Tag: cyber security

Albania Online Media Blame Cyber-Attacks on Tirana Mayor

Posted on by Ivana Jeremic

Online media critical of Albania’s government claim that the cyber attacks that targeted them recently were likely coordinated, and possibly linked to Tirana Mayor Erion Veliaj.

They told BIRN that they suspected that the attacks happened because they published a taped conversation in which Veliaj can be heard using slurs, coarse language and threats when speaking to regional football officials.

They said the attacks made it difficult for the public to access their webpages, and that the attacks looked coordinated.

Brahim Shima, director at Ora News, a broadcaster based in Tirana, told BIRN he believed that the attack had been deliberate.

“The attack was completely intentional, to make it as difficult as possible to access the news at Ora News. There were previous attempts to hack the site, but the attack launched in January was aimed at reducing it, or maximizing our difficulty in disseminating news,” Shima told BIRN.

He added that they connected the attack to the battle between the Albania Football Federation, FSHF, and the Tirana Mayor over elections for a new head of the football governing body.

“We do not have concrete facts, but [we believe] everything has to do with pressure from Mayor Veliaj towards the FSHF,” he added.

Enton Abilekaj, who runs a local media outlet called Dosja.al, said the cyber attacks targeted his media as well, making access to its webpage difficult.

“The company that provides us with online activity informed us about a special attack, which was not done by hackers but by buying IPs abroad, so artificially increasing traffic, so that the server could not cope and the site could not be accessed,” Abilekaj told BIRN.

“From the investigation we did with colleagues who had the same problem, we realized that the attacked sites were the same ones that published the audio recording of the mayor in a meeting with members of the Tirana regional Football Assembly,” he added.

He said that the attack had finished, but had left a lot of uncertainty within the media.

Andi Bushati, who runs Lapsi.al, told BIRN that he also saw the attacks as connected with the publication of the tape in which Mayor Veliaj appeared to be pressuring the football community of the capital to interfere in the FSHF elections.

“We do not have 100-per-cent verifiable evidence that the cyber attack came from the mayor, but the fact that those media outlets that gave great visibility to this news were attacked and, above all, that the FSHF website that first published this eavesdropping was attacked, leads all assumptions to Veliaj,” Bushati told BIRN.

Gerti Progni, an Albanian cyber expert, told BIRN that portals that are critical of the authorities and the government have been subjected to cyber attacks “for some time now”.

“But it has never happened that the attack was so large and at such a high cost, because the type of attack was a DDOS [denial of distribution of service],” Progni said. “It is the only attack that is almost impossible to detect, and it’s very difficult and costly to defend oneself from it,” he added.

EU Sets Up Joint Cyber Unit to Tackle Steep Rise in Cyber-Attacks

Posted on by Ivana Jeremic

The European Commission on Wednesday laid out plans to build a new Joint Cyber Unit to coordinate responses among members states and EU bodies to the rising number of serious cyber-incidents impacting on the bloc’s public, commercial and private arenas.

The EU, like the rest of the world, has been struggling to meet the threat of what is being called “an epoch of intensifying cyber-insecurity”. In April, a range of EU institutions, including the Commission, were hit by a significant cyber-attack, part of a growing spate of brazen attacks being committed by states conducting espionage and seeking vulnerabilities, as well as criminal gangs often operating out of Russia, Iran and China.

The true scale of the problem is hard to assess, though Bitdefender’s 2020 Consumer Threat Landscape Report estimated ransomware attacks increased by 485 per cent in 2020 from the year before. So far this year, losses of over $350 million have been incurred in ransomware attacks, according to US Homeland Security Secretary Alejandro Mayorkas.

The EU’s planned Joint Cyber Unit, to be located next to the new Brussels office of the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for EU institutions, bodies and agencies (CERT-EU), is an attempt to create a platform to ensure the bloc can provide a coordinated response to large-scale cyber-incidents and crises, as well as to offer assistance to member states in recovering from these attacks.

As such, it will bring together European cyber-security communities – including civilian, law enforcement, diplomatic and cyber-defence, as well as private sector partners – which it says too often operate separately. Invited participants will be asked to provide operational resources for mutual assistance within the Joint Cyber Unit.

Ultimately, the Joint Cyber Unit would allow for protocols for mutual assistance between member states and EU bodies, and for national and cross-border monitoring and detection.

The Commission said it wants to establish the unit on a phased basis over four steps, with plans for it become operational by June 2022 and fully established by June 2023.

“We need to pool all our resources to defeat cyber-risks and enhance our operational capacity,” Margaritis Schinas, vice-president of the Commission, told a press conference.

The move was broadly welcomed by cyber-security analysts, who said that if the purpose of the Joint Cyber Unit is to have a pool of IT experts which can be thrown into the frontline of cyber-warfare, then it is a positive move.

