The Tirana Court has received a prosecution request to arrest and investigate five civil servants over the recent cyber attacks that disabled various state institutions.
Its response was an “investigative secret”, a press statement said on Wednesday.
The prosecution request, which reached the court earlier Wednesday, is related to the crime of “abuse of duty” and accuses the five employees of not implementing safety regulations.
“The IT staff at DAP (public administration) could and should have requested a report from the economic operator contracted by DAP for the implementation and maintenance of the system in time, regarding the state in which this system was located, despite the lack of knowledge about how to implement the contract for the implementation of the administrata.al system,” the prosecution office said.
Albania has been hit by cyber-attacks since July 15, when the governmental portal e-albania was attacked. Since then, the hackers, through their website and Telegram group, both called “Homeland Justice”, have been releasing information, mostly from the police and State Information Service.
The Tirana Prosecution banned domestic media from reporting the content of the leaks in September, a move that was widely condemned by journalists and media watchdogs in Albania as censorship.
The hackers are believed to be Iranian; Tirana hosts a group of exiled Iranian dissidents called the MEK – People’s Mujahedin of Iran. The staff of the Iranian embassy in Tirana were expelled on September 7 over the attacks.
Since then, the hackers have conducted other operations, targeting the Traveler Information Management System, TIMS, on September 19, which caused chaos on the borders.
They also released the emails of Gledis Nano, the former chief of police, on September 19. Data from various databases was released after that, including the personal data of Prime Minister Edi Rama and Helidon Bendo, director of the State Information Service, and his wife.
According to an FBI report, Iranian hackers first accessed Albanian systems 14 months before the first cyberattack was reported on July 15, when government services became unavailable for some days.
“An FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack [in July], which included a ransomware-style file encryptor and disk wiping malware,” the report said.