EU Sets Up Joint Cyber Unit to Tackle Steep Rise in Cyber-Attacks

The European Commission on Wednesday laid out plans to build a new Joint Cyber Unit to coordinate responses among members states and EU bodies to the rising number of serious cyber-incidents impacting on the bloc’s public, commercial and private arenas.

The EU, like the rest of the world, has been struggling to meet the threat of what is being called “an epoch of intensifying cyber-insecurity”. In April, a range of EU institutions, including the Commission, were hit by a significant cyber-attack, part of a growing spate of brazen attacks being committed by states conducting espionage and seeking vulnerabilities, as well as criminal gangs often operating out of Russia, Iran and China.

The true scale of the problem is hard to assess, though Bitdefender’s 2020 Consumer Threat Landscape Report estimated ransomware attacks increased by 485 per cent in 2020 from the year before. So far this year, losses of over $350 million have been incurred in ransomware attacks, according to US Homeland Security Secretary Alejandro Mayorkas.

The EU’s planned Joint Cyber Unit, to be located next to the new Brussels office of the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for EU institutions, bodies and agencies (CERT-EU), is an attempt to create a platform to ensure the bloc can provide a coordinated response to large-scale cyber-incidents and crises, as well as to offer assistance to member states in recovering from these attacks.

As such, it will bring together European cyber-security communities – including civilian, law enforcement, diplomatic and cyber-defence, as well as private sector partners – which it says too often operate separately. Invited participants will be asked to provide operational resources for mutual assistance within the Joint Cyber Unit.

Ultimately, the Joint Cyber Unit would allow for protocols for mutual assistance between member states and EU bodies, and for national and cross-border monitoring and detection.

The Commission said it wants to establish the unit on a phased basis over four steps, with plans for it become operational by June 2022 and fully established by June 2023.

“We need to pool all our resources to defeat cyber-risks and enhance our operational capacity,” Margaritis Schinas, vice-president of the Commission, told a press conference.

The move was broadly welcomed by cyber-security analysts, who said that if the purpose of the Joint Cyber Unit is to have a pool of IT experts which can be thrown into the frontline of cyber-warfare, then it is a positive move.

However, Marcin Zaborowski, Policy Director of Globsec’s Future of Security Programme, warns that the new agency risks becoming like the EU Battlegroups in security and defence, which were formed in 2005 but have remained on standby ever since because there was never a time when all EU members states could agree on their deployment. “I am worried you might have the same thing here, that the rules of engagement will mean it is unable to get the unanimous agreement from all member states,” he tells BIRN.

He cites this week’s cyberattack on Poland’s top politicians and officials, which Jaroslaw Kaczynski, Poland’s chairman of the Committee for National Security and Defence Affairs, said in a statement was “wide-ranging” and carried out from the territory of the Russian Federation.

Aside from continuing confusion over whether this was actually an external attack or merely sloppy internet security by key officials, there remains the question over to what extent a Eurosceptic government like Poland would be prepared to give EU bodies like the new Joint Cyber Unit access to very sensitive, privileged national information.

“I would like to see tasks of the Unit drawn up that are truly workable and practicable, and areas of operation where the EU member states do feel comfortable. If it tries to get into things that are easily blocked by member states because they do not want to share information, then you have an announcement of the Unit but nothing more than a policy,” Zaborowski says.

Jonathan Terra, a Prague-based political scientist and former US diplomat, cautioned that being very public about ramping up and coordinating your ability to respond may, paradoxically, provoke more attacks than otherwise might have happened.

“Hackers, especially those doing covert state work, will attempt to defeat any new measures to show that they can act at will. Then as the cooperative ‘EU cyber-response’ mechanism goes into action, and damage assessment takes place, it will become clear that the key to dealing with this threat is to have a strong deterrent, which the EU doesn’t really have as an independent unitary actor,” he says.

Poland to Open Investigation into Belarus Hijacking of Ryanair Flight

Polish Prosecutor General and Justice Minister Zbigniew Ziobro on Monday ordered an investigation into the forced landing of a Polish-registered airplane by the Belarusian authorities and the subsequent removal of an opposition activist who enjoyed protected status in Poland.

Poland is on the frontline of the EU’s diplomatic war with Belarus and its authoritarian president, Alexander Lukashenko, who together with scores of Belarusian officials are under EU sanctions, including travel bans and assets freezes, imposed following the disputed August 2020 election and subsequent crackdown on protestors.