However, Marcin Zaborowski, Policy Director of Globsec’s Future of Security Programme, warns that the new agency risks becoming like the EU Battlegroups in security and defence, which were formed in 2005 but have remained on standby ever since because there was never a time when all EU members states could agree on their deployment. “I am worried you might have the same thing here, that the rules of engagement will mean it is unable to get the unanimous agreement from all member states,” he tells BIRN.

He cites this week’s cyberattack on Poland’s top politicians and officials, which Jaroslaw Kaczynski, Poland’s chairman of the Committee for National Security and Defence Affairs, said in a statement was “wide-ranging” and carried out from the territory of the Russian Federation.

Aside from continuing confusion over whether this was actually an external attack or merely sloppy internet security by key officials, there remains the question over to what extent a Eurosceptic government like Poland would be prepared to give EU bodies like the new Joint Cyber Unit access to very sensitive, privileged national information.

“I would like to see tasks of the Unit drawn up that are truly workable and practicable, and areas of operation where the EU member states do feel comfortable. If it tries to get into things that are easily blocked by member states because they do not want to share information, then you have an announcement of the Unit but nothing more than a policy,” Zaborowski says.

Jonathan Terra, a Prague-based political scientist and former US diplomat, cautioned that being very public about ramping up and coordinating your ability to respond may, paradoxically, provoke more attacks than otherwise might have happened.

“Hackers, especially those doing covert state work, will attempt to defeat any new measures to show that they can act at will. Then as the cooperative ‘EU cyber-response’ mechanism goes into action, and damage assessment takes place, it will become clear that the key to dealing with this threat is to have a strong deterrent, which the EU doesn’t really have as an independent unitary actor,” he says.

Secure Comms: Cracking the Encrypted Messages of Balkan Crime Gangs

Posted on by Ivana Jeremic

When Serbian police arrested the leaders of a notorious crime gang in the first few days of February this year, in the search for evidence they seized 44 mobile phones equipped with an encrypted messaging app created by Canada-based Sky ECC.

Sky ECC described itself as “a global leader in secure messaging technology”, helping to keep a host of industries safe from identity theft and hacking. Law enforcement authorities in the United States and Europe, however, say it was created with the sole purpose of facilitating drug trafficking and had become the messaging app of choice for transnational crime organisations.

Using equipment that President Aleksandar Vucic said Serbia had “borrowed from friends”, police managed to access the app. What they found was gruesome, and damning – photos of two dead men, one of them decapitated.

Led by Veljko Belivuk, the gang – part of a group of violent football fans – is suspected of drug trafficking, murder and illegal weapons possession.

Belivuk and his associates, who remain in custody but have not yet been charged, allegedly used the app to organise criminal activities, and to brag about their exploits. In this, they were not alone.

On March 9, three days after Vucic displayed the photos, police in Belgium and the Netherlands made what Europol described the next day as a large number of arrests after secretly infiltrating the communications of some 70,000 Sky ECC devices and, from mid-February, reading them ‘live’.

On March 12, US authorities indicted Jean-Francois Eap, chief executive officer of Sky Global, the company behind Sky ECC, and Thomas Herdman, a former high-level distributor of Sky Global devices, accusing them of conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act, RICO. Eap issued a statement denying any wrongdoing.

Critics of the government under Vucic say Belivuk had long acted with impunity, protected by reported ties to a number of senior governing officials.

Serbia boasted of a “war” on organised crime. But the timing of Belivuk’s arrest and the operation against Sky ECC raises fresh questions about what preceded the Serbian police swoop – whether Serbia acted alone, or was prompted to do so by evidence unearthed elsewhere.

Either way, the downfall of Belivuk and Sky ECC has shed new light on the lengths Balkan crime gangs have gone to evade surveillance, and the challenge facing authorities to strike back. It has also fuelled talk of the need to criminalise such software, raising alarm among some who say this would punish legitimate users, from political dissidents to investigative journalists.

The Serbian Interior Ministry and Security Intelligence Agency, BIA, did not respond to requests for comment.

“Organised crime groups from the Balkans have adapted quickly and cleverly in recent years to innovate and use technology to their advantage,” said Walter Kemp, director of the South-Eastern Europe Observatory at the Global Initiative Against Transnational Organised Crime.

While some still carry cash across borders or use wire transfers, others are using encrypted communication tools, laundering money through cryptocurrencies and elaborate financial schemes and branching into cyber and cyber-enabled crime, Kemp told BIRN. 

“But while criminals are first-movers and quick adapters in using technology, law enforcement agencies are lagging behind.”

This message will self-destruct


Screenshot: skyecc.com

Founded in 2008, Sky ECC surged in popularity after messages sent via another encrypted messaging service, EncroChat, were intercepted and decoded in a French and Dutch-led operation in mid-2020, leading to the arrest of over 800 people Europe-wide and the seizure of drugs, guns and large sums of suspect cash.

