Tag: cyber attacks

Turkish Group Hacks Serbian State Website in Srebrenica Protest

Posted on by Ivana Jeremic

A Turkish group called Cyber Warrior Tim Akincilar hacked the Serbian Public Debt Administration’s website on Friday in what appeared to be a protest against Serbia’s denial of the Srebrenica genocide.

On the Public Debt Administration site’s front page, the hackers posted a photograph of a hall full of coffins and the number 8372 – a reference to the number of Bosniaks killed by Bosnian Serb forces in the Srebrenica genocide in July 1995, Serbian news website 021 reported.

Over the photo were the words “Unutmadik”, Turkish for “We haven’t forgotten”. This was also a reference to a quote by the first Bosnian President Alija Izetbegovic, who said: “Do not forget genocide, because a forgotten genocide will be repeated.”

The photo posted by the hackers was taken down and the Public Debt Administration site was functioning normally again on Friday afternoon.

The Serbian authorities do not accept that the massacres and deportations of Bosniaks from Srebrenica constituted genocide, despite the rulings of international courts.

Hacking group Cyber Warrior Tim Akincilar states on its website that it was founded in 2001 and fights “attacks on our faith and moral values, actions against our state and our country, and events that negatively affect society and the public conscience”.

It has often been reported that Cyber Warrior Tim Akincilar is related to Turkish nationalist groups, while ‘Akincilar’ refers to the Ottoman army’s vanguard units.

In previous years, the hackers have attacked the websites of various Greek authorities, such as Greece’s Foreign Ministry in September 2020, but also sites belonging to the Dutch government in 2018 and the sites of some government institutions in Egypt in 2019, when these countries had disagreements with Turkish government.

In 2011, they hacked the website of French satirical magazine Charlie Hebdo after it controversially published caricatures of the Prophet Muhammad.

So far, the UN tribunal in The Hague and Balkan courts have sentenced a total of 48 people to more than 700 years in prison, plus five life sentences, for Srebrenica crimes.

The most recent was former Bosnian Serb Army chief Ratko Mladic, who was jailed for life for genocide and other wartime crimes last month.

EU Sets Up Joint Cyber Unit to Tackle Steep Rise in Cyber-Attacks

Posted on by Ivana Jeremic

The European Commission on Wednesday laid out plans to build a new Joint Cyber Unit to coordinate responses among members states and EU bodies to the rising number of serious cyber-incidents impacting on the bloc’s public, commercial and private arenas.

The EU, like the rest of the world, has been struggling to meet the threat of what is being called “an epoch of intensifying cyber-insecurity”. In April, a range of EU institutions, including the Commission, were hit by a significant cyber-attack, part of a growing spate of brazen attacks being committed by states conducting espionage and seeking vulnerabilities, as well as criminal gangs often operating out of Russia, Iran and China.

The true scale of the problem is hard to assess, though Bitdefender’s 2020 Consumer Threat Landscape Report estimated ransomware attacks increased by 485 per cent in 2020 from the year before. So far this year, losses of over $350 million have been incurred in ransomware attacks, according to US Homeland Security Secretary Alejandro Mayorkas.

The EU’s planned Joint Cyber Unit, to be located next to the new Brussels office of the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for EU institutions, bodies and agencies (CERT-EU), is an attempt to create a platform to ensure the bloc can provide a coordinated response to large-scale cyber-incidents and crises, as well as to offer assistance to member states in recovering from these attacks.

As such, it will bring together European cyber-security communities – including civilian, law enforcement, diplomatic and cyber-defence, as well as private sector partners – which it says too often operate separately. Invited participants will be asked to provide operational resources for mutual assistance within the Joint Cyber Unit.

Ultimately, the Joint Cyber Unit would allow for protocols for mutual assistance between member states and EU bodies, and for national and cross-border monitoring and detection.

The Commission said it wants to establish the unit on a phased basis over four steps, with plans for it become operational by June 2022 and fully established by June 2023.