Poland has been vocal in its support of the Belarusian opposition, offering protection to exiles and providing Lukashenko critics with a house in Warsaw to use as their headquarters. The Lukashenko regime has retaliated by targeting members of the Polish minority in Belarus: in the last few months, several Poles in Belarus have been arrested, including Andrzej Poczobut, a journalist and member of the Association of Poles in Belarus.

The Ryanair flight from Athens to Vilnius was crossing Belarusian airspace when the authorities there, reportedly on Lukashenko’s orders, used a false bomb alert and a fighter jet to force the flight carrying Roman Protasevich to land in Minsk, where security services boarded the plane and arrested the opposition activist.

The incident, which has caused outrage across Europe and was described by Polish Prime Minister Mateusz Morawiecki as “an unprecedented act of state terrorism”, prompted prosecutors in Poland to open an investigation linked to two articles in the Polish criminal code.

One concerns the use of deception or threat of direct violence to take control of an aircraft, which in this case was officially registered in Poland, giving a legal basis for the investigation as the plane is considered Polish territory. The other concerns the unlawful deprivation of freedom of Protasevich, who last year was given protected status in Poland, allowing him to move freely inside the EU, as well as the other passengers.

The 26-year-old journalist is one of the founders of Telegram channel NEXTA, which played a prominent role in the organisation of protests against Lukashenko throughout the second half of last year. At least part of NEXTA’s content had been uploaded from Poland, which hosts a sizeable community of Belarusian exiles, including the channel’s founders and other opposition leaders. Protasevich was no longer living in Poland.

“I have asked the European Council President to expand tomorrow’s European Council agenda and discuss immediate sanctions against A. Lukashenka regime,” Prime Minister Morawiecki tweeted on Sunday night. “Hijacking of a civilian plane is an unprecedented act of state terrorism. It cannot go unpunished.”

Protasevich faces charges in Belarus of inciting public disorder and social hatred, carrying a jail sentence of up to 12 years if convicted. He is also on a list of terrorists compiled by Belarusian authorities and, if officially charged with terrorism, could face the death penalty. The terrified young man reportedly pleaded with the airline crew not to land the plane, saying he would face the death penalty if it did. Belarusian security operatives were reportedly on the plane, which was eventually allowed to fly to its destination in Lithuania after several hours.

The Czechs have joined its neighbour Poland in protesting the actions of the Belarusian regime, though there has been no official reaction yet from Hungary, Slovakia or a joint Visegrad Four statement. However, Katalin Cseh, a Hungarian MEP from the opposition Renew group wrote in a Facebook post: “The detention of the Belarusian activist is unacceptable – Europe must act!… The Hungarian government and Foreign Minister Péter Szijjártó must stop their harmful practice of vetoing joint EU action. Instead of supporting dictatorships, the Hungarian government must finally stand up for the protection of our democratic values.”

Glitched Online Registration System for COVID-19 Vaccination Confuses Croatia

As more doses of COVID-19 vaccines finally arrive in Croatia, problems continue when it comes to registration, especially through the national online platform, CijepiSe [Get vaccinated].

“I expected the CijepiSe platform to work because the pandemic has lasted such a long time,“ Mia Biberovic, executive editor at the Croatian tech website Netokracija, told BIRN.

“I assumed the preparations were done early enough,“ she said, concluding that alas, this was not the case. As a consequence, she noted, a small number of people who applied online for a jab are being invited to get vaccinated.

For days, media have reported on problems with the platform, which cost 4.4 million kuna, or about 572,000 euros. On Friday, media reported that the data of the first 4,000 people who applied for vaccination via the platform during its test phase in February had been deleted.

The health ministry then denied reports about the deletion, and said the data relevant for making vaccination appointments had not connected in the case of 200 citizens who booked vaccinations during the test trial.

“The problem is, first, that the test version came when it [the system] was not functional yet. Second, [in the test phase] there were no remarks about the protection of users’ data, i.e. how the user data left there would be used,” Biberovic, who was also among those who applied during the test trial, noted.

“As far as I understood, the data was not deleted but could not be seen anywhere because it was incomplete … So they are not deleted, but again, they are not usable, which is even more bizarre,“ Biberovic added. “This is certainly a risk because citizens do not know how their data is being used.”

Vaccination appointments in Croatia can be ordered through the CijepiSe online platform, a call centre or via general practitioners, and all those who apply should be put on a single list. However, direct contact with a doctor has turned out to be the best way to get a vaccination appointment.

The ministry on Saturday said 198,274 citizens have been registered via the CijepiSe platform, of whom 45,416 have been vaccinated. But around 40,000 of these were not invited through the platform but by direct invitation of general practitioners.

