Category: Security

How Exiled Journalists Keep Investigating in China, Burundi, Venezuela, Russia, and Turkey

Posted on by BIRD

Even in the best of times, it was difficult for Mamatjan Juma to maintain professional distance from his work. A former art teacher from the Uighur province of Xinjiang in China, he came to the US in 2003 and has worked as a journalist for Radio Free Asia’s Uighur service for 12 years. But in recent years, his family back in Xinjiang has been caught up in China’s mass detention of the Muslim minority population.

“When your relatives are detained and your colleagues are in trouble, it’s very hard to stay neutral,” Juma said, speaking at the 11th Global Investigative Journalism Conference in Hamburg. “We’re not an activist organization but it is a mission for us. We keep our emotions in check, then we cry at home.”

Today, Juma is deputy director of the US government-funded network’s Uighur service. His small team of Uighur exiles first broke the story of the mass internment camps in the western region of China in 2017. Since then, their reporting on the scale and conditions of the camps has won acclaim and provided a vital information lifeline in the Uighur language.

“We have been ignored for many years, but we’re gaining credibility, for example because we’re being cautious with our figures on the number of people in the concentration camps,” Juma said.

Reporting from exile is a tightrope walk of ethical quandaries and practical obstacles. Exiled journalists often have the language skills and local knowledge to provide crucial reporting on areas where few independent journalists have direct access, like Xinjiang. Yet they must also contend with the hostility of the governments that they fled.

While exiled reporters may now be practicing journalism from a place of relative safety, repressive governments can still interfere with their ability to report stories, reach audiences, and make a living.

Developing Sources

Ines Gakiza was working at the popular independent radio station Radio Publique Africaine when protests broke out in Burundi in 2015. Amid a violent government crackdown, the station was burned to the ground, and Gakiza fled to neighboring Rwanda. From there, she and other exiled colleagues continue broadcasting news about Burundi.

The biggest challenge of reporting from exile, Gakiza said, is to develop new sources inside the country, especially finding people from a variety of areas and walks of life. “Some people feel afraid to talk to people in exile, even if we don’t give their real names,” she said. “They might be seen as a collaborator.”

But the station is slowly gaining the trust of Burundians, despite its reporters’ exile. “People initially thought we wanted to use the radio for revenge, but four years later they see this is not our mission,” Gakiza said. “We want to tell Burundians and the world what is happening in our country.”

While Burundian officials usually hang up on the radio journalists whey they call for an official response, they often end up responding indirectly, by giving quotes to media inside the country, which Radio Publique Africaine can then use in their reporting.

And Gakiza and the other exiled journalists have been able to develop critical whistleblower sources inside the government. Some of these people joined the government or ruling party out of fear, and now they do not know how to leave, Gakiza said.

“We have some sources now we would never have dreamed of having before,” said Venezuelan investigative journalist Ewald Scharfenberg. He fled his country in January 2018 with colleagues from investigative news site Armando.info after being sued for criminal defamation over their corruption reporting. The former El Pais correspondent ended up in Colombia after Bogota-based magazine Semana invited the team to work out of its newsroom.

“We have sources in Venezuela who trust us with leaks because we are in Bogota — they are secure that we are not under certain pressures,” Scharfenberg said. This makes information security critical; the Armando.info team has received training on using secure communications in order to protect sensitive sources.

Reaching Audiences

When its journalists first left Burundi, Radio Publique Africaine was able to continue broadcasting in the country via the eastern Democratic Republic of Congo. But Burundian authorities soon demanded that the DRC shut down the frequency.

Today, they broadcast online only, using multiple channels like YouTube, SoundCloud, and WhatsApp in order to maximize their reach. They received some grant funding to get 10 computers and a small studio, but still struggle to keep afloat.

Armando.info is intermittently blocked in Venezuela, but most of its traffic still comes from inside the country. Raising funds from readers is difficult: Venezuela’s currency has collapsed amid an economic and political crisis. So the news site also turned to grant funding, even though they knew some of its readers might have reservations about US donors.

“Our idea was if we made [our funders] clear and transparent, then the reader can decide for themselves,” Scharfenberg said.

By contrast, Can Dündar, the former editor-in-chief of Turkish newspaper Cumhuriyet, relies on crowdfunding. In 2016, after being charged with treason and surviving an assassination attempt, Dündar fled to Germany. In 2017, he founded Özgürüz, an online magazine covering Turkey in German and Turkish, in collaboration with German investigative nonprofit Correctiv.

Finding funders was a major challenge. “You can’t ask Turks [to fund your journalism] as they’re afraid,” Dündar said. “You can’t ask Germans, as then you’re seen as a foreign agent.” Özgürüz now has around 500 individual donors, who mostly make small contributions to the news site. “It’s not big money but it’s like a solidarity campaign,” Dündar said.

Multiple Jurisdictions

When Galina Timchenko was fired as editor of the independent Russian site Lenta.ru in 2014, many of her colleagues followed her to Latvia, where she set up a new site called Meduza. Investigations editor Alexey Kovalev recently joined the team after leaving Russian state news agency RIA Novosti.

Meduza was funded by seed grants but also offers B2B (business-to-business) services, like an annual editors’ bootcamp. Around one-third of the staff — mainly reporters — are based in Russia. They don’t have an office there, as they fear it would be targeted. Meduza’s headquarters — and the majority of its staff — are based in the Latvian capital of Riga.

Besides the protection it offers to the journalists, Latvia was an obvious choice for Meduza because of the ease of setting up a business there and its proximity to Russia. “You don’t really feel foreign there,” said Kovalev.

But remote teamwork can be hard. “The physical disconnection between the teams, holding editorial meetings every day on Google Hangouts, can be very tiresome,” said Kovalev. “It’s demoralizing to work alone.”

It can also be challenging to adhere to both Russian and Latvian law, for example on how to refer to Crimea, the territory Russia annexed from Ukraine in 2014. The European Union, of which Latvia is a member, does not recognize the annexation. In Russia, it’s a criminal offense to challenge “Russia’s territorial integrity,” including the status of Crimea.

“You’re damned if you do, damned if you don’t call Crimea Russian,” said Kovalev. “So we keep two in-house lawyers — one Latvian and one Russian.”

Maintaining Independence 

Turkish editor Can Dündar was flanked by bodyguards as he spoke at the Global Investigative Journalism Conference in Hamburg last September. Turkish President Recep Tayyip Erdogan has labeled him a traitor. His face is well-known and he’s regularly harassed by pro-Erdogan supporters, even in Germany.

When Erdogan came to Germany in September 2018, the Turkish president refused to go to a press conference if Dündar was there. “Unfortunately, you find yourself to be a political figure rather than a journalist when you go to exile,” Dündar said.

He struggles with this new identity. German colleagues caution him against being too activist-like and, as a former journalism lecturer, Dündar used to give his students the same advice. “But imagine that your house is burning and people expect you to just take pictures of it,” he said. “We are not only journalists; we are fathers, mothers, human beings.”

