Moldova’s Cyber Crime Defences Questioned After DarkNet Sting

Security experts in Moldova are raising questions about the resilience of the country’s cyber defences after a massive operation at the European level, to which Moldova contributed, uncovered and closed the biggest DarkNet website selling drugs, stolen credit card data and malware.

German authorities dismantled DarkMarket, which was hosted by DarkNet, on Tuesday. Prosecutors from Koblenz said that “more than 20 servers from Moldova and Ukraine” had been confiscated and shut during the international police operation.

According to investigators, DarkMarket was “without a doubt, the largest market in the world on DarkNet”. They say the online platform included over 500,000 users and over 2,400 sellers.

“Moldova does not entirely control its territory where certain criminal groups covered by influential factors from Moldova and Russia are operating,” retired colonel Rosian Vasiloi observed to BIRN.

“In this sense, the authorities show their weakness because we have all the necessary levers to intervene in this regard with special investigation activity and criminal investigations – but somehow we don’t,” the military and security specialist told BIRN.

The former border police chief also stressed that whikle Moldova is doing well on paper in laws and security strategies, it has major difficulties implementing them. He also urged more transparency on such matters, as Moldovan authorities have stayed largely quiet so far on this problem.

Vasiloi said Moldova should cooperate more with Western investigative bodies and be more proactive in tackling such phenomena, not only when it is asked to. “We have specific commitments regarding this in the context of implementing the Association Agreement with the European Union,” he noted.

In total, at least 320,000 transactions were made on the illegal platform with Bitcoin and Monero cryptocurrencies, and the total value of the transactions could amount to 140 million euros, authorities have said.

DarkMarket was “used mainly for the sale of drugs of all kinds” but also sold “counterfeit coins, stolen or counterfeit credit card data, anonymous SIM cards’ or computer viruses”, German prosecutors stated.

A 34-year-old Australian allegedly running DarkMarket was arrested this weekend on the German-Danish border and is in pre-trial detention.

Authorities worldwide, including the FBI, the US Drug Enforcement Administration and police in countries such as the UK, Denmark, Ukraine and Moldova contributed to the investigation under EU coordination.

Turkey Investigates Facebook, WhatsApp Over New Privacy Agreement

Turkey’s Competition Board on Monday said an investigation had been launched into Facebook and WhatsApp over a new privacy agreement that forces WhatsApp user to share its data with Facebook. Users who reject the terms of the agreement will not be able to use WhatsApp after February 8.

The Turkish competition watchdog said the requirement allowing collection of that data should be suspended until the investigation is over.

“WhatsApp Inc and WhatsApp LLC companies will be known as Facebook after the new agreement and this will allow Facebook to collect more data. The board will investigate whether this violates Turkish competition law,” the board said.

The Turkish government is calling on its citizens to delete WhatsApp and to use domestic messaging app BiP instead, developed by Turkey’s mobile operator Turkcell, in addition to other secure messing apps such as Telegram and Signal.

Turkey’s presidency, ministries, state institutions and many other people have announced that they have deleted WhatsApp and downloaded other applications.

“Let’s stand against digital fascism together,” Ali Taha Koc, head of the Turkish Presidential Digital Transformation Office, said on Twitter on January 10, urging people to use the domestic BiP app.

BiP gained 1.12 million new users on Sunday alone after the new privacy agreement was introduced.

The new privacy agreement will not be in force in the EU and the UK because of its tight digital privacy law.

The EU fined Facebook 110 million euros earlier in 2017 euros for giving misleading statements on the company’s $19 billion acquisition of the internet messaging service WhatsApp in 2014.

Millions of people around the globe have abandoned WhatsApp and migrated to other messaging apps, Signal and Telegram in particular, and Signal and Telegram had server issues hosting such a large number of users.

Telegram and Signal which are accepted as the most secure messaging apps have become the most downloaded application in the past week for both Android and Apple phones users.

