Tag: data protection

Iranian Hackers Leak Database of Albanian Criminal Suspects

Posted on by birdsuperadmin

An Iranian hacking group called “Homeland Justice” published new information on Monday related to people supposedly “suspected” by the Albanian police authorities.

The file, simply titled “Suspected”, contains information allegedly related to people in the State Police database connected to different crimes.

The data shared from the Telegram channel also called “Homeland Justice” includes photos of these people, their ID numbers, names and surnames, names of their fathers, dates of birth, birth cities and nationality. The database is thought to have 100,000 items of data.

The prosecution has ordered local media not to report the content of data that hackers released. Albania’s government has not reacted to the latest leak.

Sali Berisha, veteran boss of the centre-right Democratic Party in opposition, said that the leak was very dangerous.

He said the leak likely came from the police’s MEMEX system, which gathers data from the State Police on people suspected and investigated for crimes.

“Names have been exposed from the system in order to warn all those who are under surveillance, are under investigation, or are under consideration for various criminal activities,” he said.

“This is a moment when Albania has become the most dangerous country in the Balkans and Europe, as it [the leak] warns contingents of criminals that they are under police pursuit and surveillance and must leave in order to be saved,” Berisha said on Monday.

Ervin Karamuco, a professor in criminology at Tirana University, also described the leak as very worrying.

“What we had suspicions about but were afraid to say out loud, has happened; 1.7 gigabytes of criminal data from the Memex police system was released today by hackers. Public safety is under question,” Karamuco wrote on Facebook.

However, State Police denied that the information leaked on Monday is from MEMEX.
“State Police informs that, so far, sensitive data that is being administered in this system is not affected or damaged,” the police said.

It added that they are investigating the origin of the leak and called on the media not to publish this kind of data.

Albania has been subjected to cyber-attack for months, which the government has connected to Iranian groups. (Tirana hosts a group of exiled Iranian dissidents). The Iranian embassy staff in Tirana were expelled on September 7.

Since then, the hackers have conducted other operations, targeting the Traveller Information Management System, TIMS, on September 19, which caused chaos on the borders. They also released emails of Gledis Nano, former Chief of Police, on September 19.

According to an FBI report, Iranian hackers first accessed Albanian systems a full 14 months ago.

The first cyber-attack was reported on July 13, when government services became unavailable for some days.

“An FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the [July] destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware,” the FBI report said.

North Macedonia Banks Targeted by Notorious Greek Hackers

Posted on by Ivana Jeremic

A well known group of supposedly Greek-based hackers, calling themselves “Powerful Greek Army”, has claimed it took down the pages of several banks in North Macedonia on Tuesday evening for a couple of hours.

Only one bank, however, the private TTK Bank, has confirmed that its web page was in fact the target of a hacker attack, saying that it “successfully prevented” the attack and “there are no consequences”.

“Powerful Greek Army” posted on Monday that it intended to attack a range oif banks.

“ALL banks licensed by the National Bank of the Republic of North Macedonia/All Banks of North Macedonia will be downed … soon,” the group wrote on Twitter. On Tuesday, the group posted subsequent posts, claiming success in this.

BIRN asked North Macedonia’s central bank to comment but did not receive an answer by the time of publication.

This is not the first time the group has targeted North Macedonia’s institutions.

In February, the Education Ministry confirmed it came under attack by the group, which posted video footage of allegedly hacked video surveillance cameras from inside the ministry. However, the ministry said the camera footage was fake.

Earlier, in May 2020, “Powerful Greek Army” leaked dozens of email addresses and passwords from staffers in North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica – and bragged about its exploits on Twitter.

The hacking group was reportedly founded in 2016, when it took down the website of the Greek Prime Minister. Since then it has taken offline a number of banks in Turkey and downed the websites of Turkish Airlines and the office of the Turkish president among other targets. In a recent interview, an alleged member said they had not particular motivation or ideology and chose their targets at random, from Greece and its neighbours to Nigeria and Azerbaijan.

Montenegro Promises to Compensate for Publishing Self-Isolators’ Names

Posted on by Ivana Jeremic

Montenegro’s government confirmed on Monday that it will pay compensation of 300 euros each, of a total of 816,000 euros, to citizens on the list of people ordered to self-isolate during 2020 whose names were published.

According to government data, 2,720 persons filed lawsuits against the state for publishing their names on lists of people ordered to self-isolate.

“Last December, the government agreed to pay 300 euros each in damages to every citizen whose name was published on those lists. The compensation will be paid for violation of personal rights by publishing personal data,” the government told BIRN.