“I’m always struggling to not feel like an activist,” said Scharfenberg, from Armando.info. “We have to be restrained by the rules of journalism. It’s the only way we can preserve our capital, which is reputation.”

Sometimes Scharfenberg wonders if Armando.info’s Venezuelan audience really wants to consume investigative reporting. “In a society that is as polarized as ours, both sides want information to weaponize it, to use it against the other,” he said. When Armando.info published corruption investigations about the Venezuelan opposition as well as the government, some opposition supporters turned on them.

It can be frustrating to be attacked by all sides, but Scharfenberg is convinced that independent investigative journalism from exile is vital work. “Exile is the natural destination of the dissidents, so it becomes very fertile ground for propaganda against the government,” he said. “I think it’s important to show the difference, and to show that it is still possible to do journalism.”

Anonymous Hackers Leak Millions of Bulgarian Taxpayers’ Data

Posted on by BIRD

Anonymous hackers have got hold of 11-Gigabytes of the private information of millions of Bulgarian taxpayers, Bulgarian media announced on Monday.

The files, sorted into 57 folders, include personal details such as Personal Identification Numbers, names, addresses and even the declared income of Bulgarians.

The leak, which is likely to be named the biggest hacker attack in Bulgarian e-history, targeted the National Revenue Agency, NRA.

The authenticity of the hacked data is being checked by the NRA, while the National Security Agency, DANS, and the Interior Ministry are investigating the case, all three institutions announced on their respective websites.

“Your government is retarded. The state of your cyber security is a parody,” the email which sent the link said.

It added that this was only part of the total information that the hackers had accessed, which includes 10 more Gigabytes of information and a total of 110 compromised folders of data.

The personal information includes input from the employment agency, pension fund contributions and address registrations. Some of it is as old as 2007, but other information is dated June 2019.

The hackers also praised WikiLeaks creator Julian Assange and called for his immediate release.

Cyber Attackers Strike Fear Into Romanian Hospitals

Posted on by BIRD

Romanian hospitals are on heightened alert since late last week, when the authorities told doctors and hospital administrators to be vigilant after a wave of cyber attacks against several medical centres.

Romania’s Ministry of Health says hackers targeted nine hospitals in Bucharest and other towns in recent weeks. “Some hospitals have had problems with admissions and with access to their databases,” the ministry’s spokesperson, Oana Grigore said.

“They are criminal attacks,” Ovidiu Marincea, from the Romanian Intelligence Service, SRI, told BIRN. “They were conducted by hackers to gain money.”

“After encrypting the institutions’ data, they demand a ransom, which can be paid in money into an account or in cryptocurrency or any other way,” Marincea explained. “If those who are targeted pay up, the hackers tell them their data will be decrypted.”

The SRI, whose investigation into the attacks is still underway, believes the criminals behind the attacks are from China. Marincea previously told local media that “the times in which the hackers were active” and the traces they left in their messages to their victims pointed to that scenario.

One of the targeted hospitals is the Dimitrie Castroian Municipal Hospital of Husi, in northeastern Romania. Its manager, Lucia Rotaru, told the media last week that the centre had lost part of its data.

“On April 21, the server was attacked and encrypted. The data was lost. We haven’t fully solved [the problem] yet,” he said. The attack took the hospital by surprise, Rotaru added, saying the hospital could not repel it despite having “a security system in place”.

The Romanian National Computer Security Incident Response Team, CERT-RO, the SRI and a private cybersecurity company, Bitdefender, have issued advice to hospitals to help them deal with further attacks.

“Don’t open files received via email unless you know the sender,” the advice reads. It warns against “irresistible promotions” in emails and recommends having all files backed up offline and an antivirus program installed. The Ministry of Health has sent the advice to all medical units in the country.

With more than 500 million users worldwide, Romanian anti-virus developer Bitdefender is one of the sector’s leaders. It collaborates with the Romanian authorities and with Interpol in preventing and investigating malware attacks.

Security agencies and private cyber companies warned earlier of the country’s vulnerability on the internet. In April, the National Cyberint Center, which is part of the SRI, warned of possible cyberattacks on the IT systems of public institutions during the EU and presidential elections this year.

Bitdefender said that Romania could be the most vulnerable country in the world to a new type of cyber attack, called Scranos, which steals all of the victims’ passwords and banking info and compromises their activity on social media.

The international cybersecurity company Kaspersky said the attacks on hospitals in Romania form part of an alarming global trend. There have been similar cases in the US and Germany.

“In many cases of ransomware, their success is based on four main types of problems: not all systems in the network have an antivirus; operation systems are old and not upgraded; passwords used by administrators and users are weak; users open email attachments without checking their source,” Kaspersky representatives said on June 21.

Faustino Blancos, Secretary General for Health and Consumer Affairs of Spain, is welcomed by Romanian Health Minister Sorina Pintea in Bucharest, Romania, 2019. Photo: EPA-EFE/ROBERT GHEMENT

Attacks on medical institutions and other institutions are often launched through “phishing” messages or messages containing infected attachments.

“They pretend to come from a legitimate source and encourage the victim to open a link or attachment,” Bitdefender’s senior e-threat analyst, Liviu Arsene, told BIRN.

The content of the messages are tailored specifically to entice the victim, he explained, and take into consideration the industry the person is working and even their department within the institution.

If sent to a human resources worker, for example, the email might come as a job application, and the ransomware be disguised as the candidate’s CV, Arsene noted.

The virus can also be installed on the computer after the hackers take control of it remotely. In both cases, the procedure is the same. “The victim sees a message on the screen with all the instructions he needs: how much the ransom is and how much it will grow by if he doesn’t pay within 24 or 72 hours, where he should buy the cryptocurrency from…” the same expert said.

Sometimes, he continued, those affected are instructed to start negotiations with the hacker at an email address. “The data doesn’t leave the computer. It remains on it, only you can’t access it,” Arsene said, explaining how ransomware works.

When the ransomware used has a vermin-type of behaviour, the malicious virus doesn’t only infect one computer but the whole system. “It can paralyze an entire hospital,” warns Arsene, who names patient data and the information needed to keep medical equipment working as some of the material that is vulnerable.

“The hacker’s goal is to create panic so they can convince the victim to pay,” the Bitdefender analyst said.

In line with the Romanian authorities, Bitdefender discourages targeted victims from paying ransoms to hackers. But the institutions targeted do not always listen to them. Desperate to have their systems back on track fast, some decide to pay up, as one Bucharest hospital did two years ago. “They paid the equivalent of 10,000 euros in Bitcoin,” Arsene recalled.

“If they pay a ransom, the victims have no guarantee that the perpetrators will honour their promise and give them back access to their data,” a CERT-RO statement on the latest wave of attacks read.