Zvonimir Sostar, head of the Zagreb-based Andrija Stampar Teaching Institute of Public Health, stated on Saturday that the platform was not functioning in the capital, and that they would change the vaccination registration system, advising citizens to register via general practitioners.

Shortly after, the ministry promised that “everyone registered in the CijepiSe system will receive their vaccination appointment”.

“Maybe the platform is not functioning the way we wanted, but it functions well enough to cope with the challenges of vaccination. I read in the papers that the system of vaccination has collapsed. That’s not true! We are increasing the daily number of vaccinations,” Health Minister Vili Beros said on Sunday.

However, the Conflict of Interest Commission, an independent state body tasked with preventing conflicts of interest between private and public interests in the public sector, confirmed on Tuesday that it has opened a case against Beros. It comes after the media reported that the minister has ties to the company that designed the CijepiSe platform. The minister denies any wrongdoing.

Secure Comms: Cracking the Encrypted Messages of Balkan Crime Gangs

When Serbian police arrested the leaders of a notorious crime gang in the first few days of February this year, in the search for evidence they seized 44 mobile phones equipped with an encrypted messaging app created by Canada-based Sky ECC.

Sky ECC described itself as “a global leader in secure messaging technology”, helping to keep a host of industries safe from identity theft and hacking. Law enforcement authorities in the United States and Europe, however, say it was created with the sole purpose of facilitating drug trafficking and had become the messaging app of choice for transnational crime organisations.

Using equipment that President Aleksandar Vucic said Serbia had “borrowed from friends”, police managed to access the app. What they found was gruesome, and damning – photos of two dead men, one of them decapitated.

Led by Veljko Belivuk, the gang – part of a group of violent football fans – is suspected of drug trafficking, murder and illegal weapons possession.

Belivuk and his associates, who remain in custody but have not yet been charged, allegedly used the app to organise criminal activities, and to brag about their exploits. In this, they were not alone.

On March 9, three days after Vucic displayed the photos, police in Belgium and the Netherlands made what Europol described the next day as a large number of arrests after secretly infiltrating the communications of some 70,000 Sky ECC devices and, from mid-February, reading them ‘live’.

On March 12, US authorities indicted Jean-Francois Eap, chief executive officer of Sky Global, the company behind Sky ECC, and Thomas Herdman, a former high-level distributor of Sky Global devices, accusing them of conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act, RICO. Eap issued a statement denying any wrongdoing.

Critics of the government under Vucic say Belivuk had long acted with impunity, protected by reported ties to a number of senior governing officials.

Serbia boasted of a “war” on organised crime. But the timing of Belivuk’s arrest and the operation against Sky ECC raises fresh questions about what preceded the Serbian police swoop – whether Serbia acted alone, or was prompted to do so by evidence unearthed elsewhere.

Either way, the downfall of Belivuk and Sky ECC has shed new light on the lengths Balkan crime gangs have gone to evade surveillance, and the challenge facing authorities to strike back. It has also fuelled talk of the need to criminalise such software, raising alarm among some who say this would punish legitimate users, from political dissidents to investigative journalists.

The Serbian Interior Ministry and Security Intelligence Agency, BIA, did not respond to requests for comment.

“Organised crime groups from the Balkans have adapted quickly and cleverly in recent years to innovate and use technology to their advantage,” said Walter Kemp, director of the South-Eastern Europe Observatory at the Global Initiative Against Transnational Organised Crime.

While some still carry cash across borders or use wire transfers, others are using encrypted communication tools, laundering money through cryptocurrencies and elaborate financial schemes and branching into cyber and cyber-enabled crime, Kemp told BIRN. 

“But while criminals are first-movers and quick adapters in using technology, law enforcement agencies are lagging behind.”

This message will self-destruct


Screenshot: skyecc.com

Founded in 2008, Sky ECC surged in popularity after messages sent via another encrypted messaging service, EncroChat, were intercepted and decoded in a French and Dutch-led operation in mid-2020, leading to the arrest of over 800 people Europe-wide and the seizure of drugs, guns and large sums of suspect cash.

Sky devices offered self-destructing messages, an encrypted vault and a panic button in the event the user believed the device had been compromised. Sky ECC was installed exclusively on secure devices from Apple, Google and Blackberry, which could be bought online. All that was required of a user was to pay a subscription.

At the time of the police operation, three million messages per day were being sent via Sky ECC. Roughly 20 per cent of its 170,000 users were in Belgium and the Netherlands, with the greatest concentration in the Belgian port of Antwerp, a popular destination for illegal drugs arriving in Europe from South America. 