Podgorica-based lawyer Dalibor Kavaric, who represented most of the citizens filing lawsuits, said the government had violated their human rights despite its claims that this was done in the public interest.

“The state has an obligation to protect the rights of every citizen even when it comes to the public health interest. When those lists were published, there was increased fear in the public due to the COVID-19 pandemic. Because of that, those people were stigmatized, as they were presented as a public threat,” Kavaric told BIRN.

“We are not satisfied with the amount of compensation, as it should be at least ten times higher,” he added.

The government published the names on March 21, 2020, during the first wave of the COVID-19 pandemic, despite warnings from opposition parties and civic society organisations that it risked violating their constitutionally guaranteed human rights. They also warned that citizens whose names were published might sue the state.

The government insisted it had a right to publish the names because some citizens were not respecting self-isolation obligations.

It said it had approval for its actions from the Agency for Personal Data Protection. It also stressed that the security forces could not control every citizen who should be in self-isolation and that anyone who failed to self-isolate posed a threat to the community.

On March 22, 2020, then Prime Minister Dusko Markovic said no compromises would be made with those who violated preventative measures amid the pandemic. He also warned that the government would continue to publish the names of citizens who had been ordered to self-isolate.

“The lives of our citizens are the priority. We have estimated that the right to health and life is above the right to unconditional protection of personal data,” Markovic said.

But after the Civic Alliance NGO submitted an appeal to the Constitutional Court, on July 23, 2020, the court annulled the government’s decision to publish the names of citizens ordered to self-isolate – although it did not rule that the government had violated their rights. The government then removed the list from its website.

In last year’s progress report, the European Commission urged Montenegro to award compensation for the publication of the names, warning that the government had violated people’s constitutional right to privacy.

Albania Online Media Blame Cyber-Attacks on Tirana Mayor

Posted on by Ivana Jeremic

Online media critical of Albania’s government claim that the cyber attacks that targeted them recently were likely coordinated, and possibly linked to Tirana Mayor Erion Veliaj.

They told BIRN that they suspected that the attacks happened because they published a taped conversation in which Veliaj can be heard using slurs, coarse language and threats when speaking to regional football officials.

They said the attacks made it difficult for the public to access their webpages, and that the attacks looked coordinated.

Brahim Shima, director at Ora News, a broadcaster based in Tirana, told BIRN he believed that the attack had been deliberate.

“The attack was completely intentional, to make it as difficult as possible to access the news at Ora News. There were previous attempts to hack the site, but the attack launched in January was aimed at reducing it, or maximizing our difficulty in disseminating news,” Shima told BIRN.

He added that they connected the attack to the battle between the Albania Football Federation, FSHF, and the Tirana Mayor over elections for a new head of the football governing body.

“We do not have concrete facts, but [we believe] everything has to do with pressure from Mayor Veliaj towards the FSHF,” he added.

Enton Abilekaj, who runs a local media outlet called Dosja.al, said the cyber attacks targeted his media as well, making access to its webpage difficult.

“The company that provides us with online activity informed us about a special attack, which was not done by hackers but by buying IPs abroad, so artificially increasing traffic, so that the server could not cope and the site could not be accessed,” Abilekaj told BIRN.

“From the investigation we did with colleagues who had the same problem, we realized that the attacked sites were the same ones that published the audio recording of the mayor in a meeting with members of the Tirana regional Football Assembly,” he added.

He said that the attack had finished, but had left a lot of uncertainty within the media.

Andi Bushati, who runs Lapsi.al, told BIRN that he also saw the attacks as connected with the publication of the tape in which Mayor Veliaj appeared to be pressuring the football community of the capital to interfere in the FSHF elections.

“We do not have 100-per-cent verifiable evidence that the cyber attack came from the mayor, but the fact that those media outlets that gave great visibility to this news were attacked and, above all, that the FSHF website that first published this eavesdropping was attacked, leads all assumptions to Veliaj,” Bushati told BIRN.

Gerti Progni, an Albanian cyber expert, told BIRN that portals that are critical of the authorities and the government have been subjected to cyber attacks “for some time now”.

“But it has never happened that the attack was so large and at such a high cost, because the type of attack was a DDOS [denial of distribution of service],” Progni said. “It is the only attack that is almost impossible to detect, and it’s very difficult and costly to defend oneself from it,” he added.

