaries, personal identification numbers, and the workplaces of over 630,000 citizens”.

Alibeaj said the Democratic Party believes that the online publication of the list “is part of a [ruling] party-state strategy to use sensitive information for electoral purposes”.

If confirmed, this would be the second time in a year that large amounts of citizens’ private data have entered the public domain.

In April 2021, a few days before the general elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now