Category: Security

Hackers Step up Cyberattacks on Hospitals amid Pandemic

Posted on by BIRD

Romanian cybersecurity giant Bitdefender said on Friday that online attacks linked to Covid-19 “have risen by 475 per cent in March as compared to the previous month”, and the numbers are expected to keep increasing until the end of the month .

“Almost one third of the Covid-19-related attacks target public authorities and healthcare institutions,” Bitdefender said in a statement.

One of the medical centres targeted was a hospital in the Czech Republic currently being used for tests against coronavirus.

Bitdefender’s security specialist Filip Truta said that “the cyberattack thwarts efforts in fighting the pandemic”.

Hackers usually infect computers by fooling medical institutions’ personnel with “information about medical procedures and therapies to treat COVID-19 infections”, said Bitdefender. Such messages are mostly sent in the name of institutions such as the World Health Organisation.

The statement mentions the US, Turkey and France as the most targeted countries in the world. Romania was the ninth more targeted country.

“Cyberattacks against hospitals can bring to a halt their activity if, for example, the medical data of the admitted patients is blocked,” Bitdefender said.

“Over time, attackers have repeatedly infected the computers with ransomware and then have asked for a ransom to give back the access to the data,” it added.

In a typical case of these kind of attacks, hackers “code data such as the patients’ medical records” making it impossible for the doctors to treat the patients or perform surgeries.

“As it has happened in Romania, the management of a hospital can be forced to pay a ransom to decode the data” to be able to save the patient.

Hackers also sell patients’ data for up to $400 per medical record on the deep web. Those who buy this information normally use it for frauds.

Bitdefender has decided to offer free assistance to medical institutions so they can step up their security during the coronavirus crisis. Hospitals, clinics and other medical centres can ask for help at the Bitdefender site. www.bitdefender.com/freehealthcaresecurity

Are you interested in topics related to freedom of information, data protection and cybersecurity? Find out more on our interactive platform, BIRN’s Investigative Resource Desk (BIRD).

Montenegrin Coronavirus Patients’ Identities Exposed Online

Posted on by BIRD

After Montenegrin Prime Minister Dusko Markovic announced on Tuesday evening that the country had its first two coronavirus cases, the patients’ identities were published by social media users.

Photos of one of the patients and her family were also posted online.

The ethnicities and religious beliefs of the patients were then targeted with hate-speech comments by some people on social networks.

The Montenegrin Association against AIDS, CAZAS, said that that every patient has the right to privacy and medical confidentiality.

“If you share photos of people who are infected on social networks and spread information about their health, you are directly violating [their] privacy and patient’s rights. There can be legal consequences for doing that,” CAZAS said in a press release.

President of the NGO Civic Alliance, Boris Raonic, warned about the danger of intolerance spreading in country as a result of the coronavirus.

“The stigmatisation of the infected and their families is a great danger in the coming period,” Raonic wrote on Twitter.

The first two coronavirus patients in the country had both recently returned to Montenegro, from Spain and from the US. One patient is from the city of Ulcinj and the other from the capital Podgorica.

Montenegro is a multi-ethnic state and is highly unusual in having no overwhelming community that makes up over half of its population.

About 45 per cent of the population identify as Montenegrins and about 29 per cent as Serbs. Albanians make up about 5 per cent of the population.

INSI: Decline in 2019 Media Workers’ Deaths as They Pull Back from Deadly Conflicts

Posted on by BIRD

According to the annual report “Killing the Messenger,” published last Friday by London-based International News Safety Institute, INSI, a total of 48 journalists died in 2019 in incidents and accidents directly related to their work, the lowest number in 16 years.

That does not, however, mean journalists are now safer while doing their jobs, said INSI director Elena Cosentino.

“The decline in casualties was simply because fewer journalists reported from conflict zones in the first place,” Cosentino said.

“Syria, Yemen and Afghanistan were deemed simply too dangerous for either local or international media to cover and were dropped from many outlets’ news agenda.”