Sky devices offered self-destructing messages, an encrypted vault and a panic button in the event the user believed the device had been compromised. Sky ECC was installed exclusively on secure devices from Apple, Google and Blackberry, which could be bought online. All that was required of a user was to pay a subscription.

At the time of the police operation, three million messages per day were being sent via Sky ECC. Roughly 20 per cent of its 170,000 users were in Belgium and the Netherlands, with the greatest concentration in the Belgian port of Antwerp, a popular destination for illegal drugs arriving in Europe from South America. 

Europol, the European Union’s police agency, said that information acquired from “unlocking the encryption” of Sky ECC would help solve serious and cross-border organised crime “for the coming months, possibly years.”

For Balkan clients, there were three websites promoting the app in languages of the region – skyecceurope.com, skyeccbalkan.com, skyeccserbia.com.

It is unclear if these operated under the umbrella of Sky Global or were independent distributors.  BIRN contacted them but did not receive any reply. The website of Sky Global is also now in the hands of authorities. BIRN was unable to reach the company for comment.

Serbian nationals arrested in France and UK

Sky and EncroChat devices were, until recently, easy to find on Serbian and Croatian advertising sites, their price ranging from 600 euros to 2,200 euros depending on the type of phone and subscription. Subscriptions were commonly paid with cryptocurrency, to avoid leaving a trace.

A police official in Bosnia and Herzegovina said they were also in use among criminals there.

“They use those special apps and providers you can’t interfere with, and there’s no trace of their existence in the phone. The use is legal here,” the official, who declined to be named, told BIRN.

While police were unable to intercept the communication, he said, in some cases an arrested person would confess to using such apps and provide access.

A senior Interpol official, who spoke on condition of anonymity, said Balkan drug gangs were using EncroChat to communicate with South American cartels concerning the trafficking of drugs to Europe.

French authorities had been investigating EncroChat since 2017, stepping up efforts in 2019 and secretly installing an implant on all EncroChat devices disguised as a system update. The implant caused the device to transmit all data that had not been erased to a French police server and to Europol and collected data created after the device had been compromised.

The company eventually alerted users but millions of messages had already been intercepted.

Dutch and French police as well as Europol declined to give any further details regarding possible connections to Balkan crime gangs, citing the ongoing nature of the investigation.

A French newspaper report on March 27, however, said that a Serbian national had been arrested in a suburb of Paris following the Sky ECC operation on suspicion of selling its devices. In the UK, reports say another Serbian, 29-year-old Milos Bigovic, pleaded guilty in a UK court in August 2020 after he was arrested trying to smuggle cocaine hydrochloride into southern England on a cruise ship, his communications having been intercepted in the operation against EncroChat.

In Serbia, some criminals went further; in 2019, when police busted a major marijuana farm that had been run with the help of several security service officials, investigators found that those involved had communicated via a custom-made app called ‘Razgovor’ [Conversation].

Those arrested handed over their phones, apparently confident that police would not discover the app hidden behind the calculator interface. They were wrong and police, according to the indictment, gained access to conversations in which the suspects agreed on the production and distribution of drugs.

Admissible in court


Members of Veljko Belivuk’s group are being transferred for interrogation with a strong police presence. Photo:mup.gov.rs

It remains unclear whether foreign authorities supplied Serbia with evidence against Belivuk and Co obtained as part of the operation against Sky ECC, or if Serbia only harvested content from the devices it seized in the arrests.

Bearing in mind that most of the content sent via Sky devices disappeared soon after being sent, it is doubtful police in Serbia were able to recover much from the seized devices.

Authorities in Serbia did not respond to BIRN’s questions.

In the case of intercepted communication, for it to be used as evidence in court the police must have had prior court permission to conduct surveillance. It is not known whether Belivuk and his gang were under court-sanctioned surveillance. BIRN asked the court but was told such information cannot be disclosed.

The issue came before a UK court in February, when appeals judges rejected an attempt to prevent prosecutors from using as evidence messages sent via EncroChat.

The case rested on whether communications had been intercepted by French police while ‘being transmitted’ by the device or while ‘stored’ on it. As the material had been extracted from the device itself and was unencrypted, the Appeal Court found that the evidence had not been gained by ‘interception’ and was admissible, the BBC reported.

Criminalising encryption

Sky Global has denied any wrongdoing, with CEO Eap saying “We stand for the protection of privacy and freedom of speech in an era when these rights are under increasing attack. We do not condone illegal or unethical behaviour by our partners or customers. To brand anyone who values privacy and freedom of speech as a criminal is an outrage.”

But Serbian Interior Minister Aleksandar Vulin said the use of such devices should be illegal.

