North Macedonia Banks Targeted by Notorious Greek Hackers

A well known group of supposedly Greek-based hackers, calling themselves “Powerful Greek Army”, has claimed it took down the pages of several banks in North Macedonia on Tuesday evening for a couple of hours.

Only one bank, however, the private TTK Bank, has confirmed that its web page was in fact the target of a hacker attack, saying that it “successfully prevented” the attack and “there are no consequences”.

“Powerful Greek Army” posted on Monday that it intended to attack a range oif banks.

“ALL banks licensed by the National Bank of the Republic of North Macedonia/All Banks of North Macedonia will be downed … soon,” the group wrote on Twitter. On Tuesday, the group posted subsequent posts, claiming success in this.

BIRN asked North Macedonia’s central bank to comment but did not receive an answer by the time of publication.

This is not the first time the group has targeted North Macedonia’s institutions.

In February, the Education Ministry confirmed it came under attack by the group, which posted video footage of allegedly hacked video surveillance cameras from inside the ministry. However, the ministry said the camera footage was fake.

Earlier, in May 2020, “Powerful Greek Army” leaked dozens of email addresses and passwords from staffers in North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica – and bragged about its exploits on Twitter.

The hacking group was reportedly founded in 2016, when it took down the website of the Greek Prime Minister. Since then it has taken offline a number of banks in Turkey and downed the websites of Turkish Airlines and the office of the Turkish president among other targets. In a recent interview, an alleged member said they had not particular motivation or ideology and chose their targets at random, from Greece and its neighbours to Nigeria and Azerbaijan.

Montenegro Promises to Compensate for Publishing Self-Isolators’ Names

Montenegro’s government confirmed on Monday that it will pay compensation of 300 euros each, of a total of 816,000 euros, to citizens on the list of people ordered to self-isolate during 2020 whose names were published.

According to government data, 2,720 persons filed lawsuits against the state for publishing their names on lists of people ordered to self-isolate.

“Last December, the government agreed to pay 300 euros each in damages to every citizen whose name was published on those lists. The compensation will be paid for violation of personal rights by publishing personal data,” the government told BIRN.

Podgorica-based lawyer Dalibor Kavaric, who represented most of the citizens filing lawsuits, said the government had violated their human rights despite its claims that this was done in the public interest.

“The state has an obligation to protect the rights of every citizen even when it comes to the public health interest. When those lists were published, there was increased fear in the public due to the COVID-19 pandemic. Because of that, those people were stigmatized, as they were presented as a public threat,” Kavaric told BIRN.

“We are not satisfied with the amount of compensation, as it should be at least ten times higher,” he added.

The government published the names on March 21, 2020, during the first wave of the COVID-19 pandemic, despite warnings from opposition parties and civic society organisations that it risked violating their constitutionally guaranteed human rights. They also warned that citizens whose names were published might sue the state.

The government insisted it had a right to publish the names because some citizens were not respecting self-isolation obligations.

It said it had approval for its actions from the Agency for Personal Data Protection. It also stressed that the security forces could not control every citizen who should be in self-isolation and that anyone who failed to self-isolate posed a threat to the community.

On March 22, 2020, then Prime Minister Dusko Markovic said no compromises would be made with those who violated preventative measures amid the pandemic. He also warned that the government would continue to publish the names of citizens who had been ordered to self-isolate.

“The lives of our citizens are the priority. We have estimated that the right to health and life is above the right to unconditional protection of personal data,” Markovic said.

But after the Civic Alliance NGO submitted an appeal to the Constitutional Court, on July 23, 2020, the court annulled the government’s decision to publish the names of citizens ordered to self-isolate – although it did not rule that the government had violated their rights. The government then removed the list from its website.

In last year’s progress report, the European Commission urged Montenegro to award compensation for the publication of the names, warning that the government had violated people’s constitutional right to privacy.

Albania Online Media Blame Cyber-Attacks on Tirana Mayor

Online media critical of Albania’s government claim that the cyber attacks that targeted them recently were likely coordinated, and possibly linked to Tirana Mayor Erion Veliaj.

They told BIRN that they suspected that the attacks happened because they published a taped conversation in which Veliaj can be heard using slurs, coarse language and threats when speaking to regional football officials.

They said the attacks made it difficult for the public to access their webpages, and that the attacks looked coordinated.