EU Set to Take on Big Tech with New Digital Services Act

Over the past two decades, the process of digitisation has completely transformed the European services sector, though EU legislation regulating the provision of those services has not kept up with the fast-changing technological environment. With consensus among European policymakers that the 20-year-old piece of legislation, the e-Commerce Directive, was in dire need of updating, the European Commission announced in January 2020 that it would pass a new Digital Services Act by the end of 2020. That date, expected to be December 2, is rapidly approaching.

With this brand new set of regulations governing the EU’s digital market, the Commission intends to clarify and introduce new digital services liability rules and ensure a more competitive digital market where even small and medium-sized businesses (SMEs) can compete with the more established players.

Policymakers in the EU, which is already home to the world’s strictest data privacy laws, believe that Europe is in a unique position to set new standards for the regulation of digital services for the whole world. The forthcoming rules represent an unprecedented strike against the seemingly limitless power of big tech, which are likely to oppose the reforms.

A close-up image shows the slogan of the ‘StopHateForProfit’ campaign on the organization’s website displayed on a smartphone screen in Cologne, Germany, 29 June 2020. EPA-EFE/SASCHA STEINBACH

What new rules are coming?  

Although the final contours of the legislative package are not yet public knowledge, it is expected that the regulation will come in two legislative proposals. The first set of proposals contained in the Digital Services Act will likely focus on updating digital services providers’ responsibilities and liabilities. The Digital Markets Act will then likely be concerned with limiting the power of big platforms in general.

In a recent speech, Executive Vice-President of the Commission Margrethe Vestager said that digital media platforms need to be more transparent about the way they share the digital world that we see.

“They’ll have to report on what they’ve done to take down illegal material. They’ll have to tell us how they decide what information and products to recommend to us, and which ones to hide – and give us the ability to influence those decisions, instead of simply having them made for us. And they’ll have to tell us who’s paying for the ads that we see, and why we’ve been targeted by a certain ad,” Vestager said earlier this year.

Although it is not year clear which specific platforms will be targeted, it is widely expected that the new rules with mainly apply to social media platforms with more than 2 million users, which have, until now, bitterly resisted attempts to disclose their algorithms.

“Platforms need to ensure that their users can be protected from illegal goods and content online, by putting in place the right processes to react swiftly to illegal activities, and to cooperate with law enforcement authorities more effectively,” the Commission’s press officer for the digital economy, Charles Manoury, told BIRN an email.

When asked about the concrete rules being considered in Brussels, Manoury said that the Commission will “aim to harmonise a clear set of obligations (responsibilities) for online platforms, including notice-and-action procedures, redress, transparency and accountability measures, and cooperation obligations.”

In a report produced by the European Parliamentary Research Service in October, EU experts came up with the following recommendations for the Commission:

  1. Introduce a clear, standardised notice-and-action procedures to deal with illegal and harmful content;
  2. Enhanced transparency on content curation and reporting obligations for platforms;
  3. Out-of-court dispute settlement on content management, particularly on notice-and-action procedures.

Those policy recommendations are strikingly similar to the rules already in effect in the country currently holding the Presidency of the Council of the EU – Germany.

A Google logo is displayed at the Google offices in Berlin, Germany, 24 June 2019. EPA-EFE/HAYOUNG JEON

German lessons

 “The Commission in its impact assessments takes into account already existing EU laws, such as the NetzDG,” noted the Commission’s spokesman Manoury, referring to the Network Enforcement Act, which was passed by the German parliament back in 2017.

According to the website of the German Ministry of Justice and and Consumer Protection, the law aims to fight hate crime and criminally punish fake news and other unlawful content on social networks more effectively. This includes insults, malicious gossip, defamation, public incitement to crime, incitement to hatred, disseminating portrayals of violence and threatening the commission of a felony.

In practice, all social media platforms (with more than 2 million users) that are accessible in Germany are obliged to take down or block access to “manifestly unlawful content” within 24 hours of receiving a complaint. They also have to offer their users an accessible procedure for reporting criminally punishable content and take “immediate notice” of any content that might violate German criminal law.

But German lawmakers didn’t stop there. In June this year, the Budestag decided to tighten further the laws against hate speech online by requiring social networks to report to the BKA (Federal Police) and transmit some user data, such as IP addresses or port numbers, directly to the authorities.

