Category: Uncategorized

A digital screen displays a live cyber hack attack during a press conference at the Federal Criminal Police Office (BKA) in Wiesbaden, Germany, 11 November 2019. Photo: EPA-EFE/RONALD WITTEK

A report by the FBI and the Cybersecurity and Infrastructure Security Agency, CISA, published on Wednesday, on the wave of hacking attacks in Albania, says Iranian attackers gained access to Albanian systems some 14 months ago, long before the actual attacks started.

The first cyber-attack was reported on July 13, when Albanian government services became unavailable for some days.

“An FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the [July] destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware,” the report says.

“The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating email content,” it adds.

From May to June 2022, “Iranian state cyber actors conducted lateral movements, network reconnaissance, and credential harvesting from Albanian government networks.” it continues.

In June and August, messages against the Iranian dissident group hosted in Albania, the People’s Mujahedin of Iran, MEK, were released.

The hackers also posted polls on their channels, the website called “Homeland Justice” and a Telegram group with the same name, in which they asked Albanians what would they like them to publish.

One poll asked if they would like them to publish Albanian Prime Minister Edi Rama’s emails.

“In September 2022, Iranian cyber actors launched another wave of cyber attacks against the Government of Albania, using similar TTPs [Tactics, Techniques, and Procedures] and malware as the cyber attacks in July. These were likely done in retaliation for public attribution of the cyber attacks in July and severed diplomatic ties between Albania and Iran,” the report explains.

Albanian PM Rama on September 7 expelled Iran’s diplomats from the country after the massive cyber-attack on the government’s key servers in July.

After blaming Iran for July’s cyber-attack, fresh attacks occurred two days later, this time targeting the Traveller Information Management System, TIMS.

This caused queues ar border points, where the registration of citizens and vehicles entering and leaving the country had to be done manually.

Attacks continued on September 19, when emails of the former Chief of Police were released by a group that calls itself “Homeland Justice”.

Police said the prosecution had issued a ban on the publication or reposting of any information released by those behind the cyber-attacks, tasking cybercrime police, the broadcasting regulator and the Electronic and Postal Communications Authority to monitor the information and its use.

The order was condemned by the journalists and journalists’ rights organizations, however.

Illustration by Pixabay

A BIRN investigation shows that Serbia’s cadaster system, RGZ, was infected by not just one malware computer virus but by at least three malicious programs and that at least one of them entered the server via the RGZ mail server, from where it tried to spread.

The servers of the Republic Geodetic Institute stopped working on June 14, when it was announced that a hacker attack had been carried out.

For this reason, management said they locked the entire system preventively, which made it impossible to use its services, including the cadastre of property ownership.

RGZ later said the computer sabotage was carried out from abroad using the ransomware virus “Phobos”.

This works by locking the device, disks and databases that only become available again when the hackers are compensated. However, RGZ insisted that “so far, the message with a request for redemption [cash] has not been identified”.

But BIRN discovered that, beside Phobos, the system was infected with Qakbot and Mirai Botnet as well.

Vladimir Cicovic, a cyber security expert, told BIRN that hackers may have used Qakbot to insert the Phobos virus into the system of the Geodetic Institute.

“One group is selling access, and the other is breaking in. The cooperation of several groups is not excluded. In the institution, they were looking for Phobos, but they didn’t look at how it got in, that is, who opened it,” explained Cicovic.

In special databases, the date of detection of the Mirai botnet on the RGZ mail server is May 8, 2022, while the version of Qakbot from the infected email was detected on May 13.

This is about a month earlier compared to the date officially listed as the start of the hacker attack, and two weeks before the virus allegedly entered the system.

A BIRN journalist had himself received an email from RGZ employee with whom BIRN journalists had been in contact in recent months. The title of the email, as well as other details, made everything look like a continuation of the correspondence, but the content of the email was in Dutch!

Cicovic believes that the fact that the author of the infected email wrote in a foreign language indicates that the malicious program was most likely not intended for Serbia. “If a professional was doing this, the email would be in Serbian. The campaign, or whatever, was not intended for Serbia,” Cicovic said.

He added that the infected email, received by a BIRN journalist, is directly related to the hacker attack on the Geodetic Institute because it shows that the earlier correspondence between the RGZ official and the BIRN journalist was leaked and is now in the hands of hackers.

