The state electoral commission website is still reeling from a cyber attack on Wednesday’s election day and is not yet functioning properly.
Authorities in North Macedonia have announced an investigation into election day’s cyber attack while experts are still puzzled about how the attack occurred on July 15, targeting the website of the state election commission, SEC, and the news aggregator website.
“It is not clear whether the [SEC] website was tested to withstand a large amount of connections for a short period of time, and whether it had the necessary DDoS protection,” cyber-security engineer Milan Popov told BIRN on Friday.
The Interior Ministry confirmed that it is looking into the matter. “The SEC reported the case and, immediately after the report, the Sector for Computer Crime and Digital Forensics took measures and activities to clear up the case,” ministry spokesman Toni Angelovski told BIRN.
Polling day on July 15 saw two of the highest profile cyber attacks the country has ever seen. In a single night, both the election commission’s website and the most popular news aggregator, TIME.mk, were brought down for several hours.
While TIME.mk quickly recovered, the SEC website is still having difficulties functioning. According to the SEC head, Oliver Derkovski, the attack probably came from abroad.
“We informed the Interior Ministry about this cybercrime. They were here today and I hope they will resolve it soon. It was an attack from abroad,” Derkovski said.
The IT company that runs the SEC election results page section, Duna Computers, said its own application functions flawlessly and the main issue came from the SEC website experiencing a sophisticated cyber attack.
The second cyber attack of the night, the denial of service, DDoS, attack that hit TIME.mk, involved more than 35 million addresses that generated thousands of clicks per second.
“There were brief interruptions but mostly the site withstood the attack. Unfortunately, we did not have the best protection, and this was our mistake, which we have corrected, so that it will not happen again,” the website’s founder, Igor Trajkovski, wrote on Twitter.
“I can say for sure that, for the second part of the attack, someone is connected to one of the sites that we index, because that is the only way through which they can find out our IP address,” Trajkovski added.
Unlike the SEC cyber attack, responsibility for this one was claimed by a hacker group that uses a logo similar to that of the famous hacktivist group Anonymous, and calls itself “Anonopsmkd”.
The group left a message in which it voiced displeasure with the election process in the country, and said it had targeted the TIME.mk website mostly because of its popularity. Regarding the group itself, information is scarce. However, in their message, they warned ominously that they are ready to strike again, and that they “neither forgive nor forget”.