Moreover, new rules will oblige operators of social networks to submit biannual reports on their handling of complaints about criminally punishable content. These reports must contain information, for example, on the volume of complaints and the decision-making practices of the network, as well as about the teams responsible for processing reported content. They must be made available to everybody on the internet.

Social media platforms could be liable for fines of up to 50 million euros if they fail on their reporting duties, according to a statement from the Justice Ministry.

According to the German daily Stuttgarter Zeitung, so far nine social media platforms have offered transparency reports: Facebook, Instagram, Twitter, YouTube, Reddit, Tiktok, Soundcloud, Change.org and Google+. The number of complaints varies greatly. In the second half of 2019, 4,274 unsatisfied users reported to Facebook. There were 843,527 complaints on Twitter and 277,478 on YouTube. Facebook felt compelled to take action in almost a quarter of the cases. 87 per cent of these posts were deleted within 24 hours, a total of 488. Twitter took care of 16 per cent of the complaints, 86 per cent of which were removed from the network within a day, according to the German newspaper.

However, the new obligations have their critics. Some express concern that legal content will end up being deleted by overzealous platforms eager to avoid paying hefty fines, the so-called problem of “over-blocking”. In 2017, when the law was first passed by the German parliament, even journalism unions in Germany protested against it, fearing a new form of censorship.

Reacting to the criticisms, German Justice Minister Christine Lambrecht recently called for the introduction of a “counter-presentation procedure”, which would give authors of deleted content the right to ask social networks for a reassessment of their decision before any fines would be imposed.

There is also criticism that some of the proposed rules might even be in conflict with the German constitution. This particularly concerns the law intended to combat far-right extremism and hate crime, which was passed in the summer and is intended to force operators of social networks to report criminal content such as the threat of dangerous bodily harm or defamation of public figures (mayors or municipal councillors) to the Federal Criminal Police Office. It is because of those concerns that the president has not yet signed the law.

Long way to go

The German experience clearly shows that certain measures to combat the spread of hate speech and other form of illegal content online are relatively easy to implement, while others, like direct reporting to the police, might take much longer to build a consensus around.

That being said, even when it comes to the seemingly more trivial measures, the European Commission’s mission is an infinitely more challenging one. First of all, it needs to make all member states agree on what even constitutes a hate crime on the internet. Then it has to create a set of rules that would be applicable across all member states.

According to a source in the European Commission familiar with the legislation, the first task is the easier one. “There is actually a very broad agreement across the EU on the question of illegal content. Basically, what is illegal offline is also illegal online – it is just a question of how you monitor it and what measures to take to make sure that the rules are followed also online,” the source, who wished to remain anonymous, told BIRN.

Whatever the rules that the Commission ends up proposing in early December, the speed of the final implementation of those measures will largely depend on the legal form of the rules.

Generally speaking, if the rules assume the form of EU regulations, the final implementation might take a very long time, as regulations need unilateral agreement by all member states. If EU legislators decide to go with directives, which leave a lot of space for individual member states to translate into their own respective national laws and don’t require unilateral agreement, things could go much faster.

According to the source from the Commission, half a year is an absolute minimum to expect the legislative process to take.

“If you have an extremely well-drafted piece of legislation that everyone agrees on, it can take half a year. I’ve never heard about anything going faster than this. It is already clear that this will not be very straightforward,” the source said.

Concern over Moldova Cyber Security As Election Looms

As the campaign for Moldova’s presidential election intensifies, so too does the rate of cyberattacks on state institutions in the former Soviet republic, torn between Russia and the West.

But while Moldova’s Intelligence and Security Service, SIS, says it is working to disrupt cyberattacks, critics say more needs to be done to confront the scourge of fake news and disinformation.

“Moldova does not have a strategy to tackle propaganda, nor clear policies for the protection of the information space,” said Cornelia Cozonac, head of the Centre for Investigative Journalism in Moldova.

“Moldovan politicians are not even trying to take over similar research-based guidelines from the Baltic States, for example.”

Individual hackers

In an interview for Moldpres, SIS director Alexandr Esaulenco said that election campaigns in Moldova frequently brought an “intensification” of cyberattacks on state bodies handling the electoral process.