“It is indisputable that it is used by criminals,” Vulin said on March 7. “I am in favour of it being a crime, as I believe that the purchase of any telephone number, regardless of whether it is prepaid or postpaid, must be done with an ID card.”

“It may not stop criminals from using it, but if nothing else it will give the police another reason to arrest them and remove them from the streets.”

Some journalists and rights advocates say this is a slippery slope.

“Encryption is a tool. And like any tool, it can be used for good and for bad,” said Fabian Scherschel, a freelance journalist, writer and podcaster who has covered the topic closely.

“We’ve already seen legislation against so-called ‘hacker tools’ massively backfire and threaten to criminalise the legitimate work of IT security specialists and journalists. I have a feeling this legislation could cause similar problems. It will also, most likely, make it easier to spy on the general populace, who has no intention of using encryption to hide criminal behaviour whatsoever.”

Diego Naranjo, head of policy at the Brussels-based advocacy group European Digital Rights, EDRi, said it was important to challenge the narrative that encryption is only used by criminals.

“As any other interference with human rights, an attack on encryption or privacy-enhancing technologies needs to be prescribed by law, necessary and proportionate to the aims to be achieved in a democratic society,” said Naranjo.

He noted that the EncroChat and Sky ECC cases had demonstrated that law enforcement agencies have ways to penetrate such communication.

“We may be already in the Crypto wars 3.0, and it is up to us to ensure that encryption is perceived as a tool to ensure human rights and not something only criminals use.”

Lidija Komlen Nikolic, Serbian Deputy Appellate Public Prosecutor, warned of the dangers of criminalising the use of such apps.

“The idea is to enable state authorities, the police, to be able to find evidence more easily for the fight against organised crime or any other type of crime,” Nikolic told N1 regional broadcaster.

“But there should not be the presumption that all of us, who have devices or have software that uses some kind of encryption, are potential perpetrators of a crime.”

Romanian Suspected of Audacious Cryptocurrency Theft Arrested

Posted on by Ivana Jeremic

A tribunal in Iasi in northeastern Romania has ordered the pre-trial detention of 30 days for a man arrested last Thursday for allegedly stealing half a million euros in crypto from a leading cryptocurrency operator, sources from the organised crime prosecution office told BIRN.

The victim of the fraud is a company based in the Cayman Islands, and the seventh-largest cryptocurrency operator in the world, prosecutors said in a statement.

According to the Directorate for Investigating Organised Crime and Terrorism, DIICOT, the suspect broke into the system using the Application Programming Interface key, which he had fraudulently obtained before launching his cyberattack between January 28 and 31 this year.

After accessing the system, he transferred cryptocurrency worth 620,000 US dollars, or 520,000 euros, to the personal accounts of several people who paid him in real money for the digital assets.

“In order to hide the criminal deeds, the accused chose to take possession of the money through several withdrawals of small sums of 10,000 lei [around 2,000 euro] so he was not asked to provide an ID document,” the DIICOT statement said.

The operation that led to his arrest included raids in two locations from which seven cellphones, three laptops, five memory sticks as well as two e-wallets and 10,800 lei in cash were seized.

Romanian law enforcement agencies also sequestrated 40,000 lei from the account of one of the bitcoin traders who had bought stolen crypto from the accused.

The suspect will be charged with illegally accessing an informatic system, informatic fraud and money laundering.

Cyber-Attacks a Growing Threat to Unprepared Balkan States

Posted on by Ivana Jeremic

It wasn’t voting irregularities or the counting of postal ballots that delayed the results of last year’s parliamentary election in North Macedonia, but an audacious denial-of-service, DDoS, attack on the website of the country’s election commission.

Eight months on, however, the perpetrator or perpetrators behind the most serious cyber attack in the history of North Macedonia have still to be identified, let alone brought to justice.

While it’s not unusual for hackers to evade justice, last year’s Election Day attack is far from the only case in North Macedonia still waiting to be solved.

“Although some steps have been taken in the meantime to improve the situation, it’s still not enough,” Eurothink, a Skopje-based think-tank that focuses on foreign and security policy, told BIRN in a statement.

“The low rate of solved cyber-crime cases is another indicator of the low level of readiness to solve cyber-attacks, even in cases of relatively ‘less sophisticated’ and ‘domestic’ cyber threats.”

Across the Balkans, states like North Macedonia have put down on paper plans to tackle the threat from cyber terrorism, but the rate of attacks in recent years – coupled with the fact many remain unresolved – point to serious deficiencies in practice, experts say. Alarmingly, Bosnia and Hercegovina does not even have a comprehensive, state-level cyber security strategy.

“I am convinced that all countries [in the region] are vulnerable,” said Ergest Nako, an Albanian technology and ecosystems expert. “If an attack is sophisticated, they will hardly be able to protect themselves.”

In the case of Albania, Nako told BIRN, “the majority of targets lack the proper means to discover and react to cyber-attacks.”