“We need to pool all our resources to defeat cyber-risks and enhance our operational capacity,” Margaritis Schinas, vice-president of the Commission, told a press conference.

The move was broadly welcomed by cyber-security analysts, who said that if the purpose of the Joint Cyber Unit is to have a pool of IT experts which can be thrown into the frontline of cyber-warfare, then it is a positive move.

However, Marcin Zaborowski, Policy Director of Globsec’s Future of Security Programme, warns that the new agency risks becoming like the EU Battlegroups in security and defence, which were formed in 2005 but have remained on standby ever since because there was never a time when all EU members states could agree on their deployment. “I am worried you might have the same thing here, that the rules of engagement will mean it is unable to get the unanimous agreement from all member states,” he tells BIRN.

He cites this week’s cyberattack on Poland’s top politicians and officials, which Jaroslaw Kaczynski, Poland’s chairman of the Committee for National Security and Defence Affairs, said in a statement was “wide-ranging” and carried out from the territory of the Russian Federation.

Aside from continuing confusion over whether this was actually an external attack or merely sloppy internet security by key officials, there remains the question over to what extent a Eurosceptic government like Poland would be prepared to give EU bodies like the new Joint Cyber Unit access to very sensitive, privileged national information.

“I would like to see tasks of the Unit drawn up that are truly workable and practicable, and areas of operation where the EU member states do feel comfortable. If it tries to get into things that are easily blocked by member states because they do not want to share information, then you have an announcement of the Unit but nothing more than a policy,” Zaborowski says.

Jonathan Terra, a Prague-based political scientist and former US diplomat, cautioned that being very public about ramping up and coordinating your ability to respond may, paradoxically, provoke more attacks than otherwise might have happened.

“Hackers, especially those doing covert state work, will attempt to defeat any new measures to show that they can act at will. Then as the cooperative ‘EU cyber-response’ mechanism goes into action, and damage assessment takes place, it will become clear that the key to dealing with this threat is to have a strong deterrent, which the EU doesn’t really have as an independent unitary actor,” he says.

Romanian Suspected of Audacious Cryptocurrency Theft Arrested

Posted on by Ivana Jeremic

A tribunal in Iasi in northeastern Romania has ordered the pre-trial detention of 30 days for a man arrested last Thursday for allegedly stealing half a million euros in crypto from a leading cryptocurrency operator, sources from the organised crime prosecution office told BIRN.

The victim of the fraud is a company based in the Cayman Islands, and the seventh-largest cryptocurrency operator in the world, prosecutors said in a statement.

According to the Directorate for Investigating Organised Crime and Terrorism, DIICOT, the suspect broke into the system using the Application Programming Interface key, which he had fraudulently obtained before launching his cyberattack between January 28 and 31 this year.

After accessing the system, he transferred cryptocurrency worth 620,000 US dollars, or 520,000 euros, to the personal accounts of several people who paid him in real money for the digital assets.

“In order to hide the criminal deeds, the accused chose to take possession of the money through several withdrawals of small sums of 10,000 lei [around 2,000 euro] so he was not asked to provide an ID document,” the DIICOT statement said.

The operation that led to his arrest included raids in two locations from which seven cellphones, three laptops, five memory sticks as well as two e-wallets and 10,800 lei in cash were seized.

Romanian law enforcement agencies also sequestrated 40,000 lei from the account of one of the bitcoin traders who had bought stolen crypto from the accused.

The suspect will be charged with illegally accessing an informatic system, informatic fraud and money laundering.

Cyber-Attacks a Growing Threat to Unprepared Balkan States

Posted on by Ivana Jeremic

It wasn’t voting irregularities or the counting of postal ballots that delayed the results of last year’s parliamentary election in North Macedonia, but an audacious denial-of-service, DDoS, attack on the website of the country’s election commission.

Eight months on, however, the perpetrator or perpetrators behind the most serious cyber attack in the history of North Macedonia have still to be identified, let alone brought to justice.

While it’s not unusual for hackers to evade justice, last year’s Election Day attack is far from the only case in North Macedonia still waiting to be solved.

