Category: Uncategorized

Last month, Credins Bank became the latest target as the Homeland Justice hackers hit a private entity for the first time.

Authorities say they have everything under control and have banned media from reporting on the content of the leaks. But ordinary Albanians are increasingly concerned for the security of their personal data.

This month, Progni, an IT expert, decided to act, filing a case with the Special Court Against Corruption and Organised Crime, SPAK, against the National Agency for Information Society, AKSHI, the National Authority for Electronic Certification and Cyber Security, ACESK, and a private firm responsible monitoring the implementation of standards by these bodies.

Progni, whose case has the backing of a forum of some 800 IT experts, said he was motivated by a desire to raise awareness and hold accountable those tasked with protecting private data.

“The biggest risks are the duplication of identity and the use of online data, the theft of the accounts that has already started, like Instagram, Facebook etc; these accounts are being stolen massively,” Progni told BIRN, saying he had already received thousands of messages from other concerned individuals asking about the legal avenues open to them.

“If they [SPAK] start an investigation, it’s certain that officials will be arrested,” he said.

Photo: Screeenshot from Homeland Justice webpage.

New front

Albania and outside investigators have all pointed the finger of blame at Iran, whose embassy in Tirana has been shut down as a result of the expulsion of its diplomats and ambassador. Albania has frozen diplomatic relations with Tehran.

The attack on Credins Bank appears to have opened a new front, however, as the hackers expand their targets from public to private entities.

On January 9, Homeland Justice published on Telegram a file that it claimed contains the data of business clients of the bank. A week later, another file appeared under the name ‘All Accounts Customers’. An accompanying message declared, “Credins Failed.”

Days passed between the attack and confirmation from Credins. The bank said a “peripheral system” had been affected but that the danger was isolated and the “highest IT security measures were implemented.”

One client, who asked not to be named, said she had been unable to log into her account for days and that, as of publication of this story, the bank app was still not working properly. “I wrote to the Support and they told me it doesn’t work but that it would be fixed soon,” she said.

“From an emotional perspective, at first I was very disappointed that the Support was completely unprepared; it didn’t provide any information except that it would be fixed during the following days. The information service also gave me wrong information, maybe not even the information service themselves knew what was going on, but it is very unprofessional that the customer was left without the right to know when there is a data breach.”

In its December 23 statement, the bank urged that no private data be published.

“We inform all persons that the publication of personal information without authorisation constitutes a legal violation, therefore we request that the distribution of this information be stopped immediately,” it said.

Western Balkan countries faced by cyber attacks since July (illustration). Photo: EPA-EFE/SASCHA STEINBACH

Class action lawsuit not an option in Albania

In some countries, affected individuals would be able to team up in collective action, or ‘class action’ lawsuits, to seek remedy, but under Albanian law this is not possible.

“This mechanism is not recognised in our legislation, even though there was an initiative by some civil society organisations that drafted a draft law on collective lawsuits and submitted it to parliament in 2021,” said Megi Reci, a lawyer at the Tirana-based Institute for Democracy and Mediation. “Approval remains subject to the will of the parliament.”

The only options open to individuals are criminal charges, civil lawsuits for compensation, or a complaint to the Commissioner for the Protection of Personal Data, Reci said.

As of January 18, SPAK told BIRN it had not registered any criminal proceedings with regards cyber-attacks.

The Tirana Prosecution is conducting its own investigation into the case; so far it has detained give IT employees in the public administration, but this has far from satisfied the government’s biggest critics.

As for solutions, experts say Albania may have to consider changing Albanians’ unique personal ID numbers.

“Only one recommendation solves this issue, which is to renew the citizen’s ID so that the IDs would be different,” Progni told BIRN. He also recommended 2-factor authentication for each account and greater awareness of phishing attacks.

The office of the Commissioner for the Protection of Personal Data said it had also proposed possibly changing ID numbers, but that it would be “a complex process”.

“The discussion and finding solutions for this initiative is complex and involves several institutions,” the office told BIRN in a written response. The IT breach and leak of private data “showed marked weaknesses of the structures and systems that administer them,” it said.

Romania cracks down on online violations

Romania has taken a strong stance against online violations with a series of arrests and convictions in recent months. Law enforcement agencies have been cracking down on individuals and organizations engaging in illegal activities, resulting in arrests and convictions.