The deadliest country for media workers in 2019 was Mexico, with 12 reporters killed, followed by Tanzania (5), Afghanistan (4), Syria (4), Honduras (3) and Somalia (3).

Last year also marked the first time in 21 years that no journalist was killed in a foreign country, which comes as a result of media organisations pulling back their staff from the most dangerous places.

All 48 causalities in 2019 were local journalists reporting from their home countries, and the majority of them died while reporting on crime, politics and corruption by unknown perpetrators.

The past year proved partially successful in terms of investigations into the murders of some prominent journalists, including “significant legal developments in the killings of Ján Kuciak from Slovakia; Saudi Arabia’s Jamal Kashoggi; and Daphne Caruana Galizia in Malta,” the report said.

Slovak investigative reporter Kuciak and his fiancée, Martina Kusnirova, were shot dead in their home in February 2018. The trial of four people accused of the brutal killing started in mid-January, while in December another accused was sentenced to 15 years in jail in a separate trial.

Jamal Kashoggi, a Saudi dissident and journalist, entered the Consulate of Saudi Arabia in Istanbul in October 2018 and never came out. At first, Saudi Arabia denied having anything to do with the reporter’s disappearance, but then the authorities finally acknowledged that their own officials were behind the murder. The whereabouts of his body is still unknown.

Daphne Caruana Galizia was a Maltese journalist, writer, and anti-corruption activist who was killed in a car bombing near her home in 2017. Last November, the case saw an important development when the main suspect and alleged sponsor of the crime was arrested. He then accused Keith Schembri, the chief of staff of former Prime Minister Joseph Muscat, of ordering the assassination.

The murder, like that of Kuciak in Slovakia, sparked mass protests that forced the prime ministers of both countries to resign.

However, INSI said that the legal developments happened thanks to the enormous pressure brought by Caruana Galizia’s family and international media coverage.

“Daphne’s case proves that with enough time and pressure even the most powerful could one day be held to account,” Cosentino said.

“As happened in Malta, raising the cost of killing a journalist is the ultimate aim for everyone in the news industry. Despite the progress made in 2019, that still feels like a long way off.”

Serbia Urged to Come Clean on Journalists’ Surveillance

Posted on by BIRD

International media watchdog Reporters Without Borders, RSF, has called on the Serbian authorities to investigate how much surveillance goes on in the country – after the Serbian news agency Tanjug on February 16 published a response written by the Defence Minister to a never-published opinion piece by a former defence minister.

The former defence minister and current opposition politician Dragan Sutanovac emailed his article on defence issues to the editor of the weekly Nedeljnik, Veljko Lalic, which decided not to run it.

RSF noted its concern that current minister Aleksandar Vulin felt able to respond to the unpublished material – and that he had said in his article that he was replying to the article Sutanovic had published in Nedeljnik.

On February 19, RSF’s European bureau chief, Pauline Adès-Mével, called on the Serbian authorities to investigate whether opposition politicians were being spied on.

“We are concerned that emails between opposition politicians and independent media outlets are being spied on and intercepted by the government,” Adès-Mével said.

“We call on the authorities to shed all possible light on this matter,” the press release added.

After the news broke, Vulin apologized to Nedeljnik and said he would ask the relevant bodies to look into the matter. Vulin’s staff later said its PR team had mistaken Nedeljnik for Kurir, a Belgrade-based tabloid that recently published an interview with Sutanovac.

But in his response article, Vulin only referred to Sutanovac’s comments about Serbia-Russia cooperation, which the unpublished piece contained, and was not mentioned in the Kurir interview.

Nedeljnik also said the authorities needed to find out whether any officials used the resources of the secret services to intercept emails between Sutanovac and Lalic.

“It is hard to believe that a person working constantly with the media, for example, someone in the defence ministry’s public relations department, would confuse the daily Kurir with the weekly Nedeljnik,” the weekly said.