“Although some steps have been taken in the meantime to improve the situation, it’s still not enough,” Eurothink, a Skopje-based think-tank that focuses on foreign and security policy, told BIRN in a statement.

“The low rate of solved cyber-crime cases is another indicator of the low level of readiness to solve cyber-attacks, even in cases of relatively ‘less sophisticated’ and ‘domestic’ cyber threats.”

Across the Balkans, states like North Macedonia have put down on paper plans to tackle the threat from cyber terrorism, but the rate of attacks in recent years – coupled with the fact many remain unresolved – point to serious deficiencies in practice, experts say. Alarmingly, Bosnia and Hercegovina does not even have a comprehensive, state-level cyber security strategy.

“I am convinced that all countries [in the region] are vulnerable,” said Ergest Nako, an Albanian technology and ecosystems expert. “If an attack is sophisticated, they will hardly be able to protect themselves.”

In the case of Albania, Nako told BIRN, “the majority of targets lack the proper means to discover and react to cyber-attacks.”

“With the growing number of companies and state bodies developing digital services, we will witness an increasing number of attacks in the future.”

Ransomware a ‘growing threat’ to Balkan states


Illustration. Photo: Unsplash/Dimitri Karastelev

The COVID-19 pandemic has underscored the threat from cyber-attacks and the impact on lives.

According to the 2021 Threat Report from security software supplier Blackberry, hospitals and healthcare providers were of “primary interest” to cyber criminals waging ransomware attacks while there were attacks too on organisations developing vaccines against the novel coronavirus and those involved in their transportation.

Skopje-based cyber security engineer Milan Popov said ransomware – a type of malware that encrypts the user’s files and demands a ransom in order access – is a growing danger to Balkan states too.

“Bearing in mind the state of cyber security in the Western Balkans, I would say that this is also a growing threat for these countries as well,” Popov told BIRN. “While there haven’t been any massive ransomware attacks in the region, there have been individual cases where people have downloaded this type of malware on their computers, and ransoms were demanded by the various attackers.”

A year ago, hackers targeted the public administration of the northern Serbian city of Novi Sad, blocking a data system and demanding some 400,000 euros to stop.

“We’re not paying the ransom,” Novi Sad Milos Vucevic said at the time. “I don’t even know how to pay it, how to justify the cost in the budget. It is not realistic to pay that. Nobody can blackmail Novi Sad,” he told Serbia’s public broadcaster.

A local company announced the following that it had “eliminated the consequences” of the attack.

In Serbia, cyber security is regulated by the Law on Information Security and the 2017 Strategy for the Development of Information Security, but Danilo Krivokapic of digital rights organisation Share Foundation said that implementation of the legal framework remained a problem.

“The question is – to what extent our state bodies, which are covered by this legal norm, are ready to implement such measures?” Krivokapic told BIRN. “They must adopt [their own] security act; they need to undertake measures to protect the information system.”

Political battles waged in cyber space


Illustration. Photo: Unsplash/Stephen Phillips

North Macedonia was the target of a string of cyber attacks last year, some attributed to a spillover of political disputes into cyber space.

In May 2020, a Greek hacker group called ‘Powerful Greek Army’ hacked dozens of e-mail addresses and passwords of employees in North Macedonia’s finance and economy ministry and the municipality of the eastern town of Strumica.

The two countries have been at odds for decades over issues of history and identity, and while a political agreement was reached in 2018 tensions remain. Similar issues dog relations between North Macedonia and its eastern neighbour Bulgaria, too.

“Cyber-attacks can happen when a country has a political conflict, such as the current one with Bulgaria or previous one with Greece, but they are very rare,” said Suad Seferi, a cyber security analyst and head of the Informational Technologies Sector at the International Balkan University in Skopje.

“However, whenever an international conflict happens, cyber-attacks on the country’s institutions follow.”

Bosnia without state-level strategy


Illustration. Photo: Naipo de CEE

In Bosnia, the state-level Security Ministry was tasked in 2017 with adopting a cyber security strategy but, four years on, has yet to do so.