“With the growing number of companies and state bodies developing digital services, we will witness an increasing number of attacks in the future.”

Ransomware a ‘growing threat’ to Balkan states


Illustration. Photo: Unsplash/Dimitri Karastelev

The COVID-19 pandemic has underscored the threat from cyber-attacks and the impact on lives.

According to the 2021 Threat Report from security software supplier Blackberry, hospitals and healthcare providers were of “primary interest” to cyber criminals waging ransomware attacks while there were attacks too on organisations developing vaccines against the novel coronavirus and those involved in their transportation.

Skopje-based cyber security engineer Milan Popov said ransomware – a type of malware that encrypts the user’s files and demands a ransom in order access – is a growing danger to Balkan states too.

“Bearing in mind the state of cyber security in the Western Balkans, I would say that this is also a growing threat for these countries as well,” Popov told BIRN. “While there haven’t been any massive ransomware attacks in the region, there have been individual cases where people have downloaded this type of malware on their computers, and ransoms were demanded by the various attackers.”

A year ago, hackers targeted the public administration of the northern Serbian city of Novi Sad, blocking a data system and demanding some 400,000 euros to stop.

“We’re not paying the ransom,” Novi Sad Milos Vucevic said at the time. “I don’t even know how to pay it, how to justify the cost in the budget. It is not realistic to pay that. Nobody can blackmail Novi Sad,” he told Serbia’s public broadcaster.

A local company announced the following that it had “eliminated the consequences” of the attack.

In Serbia, cyber security is regulated by the Law on Information Security and the 2017 Strategy for the Development of Information Security, but Danilo Krivokapic of digital rights organisation Share Foundation said that implementation of the legal framework remained a problem.

“The question is – to what extent our state bodies, which are covered by this legal norm, are ready to implement such measures?” Krivokapic told BIRN. “They must adopt [their own] security act; they need to undertake measures to protect the information system.”

Political battles waged in cyber space


Illustration. Photo: Unsplash/Stephen Phillips

North Macedonia was the target of a string of cyber attacks last year, some attributed to a spillover of political disputes into cyber space.

In May 2020, a Greek hacker group called ‘Powerful Greek Army’ hacked dozens of e-mail addresses and passwords of employees in North Macedonia’s finance and economy ministry and the municipality of the eastern town of Strumica.

The two countries have been at odds for decades over issues of history and identity, and while a political agreement was reached in 2018 tensions remain. Similar issues dog relations between North Macedonia and its eastern neighbour Bulgaria, too.

“Cyber-attacks can happen when a country has a political conflict, such as the current one with Bulgaria or previous one with Greece, but they are very rare,” said Suad Seferi, a cyber security analyst and head of the Informational Technologies Sector at the International Balkan University in Skopje.

“However, whenever an international conflict happens, cyber-attacks on the country’s institutions follow.”

Bosnia without state-level strategy


Illustration. Photo: Naipo de CEE

In Bosnia, the state-level Security Ministry was tasked in 2017 with adopting a cyber security strategy but, four years on, has yet to do so.

“Although some strategies at various levels in Bosnia are partially dealing with the cyber security issue, Bosnia remains the only South Eastern European country without a comprehensive cyber security strategy at the state level,” the Sarajevo office of the Organisation for Security and Cooperation in Europe, OSCE, told BIRN.

It also lacks an operational network Computer Emergency Response Teams (CERTs) with sufficient coverage across the country, the mission said.

The Security Ministry says it has been unable to adopt a comprehensive strategy because of the non-conformity of bylaws, but that the issue will be included in the country’s 2021-2025 Strategy for Preventing and Countering Terrorism.

So far, only the guidelines of a cyber security strategy have been adopted, with the help of the OSCE.

Predrag Puharic, Chief Information Security Officer at the Faculty for Criminalistics, Criminology and Security Studies in Sarajevo, said the delay meant Bosnia was wide open to cyber attacks, the danger of which he said would only grow.

“I think that Bosnia and Herzegovina has not set up the adequate mechanisms for prevention and reaction to even remotely serious attacks against state institutions or the citizens themselves,” Puharic told BIRN.

The country’s defence ministry has its own cyber security strategy, but told BIRN it would easier “if there were a cyber-security strategy at the state level and certain security measures, such as CERT”.

‘Entire systems jeopardised’


A laptop screen displays a message after it was infected with ransomware during a worldwide cyberattack. Photo: EPA/ROB ENGELAAR

Strengthening cybersecurity capacities was a requirement of Montenegro when it was in the process of joining NATO in 2019, prompting the creation of the Security Operations Centre, SOC.

According to the country’s defence ministry, protection systems have detected and prevented over 7,600 ‘non-targeted’ malware threats – not targeted at any particular organisation – and more than 50 attempted ‘phishing’ attacks over the past two years.