Brahim Shima, director at Ora News, a broadcaster based in Tirana, told BIRN he believed that the attack had been deliberate.

“The attack was completely intentional, to make it as difficult as possible to access the news at Ora News. There were previous attempts to hack the site, but the attack launched in January was aimed at reducing it, or maximizing our difficulty in disseminating news,” Shima told BIRN.

He added that they connected the attack to the battle between the Albania Football Federation, FSHF, and the Tirana Mayor over elections for a new head of the football governing body.

“We do not have concrete facts, but [we believe] everything has to do with pressure from Mayor Veliaj towards the FSHF,” he added.

Enton Abilekaj, who runs a local media outlet called Dosja.al, said the cyber attacks targeted his media as well, making access to its webpage difficult.

“The company that provides us with online activity informed us about a special attack, which was not done by hackers but by buying IPs abroad, so artificially increasing traffic, so that the server could not cope and the site could not be accessed,” Abilekaj told BIRN.

“From the investigation we did with colleagues who had the same problem, we realized that the attacked sites were the same ones that published the audio recording of the mayor in a meeting with members of the Tirana regional Football Assembly,” he added.

He said that the attack had finished, but had left a lot of uncertainty within the media.

Andi Bushati, who runs Lapsi.al, told BIRN that he also saw the attacks as connected with the publication of the tape in which Mayor Veliaj appeared to be pressuring the football community of the capital to interfere in the FSHF elections.

“We do not have 100-per-cent verifiable evidence that the cyber attack came from the mayor, but the fact that those media outlets that gave great visibility to this news were attacked and, above all, that the FSHF website that first published this eavesdropping was attacked, leads all assumptions to Veliaj,” Bushati told BIRN.

Gerti Progni, an Albanian cyber expert, told BIRN that portals that are critical of the authorities and the government have been subjected to cyber attacks “for some time now”.

“But it has never happened that the attack was so large and at such a high cost, because the type of attack was a DDOS [denial of distribution of service],” Progni said. “It is the only attack that is almost impossible to detect, and it’s very difficult and costly to defend oneself from it,” he added.

Albania to Hire US Cybersecurity Firm After Data Breach

The Albanian government said on Tuesday that it has signed a memorandum of understanding with the US-based Jones International Group, which is expected to advise on cyber security measures after the country suffered a huge data leak in late December.

The agreement with the Virginia-based Jones International Group was made public through a decision by Albania’s Council of Ministers but no details of tender procedures or the costs involved were disclosed.

“This is just an agreement of understanding in which the parties agree that they will work with each other. The other documents [contracts] will become known in the future,” the spokesperson at the Ministry of Infrastructure and Energy, Florian Serjani, told BIRN on Tuesday when asked about the cost.

When asked what was the basis upon which the company was chosen, Serjani said that “we have experience with this company because they have worked with the OST [Albania’s transmission system operator]”.

The Jones International Group, which provides cyber security, energy, telecommunications and political consulting services and products, is run by James Logan Jones, a former US Navy general and former US National Security Advisor. Jones was also the US supreme allied commander in Europe.

The Minister of Infrastructure and Energy, Belinda Balluku, met Jones on Monday and said that he has “expressed readiness to cooperate with the Albanian government for cyber protection, as one of the companies with the greatest experience in the US and Europe”.

Quoted by local media on Tuesday, Jonas said he feels honoured to help Albania in “cyberwar.”

“…There is a clear and obvious danger…”, he was quoted as saying.

The US company, which according to the official data was established in July 2020,  plans a strategy of how to install multilayer protective systems to prevent cyberattacks in a country where people can find more than 90 per cent of their public administration services online.

Jones has previous connections with Albania. In 2019, while working as US National Security Advisor, in Albania he met the People’s Mojahedin Organisation of Iran, MEK, a controversial Iranian opposition group that has been sheltered by Albania since 2013. He has been presented as a longtime supporter of the Iranian resistance, especially the members of the MEK in Iraq.

At a NATO conference on security challenges facing technology two years ago in Tirana, he warned Albania to be vigilant about China offering to provide 5G technology.

After the huge data leak in December, the Tirana prosecution started checking a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which was circulated on WhatsApp. Four people are under investigation over the leak.

It was alleged that the data contained the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

Another data leak of salaries for the month of April was released and circulated via WhatsApp one day later.

It was followed by a further data leak that contained private information about citizens’ vehicle number plates.