A banner, reading ‘YOU KILL THEM !!!’, and a pair of children shoes were left by a protester at the entrance of the Interior Ministry building during a protest against the way Romanian authorities handled the kidnapping and killing of a 15-years old girl in the southern city of Caracal, in front of the Interior Ministry Headquarters, in Bucharest, Romania, 03 August 2019. Photo: EPA-EFE/ROBERT GHEMENT

Romania has seen a number of digital rights violations that led to arrests and convictions of perpetrators. A man accused of rape and child pornography was arrested in Gorj, southwest Romania, on December 17. According to the Directorate for Investigating Organized Crime and Corruption, the man raped a 15-year-old girl in March 2022. He also filmed the teen’s ordeal and shared the pornographic material with on Facebook.

On December 22, the Directorate for Investigating Organized Crime and Corruption dropped a child pornography probe based on a tip from the National Center for Missing & Exploited Children, NCMEC.

The US-based NGO had alerted Romanian authorities after detecting pornographic material involving a Romanian teen girl being shared on Instagram by an IP address in Alba County, in central Romania. The tip led prosecutors to a 15-year-old boy. He admitted guilt. However, prosecutors argued that the culprit had limited consent due to his youth.

In another incident, on December 31, Romanian authorities arrested influencers brothers Andrew and Tristan Tate in a human trafficking probe involving their video chat business in Bucharest.

Prosecutors at the Directorate for Investigating Organized Crime and Corruption identified six women who the Tate brothers on dating apps first contacted. Another man was arrested on January 12 for harassing and blackmailing his ex-girlfriend by publishing pornographic content about her on Facebook. The woman contacted the authorities, who intervened after the man destroyed the victim’s car.

Finally, on January 13, a court in Craiova, southwestern Romania, sentenced a man to eight months in prison and payment of 6,000 euros in moral damages to the three policemen he harassed on Facebook. Prosecutors said the suspect gathered information about one of the policemen and his relatives and then sent messages to public institutions containing embarrassing details about the man’s marriage. He also published the details on multiple fake accounts he set up on Facebook. The harassment started after one of the victims punished a colleague, who was discovered passing confidential information on police investigations to the suspect.

False bomb threats spread fear

In the second half of December, there were a number of incidents where false bomb threats were sent through social media and other forms of technology. Several incidents were recorded in Hungary, North Macedonia, and Bosnia and Herzegovina where false bomb threats were made through technology, leading to the spread of fear and misinformation through social networks.

An outside view of the new office building of Raiffeisen Bank in Sarajevo, 16 April 2009. Photo: EPA/FEHIM DEMIR

On December 16, 2020, in Hungary, an individual posted a comment on an event page on a social networking site stating; “There will be a pipe bomb under some chairs.” Police were able to track down and arrest the person responsible. This incident not only caused fear among those who saw the comment but diverted a significant amount of resources from police to investigate and prevent any potential harm.

Similarly, on December 17, 2020, in North Macedonia, a 63-year-old resident of Tetovo was arrested for making false bomb threats in the town of Delchevo. The individual said by phone that he had planted bombs in several locations but was quickly caught by the police. He faces a criminal charge of terrorism and a minimum sentence of eight years in prison if found guilty.

On December 19, 2020, in Bosnia, Raiffeisen bank branches in the Sarajevo area received threats of planted bombs, leading to the evacuation of all staff for security reasons. The bank informed the authorities and resumed operations after the premises were inspected. This incident not only disrupted the operations of the bank but also instilled fear among employees and customers.

These digital rights violations demonstrate the dangerous potential of technology when used irresponsibly. Using social media and other forms of technology to make false bomb threats is a crime that can lead to severe punishment and harms individuals, communities and institutions. These events highlight the importance of responsible use of technology and the need for effective measures to prevent such incidents from occurring in the future.

Serbia and Romania Hit by Cyberattacks, Data Breaches and Ransomware Attacks

In December and January, Serbia and Romania were hit by a series of cyberattacks, resulting in data breaches and ransomware infections. On December 12, the personal data of thousands of users of a popular Serbian tech forum were leaked online. On January 3, a Romanian hospital was targeted by hackers, losing access to a database of patients’ personal information and suffering a ransomware attack.