Europol, the European Union’s police agency, said that information acquired from “unlocking the encryption” of Sky ECC would help solve serious and cross-border organised crime “for the coming months, possibly years.”

For Balkan clients, there were three websites promoting the app in languages of the region – skyecceurope.com, skyeccbalkan.com, skyeccserbia.com.

It is unclear if these operated under the umbrella of Sky Global or were independent distributors.  BIRN contacted them but did not receive any reply. The website of Sky Global is also now in the hands of authorities. BIRN was unable to reach the company for comment.

Serbian nationals arrested in France and UK

Sky and EncroChat devices were, until recently, easy to find on Serbian and Croatian advertising sites, their price ranging from 600 euros to 2,200 euros depending on the type of phone and subscription. Subscriptions were commonly paid with cryptocurrency, to avoid leaving a trace.

A police official in Bosnia and Herzegovina said they were also in use among criminals there.

“They use those special apps and providers you can’t interfere with, and there’s no trace of their existence in the phone. The use is legal here,” the official, who declined to be named, told BIRN.

While police were unable to intercept the communication, he said, in some cases an arrested person would confess to using such apps and provide access.

A senior Interpol official, who spoke on condition of anonymity, said Balkan drug gangs were using EncroChat to communicate with South American cartels concerning the trafficking of drugs to Europe.

French authorities had been investigating EncroChat since 2017, stepping up efforts in 2019 and secretly installing an implant on all EncroChat devices disguised as a system update. The implant caused the device to transmit all data that had not been erased to a French police server and to Europol and collected data created after the device had been compromised.

The company eventually alerted users but millions of messages had already been intercepted.

Dutch and French police as well as Europol declined to give any further details regarding possible connections to Balkan crime gangs, citing the ongoing nature of the investigation.

A French newspaper report on March 27, however, said that a Serbian national had been arrested in a suburb of Paris following the Sky ECC operation on suspicion of selling its devices. In the UK, reports say another Serbian, 29-year-old Milos Bigovic, pleaded guilty in a UK court in August 2020 after he was arrested trying to smuggle cocaine hydrochloride into southern England on a cruise ship, his communications having been intercepted in the operation against EncroChat.

In Serbia, some criminals went further; in 2019, when police busted a major marijuana farm that had been run with the help of several security service officials, investigators found that those involved had communicated via a custom-made app called ‘Razgovor’ [Conversation].

Those arrested handed over their phones, apparently confident that police would not discover the app hidden behind the calculator interface. They were wrong and police, according to the indictment, gained access to conversations in which the suspects agreed on the production and distribution of drugs.

Admissible in court


Members of Veljko Belivuk’s group are being transferred for interrogation with a strong police presence. Photo:mup.gov.rs

It remains unclear whether foreign authorities supplied Serbia with evidence against Belivuk and Co obtained as part of the operation against Sky ECC, or if Serbia only harvested content from the devices it seized in the arrests.

Bearing in mind that most of the content sent via Sky devices disappeared soon after being sent, it is doubtful police in Serbia were able to recover much from the seized devices.

Authorities in Serbia did not respond to BIRN’s questions.

In the case of intercepted communication, for it to be used as evidence in court the police must have had prior court permission to conduct surveillance. It is not known whether Belivuk and his gang were under court-sanctioned surveillance. BIRN asked the court but was told such information cannot be disclosed.

The issue came before a UK court in February, when appeals judges rejected an attempt to prevent prosecutors from using as evidence messages sent via EncroChat.

The case rested on whether communications had been intercepted by French police while ‘being transmitted’ by the device or while ‘stored’ on it. As the material had been extracted from the device itself and was unencrypted, the Appeal Court found that the evidence had not been gained by ‘interception’ and was admissible, the BBC reported.

Criminalising encryption

Sky Global has denied any wrongdoing, with CEO Eap saying “We stand for the protection of privacy and freedom of speech in an era when these rights are under increasing attack. We do not condone illegal or unethical behaviour by our partners or customers. To brand anyone who values privacy and freedom of speech as a criminal is an outrage.”

But Serbian Interior Minister Aleksandar Vulin said the use of such devices should be illegal.

“It is indisputable that it is used by criminals,” Vulin said on March 7. “I am in favour of it being a crime, as I believe that the purchase of any telephone number, regardless of whether it is prepaid or postpaid, must be done with an ID card.”