“They could be targeted again by the same group, as they already have a history of being a good payer,” the same text warned. Ransom payers thereby risk funding “the development of increasingly sophisticated cybernetic threats”, it concluded.

Bitdefender experts and Romanian authorities have revealed ransomware Maoloa has been used in some of the attacks against hospitals.

“Maoloa is a malware family relatively new,” a CERT-RO statement reads. This kind of ransomware appeared in February this year and has many common traits with Globelmposter type of ransomware, the official communications goes on. It is installed in computers through malicious attachments sent via email or by hackers who gain access to unprotected systems.

The other ransomware used to encrypt data from Romanian medical centres’ computers is Phobos, “one of the many varieties of prolific [ransomware] family Crysys.” Phobos gets makes it into the targeted computers after cyber criminals have breached in with Remote Desktop Protocol.

Online Abuse Now Commonplace for Balkan Women Reporters

Posted on by BIRD

As a female journalist in Serbia, Tatjana Vojtehovski had faced online intimidation before.

But the attacks grew worse in 2015 after she hosted a talk show on Serbian television on paedophilia in the Serbian Orthodox Church, a taboo subject for many socially conservative Serbs.

“I admire people who claim they’re not afraid. I am afraid,” said 49-year-old Vojtehovski. “People say, ‘it’s only online, it’s the virtual world’. I say that’s not true because those people exist. They exist and they are on the streets.”

Last month, the appeals court in the Serbian capital, Belgrade, sentenced a Serbian man named Branko Tomic to eight months of home confinement after he pleaded guilty to making death threats against Vojtehovski and her 28-year-old daughter via Twitter.

Tomic’s crime was just one in a growing global epidemic of online attacks against women journalists.

The Balkan region is no exception, and while Vojtehovski received a measure of justice, others say they see little point in complaining to employers or the police given what critics say is a systematic failure to punish the perpetrators, according to the findings of a BIRN analysis.

“What struck me the most was how people looked away, letting it happen,” said Milena Perovic Korac, a journalist at the Montenegrin weekly magazine Monitor, who has been the target of such abuse since 2011. “There was no reaction, and right then that was the most terrifying thing.”

Global trend

In a 2018 survey by the Washington-based International Women’s Media Foundation, IWMF, nearly two thirds of women journalists who responded said they had been threatened or harassed online at least once.

Also in 2018, the International Federation of Journalists, IFJ, reported that 66 per cent of women journalists who were victims of online harassment had been attacked based on their gender.

And for the assailants, access has never been easier.

Social media has become an indispensible tool for journalists, but simultaneously exposes them to instant praise and persecution, 24 hours a day.

We Must Unite to Stop Them Insulting Us
Mila Radulovic

Society’s Whole Attitude to Women Journalists Needs ‘Reprogramming’
Tamara Skrozza

I’ve had Enough of Haters on Twitter
Jovana Gligorijevic

Insults are Everyday Reality for Bosnia’s Women Journalists
Elvira Jukic

Balkans’ Independent Journalists Must Unite, or Fall Together
Serbeze Haxhiaj

In the Balkans, Online Abuse of Female Journalists is ‘Normal’
Lidija Pisker

According to the IWMF survey, 90 per cent of respondents reported a rise in online threats over the past five years and 82 per cent said digital attacks had increased too, “including such activities as having social accounts hacked or data stolen or compromised.”

Online abuse of women journalists target not only their work but their gender, frequently referencing their appearance, family life and personal relationships.

‘Whore’, ‘slut’ and ‘prostitute’ are just some of the insults women journalists report receiving online every day.

Experts say such attacks are sexist in nature and used to intimidate, discredit and frighten, often affecting how the journalist does her work and how she behaves in her private life.

Tracking such threats in the Balkans is not easy. Authorities and journalist associations rarely differentiate online threats from other forms of intimidation, such as verbal or physical abuse.

Serbia’s climate of intimidation

In its latest report, U.S.-based democracy watchdog Freedom House characterised Serbia as ‘partially free’, and cited an “environment of intimidation and harassment that inhibits journalists’ day-to-day work”.

“Smears and verbal harassment from politicians and online accounts are omnipresent, and attacks by government-friendly tabloids are a regular occurrence. Media workers are frequently called “traitors” and “foreign mercenaries,” it wrote.

Statistics gathered by the SHARE Foundation, a Serbian-based non-governmental organisation dealing with digital rights, support the report’s findings.

In 2018, SHARE registered four cases of online threats against female journalists. One person was arrested in May of that year.

SHARE registered another four just in the first five months of this year, including two against the prominent female investigative journalist Brankica Stankovic, who received police protection in 2009 due to death threats made against her.

SHARE said the deputy mayor of the southern Serbian city of Nis had also insulted female journalist Sena Todorovic via Twitter and the editor of the website Kolubarske, Darija Rankovic, had also been subjected to pressure.

In 2017, SHARE registered two such cases, six in 2016 and seven in 2015.

In Bosnia, for example, the local association of journalists said it had registered 52 attacks against female journalists, online and otherwise, between 2016 and April 2019.

While a number of cases resulted in convictions, “a significant number of cases have been closed due to the non-existence of grounded suspicion that they represented criminal acts,” said Una Telegrafcic, a lawyer at the Free Media Helpline of the Association of BH Journalists.

Safejournalist.net, a regional platform partly funded by the European Union and which advocates for media freedom and the safety of journalists, has documented 34 attacks in general against women journalists in Bosnia since 2015, 32 in Serbia, 13 in Kosovo, 10 in North Macedonia and eight in Montenegro.

Each country was once part of the socialist Yugoslav federation, which unraveled in the war in the 1990s.

Over the same period, the Council of Europe, Europe’s chief rights body, has received reports of seven such cases in Serbia, six in North Macedonia, six in Bosnia and four in Montenegro.

In Montenegro, Perovic Korac and others at the weekly Monitor were the target of an orchestrated campaign by Montenegrin media supportive of the ruling Democratic Party of Socialists, DPS.

Neither the government nor the prosecutor’s office responded to her complaints about a litany of online threats, so Perovic Korac and another journalist launched a private lawsuit in 2011.

A verdict was issued in the first instance in June last year, ordering Montenegrin government spokesman Srdjan Kusovac and the state to pay them 2,000 euros for insults and hate speech published in the state daily Pobjeda, where Kusovac was formerly editor-in-chief.

“In that first moment, you are on your own,” Perovic Korac told BIRN.

Psychological impact

The IWMF, in its 2018 survey, reported that a majority of abused women, 63 per cent, said the attacks against them had left psychological scars in terms of anxiety, fear or stress.

Another “alarming conclusion” of the IFJ report was that a huge majority of the cases go unpunished, with only 53 per cent of victims of online abuse reporting the attacks to their media management, union or police. In two thirds of those cases, nothing happened, it said.

Of those who chose not to report the abuse, 75 per cent said they did not believe doing so would make any difference, while 23 per cent were concerned about the effect on their work.