A Romanian man passes in front of a shop window of an Orange store that displays a huge 5G advertise banner, in Bucharest, Romania, 19 October 2020. Photo: EPA-EFE/ROBERT GHEMENT

On December 12, a major data breach occurred at Benchmark, a popular Serbian tech forum, when the personal data of over 90,000 users was leaked online. The dataset included sensitive information such as usernames, email addresses, and IP addresses. The incident caused widespread concern among the forum’s users, many of whom were worried about the potential misuse of their personal information. The forum launched an investigation and issued a statement apologizing for the breach and assuring users that they were taking steps to prevent such incidents.

On January 3, a cyber-attack targeted the Botosani Rehabilitation Hospital in northeast Romania. Hackers gained access to the hospital’s servers using the computer of an IT contractor and infected them with Phobos ransomware. As a result, the hospital lost access to a database containing the personal information of patients. The attack also had a major impact on the hospital’s operations, as it was unable to get its invoices paid by the National Health Insurance for the last month of 2022, causing financial strain. The hospital reported the incident to the authorities and launched an investigation to identify the attackers.

“If you talk to any bank manager they’ll tell you how many daily attacks each banking facility or mobile phone has,” Balluku told reporters in October.

However, Investigators from Microsoft and the US Federal Bureau of Investigation, FBI, found that the hackers had in fact breached the system more than a year before, that the official systems were compromised and that Iranian hackers were to blame.

Iran has been angered by the fact Albania has given refuge to an opposition movement that authorities in Tehran say is a terrorist group.

Experts say the hackers’ targets can be considered “critical infrastructure”, particularly the State Police. Private emails sent and received by former Chief of Police Gledis Nano have leaked, as has a database containing the personal data of some 100,000 individuals, including names, ID numbers, and place of birth.

Printscreen from Homeland Justice webpage

“Why did this not happen before? Because there was no ‘conflict’,” said Xhavit Shala, head of the Albania Academy of Security. “There are two cases when a cyber attack happens – for criminal reasons or political reasons. In the Albanian case, Iran asked for the destabilisation of public services in Albania because Albania has sheltered the Iranian opposition.”

Shala urged Albanian authorities to raise awareness about cyber threats.

“There is a strong need for awareness in all levels; individual, society and institutional,” he told BIRN. “There is also a need for training regarding cyber security.”

“The national security has been threatened. Their aim was to create some kind of chaos.”

No ‘secret’ or ‘top secret’ data has been leaked,” Shala said. “But if it was up to me, none of this should have been made public.”

The FBI determined that “Iranian state cyber actors” initially accessed the network some 14 months before launching a cyber attack in July that included “ransomware-style file encryption and disk wiping malware.”

Microsoft said it had identified four groups behind the attacks, “linked to the Iranian government.”

“Microsoft was able to prove with a high degree of certainty that a variety of Iranian groups were involved in this attack, with different actors responsible for different phases,” the report said.

A BIRN investigation recently disclosed that female journalists are often afraid to report such abuse and harassment and ignore the procedures.

At the same time, most media in Greece do not even have the means to handle such cases.

BIRN’s research covered incidents over almost 30 years, from 1993 to 2021, documented through interviews with current and former media industry workers.

“I would have expected, from 2015 until today, more complaints and even named ones in the media. We journalists ask everyone to come forward, speak, and expose themselves, but we hesitate to do the same,” Lina Giannarou, editor at the Greek newspaper Kathimerini, told BIRN.

“One reason is the fear of being out of work. Those who have to tell such stories are now at an age when it would be difficult to recover professionally,” she said.

#metoo reaches Greece, but not journalism

In 2015 the model Ambra Gutierrez accused American film producer Harvey Weinstein of inappropriate behaviour. Her complaint was downplayed and buried by the media and the authorities.

It took two years and the investigations of journalists Jodi Kantor and Megan Twohey and their editor, Rebecca Corbett, at the New York Times for the scale of Weinstein’s abuse to become public.

The journalists revealed cases of sexual abuse by Weinstein stretching over nearly three decades. Their investigation became a book in 2019 and then a movie, “She said.” Weinstein is now in jail.

In 2017, Giannarou wrote about sexual harassment in the Greek media workplace. For the first time in the Greek media, a female journalist anonymously shared her experience of abuse.