In written comments to BIRN, the SIS described four types of attacks since 2015 – denial of service, or DDOS, phishing via state e-mail, brute-force attacks trying to gain access to government information systems and the hijacking of official web pages.

“These activities aim to stop or hinder the conduct of the electoral process, but in all these cases, we act proactively to prevent their success,” Esaulenco told Moldpres.

In an interview with tribuna.md in October, Sergiu Popovici, the director of the government Information Technology and Cyber Security Service, STISC, said most attacks were the work of individual hackers, “who try out their criminal talent on randomly selected electoral processes.”

‘Real propaganda’

Esaulenco, a 43-year-old major general, previously worked as a security adviser to Moldova’s pro-Russian president, Igor Dodon.


A person scrolls the screen of a mobile phone while loading information on how to counter ‘fake news’ in New Delhi, India, May 2, 2019. Photo: EPA/Harish Tyagi

Dodon is bidding for a second term in next month’s election but faces a strong challenge from pro-European candidate Maia Sandu.

The SIS press office told BIRN that, while it confronts the threat of cyberattacks, its future focus would be more on disinformation and propaganda.

Torn between integrating with the West or remaining in Russia’s orbit, Moldova has proven particularly vulnerable to outside propaganda, particularly against NATO, the European Union and the international community in general.

The SIS said that during the COVID-19 state-of-emergency in the spring, it closed some 61 websites and news portals deemed to be spreading propaganda and fake news regarding the pandemic.

But Petru Macovei, executive director of the Independent Press Association, API, said SIS did not go far enough.

“It was a facade with the closure of those sites, to justify themselves that their activity was not in vain during the state of emergency caused by the pandemic,” Macovei told BIRN. “Indeed, it was neither effective nor sufficient.”

These “were selective decisions,” he said, “because the real propaganda was not affected by that SIS measure.”

By ‘real propaganda,’ many experts in Moldova mean Russian media outlets that broadcast in Moldova with a distinctively anti-Western tone.

“Russian media in Moldova like Komsomolskaya Pravda or Sputnik every day have at least one anti-EU and NATO news and some about Ukraine,” said Cozonac.

Strategy lacking

Elena Marzac, executive director of the Information and Documentation Centre on NATO, IDC NATO, said that COVID-19 crisis and the economic fallout were “gradually turning into a security crisis.”


The executive director of the IDC NATO in Moldova, Elena Marzac. Photo: Facebook

“Besides classic disinformation there are also the cyberattacks, both elements of hybrid warfare,” Marzac told BIRN.

“Also, the narratives circulating in the international space, but also the regional and national one are strongly influenced by geopolitics, and the main promoting actors in that sense are China and Russia.”

Moldova has made some progress towards establishing the legal basis for a better information security strategy, but experts agree there is still much to be done.

“It is too early to talk about the existence in Moldova of an integrated and effective national mechanism for preventing and combating cybersecurity incidents and cybercrime,” said Marzac.

Montenegrins in Self-Isolation Sue State for Publishing Names

More than 300 citizens of Montenegro have filed lawsuits against the state for publishing their names on lists of people ordered to self-isolate. On Wednesday, a Podgorica-based lawyer, Dalibor Kavaric, who represents some of the citizens, said the government had violated their human rights.

“By publishing the names and personal data of persons in self-isolation, the government stigmatized them and unnecessarily exposed their privacy to the public … the government has unnecessarily caused material damage to the budget of Montenegro just because it didn’t respect the constitution,” Kavaric told BIRN.

The government published the names on March 21, despite warnings from opposition parties and civic society organisations that it risked violating constitutionally guaranteed human rights. They also warned that citizens whose names were published might sue the state before the courts.

The government said it had a right to publish the names because some citizens were not respecting self-isolation obligations. It also said it had approval for its actions from the Agency for Personal Data Protection. It stressed that the security forces could not control every citizen who should be in self-isolation, and that anyone who failed to self-isolate posed a threat to the entire community.