“The BIRN journalist’s correspondence with the RGZ official is in someone’s hands. A hacker can sell, give, publish this data, but the fact is that the data has been stolen. The email received by the BIRN journalist is sufficient evidence for such a thing. It is possible that other information is also available,” he said, stating that this shows there was a threat of compromising private data.

It is not known whether any other citizen received a similar malicious email.

BIRN contacted the office of the Commissioner for the Protection of Information of Public Importance, which replied that the infected email is not proof that personal data has been compromised and that, as such, it has nothing to do with the hacker attack on RGZ.

According to a report by Kaspersky antivirus solutions company , in the first half of this year, Serbia ranked 13th in the world in terms of the number of cyber-attacks on management systems and critical infrastructure, after Vietnam, Sudan, Tanzania, Yemen and Bangladesh.

Members of the European Parliament sent written questions to the European Commission on September 16 about the EU-funded “Centaur” and “Hyperion” surveillance systems deployed in reception areas in Greece. Their questions came after BIRN and Greek investigative outlet Solomon published a joint investigation on this on September 9.

BIRN and Solomon revealed in “Asylum Surveillance Systems Launched in Greece without Data Safeguards” that the “Centaur” and “Hyperion” systems were crafted and initially implemented with funds from the EU’s Recovery and Resilience Facility – without prior recruitment of a Data Protection Officer at the Ministry of Migration and Asylum, a requirement under the GDPR, the EU’s General Data Protection Regulation, to ensure adequate oversight. 

Nor were mandatory Data Protection Impact Assessments, DPIA, conducted in the design phase.

Tineke Strik, a member of the Group of the Greens, one of the eight MEPs who signed the questions to the Commission, published it yesterday on her Twitter account. 

“EU funding of surveillance technology used on migrants in violation of fundamental rights must stop,” Strik said. 

The MEPs asked the Commission how much money the EU spent on the two surveillance systems, from which funds this came, and how much funding has been or will be provided for similar systems. 

BIRN and Solomon established that the planning of Hyperion and Centaur began in 2020. The Hyperion system monitors movement in and out of state-run asylum camps. Centaur deploys behavioral analysis algorithms and transmits CCTV and drone footage to a control room inside the Greek Ministry of Migration and Asylum. 

Humanitarian organisations say the two surveillance systems violate asylum seekers’ fundamental rights and freedoms. 

The MEPs said the Greek government was clearly unwilling or unable to conduct an “independent investigation” following allegations of non-compliant expenditure of EU funds in violation of fundamental rights. 

“What is the Commission’s assessment of compliance with fundamental rights, and how is the Commission investigating this?” they asked.

“Is the Commission taking action to reject cost reimbursement or retract funding for the Centaur and Hyperion projects? What measures are being taken to prevent future EU-funding of projects in violation of fundamental rights?” they added. 

On July 26, Nikos Androulakis, head of the socialist PASOK party, Greece’s third-largest, found that his phone had been infected with Predator spyware and at the same time was being monitored by the Greek intelligence service, EYP.

After Thanasis Koukakis, a financial journalist who specializes in corruption cases and banking scandals, who was also wiretapped, filed a complaint, Androulakis decided to pursue legal action.

Funded by European grants mostly and by subscribers with no advertisement revenue, independent investigative journalist groups since April have revealed the existence of a spying network both public and private, against journalists and politicians.

As a consequence of Androulakis’s move to reveal his surveillance, two members of PM Mitsotakis’ inner circle resigned on August 5: the head of the EYP, Panagiotis Kontoleon, and the Prime Minister’s chief-of-staff (and nephew), Grigoris Dimitriadis.

In the cases of both the Socialist party leader and the financial journalist, it was revealed that the intelligence service and private software spyware predator operated complementary to one another other, although no direct connection between the two has been proven as yet.

The new Greek PASOK party leader, Nikos Androulakis speaks during a press conference after a meeting with Portuguese Socialist Party in Lisbon, Portugal, 28 March 2022. EPA-EFE/ANDRE KOSTERS

‘Protective fence’ surrounding corruption suspects

In 2019, one month after the national elections in Greece, I wrote an article for the New York Times’, arguing that Mitsotakis could never be a moderate liberal politician as he would have us believe, but would rule with a combination of aggressive neoliberal and authoritarian politics. However, my warning didn’t foresee the severity of his populist turn.