“Although some strategies at various levels in Bosnia are partially dealing with the cyber security issue, Bosnia remains the only South Eastern European country without a comprehensive cyber security strategy at the state level,” the Sarajevo office of the Organisation for Security and Cooperation in Europe, OSCE, told BIRN.

It also lacks an operational network Computer Emergency Response Teams (CERTs) with sufficient coverage across the country, the mission said.

The Security Ministry says it has been unable to adopt a comprehensive strategy because of the non-conformity of bylaws, but that the issue will be included in the country’s 2021-2025 Strategy for Preventing and Countering Terrorism.

So far, only the guidelines of a cyber security strategy have been adopted, with the help of the OSCE.

Predrag Puharic, Chief Information Security Officer at the Faculty for Criminalistics, Criminology and Security Studies in Sarajevo, said the delay meant Bosnia was wide open to cyber attacks, the danger of which he said would only grow.

“I think that Bosnia and Herzegovina has not set up the adequate mechanisms for prevention and reaction to even remotely serious attacks against state institutions or the citizens themselves,” Puharic told BIRN.

The country’s defence ministry has its own cyber security strategy, but told BIRN it would easier “if there were a cyber-security strategy at the state level and certain security measures, such as CERT”.

‘Entire systems jeopardised’


A laptop screen displays a message after it was infected with ransomware during a worldwide cyberattack. Photo: EPA/ROB ENGELAAR

Strengthening cybersecurity capacities was a requirement of Montenegro when it was in the process of joining NATO in 2019, prompting the creation of the Security Operations Centre, SOC.

According to the country’s defence ministry, protection systems have detected and prevented over 7,600 ‘non-targeted’ malware threats – not targeted at any particular organisation – and more than 50 attempted ‘phishing’ attacks over the past two years.

“In the previous five years several highly sophisticated cyber threats were registered,” the ministry told BIRN. “Those threats came from well-organised and sponsored hacker groups.”

Previous reports have identified a scarcity of cyber experts in the country as an obstacle to an effective defence. Adis Balota, a professor at the Faculty of Information Technologies in Podgorica, commended the strategies developed by the state, but said cyber terrorism remained a real threat regardless.

“Cyber-attacks of various profiles have demonstrated that they can jeopardise the functioning of entire systems,” Balota said. “The question is whether terrorists can do the same because they are using cyberspace to recruit, spread propaganda and organise their activities.”

This publication was produced with the financial support of the European Union. Its content is the sole responsibility of BIRN and does not necessarily reflect the views of the European Union nor of Hedayah.

New Cyber Attacks on North Macedonia Spur Calls for Better Defences

Posted on by BIRD

Fresh cyber attacks in North Macedonia, this time targeting the health and education ministries, are spurring calls for more sophisticated cyber protection.

Last week’s attacks took down the websites of both ministries and were claimed by the hacker group ‘Anonopsmkd’, which previously took responsibility for a July 15 attack on the country’s most popular news aggregator TIME.mk.

The denial of service attack on TIME.mk, which involved more than 35 million addresses that generated thousands of clicks per seconds, coincided with a closely-fought parliamentary election in North Macedonia when the State Electoral Commission was also targeted.

In an interview last week, Anonopsmkd denied hitting the electoral commission, but it has warned that law enforcement structures in North Macedonia are its next target, spurring calls for greater protection of state bodies in the newest member of NATO.

“There should be a single protection system that would cover all government electronic services including agencies, ministries, local governments, and any legal entity or state body,” said Skopje-based cybersecurity consultant Mane Piperevski.

“This can be achieved by having a state-level Security Operation Centre with mixed ownership (51:49 in favour of the state),” Piperevski told BIRN. “The joint protection system would be under the leadership of the company that would be in charge of this Security Operation Centre.”

Hackers obstruct election result announcement

Piperevski said such a model had been implemented in a number of European Union countries.

“There is a quality staff within the government bodies that is ready to respond to such challenges,” he said. “The only problem, however, is with politics and priorities of the work in the institutions.”

