BIRN Journalists Threatened by Turkish Far-Right ‘Wolves’

Nermina Kuloglija and Hamdi Fırat Buyuk have received threats via phone calls, text messages and on social media from the Turkish far-right Grey Wolves organization’s Bosnian branch.

The threats were sent from Bosnia and Herzegovina, and from Turkey, on June 28, and since then, after BIRN published an investigation into the Grey Wolves organisation’s branch and its activities in Bosnia.

Kuloglija and Buyuk continued to receive messages on their phones with intimidating content after the publication of the article.

The European Centre for Press and Media Freedom on its Mapping Media Platform reported on the incidents of harassment, psychological abuse, intimidation and threats against the two BIRN journalists.

“Threats against journalists are unacceptable. In this case it has an international element to it which must be handled not only in the country where the journalists are based,” said Gürkan Özturan, Coordinator of Media Freedom Rapid Response at the European Centre for Press and Media Freedom, a nonprofit that promotes and defends media freedom.

The Grey Wolves is an international Turkish ultra-nationalist and pan-Turkic organization that rose to prominence in the late-1970s. In 2021, the European Parliament called on the EU to add the Grey Wolves to its list of terrorist organisations. The Grey Wolves in Turkey have been involved in multiple acts of harassment for decades, Özturan told BIRN.

“These threats [ against BIRN journalists] cannot be overlooked and authorities in both Turkey and Bosnia and Herzegovina, as well as other regional and international organizations must be involved in investigations,” he concluded.

Threats to journalists are growing, the UN rights chief, Michelle Bachele, warned in an event marking World Press Freedom Day 2022. Journalism remains a dangerous and even deadly profession.

Worldwide, threats against journalists, online and off-line, imprisonments continue are rising, while online violence and harassment spur self-censorship and, in some cases, physical attacks, said UNESCO’s 2021/2022 online report, “World Trends in Freedom of Expression and Media Development”.

Online Media in Balkans ‘Need Regulation, Not Censorship’

Experts told an online debate hosted by the Balkan Investigative Reporting Network on Tuesday that the current regulation systems for online media in the Western Balkans are not good enough, but efforts to curb the publication of hate speech and defamatory comments must not tip over into censorship.

Media and legal experts from Albania, Bosnia and Herzegovina, Montenegro, North Macedonia and Serbia who spoke at the debate entitled ‘Case Law and Online Media Regulation in the Balkans’ also said that the application of existing legislation is inadequate.

Authorities often rely on legislation that was developed for traditional media which has not been adapted accordingly, or on self-regulation which is not mandatory.

Lazar Sandev, an attorney at law from North Macedonia argued that “those who create public opinion regarding matters of public interest do not uphold any standards, they do not have any legal knowledge”.

Jelena Kleut, associate professor at the University of Novi Sad’s Faculty of Philosophy, said that in Serbia there is lack of willingness to apply standards in online media, and noted a difference between rich and poor media outlets as well as responsible and not responsible ones.

“The wealthy, irresponsible media – they have legal knowledge but they don’t care. They would rather see the complaints in court, pay a certain amount of fines and continue along, they don’t care. On the other end of the spectrum, we have responsible but poor media,” Kleut said.

The media experts also debated the controversial issue of reader comment sections on websites, which some sites around the world have removed in recent years because of a proliferation of hate speech, defamation and insulting language.

According to Montenegro’s Media Law, which came in force in August this year, the founder of an online publication is obliged to remove a comment “that is obviously illegal content” without delay, and no later than 60 minutes from learning or receiving a report that a comment is illegal.

Milan Radovic, programme director of the Civil Alliance NGO and a member of the Montenegrin Public Broadcaster’s governing council, argued that this “it is clear that in such a short period of time, if it is applied, will damage those affected, but also damages for freedom of expression”.

Edina Harbinja, a senior lecturer at Britain’s Aston University, warned that there is a conflict between regulatory attempts and media freedom, and that “this is when we need to be careful in how we regulate, not to result in censorship”.

This was the second debate in a series of discussions on online media regulation with various stakeholders, organised as a part of the regional Media for All project, which aim to support independent media outlets in the Western Balkans to become more audience-oriented and financially sustainable.

The project is funded by the UK government and delivered by a consortium led by the British Council in partnership with BIRN, the Thomson Foundation and the International NGO Training and Research Centre, INTRAC.

Romania: From ‘Hackerville’ to Cybersecurity Powerhouse

First there was Guccifer, real name Marcel Lazar Lehel, who hacked the email accounts of the Bush family in the United States; then came Hackerville, the moniker given to the town of Ramnicu Sarat due to the international cybergangs it was home to.

Fairly or not, hackers put Romania on the global online map, honing their skills to strike Internet users and companies in the West, particularly the US.

But today, 30 years since the fall of communism, IT and cybersecurity firms are looking to tap the same rich vein of ambition, ingenuity and education that made Romanian hackers so feared and famous.

“Romania is currently one of the largest pools of talent in the IT&C space,” said Bogdan Botezatu, senior e-threats analyst at Romanian antivirus and cybersecurity giant Bitdefender. 

“Based on our tradition in STAMP [Software Testing Amplification] and research, universities deliver engineers, reverse engineers, people who are highly skilled in IT.”