The Head of the EU Delegation to Montenegro, Aivo Orav, called on the authorities to find the right balance between protecting the health and respecting the confidentiality of health information and the right to privacy of citizens.

Danilo Papovic, from the Civic Alliance, said citizens had every right to to seek legal protection of their civil rights.

“The lawsuits are completely justified … This government action indicates the absence of responsibility both in the legal and financial sense, bearing in mind that the consequences of illegal actions are ultimately borne by the citizens, because any compensation is paid from the budget,” Papovic told BIRN.

On March 22, Prime Minister Dusko Markovic said no compromises would be made with those who violated preventative measures amid the COVID-19 pandemic. He also warned that the government would continue to publish the names of citizens who had been ordered to self-isolate.

“The lives of our citizens are the priority. We have estimated that the right to health and life is above the right to unconditional protection of personal data,” Markovic said.

But after the Civic Alliance submitted an appeal to the Constitutional court on March 23, on July 23, the court annulled the government decision to publish the names of citizens ordered to self-isolate – though it did not rule that the government had violated their human rights. The government then removed the list from its website.

A lawyer from Bijelo Polje, Milos Kojovic, said the Constitutional Court had confirmed that the government had violated basic human rights and freedoms by publishing the names of persons ordered to self-isolation. “The government didn’t respect their right to a private and family life,” Kojovic told the daily newspaper Dan.

“Persons on the list published on the official government website, then transmitted by all electronic and print media, are entitled to fair compensation for violation of their personal rights,” he added.

Kosovo Lawmakers Play Politics with Personal Data

Personal data and the right of access to public information remain largely unprotected in Kosovo after parliament failed again to elect a Commissioner for the Information and Privacy Agency, IPA, leading critics to accuse lawmakers of playing politics with citizens’ rights.

The Information and Privacy Agency, IPA, had asked the parliament to give its director, Bujar Sadiku, the powers of the Commissioner of the Agency despite the failed recruitment process for the post.

The request was rejected by the parliamentary Committee on Security Affairs as illegal, however, and civil society groups on Thursday publicly asked the Presidency of the Assembly, especially the Speaker, Vjosa Osmani, to be vigilant and ignore such illegal requests.

On August 14, none of the three candidates for the post received the required 61 votes, the third time in two years that parliament failed to appoint a Commissioner, failure analysts attribute to narrow political interests. The British embassy, which has assisted in the recruitment process, said British experts had been withdrawn.

Flutura Kusari, a legal adviser at the European Centre for Press and Media Freedom, who voluntarily monitored the recruitment process, said the British decision was a good one, but was “bad news” for Kosovo.

“It is not logical financially or politically for an ally to invest this much in a clearly politicised process,” Kusari told BIRN.

In its five years of existence, “the agency has failed from the beginning to protect our personal data,” she said. “If the Commissioner will be politicised, s/he can become a censor of public information, pleasing politicians.”

Starting ‘from zero’


The meeting of the Kosovo Committee on Security and Defence, where the annual report of the Information and Privacy Agency, IPA, for 2019 was reviewed, presented by IPA director Bujar Sadiku, June 16, 2020. Photo: Official Website of Kosovo Assembly.

Without a Commissioner, Kosovo has no institutional mechanism to implement the Law on Access to Public Documents and the Law on the Protection of the Personal Data.

The first two attempts to appoint a Commissioner failed in May and July last year due to the fall of the then government and the dissolution of parliament after the prime minister at the time, Ramush Haradinaj, resigned on being summoned for questioning by war crimes prosecutors in The Hague.

Without a Commissioner, citizens of Kosovo have no institutional means to complain and seek justice if a public or private body violates their rights to protection of their personal data or access to information. Civil society groups say that without an independent overseer, the agency could become biased in fining particular institutions or officials.

British-approved candidates

Twelve people applied for the position, cut down to five after a review of the applications. Each of the five candidates went through a two-day interview process, after which a commission selected three to be submitted to parliament.

They were Bujar Sadiku, Krenare Sogojeva-Dermaku and Muharrem Mustafa. Sadiku and Sogojeva-Dermaku had received the approval of the British Embassy as the best candidates.