“It may not stop criminals from using it, but if nothing else it will give the police another reason to arrest them and remove them from the streets.”

Some journalists and rights advocates say this is a slippery slope.

“Encryption is a tool. And like any tool, it can be used for good and for bad,” said Fabian Scherschel, a freelance journalist, writer and podcaster who has covered the topic closely.

“We’ve already seen legislation against so-called ‘hacker tools’ massively backfire and threaten to criminalise the legitimate work of IT security specialists and journalists. I have a feeling this legislation could cause similar problems. It will also, most likely, make it easier to spy on the general populace, who has no intention of using encryption to hide criminal behaviour whatsoever.”

Diego Naranjo, head of policy at the Brussels-based advocacy group European Digital Rights, EDRi, said it was important to challenge the narrative that encryption is only used by criminals.

“As any other interference with human rights, an attack on encryption or privacy-enhancing technologies needs to be prescribed by law, necessary and proportionate to the aims to be achieved in a democratic society,” said Naranjo.

He noted that the EncroChat and Sky ECC cases had demonstrated that law enforcement agencies have ways to penetrate such communication.

“We may be already in the Crypto wars 3.0, and it is up to us to ensure that encryption is perceived as a tool to ensure human rights and not something only criminals use.”

Lidija Komlen Nikolic, Serbian Deputy Appellate Public Prosecutor, warned of the dangers of criminalising the use of such apps.

“The idea is to enable state authorities, the police, to be able to find evidence more easily for the fight against organised crime or any other type of crime,” Nikolic told N1 regional broadcaster.

“But there should not be the presumption that all of us, who have devices or have software that uses some kind of encryption, are potential perpetrators of a crime.”

Greece Shocked as Crime Reporter Shot Dead in Athens

Giorgos Karaivaz was returning to his home in the southern Athens suburb of Alimos after work when, according to the authorities, he was shot by two persons wearing dark clothes and riding a light motorcycle.

The perpetrators are believed to have used a silencer, as the shots were not heard by nearby residents. The attack took place around 2.30pm and, according to police reports, 17 to 20 bullet casings have been found on the spot.

Karaivaz, a veteran reporter, specialized in the police and crime beat, appearing daily on a show on Star TV. He was also the founder and owner of bloko.gr, a website that focused on issues related to law enforcement authorities.

After the news of his death broke, his colleagues at bloko.gr wrote a post titled “Grief”.

“Giorgos Karaivaz, the founder and owner of bloko.gr, is not with us anymore. Some people decided to close his mouth and make him stop writing his texts, with bullets. They executed him in front of his house. For we, who in the last years worked with him, who were guided by him in difficult moments, drinking wine together, honoured by his friendship, these are very difficult times,” the post said.

The board of the journalists’ union expressed “deep sadness for the loss of their colleague” and called on the government and the authorities to “solve the crime immediately and deliver the perpetrators to justice”.

The union added that “journalists won’t be discouraged by murders, injuries and threats”, and said that they will continue to defend the freedom of the press and journalists’ work against pressures, threats and mafia-like practices and criminal plans.

He had lately covered a number of issues, including the arrest of Dimitris Lignadis, the former artistic director of the National Theatre; evaluations of police officials; and the strong police guard assigned to Menios Fourthiotis, a TV presenter, which was later withdrawn after harsh criticism.

The last time a journalist was shot dead in Greece was in July 2010, when Socrates Gkiolias was shot dead outside his house, after being shot 15 times.

Romanian Suspected of Audacious Cryptocurrency Theft Arrested

A tribunal in Iasi in northeastern Romania has ordered the pre-trial detention of 30 days for a man arrested last Thursday for allegedly stealing half a million euros in crypto from a leading cryptocurrency operator, sources from the organised crime prosecution office told BIRN.

The victim of the fraud is a company based in the Cayman Islands, and the seventh-largest cryptocurrency operator in the world, prosecutors said in a statement.

According to the Directorate for Investigating Organised Crime and Terrorism, DIICOT, the suspect broke into the system using the Application Programming Interface key, which he had fraudulently obtained before launching his cyberattack between January 28 and 31 this year.

After accessing the system, he transferred cryptocurrency worth 620,000 US dollars, or 520,000 euros, to the personal accounts of several people who paid him in real money for the digital assets.

“In order to hide the criminal deeds, the accused chose to take possession of the money through several withdrawals of small sums of 10,000 lei [around 2,000 euro] so he was not asked to provide an ID document,” the DIICOT statement said.

The operation that led to his arrest included raids in two locations from which seven cellphones, three laptops, five memory sticks as well as two e-wallets and 10,800 lei in cash were seized.