“It is worrying that women journalists are getting used to dealing with online harassment by themselves and assuming these situations as “common”,” the IFJ said.

Ivana Stoimenovska, a psychologist in Skopje, capital of North Macedonia, said trauma experienced by women who are the targets of sexual harassment often goes unnoticed by society, “because of the culture of concealment and silence that does not provide women with a proper venue to share their experiences and overcome fears.”

Meri Jordanovska, a Macedonian journalist at the Makfax news agency who has herself been targeted by such abuse, said that speaking out was vital for emotional healing and preventing more such attacks.

It’s Time That Balkan Women Journalists Fought Back
Bisera Altiparmakova

For Montenegro’s Female Journalists, Equality is a Myth
Duska Pejovic

Female Kosovo Journalist Targeted by ‘Evil’ Online Threats
Zana Cimili

North Macedonia’s Women Reporters Know How to Handle Sexism
Mirjana Chakarova

“By sharing, by opening up, you realise that you are not alone with this problem and that many other women journalists are facing the same forms of harassment, be it online or offline”, Jordanovska told BIRN.

For Jovana Gligorijevic, a journalist at the liberal Serbian weekly Vreme, such abuse has become a part of everyday life.

“Someone calling himself Damian Ky messaged me just to tell me I’m an Albanian whore, that he wants to bash my head in and that journalists are the worst kind of people who constantly disparage Serbia,” Gligorijevic told BIRN.

In his next message, ‘Ky’ asked why Gligorijevic did not kill herself.

For this story, Gligorijevic recorded all the online threats she received over a period of one week.

They ranged from calls on her to take her own life to messages describing her as “a sack of crap that lives in a shop window in the Red Light district,”  a “vaginal entrepreneur”, a “frustrated childless whore” and a “low-paid journalist who occasionally goes to Amsterdam to work as a prostitute to make ends meet”.

Perfect storm

Telegrafcic, the lawyer at the Free Media Helpline in Bosnia, said those who abused female journalists often assumed they would not resist or report the attacks and that comments regarding a journalist’s physical appearance or marital status reflected entrenched chauvinistic attitudes in the Balkans.

Female journalists are also the victims of chauvinistic comments by politicians, interviewees and their own editors or directors, Telegrafcic said.

Media expert Mehmed Halilovic said female journalists in the Balkans faced a perfect storm of widespread misogyny and disdain for journalists in general.

“There is an assumption when it comes to these macho men – they think it is easier to deal with female journalists, be it through direct threats or disparagement,” Halilovic told BIRN.

“Violence is the basic tool used by the public, which has a negative attitude towards male and female journalists, but unfortunately the authorities are also using it.”

In Kosovo, the head of the Kosovo Association of Journalists, Gentiana Begolli, said management and editorial positions in media outlets were dominated by men.

“Women journalists themselves hesitate to report the threats against them, taking into consideration thegeneral approach towards women in our society,Begolli told BIRN.

In North Macedonia, Kristina Ozimec, chief editor of the Platform for Investigative Journalism and Analysis, said threats and harassment directed against female journalists “have been left largely unaddressed for so long that they have unfortunately become commonplace, sort of an accepted form of professional risk for women engaged in this profession.”

“The harassment, often on a sexual basis, does not only come from individuals outside the workplace but also often in various forms from male colleagues in a position of power,” Ozimec told BIRN.

In Serbia, Vojtehovski said she was still dealing with the psychological impact of the online abuse she receives.

“I don’t know what they look like and whether they will cross the boundaries of written communication,” she said of her tormentors. “You live with it and you are supposed to get used to it. I never did.”

US ‘Cyber Warriors’ Help Balkan Allies Resist Hackers

Posted on by BIRD

Amid continuing fears about cyber threats to democracy, the US is deploying so-called “cyber warriors” to a number of friendly countries in Eastern Europe including Ukraine, Montenegro and North Macedonia, to help them resist attacks.

US Cyber Command, which coordinates cyberspace operations to defend US interests, is also cooperating with the authorities in those countries to prevent potential threats, the US embassy in Montenegro told BIRN.

“US European Command and US Cyber Command have worked closely with NATO ally Montenegro conducting cyber cooperation to increase interoperability, share best practices, and deter malign influence on the democratic processes of our allies, partners, and the United States,” the embassy in Podgorica said.

It declined to reveal operational details and technical aspects of the engagement.

But Brigadier General Timothy Haugh, commander of Cyber Command’s national mission force, said recently that as part of an operation internally called “Synthetic Theology”, Cyber Command had deployed “cyber warriors” to Ukraine, North Macedonia, and Montenegro to help defend those countries’ networks, and collect intelligence on adversaries, IT news website CyberScoop reported on May 7.

During a round table at the Integrated Cyber Center and Joint Operations Center in Fort Meade, Maryland, Haugh “said these kinds of partnerships will continue to grow”, the report said.

“When we look to do partnerships overseas … we want to do that anywhere where there’s a potential adversary that would also target our electoral systems,” General Haugh was quoted as saying.

The report noted that the US intended to actively thwart possible election interference from countries like Russia, “which the US intelligence community has determined sought to interfere in the 2016 presidential election”.

Cyber hackers linked to Russia have wrought havoc with institutions in a number of Western countries in recent years.

As BIRN previously reported, the notorious Russian cyber-espionage group Fancy Bear hacked its way into Montenegrin institutions in 2017, sending spearphishing emails signed sometimes as coming from NATO.

Montenegro has since tightened up cyber security defences and formed a specialised police taskforce to fight cybercrime.

The US Cyber Command official website on October 2 2018 reported that its members worked alongside cyber defenders within the government of Montenegro for some weeks to build up its cyber defence capabilities.

“It’s important to point out that cyber security cooperation strengthens partnerships and interoperability,” the US embassy to Montenegro underlined in its reply to BIRN, asked about US cyber cooperation with this Balkan country.

It added that the US Department of Defense works closely with various allies and partners “to counter those who attempt to undermine our democratic institutions”.

The purpose of the cooperation, it added, is “purely defensive – ensuring the confidentiality, integrity, and availability of their networks”.

In another Balkan country, North Macedonia, the town of Veles became internationally notorious for the lucrative online ventures of some of its younger inhabitants, who used the 2016 US presidential election to earn money by promoting fake or misleading news in support of Donald Trump.

In March 2018, Facebook founder Mark Zuckerberg mentioned North Macedonia by name as a source of fake news.

Facebook later closed 212 pages in Kosovo and North Macedonia for sharing unacceptable material on politics and religion. In its press release, the company said some of these online operations were found to be connected with Iran and Russia.

OSCE Criticises ‘Abuse’ of Bulgarian Investigative Journalist

Posted on by BIRD

The media freedom arm of the Organisation for Security and Cooperation in Europe, OSCE, said on Tuesday that it is concerned by the “verbal and physical intimidation” of Bulgarian investigative journalist Dimitar Stoyanov of Bivol.bg when he tried to approach a lawyer for an interview the previous day.