Privacy and data protection expert Ljubica Pendaroska said the protection system should be multi-layered, “in order to make to make it as hard as possible for the hackers, and thus increase the protection of information and especially the personal data of citizens.”

“It is necessary for the institutions to have a developed and functional team and a procedure for rapid intervention and response in the case of an attack,” Pendaroska told BIRN.

An investigation conducted by the Ministry of Interior concluded that the electoral commission had been the target of a denial of service or DDoS attack which blocked publication of the preliminary results. The Commission website was out of action for several days.

“The investigation of this case continues in order to determine the IP addresses from where the attack was carried out, and for additional information to be collected to determine the perpetrator of this attack,” the ministry said.

National cybersecurity body has met only once

A spate of cyber attacks on state bodies in North Macedonia over the past few months has raised fears over the safety of its IT system, a concern for NATO too since the country joined the Western military alliance in March this year.

As BIRN reported in May, several cyberattacks in a short period of time exposed gaps in how North Macedonia’s authorities are dealing with cybersecurity issues.

In one security breach two months ago, a Greek hacker group calling itself ‘Powerful Greek Army’ leaked dozens of email addresses and passwords from staffers in North Macedonia’s ministries of finance and economy. Authorities are yet to determine how exactly the attack happened.

Last year, North Macedonia formed a National Council for Cyber Security, bringing together the ministers of interior, defence and information society. But it has so far met only once.

NATO member countries bear primary responsibility for their national cyber defences, but the alliance does provide expert support and has rapid reaction teams it can deploy in emergencies.

“NATO cyber experts can offer support and share information with Allies in real-time, including through our Malware Information Sharing Platform,” a NATO official told BIRN in an emailed response. “NATO has cyber rapid reaction teams on standby to assist Allies 24 hours a day, and our Cyberspace Operations Centre is operational.”

“NATO also invests in training, education and exercises which improve the skills of national cyber experts. Any attempts to interfere with democratic elections, including through hacking, are unacceptable, so we must remain vigilant.”

North Macedonia hackers target British pop stars
 A hacker group from North Macedonia has claimed to have taken down the websites of British pop stars Dua Lipa and Rita Ora.
 
The attacks happened amid a row that erupted this month when Lipa, whose parents were born in majority-Albanian Kosovo, posted on social media a map of ‘Greater Albania’.

Ora, who was born in Kosovo but moved to Britain as a child, voiced her support for Lipa and called for Kosovo – which declared independence from Serbia in 2008 – to appear on Apple Maps.

AnonOpsMKD claimed responsibility for the attacks.

North Macedonia Probes Election Day Cyber Attacks

Posted on by BIRD

Authorities in North Macedonia have announced an investigation into election day’s cyber attack while experts are still puzzled about how the attack occurred on July 15, targeting the website of the state election commission, SEC, and the news aggregator website.

“It is not clear whether the [SEC] website was tested to withstand a large amount of connections for a short period of time, and whether it had the necessary DDoS protection,” cyber-security engineer Milan Popov told BIRN on Friday.

The Interior Ministry confirmed that it is looking into the matter. “The SEC reported the case and, immediately after the report, the Sector for Computer Crime and Digital Forensics took measures and activities to clear up the case,” ministry spokesman Toni Angelovski told BIRN.

Polling day on July 15 saw two of the highest profile cyber attacks the country has ever seen. In a single night, both the election commission’s website and the most popular news aggregator, TIME.mk, were brought down for several hours.

While TIME.mk quickly recovered, the SEC website is still having difficulties functioning. According to the SEC head, Oliver Derkovski, the attack probably came from abroad.

“We informed the Interior Ministry about this cybercrime. They were here today and I hope they will resolve it soon. It was an attack from abroad,” Derkovski said.

The IT company that runs the SEC election results page section, Duna Computers, said its own application functions flawlessly and the main issue came from the SEC website experiencing a sophisticated cyber attack.