In April 2021, a few days before elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, included names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Albania Announces Four Arrests Over Massive Data Leaks

The Prosecutor of Tirana, Elisabeta Imeraj, told the media on Friday that police had arrested four people in connection with the massive data leaks that have rocked Albania.

Two people from state institutions suspected of selling people’s personal data and two others from private entities suspected of buying it had been arrested.

“They are employed in the National Information Service Agency, but practice their profession in the General Directorate of Taxes”, she said referring to the two arrested from state institutions.

The Tirana prosecution in December started checking a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which has been circulated on social media.

It was alleged that the data contained the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors for January 2021.

Another data leak of salaries for the month of April was released and circulated through WhatsApp just one day later.

It was followed by another data leak that contained private information about citizens’ car plates.

Experts told BIRN that these leaks pose public security questions.

In April 2021, a few days before elections, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Massive Data Leaks in Albania Pose Public Security Question

A database circulating online containing private information of Albanian citizens’ salaries, and another with private information and comments on political preferences that circulated in April, have raised concerns about public security in the country.

Prosecutors in Tirana started verification hours after a massive data breach of citizens’ private information started circulating online, initially through “Whatsapp”. The data contain the salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

The opposition Democratic Party condemned “an extraordinary scandal” and accused the Socialist government of failing to protect citizens’ private data.

The excel file that was leaked contained the salaries of the citizens for the month of January, while another which started circulating on Thursday contained salaries for April.

On Thursday Prime Minister Edi Rama called it “an attempt to create confusion and to foster instability”, implying also that the destabilization efforts came from the country’s divided opposition.

Enri Hide, a security expert and professor at the European University in Tirana, called it “an open threat to the national security” and added that “the institutional reaction “is not at all serious and proportionate to the degree of risk”.

“First of all, it shows the weaknesses of Albania’s cyber-security infrastructure. Second, it shows the lack of a response plan in such cases,” Hide told BIRN.

Asked if a specific group of people such as Intelligence or Army are more threatened than others, Hide said that the exposure “has extremely serious consequences for Intelligence” and the military.

“The long-term consequences for the Intelligence and Security and Defence system are 1. Use of the data by foreign actors in order to monitor the payment system of the sector. 2. Now that this level is being clarified, foreign intelligence agencies may attempt to ‘intervene’ or try to ‘offer rewards’ to actors in key / sensitive positions,” he told BIRN.

He added that the private sector was also at risk by making citizens vulnerable to blackmail.

“Cyber-security must be taken seriously. We need a strategy based not on letters but on modus operandi. We need a clear protocol of what should happen if we have such leaks. There is not any and it is shameful,” he said.

Fabian Zhilla, a security expert based in Tirana, said the leak of the database with the private information of citizens data that, “the public loses trust in public institutions and the loss of trust is directly related to the cooperation that citizens should have with institutions:”. If this threat is not addressed “citizens will be exposed and blackmailed and this includes employees of important state institutions”.

“If we talk about the protection of personal data, there is no doubt that the bodies that deal with the monitoring of all servers of public institutions such as  National Agency for Information Society, AKSHI, must have a protocol and if there is no protocol … AKSHI should definitely set up a working group to make an assessment of preventive measures but also measures in case of information leaks and how it can be managed in real-time to prevent their spread in public,” Zhilla told BIRN.

He confirmed that secret service employees, intelligence services, military intelligence units and counter-terrorism units were at special risk.

“It is very important that a commission be set up at the ministerial level, perhaps with the request of Parliament to make a better assessment of the protection protocol, the measures related to the status quo of the infrastructure that the official institutions have today to protect the personal data,” he added.

The head of  AKSHI, Linda Karancaj, said on Thursday that “the tax system is not certified by ISO, but we are in the process”.

According to the National Strategy of Cyber Security 2020 -2025 “any government infrastructure under the administration of AKSHI, ISO 27001standard policies are applied”.

In April 2021, a few days before elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Albanian Prosecutors Probe Huge Suspected Leak of Personal Data

The Tirana prosecution told BIRN that it has “started verifications” of a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which has been circulated on social media.

It is alleged that the data contains the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

It is suspected that the list was leaked from the tax service or the Social Insurance Institute.