“Journalists must be free to pursue their job without fear or abuse,” said a message posted on the OSCE media freedom Twitter account.

Stoyanov posted a video on Monday showing him being pushed and threatened by a private security guard while trying to approach Bulgarian lawyer Momchil Mondeshki during what appears to be a convention in Hanover in Germany.

Lawyer Mondeshki was a key figure in the so-called ‘Yanevagate’ scandal in 2015, which erupted after a series of leaked audio recordings published by Bivol.ge revealed alleged influence-peddling within the higher ranks of the Bulgarian judiciary.

In the recordings, a voice identified as Mondeshki talks to former Supreme Court of Cassation president Vladimira Yaneva about her covering-up sensitive documents. They also discuss the influence that high-ranking politicians have on the judiciary.

The Bulgarian prosecution did not charge any high-ranking politician or magistrate implicated in wrongdoing by the recordings as the tapes were deemed to have been manipulated.

Monday’s incident was not the first time that Bivol’s journalists have faced intimidation.

In September 2018, Stoyanov was apprehended by Bulgarian police alongside Attila Biro from the Romanian investigative platform Rise Project. The two journalists were taken into custody by local police near Pernik, south of Sofia, causing an outcry in both their home countries, as well as abroad.

They were arrested as they tried to film the subjects of their investigation burning documents related to the misuse of EU funds by consultancies and companies connected to the Bulgarian GP Group, a construction firm.

The international media watchdog Reporters Without Borders said in a 2018 report that investigative journalism still faces serious obstacles in Bulgaria.

Romania Remains Hub for Cyber-Crime Gangs

Posted on by BIRD

Several cyber-crime cases dismantled by Romanian police in cooperation with international law enforcement show that the Eastern European country is still a hub for cyber-related crime.

Italian and Romanian police recently dismantled a cybercrime gang that stole 1 million euros from hundreds of customers of two major European banks, Europol announced on Thursday.

Police arrested 20 suspects, nine in Romania and 11 in Italy, after a two-year investigation.

The organised crime group was essentially comprised of Italian nationals used phishing emails impersonating tax authorities to harvest the online banking credentials of their victims and then transferring the money to Romania.

The money was withdrawn from ATMs in Romania with credit or debit cards linked to the criminal accounts. Europol said they are also suspected of money laundering, drug and human trafficking, prostitution and of participation in a criminal organisation.

A wave of high-profile cyber-crime cases, including an unemployed Romanian taxi driver who called himself “Guccifer” and hacked the emails of former US Secretary of State Colin Powell and former President George W Bush in 2011, have also put a spotlight on the dark side of Romania’s growing IT industry.

After the US Embassy said that in 2011 alone Romanian hackers stole 1 billion dollars from Americans, US law enforcement authorities have in recent years kept in close contact with cybercrime units in Bucharest.

A Romanian national, Nicolae Popescu, is the second most wanted on the FBI’s cybercrime list, with a 1-million-dollar reward for his arrest.

He escaped arrest in 2010, before the Romanian police could produce a warrant. Popescu was involved with an estimated 250 Romanians in the “Valley of the Kings” case, the country’s biggest cybercrime bust; the perpetrators allegedly stole 750.000 euros by faking auctions on e-Bay.

The FBI put Popescu on the wanted list in 2012 after he allegedly set up a similar scheme that has sold numerous Americans fake items on various websites.

In February 2017, Romania’s Court of Appeal decided to extradite two Romanians to the US who had allegedly hacked into 123 Washington Police Department outdoor surveillance cameras just before US President Donald Trump’s inauguration. They demanded ransom money to unlock the blocked computers.

Mihail Isvanca, 25, and Eveline Cismaru, 28, were arrested in December 2017. They have been charged by a US Federal court with fraud and computer crimes.

The case was given high priority as the two Romanians’ actions impacted the US Secret Service’s mission and may have affected the security plan for the President’s inauguration.

Also, in December 2017, police in Romania arrested five suspects for allegedly spreading ransomware and renting the malware from an outfit on the Dark Web.

According to Europol, Romanian police have worked with Dutch counterparts and public prosecutor’s offices, as well as with law enforcement agencies in the UK and the US.

Europol says that in early 2017, the Dutch High Tech Crime Unit tipped off Romanian authorities about a group of Romanian nationals who were behind a wave of spam that pretended to originate from well-known companies in countries such as Italy, the Netherlands and the UK.

Europol says the operation identified more than 170 victims from several European countries.

With the fifth fastest internet speed in the world, Romania is one of the EU countries most vulnerable to cybercrime, according to studies.

In September 2017 it ranked third, after Malta and Greece in a vulnerability index published by Website Builder Expert, WBE.

However, Romanian authorities have developed cyber-crime fighting units that have been cooperating well in international cases.

Romanian police cooperated in a Europol led case to break up a a cybercrime syndicate of Ukrainian and Russian nationals that allegedly stole more than 1 billion euros from bank accounts over five years.

Since 2014, Romania has also led a NATO cybercrime defence unit that counters cyber attacks from Russia in Ukraine.

Russia’s Fancy Bear Hacks its Way Into Montenegro

Posted on by BIRD

The innocent sounding email reached an official of the Montenegrin Defence Ministry in early January 2017.

Entitled: “NATO_secretary_meeting.doc”, it sounded like a communiqué from the Western alliance that Montenegro was soon to join.

However, IT experts say the message was not sent by NATO to update Montenegro on useful information.

It came from a notorious Russian hacking group, which wanted to break into the government’s IT systems and steal state secrets.

Also in January, according to BIRN sources, the Podgorica government received two more similar emails.

The subject line of the first read: “Draft schedule for British army groups’ visit to Montenegro”.

The title of the other was: “Schedule for a European military transfer program”.

All are believed to have come from the same Russian hacker group, which experts say is linked to the Kremlin.

Three international IT security companies say the emails came from APT28, also known as Fancy Bear, which US intelligence services say is connected to the Russian military intelligence service, GRU.

European Union officials also believe that Montenegro suffered a serious cyber attack in June 2017.

Over the last two years, Montenegro authorities have recorded a sharp rise in the number of cyber attacks, mostly targeting state institutions and media outlets.

From only 22 such incidents in 2013, almost 400 were recorded in only nine months of 2017, official data obtained by CIN-CG/ BIRN show.

Not all are related to malware viruses or attacks on state institutions, and not all the attacks can be attributed to Fancy Bear.

But many of the attacks are believed to be linked to the tiny Adriatic country’s decision to join NATO, which infuriated the country’s old ally, Russia.

Montenegro has since tightened up cyber security defences. It has formed a specialised police taskforce to fight cyber crime.

But with only limited resources, the team greatly depends on the help of NATO and other Western countries.