Year after year, European Commission rule of law reports have upgraded their warnings about the dysfunctional judicial system and freedom of the press in Greece. But the wiretapping scandal and the uncontrolled operation of spyware in Greece are taking the discussion to a new level.

In 2021 alone, 15,000 decisions were taken to intercept, continue or end the communications of individuals implicated in cases of national security. The numbers grew after the Greek bankruptcy crisis of 2010, but in the past three years, have reached an all-time record.

Furthermore, since 2019, it is not clear how many of them relate to crime and how many are related to national security concerns. This is because, in a series of legal actions, the government has secreted processes and the legal right to information on them.

When journalist Koukakis tried to obtain information on his surveillance, the government changed the law and forced the authorities to deny it. But when an MEP and Pasok leader discovered he was being subjected to surveillance as well, it was impossible to avoid the exposure.

When Koukakis started revealing financial scandals in banks, Mitsotakis didn’t hesitate to change the law that could have forced the judicial authorities to summon bankers who were implicated in fraud, illegal public spending, or tax evasion.

Greek Journalists Stavros Malichudis (2-L), Eliza Triantafillou (C), and Thanasis Koukakis (R) attend a hearing by the European Parliament?s Inquiry Committee amid an investigation into the use of the Pegasus surveillance spyware in Greece, in Brussels, Belgium, 08 September 2022. EPA-EFE/OLIVIER HOSLET

A sequence of events suggests that Mitsotakis may have actively tried to create a protective fence around the people investigated for financial scandals. A few examples: by amending the penal code, the crime of banking fraud is no longer prosecuted ex officio by the prosecutor, but requires a complaint from the bank. That means, that if an executive commits the crime of dishonesty, the prosecutor cannot intervene if the bank itself does not file a complaint. Guess who has benefited from having their cases archived in this way? The people Koukakis was researching.

Then came the abolition of the ex-officio prosecution of the crime of tax evasion (for over 150,000 euros) – unless a final certificate from the tax administration causes negative press headlines. Last but not least, it was revealed that the people involved in the financial scandals Koukakis was researching were also related to Interllexa, the company that runs the predator software, originally created in North Macedonia, but officially running from Athens.

On top of the 15,000 official cases that EYP is handling every year, it seems that different spyware programs are operating “in the wild”, as the intelligence agency is not in control of these programs.

According to reports, the company serves 34 customers around the world from Athens, and it still advertises on its website as “intelligence solutions for governments”. A recent leak of documents from a cybersecurity forum suggest that it still provides remote control operations for one year at a price of 8 million euros. No authority has summoned the company yet to testify.

Did the government reduce to a tool of corruption?

The political roots of this scandal go back to Mitsotakis’s appropriation of ideas about an executive state borrowed from the Reagan era in the US and put into a Balkan context in the digital age.

There is tension between the concentration of political power on the one hand that refers to populist conservative administrations and to the decentralizing tendency of the markets. In short, a powerful PM’s office does not just overlook the function of government but directs all aspects of it, aiming to control corruption within the lower and middle levels of governance.

An extended office of technocrats accountable to the PM takes control of governance and outsources all executive work to private companies to avoid bureaucracy and enhance efficiency. Emphasis is given to a powerful police and the army, which guarantee safety and order. In that context, Mitsotakis didn’t hesitate to take under his command the national press agency, the national broadcaster, and the National Intelligence Agency.

But what happens when the government itself is a source of corruption, through a clientelistic system and weak institutions, as the wiretapping scandal indicates? In Greece, the so-called executive state seems to have reduced government to a tool of corrupt power, doing business at the top level of finance and politics, while alienating itself from the people and disorganizing different aspects of social life.

Whether it is wiretapping his political opponents (and financial actors) or providing the necessary political cover-up for an autonomous intelligence service and private actors, Mitsotakis has failed to defend democracy. While there have been serious cases of wiretapping in the past, what is striking, in this case, is its banality. A connection between public and private actors has not been proven, but strong indications suggest there may be a connection.