This, however, is not the first time that concern about surveillance of politicians and journalists has arisen in Serbia.

In March 2016, the tabloid Informer published some of the findings of an investigation into the assets of Aleksandar Vucic – now president of Serbia, who was then prime minister – which the investigative website Krik had carried out but never published.

Serbia has been falling for years in the rankings of the World Press Freedom Index. It was ranked in 90th place out of 180 countries in the 2019 Index.

EU Drafts ‘Human-Centric’ AI Plan to Match US, China

Posted on by BIRD

The European Commission on Wednesday unveiled the white paper as a part of a European digital strategy on developing artificial intelligence, designed to compete with US and Chinese sector leaders while also addressing potential human rights abuses associated with this emerging technology.

“Europe’s digital transition must protect and empower citizens, businesses and society as a whole,” European Commission President Ursula von der Leyen wrote in an op-ed that outlined the key points of the proposed blueprint.

“To make this happen, Europe needs to have its own digital capacities – be it quantum computing, 5G, cybersecurity or artificial intelligence,” Von der Leyen explained.

She said the Commission should make available the necessary funding to “draw in national and private sector funds” to develop these technologies within the EU, and ensure what she called “tech sovereignty” for the bloc.

According to the white paper, investment in artificial intelligence will be channelled through the Horizon Europe programme, which is to be allocated 15 billion euros in the coming 2021-2027 Commission budget.

The white paper provides also for further investment in adopting new legislation and building safe data spaces, in order to consolidate the EU’s leading role in data protection and assure “the development of AI in Europe whilst ensuring respect of fundamental rights”.

The cornerstone of the new legislation, to be gradually enforced in the EU space, the draft says, might be the Ethics Guidelines for Trustworthy AI. This is a set of recommendations drawn up by a panel of experts that was tested by companies in 2019.

The proposed strategy aspires to promote “a human-centric approach” to AI in line with “European values”. In order to ensure that, the paper advocates tough legislation to counter the risks to human rights of some of the more “intrusive” applications of AI, such as facial recognition and its use for remote identification.

Facial recognition is currently banned in the EU. The white paper aims to promote a “broad debate on which circumstances might justify exceptions in the future, if any,” the Commission noted in a statement.

Moreover, the document commits to putting in place a mechanism capable of identifying and banning any AI algorithms used in “predicting criminal recidivism” that “can display gender and racial bias, demonstrating different recidivism prediction probability for women vs men or for nationals vs foreigners”.

The white paper pledges to ensure that victims of abuse of artificial intelligence and other digital technologies do not encounter any more difficulties in getting compensation than victims of abuses of more traditional products and services.

The document also presents a proposed European Data Strategy, harmonized with the existing General Data Protection Regulation and intended to “create a genuine single market for data, where personal and non-personal data … are secure and where businesses and the public sector have easy access to huge amount of high quality data to create and innovate”.

EU Court Rules Against Romania In Cyber Domestic Abuse Case

Posted on by BIRD

A judgment issued on Tuesday by the European Court of Human Rights, ECHR, ordered Romania to pay a victim of domestic abuse 10,000 euros for failing to protect her when police refused to investigate her husband for breaching her internet privacy. The court recognised this as one of “the various forms that domestic violence may take”. 

On 18 March 2014, the ruling recalled, newly divorced Gina-Aurelia Buturuga told the police that her ex-husband had accessed her email and Facebook accounts without permission. She had previously filed complaints against him, identified only as M.V. in the sentence, for domestic violence.

According to the judgment, Buturuga wanted the family computer examined after her former husband allegedly “made copies of her private conversations, documents and photos” that he found on her personal accounts.

But in June 2014, the police in Tulcea, eastern Romania, rejected the request, saying “that the information that might have been obtained was unrelated to the threats and violence charges formulated against M.V.,” the ruling reads.