The IPA is unable to impose fines on bodies that violate the law due to the absence of certain internal acts that should be signed and submitted to the government by the Commissioner, Jeton Arifi, head of the Access to Public Documents Pillar at the agency, told BIRN.

If a bank, for example, accidentally or intentionally revealed the account details of a customer, that customer would have to take the bank to court, a lengthy and potentially expensive process during which the bank could continue violating the law.

“The persistent failure to select the head of our authority is continuing to cause consequences in the prolongation of internal processes, which should have been concluded within six months from the entry into force of the relevant law,” Arifi told BIRN. The Law on Personal Data Protection entered into force on March 11, 2019.

Politicians can ‘hijack’ process

Without a Commissioner, the IPA is also unable to hire new staff and has had to halt a twinning project with Germany and Latvia.

“Now everything will start again from zero,” said Fatmire Mulhaxha Kollcaku, who heads parliament’s Committee on Security and Defence and led the interview panel for the Commissioner’s job.

“As long as we don’t have an independent institution with a competent Commission, we have two unenforceable laws,” said Mulhaxha Kollcaku, and questioned how the recruitment process would continue without the British involvement.

The British embassy said on August 17 that it would not spend British taxpayers’ money on repeating a process that had been conducted properly but which failed to end in the appointment of a Commissioner. Under the agreement with the embassy, parliament is obliged to endorse an approved candidate.

“The non-appointment of any of them calls into question the stated commitment of political parties to implement the Memorandum of Understanding (MoU) with the British Embassy, ​​but more importantly, it sends a negative signal to independent professionals in Kosovo and their hopes to contribute in Kosovo Institutions,” the embassy said.

“Any public appointment should take into account only the interests of the country and its citizens, and not the narrow party interest.”

Without the British involvement, politicians can “hijack the process and elect politically involved people with no actual skills for the position,” warned Kusari.

Taulant Hoxha, CEO of the NGO Kosovar Civil Society Foundation, which supports the development of civil society with a focus on EU integration, told BIRN:

“It is painful that the Kosovo Assembly has to sign security agreements with foreign embassies in order to be able to elect a Commissioner. It would make sense if only the human, technical, and methodological resources to be provided with funding from the British Embassy because the Assembly of Kosovo is a new institution.”

Serbia Keeps COVID-19 Medical Procurement Data Under Wraps

Serbia’s National Insurance Health Fund, RFZO, the public institution responsible for medical supplies procurement in Serbia, has declined to answer an FOIA request from BIRN about the amount of medical equipment purchased during the epidemic, the names of suppliers and how much money was spent on it, saying the government had classified such data “top secret” at the outset of the pandemic.

“Data on medical devices, medical equipment, personal and protective equipment, sanitary and medical consumables procured in Serbia during the state of emergency caused by COVID-19, as well as documentation on it, are marked with the security classification ‘top secret,’” RFZO said in a written answer to BIRN. 

Under the government’s decision from March 15, which RFZO quoted, information about public procurement during the COVID-19 pandemic will not be made available to the public until the pandemic ends.

In its request sent on August 12, BIRN asked about the quantity of purchased protective masks, protective suits, gloves, hats and tests for COVID-19 and the total amount of money spent on them. 

BIRN also asked about the prices at which this equipment was sold to pharmacies, as well as about the registration of medical equipment at the Medicines and Medical Devices Agency of Serbia, which is necessary for the import and placement of those goods on the Serbian market. 

Besides that, BIRN requested information about the total amount spent out of 9.5 billion dinars, which the Serbian government transferred to RFZO on March 31, 2020, “in order to mitigate the consequences of COVID-19 disease”. That point was left unanswered, too.

Serbia reported the first cases of COVID-19 in the beginning of March and declared a state of emergency on March 15 that lasted until May 6. 

During that time, Serbia was criticised for deciding to lengthen the time state bodies have to answer FOIA requests. It left many journalists having to wait until the state of emergency was lifted before their requests could be answered. 

Serbia’s government faces many questions about its general response to the pandemic, amid claims that there was a lack of necessary medical equipment, among other things. 