Romanian law enforcement agencies also sequestrated 40,000 lei from the account of one of the bitcoin traders who had bought stolen crypto from the accused.

The suspect will be charged with illegally accessing an informatic system, informatic fraud and money laundering.

Cyber-Attacks a Growing Threat to Unprepared Balkan States

It wasn’t voting irregularities or the counting of postal ballots that delayed the results of last year’s parliamentary election in North Macedonia, but an audacious denial-of-service, DDoS, attack on the website of the country’s election commission.

Eight months on, however, the perpetrator or perpetrators behind the most serious cyber attack in the history of North Macedonia have still to be identified, let alone brought to justice.

While it’s not unusual for hackers to evade justice, last year’s Election Day attack is far from the only case in North Macedonia still waiting to be solved.

“Although some steps have been taken in the meantime to improve the situation, it’s still not enough,” Eurothink, a Skopje-based think-tank that focuses on foreign and security policy, told BIRN in a statement.

“The low rate of solved cyber-crime cases is another indicator of the low level of readiness to solve cyber-attacks, even in cases of relatively ‘less sophisticated’ and ‘domestic’ cyber threats.”

Across the Balkans, states like North Macedonia have put down on paper plans to tackle the threat from cyber terrorism, but the rate of attacks in recent years – coupled with the fact many remain unresolved – point to serious deficiencies in practice, experts say. Alarmingly, Bosnia and Hercegovina does not even have a comprehensive, state-level cyber security strategy.

“I am convinced that all countries [in the region] are vulnerable,” said Ergest Nako, an Albanian technology and ecosystems expert. “If an attack is sophisticated, they will hardly be able to protect themselves.”

In the case of Albania, Nako told BIRN, “the majority of targets lack the proper means to discover and react to cyber-attacks.”

“With the growing number of companies and state bodies developing digital services, we will witness an increasing number of attacks in the future.”

Ransomware a ‘growing threat’ to Balkan states


Illustration. Photo: Unsplash/Dimitri Karastelev

The COVID-19 pandemic has underscored the threat from cyber-attacks and the impact on lives.

According to the 2021 Threat Report from security software supplier Blackberry, hospitals and healthcare providers were of “primary interest” to cyber criminals waging ransomware attacks while there were attacks too on organisations developing vaccines against the novel coronavirus and those involved in their transportation.

Skopje-based cyber security engineer Milan Popov said ransomware – a type of malware that encrypts the user’s files and demands a ransom in order access – is a growing danger to Balkan states too.

“Bearing in mind the state of cyber security in the Western Balkans, I would say that this is also a growing threat for these countries as well,” Popov told BIRN. “While there haven’t been any massive ransomware attacks in the region, there have been individual cases where people have downloaded this type of malware on their computers, and ransoms were demanded by the various attackers.”

A year ago, hackers targeted the public administration of the northern Serbian city of Novi Sad, blocking a data system and demanding some 400,000 euros to stop.

“We’re not paying the ransom,” Novi Sad Milos Vucevic said at the time. “I don’t even know how to pay it, how to justify the cost in the budget. It is not realistic to pay that. Nobody can blackmail Novi Sad,” he told Serbia’s public broadcaster.

A local company announced the following that it had “eliminated the consequences” of the attack.

In Serbia, cyber security is regulated by the Law on Information Security and the 2017 Strategy for the Development of Information Security, but Danilo Krivokapic of digital rights organisation Share Foundation said that implementation of the legal framework remained a problem.

“The question is – to what extent our state bodies, which are covered by this legal norm, are ready to implement such measures?” Krivokapic told BIRN. “They must adopt [their own] security act; they need to undertake measures to protect the information system.”

Political battles waged in cyber space


Illustration. Photo: Unsplash/Stephen Phillips

North Macedonia was the target of a string of cyber attacks last year, some attributed to a spillover of political disputes into cyber space.

In May 2020, a Greek hacker group called ‘Powerful Greek Army’ hacked dozens of e-mail addresses and passwords of employees in North Macedonia’s finance and economy ministry and the municipality of the eastern town of Strumica.

The two countries have been at odds for decades over issues of history and identity, and while a political agreement was reached in 2018 tensions remain. Similar issues dog relations between North Macedonia and its eastern neighbour Bulgaria, too.

“Cyber-attacks can happen when a country has a political conflict, such as the current one with Bulgaria or previous one with Greece, but they are very rare,” said Suad Seferi, a cyber security analyst and head of the Informational Technologies Sector at the International Balkan University in Skopje.