The second cyber attack of the night, the denial of service, DDoS, attack that hit TIME.mk, involved more than 35 million addresses that generated thousands of clicks per second.

“There were brief interruptions but mostly the site withstood the attack. Unfortunately, we did not have the best protection, and this was our mistake, which we have corrected, so that it will not happen again,” the website’s founder, Igor Trajkovski, wrote on Twitter.

“I can say for sure that, for the second part of the attack, someone is connected to one of the sites that we index, because that is the only way through which they can find out our IP address,” Trajkovski added.

Unlike the SEC cyber attack, responsibility for this one was claimed by a hacker group that uses a logo similar to that of the famous hacktivist group Anonymous, and calls itself “Anonopsmkd”.

The group left a message in which it voiced displeasure with the election process in the country, and said it had targeted the TIME.mk website mostly because of its popularity. Regarding the group itself, information is scarce. However, in their message, they warned ominously that they are ready to strike again, and that they “neither forgive nor forget”.

North Macedonia Election Commission ‘Cyber-Attacked During Polls’

Posted on by BIRD

The website of North Macedonia’s State Electoral Commission, SEC, suffered an alleged denial-of-service, DDoS, attack for more than three hours during the parliamentary elections on Wednesday.

The attack delayed the SEC’s announcement of the official results of the tightly-contested vote on its website and it had to improvise by releasing partial results through YouTube clips instead.

SEC officials insisted that the alleged attack did not affect the data that they had been collecting throughout the day.

“From what I know so far, this was an attempted external attack. But until this is confirmed, I cannot speculate, we will know more about it tomorrow [Thursday]. The data wasn’t attacked and no damage was caused in the process,” SEC President Oliver Derkovski told a press conference.

At the same time as the SEC suffered the alleged attack, the country’s most popular news aggregator TIME.mk was also targeted by a heavy DDoS attack, which took the website down for a couple of hours. The site’s founder, Igor Trajkovski, said that Cloudflare, a US-based website security company, had to block millions of IP addresses involved in the attack.

“So far, Cloudflare has blocked three million IP addresses. And more new ones are appearing. We have never had such a DDOS attack before. Someone paid a lot of money to do this,” Trajkovski wrote on Twitter.

The attack was later claimed by a hacker group calling itself Anonymous Macedonia, which left a message on the website voicing displeasure with the election process, citing “empty promises from all political parties in this beautiful country”.

“We had yet another ‘democratic election process’, and as we can see, it is the same story repeating every three to four years,” the message said.

“It had to be your website because it has the highest number of visitors – no hard feelings,” It added.

With more than 90 per cent of the ballots counted, the ruling SDSM party was ahead of the opposition VMRO-DPMNE by some 10,000 votes.

Hackers Expose Gaping Holes in North Macedonia’s IT Systems

Posted on by BIRD

North Macedonia’s officials are trying to persuade the country that after hackers recently leaked dozens of email addresses and passwords from staffers in public institutions, the situation is under control.

But, as they did so, some of the key pages of Skopje’s main local government’s website could not be reached since Thursday – in what looked like yet another serious breach of cyber-security.

Some pages on Skopje city’s official website, including the one about taxes, are currently marked not secure for use due to an “expired security certificate” – which experts said could lead to another breach of data privacy.

Web browsers such as Mozila and Google Chrome blocked access to some of the pages on the skopje.gov.mk website, meaning that the system could either be vulnerable to a hacker attack, or that the website’s users could be vulnerable to a “man-in-the-middle attack”, or MITM.

This is when attackers secretly alter communications between two sides and steal key information, such as passwords, messages or credit card numbers.

The latest security breach came after a Greek hacking group, called “Powerful Greek Army” leaked dozens of email addresses and passwords from staffers in the North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica – and bragged about their exploits on Twitter on May 10.

When and how the hackers got into these systems is still unclear, but both the North Macedonia’s Interior Ministry in charge of cyber-crime and the Greek authorities promised a swift joint investigation.