Albania to Hire US Cybersecurity Firm After Data Breach

Posted on by Ivana Jeremic

The Albanian government said on Tuesday that it has signed a memorandum of understanding with the US-based Jones International Group, which is expected to advise on cyber security measures after the country suffered a huge data leak in late December.

The agreement with the Virginia-based Jones International Group was made public through a decision by Albania’s Council of Ministers but no details of tender procedures or the costs involved were disclosed.

“This is just an agreement of understanding in which the parties agree that they will work with each other. The other documents [contracts] will become known in the future,” the spokesperson at the Ministry of Infrastructure and Energy, Florian Serjani, told BIRN on Tuesday when asked about the cost.

When asked what was the basis upon which the company was chosen, Serjani said that “we have experience with this company because they have worked with the OST [Albania’s transmission system operator]”.

The Jones International Group, which provides cyber security, energy, telecommunications and political consulting services and products, is run by James Logan Jones, a former US Navy general and former US National Security Advisor. Jones was also the US supreme allied commander in Europe.

The Minister of Infrastructure and Energy, Belinda Balluku, met Jones on Monday and said that he has “expressed readiness to cooperate with the Albanian government for cyber protection, as one of the companies with the greatest experience in the US and Europe”.

Quoted by local media on Tuesday, Jonas said he feels honoured to help Albania in “cyberwar.”

“…There is a clear and obvious danger…”, he was quoted as saying.

The US company, which according to the official data was established in July 2020,  plans a strategy of how to install multilayer protective systems to prevent cyberattacks in a country where people can find more than 90 per cent of their public administration services online.

Jones has previous connections with Albania. In 2019, while working as US National Security Advisor, in Albania he met the People’s Mojahedin Organisation of Iran, MEK, a controversial Iranian opposition group that has been sheltered by Albania since 2013. He has been presented as a longtime supporter of the Iranian resistance, especially the members of the MEK in Iraq.

At a NATO conference on security challenges facing technology two years ago in Tirana, he warned Albania to be vigilant about China offering to provide 5G technology.

After the huge data leak in December, the Tirana prosecution started checking a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which was circulated on WhatsApp. Four people are under investigation over the leak.

It was alleged that the data contained the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

Another data leak of salaries for the month of April was released and circulated via WhatsApp one day later.

It was followed by a further data leak that contained private information about citizens’ vehicle number plates.

In April 2021, a few days before elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, included names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Albania Announces Four Arrests Over Massive Data Leaks

Posted on by Ivana Jeremic

The Prosecutor of Tirana, Elisabeta Imeraj, told the media on Friday that police had arrested four people in connection with the massive data leaks that have rocked Albania.

Two people from state institutions suspected of selling people’s personal data and two others from private entities suspected of buying it had been arrested.

“They are employed in the National Information Service Agency, but practice their profession in the General Directorate of Taxes”, she said referring to the two arrested from state institutions.

The Tirana prosecution in December started checking a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which has been circulated on social media.

It was alleged that the data contained the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors for January 2021.

Another data leak of salaries for the month of April was released and circulated through WhatsApp just one day later.

It was followed by another data leak that contained private information about citizens’ car plates.

Experts told BIRN that these leaks pose public security questions.

In April 2021, a few days before elections, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Massive Data Leaks in Albania Pose Public Security Question

Posted on by Ivana Jeremic

A database circulating online containing private information of Albanian citizens’ salaries, and another with private information and comments on political preferences that circulated in April, have raised concerns about public security in the country.

Prosecutors in Tirana started verification hours after a massive data breach of citizens’ private information started circulating online, initially through “Whatsapp”. The data contain the salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

The opposition Democratic Party condemned “an extraordinary scandal” and accused the Socialist government of failing to protect citizens’ private data.

The excel file that was leaked contained the salaries of the citizens for the month of January, while another which started circulating on Thursday contained salaries for April.

On Thursday Prime Minister Edi Rama called it “an attempt to create confusion and to foster instability”, implying also that the destabilization efforts came from the country’s divided opposition.

Enri Hide, a security expert and professor at the European University in Tirana, called it “an open threat to the national security” and added that “the institutional reaction “is not at all serious and proportionate to the degree of risk”.

“First of all, it shows the weaknesses of Albania’s cyber-security infrastructure. Second, it shows the lack of a response plan in such cases,” Hide told BIRN.

Asked if a specific group of people such as Intelligence or Army are more threatened than others, Hide said that the exposure “has extremely serious consequences for Intelligence” and the military.