Government spokesman Endri Fuga said that the Ministry of Finance was following with concern the release of data on the salaries of Albanian citizens, and described the document as “illegal”.
Fuga said in a statement that preliminary analysis has shown that “there has been no digital export of the [state] payroll database” and that the document is a “merger of several different pieces” of data.

President Ilir Meta called it “a flagrant violation of freedoms, human rights and dignity, laws and the constitution” and urged the authorities to investigate the case and find the perpetrators.

“The personal data of every citizen, which is stored by public institutions and administered in state databases, is personal, protected by law and intended to be used only for the benefit of citizens and the state only,” Meta said.

“Any other use of it is a criminal act, which endangers the social order by violating the private security of every citizen,” he added.

The deputy leader of the opposition Democratic Party, Enkelejd Alibeaj, said it was “an extraordinary scandal” and alleged that the government of Prime Minister Edi Rama has failed to protect “personal and sensitive data on salaries, personal identification numbers, and the workplaces of over 630,000 citizens”.

Alibeaj said the Democratic Party believes that the online publication of the list “is part of a [ruling] party-state strategy to use sensitive information for electoral purposes”.

If confirmed, this would be the second time in a year that large amounts of citizens’ private data have entered the public domain.

In April 2021, a few days before the general elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys.

Turkish Army Uses Algorithm to ‘Persecute’ Gulenists: Report

A new report published by StateWatch, a UK-based international rights organisation monitoring the state and civil liberties in Europe, says an algorithm used to detect alleged government opponents in the Turkish Armed Forces, TSK, has been used to persecute thousands of people.

The report, “Algorithmic persecution in Turkey’s post-coup crackdown: The FETO-Meter system” says more than 20,000 military personnel have been dismissed since a failed coup attempt in 2016 on the basis of algorithms.

“The report shines a flashlight on the (mis)use of algorithms and other information-based systems by the Turkish government in its ruthless counterterrorism crackdown since the July 2016 events. Thousands of people have been put out of work, detained, and persecuted by reference to ‘scores’ assigned to them by a tool of persecution, the so-called FETO-Meter,” Ali Yildiz, one of the authors of the report and a legal expert, told BIRN.

Yildiz added that “this situation is far from being unique to Turkey: in an increasingly connected world where states make wider recourse to counter-terrorism surveillance tools, the possibility of falling victim to algorithmic persecution is high”.

“The report, therefore, serves as a wake-up call to bring more awareness to the devastating effects of algorithmic persecution and oppression not just in Turkey, but also in the entire world,” Yildiz added.

The so-called FETO-Meter is based on 97 main criteria and 290 sub-criteria, many of which violate individual privacy.

The name references alleged supporters of exiled cleric Fethullah Gulen whom the government calls FETO, short for Fethullahist Terrorist Organisation. US-based Gulen has always denied any links to terrorism.

The questions for profiling and scoring individuals include information of their marriages, education, bank accounts, their children’s school records, their promotions and references in the army. The questionnaire demands information about people’s relatives and also neighbours.

It was deployed following the July 2016 coup attempt to root out alleged followers of Gulen who is accused of masterminding the failed coup.

“Hundreds of thousands of people have been profiled and assigned a ‘score’ by the algorithm, which is operated by a special unit called ‘The Office of Judicial Proceedings and Administrative Action’, ATİİİŞ, within the Turkish navy,” Emre Turkut, another author of the report and an expert on international human rights law from Hertie School Berlin, told BIRN.

Turkut said that the report includes testimonies from several high-ranking former military officers who have since sought asylum in the EU, and highlights that application of the algorithm has been arbitrary and underpinned punitive measures not only against primary suspects but anyone in their social circles, including their family members, colleagues, and neighbours.

However, Cihat Yayci, a former navy admiral and the architect of the FETO-Meter algorithm, has defended it.

“FETO militants are very successful in hiding their real identities. The FETO-Meter gave us very successful results for identifying Gulenists,” Cihat Yayci said in a TV interview in 2020.

Since 2016, 292,000 people have been detained and nearly 598,000 people investigated over their alleged links with Gulen.

According to the Turkish defence and interior ministries, nearly 21,000 members of the armed forces, 31,000 police officers, more than 5,500 gendarmerie officers and 509 coastguards have also lost their jobs over alleged links to Gulen.

More than 30,000 people are still in prison because of their alleged ties to the cleric and more than 125,000 public servants have been dismissed.