“After serial attacks in early 2017 we sought help from NATO and the UK to help us fight back. We succeed in reducing the damage and repelled two attacks in late 2017,” a senior police officer told CIN-CG/ BIRN, declining to provide details of those actions.

CIN-CG/BIRN’s investigation shows that the rise in cyber attacks coincided with the final phase of the country’s NATO accession negotiations in late 2016.

In addition, Montenegro’s leaders say Russia tried to interfere in the country’s October 16, 2016 general elections, a charge that Moscow has denied.

The authorities and the ruling parties claim that Russia sponsored a coup attempt on the election day.

Several Western governments, including the UK, support that interpretation of events.

The government’s critics, however, insist the coup attempt was faked, and was staged to help the veteran pro-Western leader Milo Djukanovic stay in power.

Fancy Bear’s logo. Photo: Facebook.

Bear leaves its tracks:

Three prominent international security companies, Fire Eye, Trend Micro and ESET agree that Fancy Bear staged at least three separate attacks in January, February and June 2017.

Upsurge feared ahead of election:
Ahead of this April’s presidential election in Montenegro, experts warn that the country may experience more cyber threats.
On April 15, citizens will elect anew president, as Filip Vujanovic, is completing his final term and cannot be re-elected.
“Russia has strongly opposed Montenegro’s NATO accession process, so it is likely to continue using cyber capabilities to undermine Montenegro’s role in the alliance,” Pierluigi Paganini, from ENISA, warned.

So-called “lures” – spearphishing emails – are common tactics used by the group to target victims who are tempted to open messages mentioning specific topics relevant to them.

Targets are fooled into believing the email is legitimate. Then, by clicking on the link or attached document, they enable a virus to enter their computers.

Ben Read, from the US security company Fire Eye, told CIN-CG/ BIRN that the emails sent to the Montenegrin Defence Ministry in January 2017 were designed to cause chaos.

“If you opened [them], they would install the malware Game Fish on the victim’s system. That’s signature malware for APT28,” he explained.

He said experts from Fire Eye believed the hackers’ motive was Russia’s deep displeasure over Montenegro’s NATO accession, and the cyber attacks formed part of a broader plan to destabilise the country.

In January 2017, Fire Eye published a report claiming that Fancy Bear primarily targeted entities in the US, Europe, and the countries of the former Soviet Union, including government and military targets, along with defence departments, media outlets, and political dissidents or figures opposed to the Russian government.

“Russia is attacking these governments using both traditional means and as cyber-attacks,” Read added.

Before January 2017, on election day in October 2016, many websites in Montenegro were suddenly taken down by so-called DDoS attacks, in which multiple compromised computer systems attack a website and cause a denial of service for users.

However, the authorities never disclosed what actually happened on that day although they announced a detailed investigation, hinting at a Russian role in the large-scale internet incident.

Four days after the elections, on October 20, 2016, another phishing attack was launched against the parliament of Montenegro, most likely by Fancy Bear again, according to IT security specialists Trend Micro.

But, government sources told CIN-CG/BIRN that this attack was less serious, as it targeted the “wrong location”, the parliament, which does not deal with confidential data.

“It was a blind shot,” said this official who insisted on remain anonymous.

A bigger attack, which the Montenegro government describes as more intense than the one in October 2016, started on February 15, 2017 and peaked over the following days, government sources told CIN-CG/BIRN last year.

This time, websites of the government and state institutions, as well as some pro-government media, suffered a wave of cyber-attacks, officials in Podgorica told CIN-CG/ BIRN.

“The scope and diversity of the attacks, and the fact that they were being undertaken on a professional level, indicates that this was a synchronised action,” an official said.

The next attack, which a European official attributed to the same Russian source, happened in June 2017.

Photo: Pixabay.

Pierluigi Paganini, member of the European Union’s Agency for Network and Information Security, ENISA, told CIN-CG/ BIRN that Montenegrin infrastructure was again targeted by APT28, or Fancy Bear.

“In June 2017, after Montenegro officially joined NATO, the attacks continued; experts at the security firm Fire Eye who analyzed them collected evidence that confirmed the involvement of Russia’s APT,” Paganini said.

He added that the evidence included artefacts, malware, bait documents and exploit codes.

He said that although attribution is always the most difficult part of a forensic investigation, in this case, the information gathered “points directly to the Russian APT28 group”.

BIRN asked the Russian Foreign Ministry about its connections to the group and to its attacks on Montenegro.

It refused to respond specifically, noting only that “the mentioned issues were repeatedly commented on by the Russian Foreign Ministry”.

Russia strongly denies that its state plays any role in hacking governments, media or elections across the globe.

Russian President Vladimir Putin told reporters in June 2017 that hacking groups, like artists, do their own bidding.

“Hackers are like artists who choose their targets, depending how they feel when they wake up in the morning. No such attacks could alter the result of elections in Europe, America or elsewhere,” Putin told reporters.

Attacks disrupted Facebook services:
Major cyber disruption was noted in Montenegro on election day, on  October 16, 2016, when people in Montenegro were unable to use services  such as Viber and WhatsApp.
The  government had to obtain permission from the Higher Court in Podgorica  to temporarily block these applications for two hours on the election  day and request a thorough investigation of the cyber attack.
 Facebook detected this incident in its Transparency report under the title “Internet Disruptions”.
“We are aware of a disruption affecting access to Facebook products and  services in Montenegro that took place during October 2016. This  disruption impacted messaging services and coincided with the country’s  parliamentary elections,” it said.

Cheap way of collecting intelligence:

America disagrees. In a report, published on December 29, 2016, the US Department of Homeland Security, DHS, and the FBI insisted that the Kremlin sponsored Fancy Bear.

Fancy Bear has targeted many important international groups and individuals.

They include Germany’s ruling Christian Democratic Union, CDU, the German Bundestag, NATO, the World Anti-Doping Agency, the US Democratic National Committee, the former White House senior official John Podesta, the US Democratic Congressional Campaign Committee, and others.

Christopher Bing, Associate Editor of CyberScoop, a US cybersecurity website that has followed the attacks in Montenegro, agreed that Fancy Bear has subjected the Balkans to an intensive campaign of cyber-espionage.

“These activities largely serve as a cheap and effective way to collect intelligence remotely and covertly – without getting caught,” he told CIN-CG/ BIRN.

Bing explained that APT28 is a politically motivated threat group that is known to target geopolitical rivals of the Kremlin.

“APT28 is known to target military, governmental and civil society groups that are commonly of interest to the Russian state.

“As part of this targeting pattern, the Balkans represents a territory where Russia remains interested in controlling and asserting its dominance,” Bing explained.

The IT company ESET, known for its anti-virus and firewall products, also confirmed to CIN-CG/BIRN that Fancy Bear was on active manoeuvres in the Balkans during summer 2017.

Not all cyber attacks are Russian:

New analysis by the Public Administration Ministry on cyber threat to Montenegro showed the number of hacking attacks rose in 2017. The attacks were also “much more serious and sophisticated,” it said.