Recently, the Powerful Greek Army hacker group also took down the website of the Institute for Sociological, Political and Juridical Research at the country’s main Sts Cyril and Methodius University in Skopje.

Over the past few years, the government has promised to take action following a series of sophisticated and coordinated IT security breaches and hacker attacks on websites containing citizens’ data.

But some consider the country’s current response to cyber threats far too weak.

Speaking about the latest May 10 attack, the authorities shrugged off the threat, insisting that the hacked email accounts could not be accessed with the leaked passwords or with any other data sets. The data obtained by the hackers was more than seven years old, dating from 2013, they added.

“We have no evidence that the current email systems of those institutions have been hacked lately, and we are investigating all the details related to this case,” the government said in an upbeat statement.

It added that official email systems had been updated since 2013, and that protocols with complex passwords for official email addresses have been set, as well as other cybersecurity protocols in the systems that should reduce the risk of systems being compromised.

However, experts warn that although some steps have been taken, they are far from meeting the criteria that are needed. They say the latest incident should be seen as a warning about the kind of cybersecurity practices now being used in the country.

Experts say too many old operating systems are still being used, leaving state institutions vulnerable to hackers attacks, while staffers in these institutions lack proper training on security protocols.

A study in 2018 by the Ponemon Institute, which conducts independent research into data protection, looking at the cost of data breaches, said an average public-sector data breach could cost up to 2 million euros.

Government data breaches are meanwhile two-and-a-half times more likely to remain undetected for a year or more than those in the private sector, said a report by The Daily Swig, which focuses on bugs, viruses and data security issues.

In 2018, the then North Macedonia’s government adopted a national strategy and an action plan on cyber-security, but little has been done since.

In recent years, there have been other examples of poor protection of state institutions. Last year, a former member of parliament was arrested for hacking into the Central Registry.

In 2015, the Ministry of Information Society and Administration and the State Prosecution Office were among several institutions targeted by a hacker group, believed to have ties with jihadist groups in the Middle East.

Outdated operating systems are big concern


Photo: Screenshot

One of the major problems for North Macedonia’s IT systems is that most of the operating systems are outdated, and so are more vulnerable to attacks.

“The security of IT systems in the country most often does not meet the necessary standards,” Milan Popov, a Skopje-based cyber-security engineer with years of experience of IT security in the public sector, told BIRN.

“Old operating systems are still being used, websites often do not use security certificates, and weak passwords are used to log into systems,” he added.

“For example, many state institutions are still using the Windows XP system, known for its security vulnerabilities. All this leads to a great danger of compromising systems and potentially extracting sensitive data from users,” Popov continued.

The government adopted a national strategy and an action plan for cyber-security for the period of 2018-2022 in July 2018. The strategy aimed to define the critical infrastructure, and the role of each institution regarding cybersecurity efforts as a whole.

In 2019, it also formed a National Council for Cyber-security, comprising the ministers of Interior, Defence and Information Society. Although it was two years in the making, the council has held only one meeting so far, in January this year, when it held a constitutive session.

Regarding its goals, the council has stated that it will aim to implement the recommendations and cybersecurity practices of fellow NATO-member countries.

Strong and resilient cyber-defences are part of NATO’s core tasks of collective defence, crisis management and cooperative security.

One of NATO’s main objectives is strengthening its members’ capabilities in cyber-education, training and exercises. Member countries are also committed to enhancing information-sharing and mutual assistance in preventing, mitigating and recovering from cyber attacks.

According to the government budget for 2020, the country is investing just over 6 million euros in institutional IT support, from a projected budget of 71.6 million euros. The same amount was spent on IT support in 2019.

Staff need more education in IT security


Illustration. Photo: Unsplash

The email list published by the Powerful Greek Army hackers was concerning also as the employees of the Ministry of Economy and Finance might have used the same passwords for other accounts.

The attack aimed to reveal just how weak the system’s IT protection was. The hackers also promised a return visit. On their Twitter profile they wrote that they would “not stop attacking Skopje”.