International media are focusing on this corruption and the European Parliament hosted an audit on the case, putting Greece, next to Poland, and Hungary, in a group of countries that violate the Rule of Law. Now the Greek government says it wants to modernize the framework that regulates surveillance. But in a populist or even ultra-conservative way, it also supports the EYP’s “modernization” and has praised its contribution to handling external threats in the region of the Evros river bordering Turkey and the Aegean.

It is unclear whether the government means that it is monitoring Turkish hostile actions on the border or refugees’ phones before deportation and pushbacks, but it is clear that it has intercepted journalists and humanitarian volunteers, apparently considering them a threat to national security! Journalists Malichudis and Papangeli fell victim to this perception of the “National threat”. As for the modernization of EYP, no law allows it to use spyware so far. But none of that seems to bother Mitsotakis. His government wants to continue doing business as usual, even if that now seems impossible.

Matthaios Tsimitakis is a Greek journalist and a digital communication expert based in Athens. He is an author of the independent Greek newsletter “Το Νήμα” (The Thread)

The opinions expressed are those of the author and do not necessarily reflect the views of BIRN.

Montenegro’s Ministry of Public Administration on Friday said the country’s administration will continue to function offline, as the government servers are still at risk of more cyber-attacks.

The digital infrastructure of a major part of Montenegro’s public administration has been offline since August 26, following an unprecedented series of ransomware attacks on government servers.

“Certain workstations are compromised, so the system must stay offline before the entire network is safe. We must be sure that the network and all devices are clean so that attacks don’t happen again,” the ministry told BIRN.

Government servers were hit with ransomware, a type of malware attack in which the attacker locks and encrypts the target’s data and important files and then demands a payment to unlock and decrypt the data.

After the second cyber-attack, on August 26, certain services were switched off temporarily for security reasons, causing problems in the functioning of the public administration. On September 1, the FBI sent a team to assist in the investigation.

The head of the state Cyber Security Service, Dusan Polovic, said on September 15 that the system could go online again in the next few weeks, stressing that the systems have a backup copy, which means that the data are saved.

“Some of the workstations are encrypted, so we are not sure if those computers will be used again. Therefore, we have a backup system, so in that sense, we should not suffer any damage,” Polovic told Radio Free Europe.

After the cyber-attacks on August 26, the Agency for National Security, ANB, accused Russian services of organizing them.

But on September 1 Russia’s Foreign Ministry dismissed the claims as part of a “continuous policy of dismantling relations with Moscow in order to please the United States”.

On August 31, Public Administration Minister Marash Dukaj blamed the known ransomware extortion specialists Cuba Ransomware for the attack. The group has claimed responsibility for the attack. Dukaj said the group had created a special virus for this attack, costing about 10 million US dollars, which has not been used anywhere so far.

Sever believes being an active journalist during her tenure is important: “Every day, I’m in touch with the people whose rights we fight for; I know their needs and understand what pressure from owners, politicians, or advertisers means for an ordinary journalist because I am just a fellow journalist.”

One question facing her is about her gender. For the first time in the history of the EFJ, a woman is leading the organization – and a woman from the Balkans.

Many female and Balkan journalists may be placing their hopes for better treatment in the media world in her.

Media freedom remains a problem in Balkan states. Reporters Without Borders’ 2022 World Press Freedom Index, says the past year has been a significant increase in “polarisation amplified by information chaos” – a phenomenon that has also affected the troubled media environment in the Balkans.

Sever wants her presidency to send a message that the Balkan region is part of Europe, and that, regardless of differences, they must jointly develop democracy and strengthen the independence of the media.

“My colleagues at the EFJ know that I am an open and inclusive person. I know the situation in the media sector in the Balkans quite well; they know that we are cooperating on several projects, and I believe we will get a little closer and strengthen cooperation during my presidency,” she told BIRN.

Focus on women’s issues

A report published  by BIRN, “Women in Newsrooms: Perspectives on Equity, Diversity, and Resilience”, found that women journalists in the Western Balkans confront numerous obstacles in their participation and representation in news organizations.