“In the previous five years several highly sophisticated cyber threats were registered,” the ministry told BIRN. “Those threats came from well-organised and sponsored hacker groups.”

Previous reports have identified a scarcity of cyber experts in the country as an obstacle to an effective defence. Adis Balota, a professor at the Faculty of Information Technologies in Podgorica, commended the strategies developed by the state, but said cyber terrorism remained a real threat regardless.

“Cyber-attacks of various profiles have demonstrated that they can jeopardise the functioning of entire systems,” Balota said. “The question is whether terrorists can do the same because they are using cyberspace to recruit, spread propaganda and organise their activities.”

This publication was produced with the financial support of the European Union. Its content is the sole responsibility of BIRN and does not necessarily reflect the views of the European Union nor of Hedayah.

Bucharest Wins Race to Host EU Cybersecurity Centre

Posted on by Ivana Jeremic

The Romanian capital has won the race to host the new European Cybersecurity Industrial, Technology and Research Competence Centre, ECCC, Romania’s Foreign Minister, Bogdan Aurescu, announced on Thursday.

“Exceptional success for Romania,” Aurescu wrote. “After intense diplomatic efforts, Bucharest was elected to host the EU’s Cybersecurity Centre – the 1st EU Agency in Romania,” the minister tweeted.

Bucharest was chosen over Brussels, Munich, Warsaw, Vilnius, Luxembourg and León, Spain, to host this new centre funded by the EU and dedicated to developing technologies to counter cyberattacks.

“Romanian expertise in IT was acknowledged in the EU. Romania is ready to work hard for a European cybersecurity ecosystem,” the minister continued in his tweet.

According to the European Council, the criteria to choose the host of the ECCC included “the date on which the centre can become operational”, “connectivity, security and interoperability with IT facilities to handle EU funding” and the existence of a “cybersecurity ecosystem”.

In recent years, Romania has become respected for its cybersecurity capacities. Conversely, it is also infamous for being the base of many cybercrime networks defrauding internet users all over the world.

The ECCC aims to “contribute to the deployment of the latest cybersecurity technology, support cybersecurity start-ups and SMEs, enhance cybersecurity research and innovation [and] contribute to closing the cybersecurity skills gap”.

The centre is expected to play a central role in the EU fight against increasing cyberthreats from hackers acting either on their own initiative or at the behest of hostile states and entities.

On such threat was reported this week by the European Medicines Agency. It said it had been hit by a cyberattack in which hackers accessed documents relating to a COVID-19 vaccine.

Concern over Moldova Cyber Security As Election Looms

Posted on by Ivana Jeremic

As the campaign for Moldova’s presidential election intensifies, so too does the rate of cyberattacks on state institutions in the former Soviet republic, torn between Russia and the West.

But while Moldova’s Intelligence and Security Service, SIS, says it is working to disrupt cyberattacks, critics say more needs to be done to confront the scourge of fake news and disinformation.

“Moldova does not have a strategy to tackle propaganda, nor clear policies for the protection of the information space,” said Cornelia Cozonac, head of the Centre for Investigative Journalism in Moldova.

“Moldovan politicians are not even trying to take over similar research-based guidelines from the Baltic States, for example.”

Individual hackers

In an interview for Moldpres, SIS director Alexandr Esaulenco said that election campaigns in Moldova frequently brought an “intensification” of cyberattacks on state bodies handling the electoral process.

In written comments to BIRN, the SIS described four types of attacks since 2015 – denial of service, or DDOS, phishing via state e-mail, brute-force attacks trying to gain access to government information systems and the hijacking of official web pages.

“These activities aim to stop or hinder the conduct of the electoral process, but in all these cases, we act proactively to prevent their success,” Esaulenco told Moldpres.

In an interview with tribuna.md in October, Sergiu Popovici, the director of the government Information Technology and Cyber Security Service, STISC, said most attacks were the work of individual hackers, “who try out their criminal talent on randomly selected electoral processes.”

‘Real propaganda’

Esaulenco, a 43-year-old major general, previously worked as a security adviser to Moldova’s pro-Russian president, Igor Dodon.


A person scrolls the screen of a mobile phone while loading information on how to counter ‘fake news’ in New Delhi, India, May 2, 2019. Photo: EPA/Harish Tyagi

Dodon is bidding for a second term in next month’s election but faces a strong challenge from pro-European candidate Maia Sandu.

The SIS press office told BIRN that, while it confronts the threat of cyberattacks, its future focus would be more on disinformation and propaganda.

Torn between integrating with the West or remaining in Russia’s orbit, Moldova has proven particularly vulnerable to outside propaganda, particularly against NATO, the European Union and the international community in general.

The SIS said that during the COVID-19 state-of-emergency in the spring, it closed some 61 websites and news portals deemed to be spreading propaganda and fake news regarding the pandemic.