“However, whenever an international conflict happens, cyber-attacks on the country’s institutions follow.”

Bosnia without state-level strategy


Illustration. Photo: Naipo de CEE

In Bosnia, the state-level Security Ministry was tasked in 2017 with adopting a cyber security strategy but, four years on, has yet to do so.

“Although some strategies at various levels in Bosnia are partially dealing with the cyber security issue, Bosnia remains the only South Eastern European country without a comprehensive cyber security strategy at the state level,” the Sarajevo office of the Organisation for Security and Cooperation in Europe, OSCE, told BIRN.

It also lacks an operational network Computer Emergency Response Teams (CERTs) with sufficient coverage across the country, the mission said.

The Security Ministry says it has been unable to adopt a comprehensive strategy because of the non-conformity of bylaws, but that the issue will be included in the country’s 2021-2025 Strategy for Preventing and Countering Terrorism.

So far, only the guidelines of a cyber security strategy have been adopted, with the help of the OSCE.

Predrag Puharic, Chief Information Security Officer at the Faculty for Criminalistics, Criminology and Security Studies in Sarajevo, said the delay meant Bosnia was wide open to cyber attacks, the danger of which he said would only grow.

“I think that Bosnia and Herzegovina has not set up the adequate mechanisms for prevention and reaction to even remotely serious attacks against state institutions or the citizens themselves,” Puharic told BIRN.

The country’s defence ministry has its own cyber security strategy, but told BIRN it would easier “if there were a cyber-security strategy at the state level and certain security measures, such as CERT”.

‘Entire systems jeopardised’


A laptop screen displays a message after it was infected with ransomware during a worldwide cyberattack. Photo: EPA/ROB ENGELAAR

Strengthening cybersecurity capacities was a requirement of Montenegro when it was in the process of joining NATO in 2019, prompting the creation of the Security Operations Centre, SOC.

According to the country’s defence ministry, protection systems have detected and prevented over 7,600 ‘non-targeted’ malware threats – not targeted at any particular organisation – and more than 50 attempted ‘phishing’ attacks over the past two years.

“In the previous five years several highly sophisticated cyber threats were registered,” the ministry told BIRN. “Those threats came from well-organised and sponsored hacker groups.”

Previous reports have identified a scarcity of cyber experts in the country as an obstacle to an effective defence. Adis Balota, a professor at the Faculty of Information Technologies in Podgorica, commended the strategies developed by the state, but said cyber terrorism remained a real threat regardless.

“Cyber-attacks of various profiles have demonstrated that they can jeopardise the functioning of entire systems,” Balota said. “The question is whether terrorists can do the same because they are using cyberspace to recruit, spread propaganda and organise their activities.”

This publication was produced with the financial support of the European Union. Its content is the sole responsibility of BIRN and does not necessarily reflect the views of the European Union nor of Hedayah.

Child Pornography Offences Increase in Romania During Pandemic

The Romanian Directorate for Investigating Organised Crime and Terrorism, DIICOT said on Friday that there has been an increase in the detected production and distribution of pornographic material featuring minors, as freedom of movement limitations bring about by the pandemic led to a dramatic increase in online interactions.

“The number of pornographic materials with minors detected by prosecution bodies and even by the private sector is on the rise, which demands that we concentrate our efforts in combating this kind of criminal activity,” the DIICOT said in its report for 2020.

The report differentiates between content produced with the participation of the perpetrators and that which has been “self-generated” by minors themselves.

Material self-generated material became more prevalent in 2020, when a growing number of offenders convinced or blackmailed the victims into filming or photographing themselves engaging in obscene acts. In most of such instances, the minors were approached online.

Prosecutors also observed “an upsurge” in the use of livestreaming services among minors who produce pornography motivated by the “significant financial gains” they obtain.

In February 2021, DIICOT has already reported five child pornography cases.

On February 2, a suspect was arrested in the eastern county of Buzau for allegedly approaching a female minor through a social network from whom he obtained several pictures and videos of a sexual nature that he then distributed online.

On February 11, another suspect was apprehended in the north of Romania on charges of blackmail, child pornography and corrupting a child. According to prosecutors, between August 2020 and February 2021 the suspect recruited an unspecified number of minors online to send pornographic content to him.

The suspect then used the images as tools of blackmail to threaten the children to supply him with more material, prosecutors alleged. He has been remanded in custody for 30 days and will face trial.