The new EFJ president takes her female leadership seriously; an activist, she rebels against injustice. “The attitude toward women in the media is unfair. It’s not just an impression; figures show the pay gap and many other exacerbated data. It’s always easier for bullies to attack a woman. But I fight against it with all my heart. I hope my contribution to the EFJ will help to improve the situation,” she told BIRN.

Active in the fight against SLAPPs

Sever became EFJ president at a crucial time; press freedom is under attack, many journalists are being prosecuted with so-called strategic lawsuits against public participation, SLAPPs, while at the same time they are also being targeted by politicians. Journalist workers’ rights are routinely violated. European and Balkan journalism, whatever the differences, shares similar problems.

Sever lists some of them to BIRN. “The EFJ is working intensively on professional assistance, building a system of protection of workers’ rights and trade unions, and defining strategies for systematic improvements.

“We have been working together for a long time to connect and strengthen the defence of the independence of local media. It is a problem that binds us together. Poor solutions to local media funding, pressures from politicians and advertisers, dependence on the financing by local government units …  Together we are trying to find a way out of this vicious circle in which most of the local media are in, in these areas. The struggle for public media services also connects us,” she says.

The EFJ cooperates with other European organizations dealing with these problems, such as the Europe-wide mechanism Media Freedom Rapid Response.

“We are part of the CASE coalition and participate in the most crucial fighting processes against SLAPPs. We support individual journalists exposed to SLAPPs but also define the strategies, requirements, and participation in the public debate on the legal frameworks for the fight against SLAPPs. There is currently a review of the adoption of a Directive and recommendations on the SLAPP in EU institutions and at the national level of EU member states. EFJ members actively advocate at the EU and national levels support for these documents,” she told BIRN.

A mission, not a job

The industry globally is facing many problems. Given this situation, is it worth working as a journalist today? Sever advises the young to proceed boldly. For her, journalism is still the best job in the world, a job that can make changes for the better in every society.

“It is a mission, not a job, and it is easy to love. I spoke to many young colleagues frustrated with the editors’ comments in the newsroom. My advice was, ‘Trust yourself, fight and think for yourself, complain, and don’t surrender. It’s the only way to do it and live journalism – the most beautiful job in the world,’” she concludes.

The special forces of the Albanian police enter the premises of the Iranian embassy in Tirana, after the interruption of diplomatic relations. Photo: LSA

The latest cyber-attack on Albanian institutions caused queues on border points during the weekend, where the registration of citizens and vehicles entering and leaving the country had to be done manually.

Prime Minister Edi Rama said the latest cyber-attack “was made by the same aggressors”, meaning Iran.

“Another cyber-attack by the same aggressors, already exposed and condemned even by Albania’s friendly and allied countries, was recorded last night on the TIMS system! Meanwhile, we continue to work around the clock with our allies to make our digital systems impenetrable,” Rama said on Saturday.

A recent report from Microsoft, which the Albanian government tasked with assisting in the recovery and investigation of the cyber-attack in July, says the attacks began in May 2021 and that government databases were attacked by four groups linked to the Iranian government.

The report details the infiltration of a vulnerable server and then the escalation of the attack until July 2022, when the attackers attempted to delete data on the server.

“Microsoft was able to prove with a high degree of certainty that a variety of Iranian groups were involved in this attack, with different actors responsible for different phases,” the report said.

According to Microsoft, data show that one of the groups involved in the initial intrusion and data theft is linked to EUROPIUM, a group connected to other Iranian Ministry of Intelligence.

The company says it has other data linking the attack with Tehran, including the fact that the codes were used earlier in similar attacks, as well as messages from the attackers, targeting Iranian opposition groups sheltering in Albania.

“The wiper code was previously used by a known Iranian group,” the report said.

The attack culminated on July 15, just weeks after the country had added new online services aimed at cutting bureaucracy. Key services, from prescriptions, that doctors issue to student registration in schools and business registrations and balances were closed.

The government and National Information Society Agency, AKSHI, downplayed the attack and insisted that the aggressors had not succeeded in their aims.

Nearly two months after the July cyber-attack, on September 19, the government cut off diplomatic relations and expelled Iranian diplomats, accusing Tehran of “state aggression”.

Iran has denied responsibility for the attack, describing the accusations as “baseless” and the decision to cut off diplomatic relations as “short-sighted”.