But Petru Macovei, executive director of the Independent Press Association, API, said SIS did not go far enough.

“It was a facade with the closure of those sites, to justify themselves that their activity was not in vain during the state of emergency caused by the pandemic,” Macovei told BIRN. “Indeed, it was neither effective nor sufficient.”

These “were selective decisions,” he said, “because the real propaganda was not affected by that SIS measure.”

By ‘real propaganda,’ many experts in Moldova mean Russian media outlets that broadcast in Moldova with a distinctively anti-Western tone.

“Russian media in Moldova like Komsomolskaya Pravda or Sputnik every day have at least one anti-EU and NATO news and some about Ukraine,” said Cozonac.

Strategy lacking

Elena Marzac, executive director of the Information and Documentation Centre on NATO, IDC NATO, said that COVID-19 crisis and the economic fallout were “gradually turning into a security crisis.”


The executive director of the IDC NATO in Moldova, Elena Marzac. Photo: Facebook

“Besides classic disinformation there are also the cyberattacks, both elements of hybrid warfare,” Marzac told BIRN.

“Also, the narratives circulating in the international space, but also the regional and national one are strongly influenced by geopolitics, and the main promoting actors in that sense are China and Russia.”

Moldova has made some progress towards establishing the legal basis for a better information security strategy, but experts agree there is still much to be done.

“It is too early to talk about the existence in Moldova of an integrated and effective national mechanism for preventing and combating cybersecurity incidents and cybercrime,” said Marzac.

New Cyber Attacks on North Macedonia Spur Calls for Better Defences

Posted on by BIRD

Fresh cyber attacks in North Macedonia, this time targeting the health and education ministries, are spurring calls for more sophisticated cyber protection.

Last week’s attacks took down the websites of both ministries and were claimed by the hacker group ‘Anonopsmkd’, which previously took responsibility for a July 15 attack on the country’s most popular news aggregator TIME.mk.

The denial of service attack on TIME.mk, which involved more than 35 million addresses that generated thousands of clicks per seconds, coincided with a closely-fought parliamentary election in North Macedonia when the State Electoral Commission was also targeted.

In an interview last week, Anonopsmkd denied hitting the electoral commission, but it has warned that law enforcement structures in North Macedonia are its next target, spurring calls for greater protection of state bodies in the newest member of NATO.

“There should be a single protection system that would cover all government electronic services including agencies, ministries, local governments, and any legal entity or state body,” said Skopje-based cybersecurity consultant Mane Piperevski.

“This can be achieved by having a state-level Security Operation Centre with mixed ownership (51:49 in favour of the state),” Piperevski told BIRN. “The joint protection system would be under the leadership of the company that would be in charge of this Security Operation Centre.”

Hackers obstruct election result announcement

Piperevski said such a model had been implemented in a number of European Union countries.

“There is a quality staff within the government bodies that is ready to respond to such challenges,” he said. “The only problem, however, is with politics and priorities of the work in the institutions.”

Privacy and data protection expert Ljubica Pendaroska said the protection system should be multi-layered, “in order to make to make it as hard as possible for the hackers, and thus increase the protection of information and especially the personal data of citizens.”

“It is necessary for the institutions to have a developed and functional team and a procedure for rapid intervention and response in the case of an attack,” Pendaroska told BIRN.

An investigation conducted by the Ministry of Interior concluded that the electoral commission had been the target of a denial of service or DDoS attack which blocked publication of the preliminary results. The Commission website was out of action for several days.

“The investigation of this case continues in order to determine the IP addresses from where the attack was carried out, and for additional information to be collected to determine the perpetrator of this attack,” the ministry said.

National cybersecurity body has met only once

A spate of cyber attacks on state bodies in North Macedonia over the past few months has raised fears over the safety of its IT system, a concern for NATO too since the country joined the Western military alliance in March this year.

As BIRN reported in May, several cyberattacks in a short period of time exposed gaps in how North Macedonia’s authorities are dealing with cybersecurity issues.

In one security breach two months ago, a Greek hacker group calling itself ‘Powerful Greek Army’ leaked dozens of email addresses and passwords from staffers in North Macedonia’s ministries of finance and economy. Authorities are yet to determine how exactly the attack happened.

Last year, North Macedonia formed a National Council for Cyber Security, bringing together the ministers of interior, defence and information society. But it has so far met only once.

NATO member countries bear primary responsibility for their national cyber defences, but the alliance does provide expert support and has rapid reaction teams it can deploy in emergencies.

“NATO cyber experts can offer support and share information with Allies in real-time, including through our Malware Information Sharing Platform,” a NATO official told BIRN in an emailed response. “NATO has cyber rapid reaction teams on standby to assist Allies 24 hours a day, and our Cyberspace Operations Centre is operational.”