“The long-term consequences for the Intelligence and Security and Defence system are 1. Use of the data by foreign actors in order to monitor the payment system of the sector. 2. Now that this level is being clarified, foreign intelligence agencies may attempt to ‘intervene’ or try to ‘offer rewards’ to actors in key / sensitive positions,” he told BIRN.

He added that the private sector was also at risk by making citizens vulnerable to blackmail.

“Cyber-security must be taken seriously. We need a strategy based not on letters but on modus operandi. We need a clear protocol of what should happen if we have such leaks. There is not any and it is shameful,” he said.

Fabian Zhilla, a security expert based in Tirana, said the leak of the database with the private information of citizens data that, “the public loses trust in public institutions and the loss of trust is directly related to the cooperation that citizens should have with institutions:”. If this threat is not addressed “citizens will be exposed and blackmailed and this includes employees of important state institutions”.

“If we talk about the protection of personal data, there is no doubt that the bodies that deal with the monitoring of all servers of public institutions such as  National Agency for Information Society, AKSHI, must have a protocol and if there is no protocol … AKSHI should definitely set up a working group to make an assessment of preventive measures but also measures in case of information leaks and how it can be managed in real-time to prevent their spread in public,” Zhilla told BIRN.

He confirmed that secret service employees, intelligence services, military intelligence units and counter-terrorism units were at special risk.

“It is very important that a commission be set up at the ministerial level, perhaps with the request of Parliament to make a better assessment of the protection protocol, the measures related to the status quo of the infrastructure that the official institutions have today to protect the personal data,” he added.

The head of  AKSHI, Linda Karancaj, said on Thursday that “the tax system is not certified by ISO, but we are in the process”.

According to the National Strategy of Cyber Security 2020 -2025 “any government infrastructure under the administration of AKSHI, ISO 27001standard policies are applied”.

In April 2021, a few days before elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys. The case is still with the prosecution.

Albanian Prosecutors Probe Huge Suspected Leak of Personal Data

Posted on by Ivana Jeremic

The Tirana prosecution told BIRN that it has “started verifications” of a list allegedly containing the personal data of hundreds of thousands of Albanian citizens which has been circulated on social media.

It is alleged that the data contains the monthly salaries, job positions, employer names and ID numbers of some 630,000 citizens, from both the public and private sectors.

It is suspected that the list was leaked from the tax service or the Social Insurance Institute.

Government spokesman Endri Fuga said that the Ministry of Finance was following with concern the release of data on the salaries of Albanian citizens, and described the document as “illegal”.
Fuga said in a statement that preliminary analysis has shown that “there has been no digital export of the [state] payroll database” and that the document is a “merger of several different pieces” of data.

President Ilir Meta called it “a flagrant violation of freedoms, human rights and dignity, laws and the constitution” and urged the authorities to investigate the case and find the perpetrators.

“The personal data of every citizen, which is stored by public institutions and administered in state databases, is personal, protected by law and intended to be used only for the benefit of citizens and the state only,” Meta said.

“Any other use of it is a criminal act, which endangers the social order by violating the private security of every citizen,” he added.

The deputy leader of the opposition Democratic Party, Enkelejd Alibeaj, said it was “an extraordinary scandal” and alleged that the government of Prime Minister Edi Rama has failed to protect “personal and sensitive data on salaries, personal identification numbers, and the workplaces of over 630,000 citizens”.

Alibeaj said the Democratic Party believes that the online publication of the list “is part of a [ruling] party-state strategy to use sensitive information for electoral purposes”.

If confirmed, this would be the second time in a year that large amounts of citizens’ private data have entered the public domain.

In April 2021, a few days before the general elections in the country, a database with the private information of around 910,000 voters in Tirana was leaked to the media.

It was claimed that the database belonged to the ruling Socialist Party and was taken from state institutions and used for electoral purposes.

The database, which BIRN has seen, contained some 910,000 entries including names, addresses, birth dates, personal ID cards, employment information and other data.

The Socialist Party denied wrongdoing, insisting that the information was gathered in door-in-door surveys.

Pegasus Phone-Hacking Spyware Victims Named in Poland

Posted on by Ivana Jeremic

The University of Toronto’s Citizen Lab, an internet watchdog that has been investigating the use of military-grade spyware from Israeli company NSO Group by authoritarian governments, said on Tuesday that the first two confirmed victims of phone-hacking using the Pegasus software in Poland are prosecutor Ewa Wrzosek and lawyer Roman Giertych.

Pegasus essentially turns infected phones into spying devices, making those who deploy the spyware able to access all data on the target’s phone, including messages and contacts.