In its technical analysis of the attack, Microsoft says that it was carried out by four different groups. The first breach occurred in May 2021.

According to Microsoft, an unspecified number of emails were stolen between autumn 2021 and January 2022. The page where they were published, Homeland Justice, claims to have received the official email of Prime Minister Rama, that of the Minister of the Interior, the Minister of Defence, several embassies and a number of other actors, including AKSHI high officials.

According to the investigation team, the final attempt of the action was to encrypt the data and at the same time delete it, but “the attack failed”.

“The Iranian-funded hacking attempt had less than 10 per cent impact on the client’s environment,” Microsoft’s report said.

Relations between Albania and Iran have been tense since 2013, when US ally Albania agreed to shelter members of a group known as Mujahedin-e-Khalq, MEK, an opposition group to the regime in Tehran, supported by the US.

Journalist Vladimir Kovacevic after the attack. Photo: Gerila.info

Confirming a lower court decision, Bosnia’s Constitutional Court has ruled that Republika Srpska’s public broadcaster, RTRS, slandered the journalist Vladimir Kovacevic who was brutally attacked covering mass protests in Banja Luka four years ago.

The ruling, which follows an appeal by RTRS and its former editor-in-chief Sinisa Mihailovic, confirms that the broadcaster slandered Kovacevic, who was attacked after covering a “Justice for David” protest in 2018, which had attempted to push the authorities to resolve the case of the unexplained death of a 21-year-old man in Banja Luka.

Kovacevic welcomed the ruling. “The decision of the Constitutional Court to reject the appeal of RTRS was the only logical move, because it was a clear question of slander,” he told BIRN on Friday.

The Constitutional Court stated that “the appellants [RTRS] did not take into account the plaintiff’s particularly vulnerable situation due to the attempted murder, nor can it be concluded that they had a ‘sincere intention’ to inform the public about topics of public importance” when publishing the article.

Immediately after his attempted murder, on August 31, 2018, after Kovacevic was released for home treatment, RTRS published an article on its website entitled “Creeping coup d’état in Republika Srpska! They don’t want elections, they overthrow the government on the street!”

The article stated, among other things: “The latest events regarding the attack on a journalist of the opposition-friendly BN TV and the spontaneous gathering of journalists in front of the Palace of the Republic in Banja Luka further fuel claims that a creeping coup d’état is on the scene.

It added that “the latest case of an attack on a journalist sympathetic to the opposition serves the purpose of animating wider social strata and calling for defence against the alleged dictatorship of [Bosnian Serb leader Milorad] Dodik and his party.”

“The aforementioned journalist is known to have recently received 80,000 dollars from USAID for some kind of internet portal,” it continued, portraying him as a “foreign mercenary”.

Kovacevićcsued RTRS before the Basic Court of Banja Luka for injury to his honour and reputation caused by defamation. The court agreed and ruled that RTRS and then editor Mihailovic should jointly pay him 5,000 Bosnian Marks (some 2,500 euros) in compensation.

The same court concluded that Kovacevic had proved that he did not receive 80,000 US dollars from USAID, and according to the court, “none of the ‘negativity’ attributed to him has been proven”.

Following this verdict, RTRS and Mihailovic appealed to the Constitutional Court of Bosnia and Herzegovina, claiming that their freedom of expression was being violated, and adding that no journalist was named in the contested text.

The Constitutional Court, however, considered that the court in Banja Luka correctly concluded that even without stating the name of the journalist, it was clear who it was about, and that he was portrayed to the public as a “foreign mercenary”.

The same article was also published on a website of US-sanctioned television close to Dodik, ATV. Ironically, Kovacevic lost his case over that article, and had to pay the court expenses to ATV and its former editor-in-chief, Nenad Trbic.

Marko Colic and Nedeljko Dukic were sentenced to five and four years in prison for the attack on Kovacevic, which was characterized as attempted murder. The masterminds behind the attack were never officially revealed.

Cuba Ransomware and other cyber-attacks rock region

In November 2021 the FBI initially identified the so-called “Cuba ransomware”, accused of compromising as many as 49 public and private entities by encryption techniques targeting data with the unique “cuba” extension. Cuba ransomware perpetrators have demanded at least US $74 million and have received at least US $43.9 million in ransom payments so far.