“NATO also invests in training, education and exercises which improve the skills of national cyber experts. Any attempts to interfere with democratic elections, including through hacking, are unacceptable, so we must remain vigilant.”

North Macedonia hackers target British pop stars
 A hacker group from North Macedonia has claimed to have taken down the websites of British pop stars Dua Lipa and Rita Ora.
 
The attacks happened amid a row that erupted this month when Lipa, whose parents were born in majority-Albanian Kosovo, posted on social media a map of ‘Greater Albania’.

Ora, who was born in Kosovo but moved to Britain as a child, voiced her support for Lipa and called for Kosovo – which declared independence from Serbia in 2008 – to appear on Apple Maps.

AnonOpsMKD claimed responsibility for the attacks.

North Macedonia Probes Election Day Cyber Attacks

Posted on by BIRD

Authorities in North Macedonia have announced an investigation into election day’s cyber attack while experts are still puzzled about how the attack occurred on July 15, targeting the website of the state election commission, SEC, and the news aggregator website.

“It is not clear whether the [SEC] website was tested to withstand a large amount of connections for a short period of time, and whether it had the necessary DDoS protection,” cyber-security engineer Milan Popov told BIRN on Friday.

The Interior Ministry confirmed that it is looking into the matter. “The SEC reported the case and, immediately after the report, the Sector for Computer Crime and Digital Forensics took measures and activities to clear up the case,” ministry spokesman Toni Angelovski told BIRN.

Polling day on July 15 saw two of the highest profile cyber attacks the country has ever seen. In a single night, both the election commission’s website and the most popular news aggregator, TIME.mk, were brought down for several hours.

While TIME.mk quickly recovered, the SEC website is still having difficulties functioning. According to the SEC head, Oliver Derkovski, the attack probably came from abroad.

“We informed the Interior Ministry about this cybercrime. They were here today and I hope they will resolve it soon. It was an attack from abroad,” Derkovski said.

The IT company that runs the SEC election results page section, Duna Computers, said its own application functions flawlessly and the main issue came from the SEC website experiencing a sophisticated cyber attack.

The second cyber attack of the night, the denial of service, DDoS, attack that hit TIME.mk, involved more than 35 million addresses that generated thousands of clicks per second.

“There were brief interruptions but mostly the site withstood the attack. Unfortunately, we did not have the best protection, and this was our mistake, which we have corrected, so that it will not happen again,” the website’s founder, Igor Trajkovski, wrote on Twitter.

“I can say for sure that, for the second part of the attack, someone is connected to one of the sites that we index, because that is the only way through which they can find out our IP address,” Trajkovski added.

Unlike the SEC cyber attack, responsibility for this one was claimed by a hacker group that uses a logo similar to that of the famous hacktivist group Anonymous, and calls itself “Anonopsmkd”.

The group left a message in which it voiced displeasure with the election process in the country, and said it had targeted the TIME.mk website mostly because of its popularity. Regarding the group itself, information is scarce. However, in their message, they warned ominously that they are ready to strike again, and that they “neither forgive nor forget”.

North Macedonia Election Commission ‘Cyber-Attacked During Polls’

Posted on by BIRD

The website of North Macedonia’s State Electoral Commission, SEC, suffered an alleged denial-of-service, DDoS, attack for more than three hours during the parliamentary elections on Wednesday.

The attack delayed the SEC’s announcement of the official results of the tightly-contested vote on its website and it had to improvise by releasing partial results through YouTube clips instead.

SEC officials insisted that the alleged attack did not affect the data that they had been collecting throughout the day.

“From what I know so far, this was an attempted external attack. But until this is confirmed, I cannot speculate, we will know more about it tomorrow [Thursday]. The data wasn’t attacked and no damage was caused in the process,” SEC President Oliver Derkovski told a press conference.

At the same time as the SEC suffered the alleged attack, the country’s most popular news aggregator TIME.mk was also targeted by a heavy DDoS attack, which took the website down for a couple of hours. The site’s founder, Igor Trajkovski, said that Cloudflare, a US-based website security company, had to block millions of IP addresses involved in the attack.

“So far, Cloudflare has blocked three million IP addresses. And more new ones are appearing. We have never had such a DDOS attack before. Someone paid a lot of money to do this,” Trajkovski wrote on Twitter.

The attack was later claimed by a hacker group calling itself Anonymous Macedonia, which left a message on the website voicing displeasure with the election process, citing “empty promises from all political parties in this beautiful country”.

“We had yet another ‘democratic election process’, and as we can see, it is the same story repeating every three to four years,” the message said.

“It had to be your website because it has the highest number of visitors – no hard feelings,” It added.

With more than 90 per cent of the ballots counted, the ruling SDSM party was ahead of the opposition VMRO-DPMNE by some 10,000 votes.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now