The Associated Press, which first reported the new Citizen Lab findings on Tuesday, said that it cannot be confirmed who ordered the targeting of the two Poles.

Both targets have indicated that they suspect the Polish government.

In response to an inquiry from the AP, Polish state security spokesman Stanislaw Zaryn neither confirmed nor denied whether the government ordered the hacks.

Wrzosek is a well-known independent prosecutor who opposes the Polish government’s controversial justice reforms.

She also ordered an investigation into whether the 2020 presidential elections, which were organised during the pandemic, should have been postponed because they were too risky. Two days after she launched the case, she was transferred to a distant provincial town.

Giertych has been acting as lawyer for high-profile opposition politicians, including former Prime Minister Donald Tusk and former Foreign Minister Radoslaw Sikorski.

He also defended an Austrian developer who revealed the involvement of ruling Law and Justice Party leader Jaroslaw Kaczynski in a huge real estate deal to build to skyscrapers in the centre of Warsaw, which caused a major scandal.

Earlier this year, an international investigation by 17 media organisations found that the Hungarian government was among those that acquired the controversial Pegasus software from Israeli surveillance company NSO and used it to target a range of journalists, businessmen and activists.

No targets in Poland or other central European countries were identified at the time, but Citizen Lab warned that it had detected spyware infections in Poland dating back to November 2017.

Turkish Army Uses Algorithm to ‘Persecute’ Gulenists: Report

Posted on by Ivana Jeremic

A new report published by StateWatch, a UK-based international rights organisation monitoring the state and civil liberties in Europe, says an algorithm used to detect alleged government opponents in the Turkish Armed Forces, TSK, has been used to persecute thousands of people.

The report, “Algorithmic persecution in Turkey’s post-coup crackdown: The FETO-Meter system” says more than 20,000 military personnel have been dismissed since a failed coup attempt in 2016 on the basis of algorithms.

“The report shines a flashlight on the (mis)use of algorithms and other information-based systems by the Turkish government in its ruthless counterterrorism crackdown since the July 2016 events. Thousands of people have been put out of work, detained, and persecuted by reference to ‘scores’ assigned to them by a tool of persecution, the so-called FETO-Meter,” Ali Yildiz, one of the authors of the report and a legal expert, told BIRN.

Yildiz added that “this situation is far from being unique to Turkey: in an increasingly connected world where states make wider recourse to counter-terrorism surveillance tools, the possibility of falling victim to algorithmic persecution is high”.

“The report, therefore, serves as a wake-up call to bring more awareness to the devastating effects of algorithmic persecution and oppression not just in Turkey, but also in the entire world,” Yildiz added.

The so-called FETO-Meter is based on 97 main criteria and 290 sub-criteria, many of which violate individual privacy.

The name references alleged supporters of exiled cleric Fethullah Gulen whom the government calls FETO, short for Fethullahist Terrorist Organisation. US-based Gulen has always denied any links to terrorism.

The questions for profiling and scoring individuals include information of their marriages, education, bank accounts, their children’s school records, their promotions and references in the army. The questionnaire demands information about people’s relatives and also neighbours.

It was deployed following the July 2016 coup attempt to root out alleged followers of Gulen who is accused of masterminding the failed coup.

“Hundreds of thousands of people have been profiled and assigned a ‘score’ by the algorithm, which is operated by a special unit called ‘The Office of Judicial Proceedings and Administrative Action’, ATİİİŞ, within the Turkish navy,” Emre Turkut, another author of the report and an expert on international human rights law from Hertie School Berlin, told BIRN.

Turkut said that the report includes testimonies from several high-ranking former military officers who have since sought asylum in the EU, and highlights that application of the algorithm has been arbitrary and underpinned punitive measures not only against primary suspects but anyone in their social circles, including their family members, colleagues, and neighbours.

However, Cihat Yayci, a former navy admiral and the architect of the FETO-Meter algorithm, has defended it.

“FETO militants are very successful in hiding their real identities. The FETO-Meter gave us very successful results for identifying Gulenists,” Cihat Yayci said in a TV interview in 2020.

Since 2016, 292,000 people have been detained and nearly 598,000 people investigated over their alleged links with Gulen.

According to the Turkish defence and interior ministries, nearly 21,000 members of the armed forces, 31,000 police officers, more than 5,500 gendarmerie officers and 509 coastguards have also lost their jobs over alleged links to Gulen.

More than 30,000 people are still in prison because of their alleged ties to the cleric and more than 125,000 public servants have been dismissed.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now