At the end of June, BIRN revealed that Serbia had under-reported COVID-19 deaths and infections. Data from the state’s COVID-19 information system showed that the number of infected patients who had died was twice as large as the number that the authorities announced. Hundreds more people had tested positive for the virus in June than was admitted. 

New Cyber Attacks on North Macedonia Spur Calls for Better Defences

Fresh cyber attacks in North Macedonia, this time targeting the health and education ministries, are spurring calls for more sophisticated cyber protection.

Last week’s attacks took down the websites of both ministries and were claimed by the hacker group ‘Anonopsmkd’, which previously took responsibility for a July 15 attack on the country’s most popular news aggregator TIME.mk.

The denial of service attack on TIME.mk, which involved more than 35 million addresses that generated thousands of clicks per seconds, coincided with a closely-fought parliamentary election in North Macedonia when the State Electoral Commission was also targeted.

In an interview last week, Anonopsmkd denied hitting the electoral commission, but it has warned that law enforcement structures in North Macedonia are its next target, spurring calls for greater protection of state bodies in the newest member of NATO.

“There should be a single protection system that would cover all government electronic services including agencies, ministries, local governments, and any legal entity or state body,” said Skopje-based cybersecurity consultant Mane Piperevski.

“This can be achieved by having a state-level Security Operation Centre with mixed ownership (51:49 in favour of the state),” Piperevski told BIRN. “The joint protection system would be under the leadership of the company that would be in charge of this Security Operation Centre.”

Hackers obstruct election result announcement

Piperevski said such a model had been implemented in a number of European Union countries.

“There is a quality staff within the government bodies that is ready to respond to such challenges,” he said. “The only problem, however, is with politics and priorities of the work in the institutions.”

Privacy and data protection expert Ljubica Pendaroska said the protection system should be multi-layered, “in order to make to make it as hard as possible for the hackers, and thus increase the protection of information and especially the personal data of citizens.”

“It is necessary for the institutions to have a developed and functional team and a procedure for rapid intervention and response in the case of an attack,” Pendaroska told BIRN.

An investigation conducted by the Ministry of Interior concluded that the electoral commission had been the target of a denial of service or DDoS attack which blocked publication of the preliminary results. The Commission website was out of action for several days.

“The investigation of this case continues in order to determine the IP addresses from where the attack was carried out, and for additional information to be collected to determine the perpetrator of this attack,” the ministry said.

National cybersecurity body has met only once

A spate of cyber attacks on state bodies in North Macedonia over the past few months has raised fears over the safety of its IT system, a concern for NATO too since the country joined the Western military alliance in March this year.

As BIRN reported in May, several cyberattacks in a short period of time exposed gaps in how North Macedonia’s authorities are dealing with cybersecurity issues.

In one security breach two months ago, a Greek hacker group calling itself ‘Powerful Greek Army’ leaked dozens of email addresses and passwords from staffers in North Macedonia’s ministries of finance and economy. Authorities are yet to determine how exactly the attack happened.

Last year, North Macedonia formed a National Council for Cyber Security, bringing together the ministers of interior, defence and information society. But it has so far met only once.

NATO member countries bear primary responsibility for their national cyber defences, but the alliance does provide expert support and has rapid reaction teams it can deploy in emergencies.

“NATO cyber experts can offer support and share information with Allies in real-time, including through our Malware Information Sharing Platform,” a NATO official told BIRN in an emailed response. “NATO has cyber rapid reaction teams on standby to assist Allies 24 hours a day, and our Cyberspace Operations Centre is operational.”

“NATO also invests in training, education and exercises which improve the skills of national cyber experts. Any attempts to interfere with democratic elections, including through hacking, are unacceptable, so we must remain vigilant.”

North Macedonia hackers target British pop stars
A hacker group from North Macedonia has claimed to have taken down the websites of British pop stars Dua Lipa and Rita Ora.

The attacks happened amid a row that erupted this month when Lipa, whose parents were born in majority-Albanian Kosovo, posted on social media a map of ‘Greater Albania’.

Ora, who was born in Kosovo but moved to Britain as a child, voiced her support for Lipa and called for Kosovo – which declared independence from Serbia in 2008 – to appear on Apple Maps.