In September 2014, Buturuga reported her husband to the police again for a “secrecy of correspondence violation”, and the complaint was registered and included in the investigation against her husband for alleged domestic violence.

However, the prosecution dismissed the case in February 2015, saying there was insufficient evidence to prove M.V. had subjected Buturuga to the physical violence she said she had suffered.

Alleged death threats were considered “not serious enough to qualify as a crime”. As for the “secrecy of correspondence violation”, prosecutors said it was not reported on time.

Before addressing the ECHR, Buturuga appealed to a Romanian court, which confirmed the prosecutors’ conclusion and also ruled that the material retrieved by her ex-husband from her social media accounts was already public when he accessed it. The case was closed without a court hearing and M.V. received a fine of 250 euros.

The ECHR concluded that the Romanian authorities failed to properly investigate the woman’s allegations of domestic abuse. It established that part of the information the ex-husband copied from her digital accounts was not public, as the Romanian judges had claimed. It said the authorities should have conducted a proper investigation to determine the nature of that information.

“The court considers that the authorities have shown excessive formalism in rejecting any connection with the acts of domestic violence which the applicant had already brought to their attention,” the ECHR said. “They thus failed to take into consideration the various forms that domestic violence may take.” According to the ruling, Romania has to pay Buturuga 10,000 euros in compensation for moral damage.

Serbia’s Independent N1 Portal Buffeted by Cyber-Attacks

Posted on by BIRD

N1 said the latest attacks happened last Thursday when a paid DDoS strike from China hit the Serbian website twice that day.

The attacks started on Tuesday and continued on Wednesday afternoon. The second attack was five times stronger, with up to 300,000 access requests hitting the portal server a second.

The Independent Association of Serbian Journalists, NUNS, urged Serbia’s High-tech Crime Prosecutor to urgently discover who was behind the attacks.  

They come after a row erupted between the owner of the N1, United Group, and state-owned Telekom Srbija over broadcasting rights. 

After the two sides failed to reach a deal, Telekom stopped airing N1’s programmes, causing a stir among the general public and the media community as N1 is among the few remaining independent TV channels in the country. 

Luxembourg-based United Group claimed the real reason for the shutdown was political pressure and an attempt to silence government critics and the free media. 

But Telekom Serbia denied this, arguing that an agreement was not reached because United Group proposed an extension agreement that was not in line with Serbian legislation. 

Support for N1 has meanwhile come from the European Federation of Journalists. “We see the state-owned cable operator’s decision to drop N1 TV as an attempt to silence a critical voice in Serbia,” it said. 

Several recent reports have highlighted the lack of media freedom and pluralism in the Serbia, where the media is now largely controlled by the government, it allies or its proxies. 

According to the latest annual report by the rights organisation Human Rights Watch, Serbian journalists continue to face attacks and threats, while media plurality has become compromised, with most media now aligned to the ruling party.

Pro-government media outlets frequently smear independent outlets and journalists, describing them as “traitors” and “foreign mercenaries”, the same report noted.

A recent report by Reuters Institute for the Study of Journalism and the University of Oxford said the future of the independent media in Southeast Europe remained uncertain as a result of political hostility and ownership concentration under politically connected moguls.

‘Teenage Porn’ Network Scandal Rocks North Macedonia

Posted on by BIRD

The alleged founder of a social group called “Javna Soba” [Public Room], which is at the centre of a scandal in North Macedonia involving teen pornography, on Monday insisted that his original intention had been innocent.

This group, hosted by the Russian social network Telegram, hit the spotlight over the weekend after two news sites that managed to get access to the group reported that it served as an exchange for pornographic material – often from teenage girls.

The group originally had some 7,400 members, and according to the reports, in some instances, the group also contained the alleged identifies and even the phone numbers of the girls whose materials were shared, causing even greater concern.

“We wanted to make a group for sharing funny videos and in no case pornography,” the alleged administrator of the group who goes by the nickname “Medo” told local A1On news site, which broke the scandal in the first place.