In the region, Montenegro was hardest hit by cyberattacks lately. As BIRN has reported, the IT systems of Montenegro’s public administration have been offline since August 22 and, after initially blaming alleged Russian hackers, authorities now do not exclude the possibility of the Cuba Ransomware’s involvement. Public Administration Minister Marash Dukaj has directly accused the criminal group linked to the Cuba Ransomware of responsibility.

A digital screen displays a live cyber hack attack during a press conference at the Federal Criminal Police Office (BKA) in Wiesbaden, Germany, 11 November 2019. Photo: EPA-EFE/RONALD WITTEK

Beyond that worrying case, cyberattacks and other online frauds occurred all over the region. In North Macedonia on August 26, after a prize game recently appeared on Facebook through the fake profile “Technomarket Fans”, Technomarket, the Bulgarian retailer of consumer electronics, warned that the prize and the website were fake and aimed to lure users into an online scam. As part of a supposed raffle, the scammers claimed to be giving away vouchers for 670 fridges and cookers.

In another incident, on August 21, a man was defrauded online of over 130,000 denars (around 2,000 euros) after he publicly appealed for humanitarian aid from citizens to rebuild his ruined house.

Public institutions continue to be victims of incidents of falsification and impersonation in the online world. In Hungary, fraudsters misused the name of the police, sending mass emails in the name of the Police Department of Budapest with malware attached.

According to the real police, a malicious file with an XLL extension was sent to citizens claiming to be a police officer seeking a price quote from the recipient’s company and asking them to open the attached document.

At the same time, in Serbia, a phishing scam targeted a number of Serbian Post users. Serbian Post warned citizens of the attempted fraud and urged them not to be tricked by the fake emails. Serbian Post stressed that it never contacts citizens in this way.

Meanwhile, in Bosnia, on 22 August, two Ukrainian citizens were convicted of international cybercrime in what is the first such sentence in the country. The two were arrested and accused of organized crime concerning computer fraud after taking out 100,000 KM (around 50,000 euros) from a 24 Sberbank BH ATM. Investigators were unable to intercept about 2.5 million KM (around 1.25 million euros) which they seem to have exported abroad, most likely to their country of origin.

Hate speech targets the Albanian minority in North Macedonia

Our latest review of the violations that took place in the first half of August highlighted that the Bulgarian minority in North Macedonia is not fully integrated into the socio-cultural context of the country. The much larger Albanian minority has meanwhile been frequently attacked on North Macedonian social networks, which further demonstrates how internal ethnic tensions are being exacerbated by far-right propaganda on the web.

An Ethnic Albanian waves Albanian flag in front of the cordon of police officers during the protest following a court decision in Skopje, North Macedonia, 26 February 2021. Photo: EPA-EFE/NAKE BATEV

Our monitors recorded widespread usage on North Macedonian social networks of the highly derogatory and insulting term “Shiptar” to target the Albanian minority. As Albanian commentator Butrim Gjonbalaj explained, “Skiftar, Siptar, or Shiptar was a derogatory term used by Yugoslavians to insult Albanians and basically the equivalent of calling people of colour the N-word.”

The slur was the subject of a Belgrade court ruling in Serbia in December 2020, following an appeal from Ragmi Mustafa, the head of the Albanian National Council, against Serbian Interior Minister Alexandar Vulin who used the slur on multiple occasions. However, the court ruled that while the term is offensive, “it does not represent an idea, information or opinion that incites inequality, violence and hatred”.

On August 25, a Twitter user, addressing North Macedonia’s ethnic Albanian minority, wrote: “Why don’t we, like the Shiptars, start not paying for electricity!” Along the same line, a Twitter account posted that he “got into a fight with a ‘shipper’”, which was followed by several users also using derogatory words about ethnic Albanians in North Macedonia. On August 23, following a tweet published by a university professor, who had criticized the government, a Twitter user replied that the country’s large ethnic Albanian minority had to be eliminated. The user said: “Only a general popular uprising can remove them from power”.

Another user, commenting on a post published on 22 August that read: “NATO today with the symbolic low flight of a B-52: This territory must not be tampered with by anyone. This is what we fought for, friends,” wrote: “No one is allowed to touch it, except for Shiptari, Bulgarians and Greeks.”