AnonOpsMKD claimed responsibility for the attacks.

North Macedonia Probes Election Day Cyber Attacks

Authorities in North Macedonia have announced an investigation into election day’s cyber attack while experts are still puzzled about how the attack occurred on July 15, targeting the website of the state election commission, SEC, and the news aggregator website.

“It is not clear whether the [SEC] website was tested to withstand a large amount of connections for a short period of time, and whether it had the necessary DDoS protection,” cyber-security engineer Milan Popov told BIRN on Friday.

The Interior Ministry confirmed that it is looking into the matter. “The SEC reported the case and, immediately after the report, the Sector for Computer Crime and Digital Forensics took measures and activities to clear up the case,” ministry spokesman Toni Angelovski told BIRN.

Polling day on July 15 saw two of the highest profile cyber attacks the country has ever seen. In a single night, both the election commission’s website and the most popular news aggregator, TIME.mk, were brought down for several hours.

While TIME.mk quickly recovered, the SEC website is still having difficulties functioning. According to the SEC head, Oliver Derkovski, the attack probably came from abroad.

“We informed the Interior Ministry about this cybercrime. They were here today and I hope they will resolve it soon. It was an attack from abroad,” Derkovski said.

The IT company that runs the SEC election results page section, Duna Computers, said its own application functions flawlessly and the main issue came from the SEC website experiencing a sophisticated cyber attack.

The second cyber attack of the night, the denial of service, DDoS, attack that hit TIME.mk, involved more than 35 million addresses that generated thousands of clicks per second.

“There were brief interruptions but mostly the site withstood the attack. Unfortunately, we did not have the best protection, and this was our mistake, which we have corrected, so that it will not happen again,” the website’s founder, Igor Trajkovski, wrote on Twitter.

“I can say for sure that, for the second part of the attack, someone is connected to one of the sites that we index, because that is the only way through which they can find out our IP address,” Trajkovski added.

Unlike the SEC cyber attack, responsibility for this one was claimed by a hacker group that uses a logo similar to that of the famous hacktivist group Anonymous, and calls itself “Anonopsmkd”.

The group left a message in which it voiced displeasure with the election process in the country, and said it had targeted the TIME.mk website mostly because of its popularity. Regarding the group itself, information is scarce. However, in their message, they warned ominously that they are ready to strike again, and that they “neither forgive nor forget”.

North Macedonia Election Commission ‘Cyber-Attacked During Polls’

The website of North Macedonia’s State Electoral Commission, SEC, suffered an alleged denial-of-service, DDoS, attack for more than three hours during the parliamentary elections on Wednesday.

The attack delayed the SEC’s announcement of the official results of the tightly-contested vote on its website and it had to improvise by releasing partial results through YouTube clips instead.

SEC officials insisted that the alleged attack did not affect the data that they had been collecting throughout the day.

“From what I know so far, this was an attempted external attack. But until this is confirmed, I cannot speculate, we will know more about it tomorrow [Thursday]. The data wasn’t attacked and no damage was caused in the process,” SEC President Oliver Derkovski told a press conference.

At the same time as the SEC suffered the alleged attack, the country’s most popular news aggregator TIME.mk was also targeted by a heavy DDoS attack, which took the website down for a couple of hours. The site’s founder, Igor Trajkovski, said that Cloudflare, a US-based website security company, had to block millions of IP addresses involved in the attack.

“So far, Cloudflare has blocked three million IP addresses. And more new ones are appearing. We have never had such a DDOS attack before. Someone paid a lot of money to do this,” Trajkovski wrote on Twitter.

The attack was later claimed by a hacker group calling itself Anonymous Macedonia, which left a message on the website voicing displeasure with the election process, citing “empty promises from all political parties in this beautiful country”.

“We had yet another ‘democratic election process’, and as we can see, it is the same story repeating every three to four years,” the message said.

“It had to be your website because it has the highest number of visitors – no hard feelings,” It added.

With more than 90 per cent of the ballots counted, the ruling SDSM party was ahead of the opposition VMRO-DPMNE by some 10,000 votes.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now