But “things got out of control”, said the administrator, whose identity was not known to the news site, adding that ever since he had fruitlessly tried to close the group, although closing his personal account reportedly did not help.

The existence of this group, which cannot be joined without a direct invitation from a member, shocked North Macedonia over the weekend, raising concern about the safety of the private data of the children and teenagers, as well as about public morality.

A1On previously reported that it had spotted phone numbers listed in this group that were known to belong to local public figures.

On Sunday, the Interior Ministry said it was working on the case. “The computer crime and forensics sector has immediately contacted the ‘Telegram’ network in order to get the needed info on the functioning of this group,” ministry spokesperson Toni Angelovski said.

He urged people to report any misuse of photos regarding this and other possible cases.

Caretaker Prime Minister Oliver Spasovski told a press conference on Sunday that the group had only been formed recently, and had gained popularity very quickly.

“From the data I got from the Public Safety Bureau, a procedure has been launched … they are working on revealing the administrator and members of this group,” Spasovski said.

The head of the First Children’s Embassy – Megjashi, an NGO based in Skopje, Dragi Zmijanac, on Monday urged society to do more to prevent minors being abused.

“This is a moral degradation of the whole of society, where children are left on their own,” Zmijanac told the Sloboden Pecat news portal.

According to reports by A1On, the group is still active on Telegram, but since the scandal broke, under a different name – and with a drastically reduced membership.

Sergiu Bozianu: Moldova Still Doesn’t ‘Get’ Privacy Law

Posted on by BIRD

Sergiu Bozianu, president of the Association for the Protection of Privacy in Moldova, told BIRN in an interview that respect for privacy remains a problem in Moldova, especially when it comes to the so-called force institutions.

The lawyer says the authorities should follow the European pattern and create a unique register of all intercepted ways of communication, surveillance or special investigative measures.

“Special investigative measures are of a secretive nature. Nobody must know them, or we won’t catch thieves anymore. But every special investigative measure should be recorded somewhere,” he says.

He also says that, after a time, if the prosecutors do not find anything about the person who was the target of the special measures, that person should be notified about the procedures.

When it comes to the General Data Protection Regulation, GDPR, Moldova, despite having adopted this European law, has implemented it in an ambiguous way, reflecting the fact that parliamentarians do not seem eager to take a strong stand on the matter.

In June 2019, in the last days of Pavel Filip’s Democratic Party government, an journalistic investigation done by media outlet RISE Moldova revealed that the Interior Minister had authorized special surveillance actions on 52 members of the pro-European opposition, civil society members and journalists.

The 52 were psychically monitored, their phones tapped and cameras and microphones were even installed in their apartments. These major violations of their private lives were justified by alleged suspicions that they were planning a coup.

“From what I know from the media – because there have been no official reactions – some criminal cases have started [on these cases of illegal surveillance],” Bozianu said.

“But given the level of public interest in this activity, the bodies concerned should come up with statements on the subject – to clearly state what was done, and what the results were,” he added.

Bozianu mentioned another big problem in Moldova on privacy, besides the questionable actions of the authorities.

“We are talking here about private security agencies and the detectives who confuse their security activity in the private sector with police interception,” he said.

Bozianu said members of private security agencies often do exactly what the police do, even though they are not allowed to, by law. “Usually, these are former police officers or secret service employees, and they do the same activities in the private sector after they leave the official system,” he explained.

Confusion about what law really says:

Moldova first adopted a law on the protection of personal data in 2007-2008, after it ratified Convention 108 of the Council of Europe’s 1981 treaty for the protection of individuals regarding the automated processing of personal data. This was replaced by the current law, Law 133, for the protection of personal data, that remains in force until now.