Pandemic Leads to Rise in Cyber Abuse of Children in Albania

Thousands of children in Albania are at greater risk of harm as their lives move increasingly online during the COVID-19 pandemic, UNICEF and local experts warn.

The closure of the country in March last year due to the spread of the novel coronavirus, including a shift to online schooling, has led to an increase in the use of the Internet by children, some of them under the age of 13.

According to a 2020 UNICEF Albania study titled “A Click Away”, about 14 per cent of children interviewed reporting experiencing uncomfortable online situations, while one in four said they had been in contact at least once with someone they had never met face-to-face before.

The same study said that two in 10 children reported meeting in person someone they had previously only had contact with online, and one in 10 children reported having had at least one unwanted sexual experience via the internet.

A considerable number of those who had caused these experiences were persons known to the children.

UNICEF Albania told BIRN that, after the closure of schools and the introduction of social distancing measures, more than 500,000 children found themselves faced with a new online routine. Online platforms suddenly became the new norm.

“If before the pandemic 13-year-olds or older had the opportunity to gradually become acquainted with social media, communication applications or online platforms, the pandemic suddenly exposed even the youngest children to information technology,” the office told BIRN.

Growth in child pornography sites

According to another report, by the National Centre for Safe Internet and the Centre for the Rights of the Child in Albania, there has been an alarming rise in reports of child pornography sites on the Internet.

This report, titled ‘Internet Rapists: The Internet Industry in the Face of Child and Adolescent Protection in Albania’, is based on data obtained from the National Secure Internet Platform, National Helpline for ALO Children 116-111 and the National Centre for Secure Internet in Albania.

“The number of reported sites of child pornography has reached a record 6,273 pages, or 600 times more than a year ago,” the report states.

It said that “40 per cent of the cases of pornographic sites, videos or even images with the same content are with Albanian children, while over 60 per cent of the cases of pornography are with non-Albanian children”.

The 15-17 year-old age group is most affected by cyber incidents, it said.

Cybercrime experts at the Albanian State Police also told BIRN: “There has been a general increase in criminal offenses in the area of ​​cybercrime.”

In August last year, UNICEF Albania published another study, “The lost cases”, noting that between 5,000 and 20,000 referrals are made annually by international partners such as Interpol, Europol and the National Centre for Missing and Exploited Children to the cybercrime department of Albanian police regarding the possession, distribution, production and use of child sexual abuse materials in Albania.

But according to official data of the Ministry of Interior, between 2016 and 2018, only 12 cases were investigated under Article 117 of the Criminal Code, ‘pornography with minors’, and only one case was ended in conviction.

Turkey Detains 39 for ‘Terrorist Propaganda’ Social Media Posts

The Turkish Interior Ministry announced on Tuesday that security forces detained 39 social media users in the first week of February for allegedly posting propaganda for terrorist organisations online.

It said that a total of 575 offenders have been detected and that detentions continue.

“Debates and developments on social media platforms as well as the social media accounts of illegal groups and structures are being followed closely,” the ministry said in a written statement.

The detainees are accused of propaganda for organisations which Turkey accepted as terrorist organisations, including the outlawed Kurdistan Workers’ Party, PKK, the so-called Islamic State, extremist leftist groups and the so-called Fethullahist Terrorist Organisation – a name Turkey uses to brand followers of exiled Turkish preacher Fethullah Gulen, who Ankara accuses of orchestrating a failed coup attempt in 2016.

The 39 detainees include several students who allegedly run social media accounts to organise the recent series of high-profile protests against the political appointment of a new rector at the prestigious Bogazici University in Istanbul.

Riot police staged a major operation to disperse the student protesters last week, with hundreds detained and dozens charged.

Aysen Sahin, an independent Turkish journalist, was also detained by police at her home on Monday evening for posting a message on Twitter during last week’s student protests.

Sahin was detained after some pro-government newspapers criticised her. She was released on Tuesday morning.

The Turkish government’s crackdown on social media users intensified after it introduced a new law on digital media last year.

The new law allows security forces to detain anyone responsible for suspicious posts which are linked to terrorist organisations or any kind of disinformation.

As part of the new law, social media platforms are forced to appoint legal representatives in the country to answer the government’s demands to delete social media posts and close accounts.

YouTube, Facebook, Instagram, TikTok and Russia’s VK social media platform decided to appoint representatives after Turkish government fined them twice. Twitter, however, is still resisting the Turkish government’s new regulations.

According to the Turkish Interior Ministry, 14,186 social media accounts were investigated and 6,743 people were tried because of their posts on social media in first eight months of 2020.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now