The leaked lists contained examples of worryingly weak passwords. According to cyber-security experts, this alone was a cause of concern when it comes to the security of the administrative systems and the data of employees.

“Some of the security concerns here include passwords leaks, plaintext passwords, passwords that contain a part of the last name, are only in letters or only in numbers, are shorter than eight characters, and are without special characters,” Martin Spasovski, a Skopje-based software engineer, told BIRN.

Some of the methods that hackers use to steal passwords are phishing, password spraying, or keylogging. When it comes to passwords, he said users should always pay attention to password strength. In most cases, a strong password policy can make a difference in preventing such attacks.

To prevent more such incidents, state institutions have to educate IT staff more about the various challenges that hacking threats pose, experts note. “Protection requires a serious investment of hardware and software, but the most crucial need is to educate the IT staff on how to use all of this,” Popov emphasized.

“It’s also extremely important to educate non-IT staff on how to recognize various hazards such as social engineering, malicious websites, or working with sensitive data.”

A study conducted by international cybersecurity scholars in 2018 reached similar conclusions about the importance of training.

“Within public institutions, training in cybersecurity issues both for IT staff and general staff is very limited, and it is often at the discretion of management whether a member of staff is permitted to attend a general cybersecurity training or certification course,” it noted.

The Defence Ministry, one of the main components of the cyber-security critical infrastructure, says it regularly conducts cyber-security training for its employees.

“During 2019, 10 trainings on raising cyber-security awareness were conducted, in which 152 ministry employees participated. The Army also conducted training that covered over 1,200 members,” the Defence Ministry told BIRN in a statement.

For 2020, the Defence Ministry planned to conduct training for 150 employees that was supposed to start in April, but had to delay them because of the pandemic measures.

“Securing the cyberspace, being of utmost importance to all organizations involved in the digital world in any aspect, is the main focus of the Cybersecurity Specialist Academic Track – part of the Computer Networks Academy at SEDC”, Toni Todorov, senior DevOps engineer with SEDC, one of the country’s biggest computer education centres, told BIRN.

“Governments across Europe are heavily investing (and will invest even more) time and resources in raising awareness and remediating the threat to the security of their citizens, especially the digital kind,” Todorov added.

Serbia’s Independent N1 Portal Buffeted by Cyber-Attacks

Posted on by BIRD

N1 said the latest attacks happened last Thursday when a paid DDoS strike from China hit the Serbian website twice that day.

The attacks started on Tuesday and continued on Wednesday afternoon. The second attack was five times stronger, with up to 300,000 access requests hitting the portal server a second.

The Independent Association of Serbian Journalists, NUNS, urged Serbia’s High-tech Crime Prosecutor to urgently discover who was behind the attacks.  

They come after a row erupted between the owner of the N1, United Group, and state-owned Telekom Srbija over broadcasting rights. 

After the two sides failed to reach a deal, Telekom stopped airing N1’s programmes, causing a stir among the general public and the media community as N1 is among the few remaining independent TV channels in the country. 

Luxembourg-based United Group claimed the real reason for the shutdown was political pressure and an attempt to silence government critics and the free media. 

But Telekom Serbia denied this, arguing that an agreement was not reached because United Group proposed an extension agreement that was not in line with Serbian legislation. 

Support for N1 has meanwhile come from the European Federation of Journalists. “We see the state-owned cable operator’s decision to drop N1 TV as an attempt to silence a critical voice in Serbia,” it said. 

Several recent reports have highlighted the lack of media freedom and pluralism in the Serbia, where the media is now largely controlled by the government, it allies or its proxies. 

According to the latest annual report by the rights organisation Human Rights Watch, Serbian journalists continue to face attacks and threats, while media plurality has become compromised, with most media now aligned to the ruling party.

Pro-government media outlets frequently smear independent outlets and journalists, describing them as “traitors” and “foreign mercenaries”, the same report noted.

A recent report by Reuters Institute for the Study of Journalism and the University of Oxford said the future of the independent media in Southeast Europe remained uncertain as a result of political hostility and ownership concentration under politically connected moguls.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now