The Moldovan lawyer, Sergiu Bozianu, speaking at a conference about the rights to a private life in Chisinau, Moldova, September 18, 2019. Photo: Sergiu Bozianu`s Facebook account

But Bozianu said it was problematic that communication officers of state institutions in Moldova now often refuse to reply to media requests for information by misinterpreting the protection of personal data law.

“Lately, it has become fashionable to invoke the regime of personal data. But this does not mean that [information] should not be published and revealed, if the grounds are that it is of public interest or concerns public money and public offices. It must be published,” he added.

He also criticised the “selective justice” in the past years by which some TV channels seemed to have preferential access to the personal data of important politicians – usually political adversaries of the authorities, like the former jailed prime minister Vlad Filat, the archenemy of the oligarch Vlad Plahotniuc, who still owns the biggest media empire in Moldova.

The lawyer also argues that the present law has flaws, with high corruption trials mostly kept secret. “When it comes to the divorce of two spouses, everything is published, about how they cheated, with whom, if they got hit and so on,” he complained.

“Today, we have a major problem with the publication of court rulings. We publish data when it is not needed – and do not publish data when it is needed. Corruption cases are all anonymised,” he said.

For those who break the privacy law, there are five types of penalty, with a maximum fine of 15,000 lei [750 euros] applicable. Theoretically, prison is also possible, stipulated in Article 177 of the penal code on the inviolability of personal life.

However, while this article is taken from Russian legislation, the law on the protection of personal data was transposed from EU law, namely from Directive 9546.

“We have tried to make a hybrid that does not work,” he suggests. “We have introduced something with national specific [judiciary provisions], and from a predictable European act, have made an unpredictable law that is outdated and inapplicable,” he adds.

Moves to improve law stuck in parliament:

The General Data Protection Regulation came into force in Moldova on May 25, 2018. Bozianu has been fighting for amendments since then, but a bill with these amendments has now been in the parliament since 2018 – although it was won a positive vote at the first reading.


Moldovan deputies taking a vote in the Parliament. Photo: EPA/Doru Dumitru

“This bill is a very important one for us, because it comes with a new regulation in the field of data protection, and from a European perspective,” Bozianu said.

 The lawyer said it was imperative for Moldova to better implement all European law requirements, especially from the perspective of trade with EU markets. 

“We need to have a law that would give us fair competition in relation to other economic agents,” he says. “If a Moldovan company wants to enter the European market or provide services there, it must comply with European requirements regarding GDPR,” he stresses. 

Bozianu says Moldova must comply with European GDPR regarding social media accounts as well. He argues that if Moldovan citizens do certain actions on Facebook, they now risk being sanctioned under European GDPR.

 “European GPDR applies in many situations in Moldova … when we store in the cloud on Facebook’s server, we actually store in the EU,” he notes. “All the information about Facebook users is in the EU – and that is where the GDPR applies,” he concludes.

EDRi Publishes Guide for Ethical Website Development and Maintenance

Posted on by BIRD

European Digital Rights, EDRi, released the new guide for ethical website development and maintenance, Ethical Web Dev.

The guide is aimed at web developers and maintainers who have a strong understanding of technical concepts, to assist them in bringing the web back to its roots – a decentralised tool that can enhance fundamental rights, democracy and freedom of expression.

The goal of the project, which started more than a year ago, was to provide guidance to developers on how to move away from third-party infected, data-leaking, unethical and unsafe practices.

The guide is a result of an extensive collective work, with inputs from experts of the EDRi network (Anders Jensen-Urstad, Walter van Holst, Maddalena Falzoni, Hanno “Rince” Wagner, Piksel), external contributions (Gordon Lennox, Achim Klabunde, Laura Kalbag, Aral Balkan), and the crucial help of Sid Rao, Public Interest Technologist and ex-Ford-Mozilla Fellow at EDRi.

The guide is distributed under a Creative Commons 4.0 Licence.

Download:

Ethical Web Dev – Guide for ethical website development and maintenance
https://edri.org/files/ethical_web_dev_web.pdf

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now