Over 380 attacks on websites, state institutions, online fraud and misuse of personal accounts were reported in 2017. That compared with just six in 2012. The authorities promised to investigate the background to all those attacks.

“The severity and sophistication of cyber-attacks affecting Montenegro during 2017 were reflected in the increased number of identified attacks on infrastructure and cyber espionage cases, as well as through phishing campaigns that targeted civil servants,” the ministry report said.

These attacks caught Montenegro on the hop, as its small cyber security team had no experience of dealing with attacks on this scale. It has only a dozen employees, who are being trained by US and UK cyber experts.

Amid reports that Russian hackers played a role in downing several websites on election day in Montenegro, the government in December adopted new measures to tighten cyber security.

It said it would strengthen the capacity of the police and intelligence services to prevent hacking, after the attacks on election day had highlighted the vulnerability of the entire system.

“It not just Russian hackers that they are dealing with. The small, under-equipped team is also dealing with the increase in online bank frauds and other attacks that do not have political background,” a government official told CIN-CG/BIRN.

Facebook Reveals Serbian Fighters’ Role in Ukraine War

Posted on by BIRD

Marko Barovic was always on the wrong side of the law. Growing up in Montenegro, since his teenage years he always hung out with the bad guys.

Not even 30, he already has a conviction for robbery and attempted murder. Now, since April this year, he also has a conviction for taking part in a foreign military conflict, in Ukraine, which is forbidden by law in Montenegro.

Barovic is now serving his three year and six months long prison sentence.

In 2014, as warfare erupted in Ukraine between pro–Russian separatists in the east and Ukrainian fighters, many Russian sympathisers from the Balkans, mostly from Serbia, or Serbs from Bosnia and Herzegovina and Montenegro, joined pro-Russian paramilitary units operating in eastern Ukraine, mainly in the Donetsk area.

According to the court records, Barovic travelled in December 2014 to Russia, and then, just before New Year, to eastern Ukraine, where he got a military card from the self-proclaimed Donetsk People’s Republic.

According to the same military card, he served there initially as a driver and later as a sniper. In October 2015, however, he was arrested on the border between Ukraine and Russia.

Montenegrin prosecutors say the key proof that he fought in Ukraine and did not just drive a truck, as he claimed initially at the trial, was his Facebook profile.

He often posted photos from the battlefield of himself in uniform and holding a rifle. The posts and photos, which were public, were admitted as evidence before the court in Podgorica.

After being confronted with the evidence, Barovic confessed about he had really spent his time in Ukraine. However, he still defended his conduct. He said he had gone there to “help people for moral and patriotic reasons.”

Serbs flocked to help Russian ‘brothers’:

The verdict in April this year against Barovic was a landmark conviction in Montenegro, following the adoption of a law in 2015 that classified fighting on foreign territory as a crime.

In neighbouring Serbia, however, where the number of those who fought in Ukraine as foreign fighters was much higher, there have been no such trials, but only plea agreements.

Around 24 fighters who returned to Serbia last year from Ukraine admitted guilt after the prosecution produced evidence of their presence on battlefields.

Investigators mostly gathered this evidence also by examining their social media profiles.

Plea agreements are not public documents in Serbia, but BIRN sources from prosecutors’ offices say YouTube videos and Facebook photos proved the key evidence in most cases.

The most prominent case was against Radomir Pocuca, a former special police spokesperson, who over several months of fighting in Ukraine posted almost daily videos, photos and other entries related to his time in Donetsk.

Pocuca also claimed that he went to help Serbia’s “Russian brothers” for patriotic reasons, mainly as payback for Russia’s support for Serbia in the dispute over the former province of Kosovo [which declared independence in 2008 – which Serbia has vowed never to recognise].

Serbs also remember that Russian fighters volunteered for the Serbian side in the 1992-5 war in Bosnia, which pitched Serbs against a combination of Croats and Bosniaks [Bosnian Muslims].

For many of the Serbian fighters in Ukraine, this was not their first war.

Ranko Momic, who is believed to be still in Ukraine, escaped trial for alleged war crimes in Kosovo and fled to Donetsk in 2015.

A Bosnian Serb, he fought also in the war on the Serbian side in Croatia in the early 1990s, before taking part in the war in Bosnia, serving in so-called “special” units, such as the notorious Serbian Volunteer Guard.

Even during the 1990s, before mobile phones or social media appeared, these fighters enjoyed being photographed or filmed during their time in battle, and local and international courts used such records to secure convictions for war crimes.

Dejan Beric with DNR passport. Photo: Facebook/Dejan Beric

Among the other better-known Serbian fighters in Ukraine with experience in the Bosnian war is Dejan Beric.

He was recently spotted again in the Donetsk area with a new group of Serbian snipers.

Beric was brought up in Putinci, a village in northern Serbia, where he ran a business making doors and windows in the nearby town of Indjija before closing his business in 2014 and leaving for Ukraine.

Many Balkan volunteers say they joined the rebels out of a deep sympathy with Russia and a sense of Slavic Orthodox Christian brotherhood.

But Beric said that he also went there after being personally invited by two Russian volunteers who previously fought in the Balkan wars in the 1990s.

“They called on me to repay the debt, in terms of moral and human spirit,” Beric told BIRN earlier this year in an interview.

Contrary to some accounts published on the internet, Beric said that becoming a volunteer is simple; would-be fighters need only to catch a plane to Rostov-on-Don in Russia and then take a bus across the border to rebel-held Donetsk or Lugansk in Ukraine.

“I came from Sochi, where I worked, via Odessa to Sevastopol, where I became a member of the ‘Defence of Sevastopol’… Then I went to Donbass,” Beric recalled. 

Beric also regularly updates his Facebook and YouTube account with stories from the battlefield.

Many fighters remain on the run:

Wagner members wanted by the Ukranian secret service.

Social media profiles did not only help the authorities in Serbia and Montenegro to secure convictions; Ukrainian authorities have also used them to issue arrest warrants against the remaining Serbian fighters in the country.

Ukraine’s security service has issued arrest warrants against six Serbian mercenaries, while Kiev authorities maintain that almost 300 Serbs remain fighting in various rebel areas.

The six Serbs, according to Ukraine’s security service, fought in Ukraine in 2014 and then in Syria – another conflict zone in which Russia is deeply involved – in 2015.

All six allegedly belong to Wagner, a military company registered in Argentina, which the Ukrainian security service says serves as a paramilitary unit tasked with fighting for Russian interests across the world.

Among the six fighters wanted by Ukraine is Davor Savicic “Elvis”, a Bosnian Serb, who claims to live in Russia and work on a construction site.

Savicic was reportedly highly appreciated by his superiors at Wagner due to his extensive battlefield experience, and given the codename “Wolf” to reflect his strength and courage in combat.

While these claims could not be independently verified, Savicic’s Facebook profile picture is also, by coincidence, a wolf.