After a lot of pressure because she did not give in to the perpetrator’s threats, the victim she wrote about was forced to change jobs. The abuser, Giannarou says, found himself apologizing to the Journalists’ Union for sexual harassment following a complaint by another colleague.

Four women journalists openly shared their stories of abuse with the Greek media outlet Proto Thema but without naming the perpetrators.

It took almost four years, a pandemic, and the public confession of Olympic gold medalist Sofia Bekatorou, to journalist Evita Tsilochristou in the online edition of the women’s magazine Marie Claire about her own experience of sexual abuse, to activate the #metoo movement in Greece.

It was only then that people from the field of sports and culture shared their experiences publicly; some even decided to take legal action. In 2022, Greece saw its first four #metoo trials, but none concerned journalism.

But male journalists invited their female colleagues to speak out, some even naming the perpetrators on social networks. Some women shared stories of harassment and abuse on their social media accounts.

In a television interview, the well-known journalist Elli Stai referred to her own incident of harassment years ago.

However, none of these confessions triggered any journalistic or other investigation by the police or judicial authorities.

Evita Tsilochristou, digital director at Marie Claire, points out that supporting the victims in every way is critical for those who have not yet dared to speak out.

“Usually, victims speak up when they feel protected for some reason, when their careers are over, and they are not in danger, or when they are not directly threatened, as was the case during the pandemic,” she adds.

BIRN’s investigation into abuse and harassment

BIRN conducted a report in the beginning of 2022 about the complex picture of women’s role in newsrooms, news-making, and regional societies, more broadly in the Western Balkans.

Due to the lack of a media watchdog in Greece, BIRN investigated the harassment of Greek female journalists in their workplaces. The investigation was republished in Greek by the EFSYN newspaper and presented by several Greek media, such as Lifo, In.gr, ERT3, Proto Thema, Marie Claire, TVXS, Ladylike.gr, etc.

BIRN revealed that 43 per cent of the respondents said they had been victims of incidents of a sexual nature; 35 per cent of these cited verbal harassment, 81 per cent had faced harassment and abuse within the workplace; 51 per cent of the abusers were their hierarchical superiors.

Some 53.8 per cent of victims said they did not report the incidents due to fear that they would not receive any support. Two-thirds of the respondents claimed their media do not have procedures for employees to complain. Female journalists spoke to BIRN under the condition of anonymity.

“Belatedly, they have started speaking out in the media sector as well, but it will be a long time to see named complaints about abusers who are still active [working], as it is a very closed profession … An important chapter is also the attitude of men toward the victims, especially those in authority. Women need to feel comfortable, speak up and find support from them and when they see solidarity, they may start speaking up in the media space, which men mostly lead. Silence enables violence. Let’s leave the ‘why now?’ and get to the ‘never again’,” Tsilochristou said.

Media sector must recognise the problem

After 23 years, Maria found the strength to speak out about her abuse.

“Because I have found the strength, I want to speak. When a woman confesses her harassment, it is good to keep quiet and listen to her. Even though there were complaints of abuse and harassment worldwide, journalism, for some reason that I cannot understand, has been left out,” she told BIRN.

As the mother of a little girl, she couldn’t imagine her daughter coming to her in a few years’ time and telling her she was facing harassment.

She wants her story to become the media sector’s problem, not hers only. For her, what is essential is the creation of a protective framework in which victims will feel safe to speak.

“If there were a framework, there would have been more complaints. I can’t understand why there shouldn’t be a framework where women and men can go and talk, where they will listen to you, trust you and find a solution. Let’s look at the problem first and then find solutions,” Maria said.

“My need now is not to name the abusers but for the problem to become the media’s problem,” she added.

“The Greek media is not homogenous, so it depends on where a #metoo ‘hits’. The media do not air their dirty laundry in public, so the shocks of any crises are absorbed. With its slow, outdated procedures, our union also does not favour complaints,” Giannarou told BIRN.

BIRN found also that Greek journalists’ unions lack procedures to report and record harassment.

Giannarou argues that the #metoo movement will help to protect the younger generation speak out.

“The younger ones, luckily, have a completely different experience, thanks to #metoo,” she said.

“Not only have men changed in recent years, but women have as well. Young girls are more equipped to deal with such situations, from a sexist comment in the newsroom to potential sexual harassment.”