Montenegro Data Protection Agency Voices Concern Over COVID-19 Measures

A member of Montenegro’s Council of the Agency for Personal Data Protection, Muhamed Gjokaj, on Wednesday warned that new COVID-19 measures could put citizens’ personal data at risk.

He said he feared unauthorized persons could get insight into citizens’ personal data, and called on the Health Ministry to be more precise about its new health measures.

“The Health Ministry should explain on the basis of which specific legal norms it has prescribed that waiters have the right to process the personal data of citizens who enter a café or restaurant.

“If there is no adequate legal basis, citizens can sue all those entities that ask to inspect their personal data, which also relates to health information,” Gjokaj told the daily Pobjeda.

On July 30, the Health Ministry announced that patrons of nightclubs, discotheque and indoor restaurants must show their ID and National COVID-19 certificate before entering.

The national COVID-19 certificate is a document issued by Health Ministry, which proves that a person has been vaccinated, or has had a recent negative PCR test, or has recovered from COVID-19. According to the Health Ministry, the certificate must be showed to the waiter or club staff.

Montenegro’s Personal Data Protection Law specifies that personal data related to health conditions can be inspected only by medical personnel, however. It prohibits inspection of personal data by unauthorized personnel.

On July 30, the head of the Digital Health Directorate, Aleksandar Sekulic, said no violation of citizens’ personal data was taking place under the measures, as only the name and date of birth of the person were on the COVID-19 certificate.

“We do not provide medical conditions through the certificates but only the data citizens want to provide. They voluntarily agreed to provide a certain amount of data,” Sekulic told a press conference.

On August 3, a lawyer, Andrijana Razic claimed the Health Ministry had violated the law by the new health measures, accusing it of forcing citizens to be vaccinated. She said that non-vaccinated citizens must not be discriminated against in any way.

“It’s completely clear that employees in a restaurant or nightclub have absolutely no right to identify citizens, or ask them for health information that is secret by law. The government should seriously consider the possible consequences of pursuing such a discriminatory and dangerous health policy, based on a drastic violation of basic human rights,” Razic told the daily newspaper Dan.

According to the Institute for Public Health, there are 1,667 registered COVID-19 active cases in the country. The capital Podgorica and the coastal town of Budva have the largest numbers. On Wednesday, the Health Ministry said that 34.5 per cent of the adult population had been vaccinated against COVID-19.

Romanian Intelligence: Hospitals Need ‘Urgent’ Protection from Cyber-Attacks

Days after authorities announced that the Witting public hospital in Bucharest had been targeted by hackers, the Romanian Information Service, SRI, has called on the government to take “urgent” action to protect state-owned medical institutions from these disruptive threats.

Romania’s national intelligence service has warned of widespread deficiencies when it comes to cybersecurity in hospitals, in spite of their increasing reliance on informatics and online systems to run their daily operations.

“Such attacks against some hospitals in Romania represent a sign of alarm about the low level of cybersecurity that exists,” the agency’s statement issued on Friday said, stressing “the need to adopt centralized decisions” that make it mandatory for all medical institutions to impose “minimal cybersecurity measures”.

The intelligence service has briefed the ministries of Health and Transport and Infrastructure concerning the “way in which the attack [reported this month against the Witting hospital] was conducted”, warning the two ministries about the “vulnerabilities of which attackers took advantage”, the SRI statement on Friday said. 

The secret service also presented both departments with a “series of measures to be implemented on urgent basis, in order to limit the effects generated of the attack as well as to prevent future ransomware attacks.

“Although they are of a medium or reduced complexity, this kind of ransomware attacks can generate major dysfunctions in the activities carried out by medical field’s institutions,” the SRI statement explained.

In the absence of clear general standards, the level of cybersecurity in public hospitals and most Romanian state institutions largely depends on the competence and awareness of the personnel in charge, specialists told BIRN.

On 22 July this year, the SRI said the servers of the Witting hospital in Bucharest were targeted by a cyberattack conducted with a ransomware application known as PHOBOS.

“After encrypting the data, the attackers demanded that a ransom be paid for them to decrypt them again,” the intelligence service said at the time.

The attack did not affect the functioning of the hospital, which assured the continuity of operations using data from offline registries. According to the SRI, no ransom was paid to the hackers.

The intelligence service said the attack resembles others that targeted four Romanian hospitals in the summer of 2019. The systems of the four hospitals were not protected by antivirus and were also compromised using PHOBOS.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now