Bosnian police told BIRN that they believe that the mercenaries have a meeting point in Moscow, and that most of them are registered as temporary workers in Russia in order to avoid prosecution at home as foreign fighters.

Police records suggest that Savicic belonged earlier to various Bosnian Serb units, and spent the longest time fighting alongside the so-called Tigers, a notorious paramilitary unit led by Zeljko Raznatovic “Arkan”.

He who was killed in 2000 before he could face trial for war crimes by the international criminal tribunal for former Yugoslavia, ICTY, in the Hague.

Serbian volunteers in Ukraine.

In 2001, the Montenegrin prosecution accused Savicic and three others of planting a bomb in the house of Dusko Martinovic in the town of Berane, which killed six people. Martinovic allegedly owed them around 15,000 euros.

Savicic was initially jailed for 20 years in absentia in Montenegro, but an appeal court ruled later that there was not enough evidence to prove that he was responsible for the bombing.

From 2001 until his acquittal in 2014, Montenegrin police tracked him from Bosnia to France, Spain and Russia, but never managed to arrest him.

The same year Savicic was cleared, photographs appeared of him on the frontline in Lugansk, after he and an estimated 50 other Serbian fighters brought their battlefield skills to the aid of pro-Russian rebels against the Ukrainian government, according to the Bosnian prosecution.

Russia appears to have deployed them using similar methods to those Serbia used in the Bosnian war, when Serbia denied any direct involvement in the conflict and insisted all the Serbian citizens who took part in it were volunteers. Russia has done the same in Ukraine.

Wagner fighters have also fought for Russia’s Syrian ally, President Assad, and although many of them have denied the reports, news from Syria suggests that a number of them lost their lives fighting Assad’s jihadist foes.

Among them was Dimitrije Sasa Jojic whose death aged 25 was announced this June by the Serbian football fan group Firma, to which Jojic belonged before taking the path of a foreign mercenary.

Jojic also initially fought in Ukraine and had been active on social media there, posing in uniform and with other fighters.

It is believed that he was part of the same group from Wagner that went to Syria. Jojic was buried in Moscow this summer.

Other Serbian fighters, allegedly members of Wagner, and also wanted by Ukraine are believed to be stationed in Russia, travelling occasionally to rebel-held areas of Ukraine. All of them have Serbian or Bosnian passports.

Unlike Barovic or Pocuca – who were extradited from Ukraine and Russia – the Wagner men are seen as far more important for both sides in the conflict.

They are important for Russia, as their methods shed light on the hidden ways Russia exports fighters to the conflict zone.

They are equally important for Ukraine, which hold them responsible for numerous attacks that killed hundreds of people.

In consequence, as security experts have told BIRN, their extradition and arrest is highly unlikely.

Romanian Protesters Vow to Overcome Net Saboteurs

Posted on by BIRD

Mihai Sora, a well-known Romanian writer and philosopher, marched last Sunday in his Transylvanian town of Alba Iulia alongside hundreds of others who took to the streets that day against the push by the ruling Social Democrat-led coalition to adopt laws that threatens years of anti-corruption efforts.

Over 45,000 people across Romania did the same, with 25,000 marching in the capital, Bucharest, alone.

Sora, who is 101, is one of Romania’s most followed celebrities on Facebook whose posts get thousands of shares.

A picture of him at Sunday’s march made headlines in Romania, while on Tuesday he announced on Facebook that he had been “reported.”

Sora experienced what scores of activists, protesters and social media users who supported the demonstrations and posted videos from the protests also encountered this week.

Access to their accounts was blocked suddenly by Facebook, after what they believe were attempts by government supporters to harass them by reporting their accounts as spam generators.

“I have been reported (it seems this is the right word for it). In other times, under different rulers, there was snitching – very lucrative for some and, in any case, meant to keep under control any strand of hair with rebel tendencies; in the last years of Ceausescu’s regime it became a reflex for many people,” Sora wrote on his page on Tuesday.

“I had to live, it seems, in order to see and understand new technologies, starting with Facebook,” he concluded.

The writer said that he had since sent a canned copy of his ID “somewhere into the ether” and his account was unblocked.

An algorithm error:

A Facebook spokesperson told BIRN on Tuesday that “a number of pages were temporarily blocked due to an error in our automated systems.

“As soon as this was brought to our attention, we disabled those blocks. We apologize for any inconvenience caused by these pages being unavailable for a few hours,” the spokesperson added, without explaining what the error was.

Mihaela Pana, journalist and founder of Cyber Media website, told BIRN that the “error in the automated systems” means the algorithm used by Facebook simply did what it was told to do following a series of complaints filed against those accounts.

“This is the dark side of using algorithms,” she explained. “If some people use the online to do good, others abuse the algorithm system and act like anonymous vigilantes, trolling whatever they see fit,” she added.

Such vigilantes can serve whatever interest is there. This trend did not only apply to Facebook, she said.

“Yesterday, I spent a whole day finding a series of Russia-based bots on Twitter, mimicking Romanian names. It’s really difficult to quantify this phenomenon, to find these accounts and see what interests they serve,” she pointed out. “Basically, there is no safe medium out there.”

However, she says people can be taught better how to protect themselves.

What happened with the accounts of the Romanian activists shows there is still a need for people to understand how to protect themselves from abuse: either to compartmentalize their online activity, with separate accounts for personal and professional purposes, or simply to anonymize their personal life.

Resilient protesters:

Some activists whose accounts were blocked responded immediately by setting up fan pages with several administrators, so that if their accounts were blocked again, they would still be able to post on their pages.

Oana Dobre Dimofte, a former journalist and supporter of the protests, was one of many who then set up a fan page “just in case.”

“We’re interested in whether it was an orchestrated move or not,” she told BIRN about the blocking phenomenon.

She knows Facebook cannot say that by looking at an algorithm, “but we are convinced it was a political move because certain accounts were targeted,” she added.

To avoid renewed protests in Bucharest’s Victoriei Square, in front of the government headquarters, the Bucharest city council, also dominated by the Social Democrats, on Tuesday decided to set up a second Christmas fair in the square from December 2 to December 20.

An amusement park has already been set up in front of the parliament building in central Bucharest.

The Ministry of Interior on Wednesday said it was also investigating protesters who allegedly assaulted police on horseback at Sunday’s protests, blinding the animals with flashlights.

But Dobre says that neither online trolling nor measures taken by the authorities would stop the protesters from taking to the streets again.

“They made us get out of our houses at midnight [on January 31, when the government issued a decree pardoning corruption offences] and we took to the streets,” she recalled.

“They sent people with Molotov cocktails against us and we came back again; they threatened us with child protection legislation because we took children to the protests, and we continued to take them with us; do they think we’re going to be scared of some mulled wine?” she asked.

Social Democrat politicians BIRN tried to contact to refused to comment.

Another protest against the government, meanwhile, is scheduled for Friday December 1.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now