A further incident saw the online media Plusinfo.mk publishing an article titled “What awaits the Albanians?” aimed at targeting the Albanian minority. “They know their dream of Greater Albania will never come true!” it commented, adding other derogatory phrases that accused the country’s Albanians of being stateless and of working against the country. Another accusation made in the online media is that Albanians are political spies whose sole aim is to destroy Macedonian identity, state and culture.

Online gender-based violence hits the Romanian digital environment

Women continue to be targeted online by incidents of misogyny, sexism and other cases of gender hatred. Cyberviolence against women is confirmed to be a worrying trend in various digital environments. In the second half of August, Romania recorded several episodes of this kind.

Women with their eyes covered with violet scarfs participate in a flash mob in front of Romania’s Internal Affairs Minister in Bucharest, Romania, 01 March 2020. Photo: EPA-EFE/BOGDAN CRISTEL

On August 26, Andrei Selaru, aka Selly, the most popular Romanian vlogger on YouTube, became the target of online harassment after appearing in a video promoting the Romanian Army. The video, published on the Defence Ministry’s Facebook page, ignited a public debate on the way influencers cash in on public money. Journalists accused Selly of being paid for an “unprofessional campaign”, although he had collaborated for free.

In another incident, recorded on August 19, two Bucharest policewomen were attacked online after a picture taken of them without their consent went viral on Facebook. In the photo, the two women appear to drink coffee and smoke cigarettes in front of a police station in Bucharest. But what sparked the intense backlash was that the two policewomen were wearing full make-up. “These girls are some stripers, caught while preparing for a stag party,” wrote one Romanian on Facebook. Another was quick to assume that the two police officers were uneducated and had not studied at the Police Academy. “Wearing jewellery instead of police equipment. Instead of safety and protection, they offer us style,” said another Romanian.

A new report by the Media and Law Studies Association, MLSA, focusing on trial monitoring in Turkey says freedom of expression and journalism in Turkey are being directly targeted by court cases and ever-longer jail sentences.

“Our report conclusively shows that the violations of freedom of expression, freedom of the press and freedom of assembly increasingly continue in Turkey,” Mumtaz Murat Kok, project and communications coordinator at the MLSA and the author of the report, told BIRN.

During the report period from September 1, 2021 to July 20, 2022, 446 hearings of 210 trials held in 23 cities were monitored by 22 court monitors; 1,398 people stood trial in the cases monitored.

“A radical increase has been recorded in the prison sentences handed down during this period. This illustrates the pressures on freedom of expression and the will of the courts to punish those who exercise this freedom in line with the changing political conjuncture,” the report wrote.

According to report, 67 people tried in 41 trials were sentenced to a total of 299 years, 2 months and 24 days in prison.

Journalists come at the top of the list targeted by court cases mostly related to terror charges.

“Journalists were the only defendants in 46 out of 62 cases in which ‘making propaganda for a terrorist organization’ was among the charges leveled. Also, in 38 out of 44 cases in which ‘membership in a terrorist organization’ was among the charges leveled, journalists were the only defendants,” the report wrote.

“Only in one year, 318 journalists had to appear before the courts. In great majority of cases, journalists’ news reports, social media posts and even the language they used were cited as evidence. This shows that even though there are fewer journalists in prison in Turkey, which may give the illusion that the press is freer, trials themselves have become a form of punishment,” Kok added.

The MLSA report noted that news reports, articles, and photographs taken by the defendants as well as statements and social media posts of the defendants constituted the majority of the evidence cited against the defendants.

Kok added that the report also provides concrete evidence that the reluctance of Turkish authorities to implement the judgments of the European Court of Human Rights, ECHR, gives way to further violations.

“When all of this combines with a will to punish those whose expressions are deemed ‘unacceptable’ by the government, we get the dire picture the title of our report paints,” Kok said.

Founded as a non-profit in December 2017, the Media and Law Studies Association defends and promotes freedom of expression, freedom of the press and the right to information in Turkey via conferences and reports.

The MLSA report has been published with support by the Norwegian Foreign Ministry and the Turkey Office of the Friedrich Naumann Foundation for Freedom.