Romania, he said, is already internationally recognised in the field of cybersecurity, and has the potential to play an even greater role.

Made in Romania – a global leader in cybersecurity

Bitdefender is one of the global leaders in cybersecurity, with more than 500 million customers worldwide and a network of research labs in Romania – the largest such network in Europe – to combat online threats.

Some 40 per cent of the antivirus and digital security companies on the market currently use at least one technology developed by Bitdefender. Such success is unparalleled in Romania, a European Union member state where almost no other company has a significant international footprint.

From Bucharest and other Romanian cities, Bitdefender’s experts have led or participated in operations to halt some of the most damaging cyber attacks the world has seen in recent years. 

In 2018, Bitdefender partnered with Europol, Interpol, the FBI and police in a number of EU countries to take down a group of hackers – believed to be from Russia – behind a ransomware called GandCrab. The inventors of the malware sold it on to other hackers who used it against private and corporate users.


View of the Bitdefender’s central headquarters in Bucharest. Photo: BIRN

“It became such a large phenomenon that half of the ransomware attacks happening at that moment were caused by GandCrab,” Botezatu told BIRN. 

“We managed to decrypt [the computers of] 60,000 victims, saving the victims around 70 million dollars.”

Despite its unusual level of sophistication, GandCrab was created as a way for the private individuals behind it to steal other people’s money.

Another type of cyberthreat, however, is state-sponsored and is known among experts as Advanced Persistent Threats, or APTs. 

The goal in this case is to undermine the functioning of key strategic foreign infrastructures or steal secret information from other states. That was the purpose of NotPetya, or GoldenEye, which emerged in 2017 as the work of hackers suspected to have been working for the Kremlin.

These hackers infected the update servers of an accountancy product widely used in the Ukrainian state administration. Everytime a Ukrainian public servant updated the program, the virus entered his or her computer and encrypted all its files. 

The virus had a worm component and quickly contaminated the entire networks to which infected computers were connected, bringing, for example, the Kiev metro to a halt and shutting down at least one airport, several banks and the radiation monitoring system at Chernobyl.

It spread globally, including to Romania, where Bitdefender took charge of the preliminary investigation that led to the identification of the virus after its researchers identified a pattern in the threats suffered by many users of their antivirus products. 

‘You can’t trace them back’

Like the rest of the former Soviet bloc, Romania spent more than four decades under communism, when education placed a premium on scientific and technological training. 

That expertise – and a resourcefulness developed under communism and during the painful transition to capitalism and democracy after 1989 – is now at the disposal of the EU and NATO as they try to combat cyber threats from Russia and other countries vying for a geopolitical upper hand.

And the Romanian state is doing its bit too, via bodies like the Romanian Information Service, SRI, an intelligence agency that took part in investigations that led to the 2018 exposure of Russian state involvement in a cyber espionage and warfare group called Fancy Bear. 

Also known as Sofacy or APT28, Fancy Bear targeted governments and civil society organisations in countries including the Netherlands, Britain, Germany, Romania and the US.


Bogdan Botezatu from Bitdefender. Photo: BIRN

Botezatu said the fact that the infections happened between 9 a.m. and 5 p.m. Moscow Standard Time led investigators to conclude they were being launched from government offices, said Botezatu of Bitdefender, which uncovered the campaign in 2015.

“Behind these kinds of attacks there is a country, and particularly the intelligence community of that country,” said General Anton Rog, head of SRI’s Cyberint centre.

“Of course, governments don’t act directly; through their intelligence services, they infiltrate or create these cybercrimes groups in a way that you can’t trace them back to say that they work with an information service.”

Most APT attacks, Rog told BIRN, are mounted in order to steal sensitive information. “It is a modality of espionage,” he said, “but through cables and cybernetic tools.” 

SRI’s Cyberint centre relies on tip-offs from foreign agencies, technology that recognises abnormal online activity and cyber informers.

Hybrid attacks

Sometimes the dividing line between financial-motivated attacks and APTs becomes blurred, as in the case of the malware family known as Cobalt Strike.

Cobalt Strike was used by the so-called Carbanak group from Russia and Ukraine to extract more than one billion euros from around 100 banks in over 40 countries, including Romania.

“The technology used is [characteristic of an] APT, but the motivation is strictly financial,” said Botezatu. 

Bitdefender conducted ‘post-mortems’ at two of the affected banks. Botezatu said the malware was “extremely sophisticated”, managing even to access the banks’ payment systems.

“With that level of access, the nefarious individuals authorise fraudulent bank transfers, raise the balance of mule accounts or command affected ATMs to spit out the money for them,” Europol said in a statement on the arrest in Spain of alleged Carbanak leader ‘Denis K’ in a 2018 operation that Romania took part in.

“Our suspicion is that… these attacks are used to make money to sponsor strategic attacks,” said SRI’s Rog. “In our evaluation, we take into account the fact that these groups have members who are in contact with governments or information communities,” he told BIRN, noting the costs and human and technical resources needed to develop malware like Cobalt Strike.

“They [governments] don’t want to spend money from their budget, they want to steal money from other countries and sponsor strategic attacks with it,” Rog said.

Strong cybersecurity “ecosystem”

To strengthen security at home and boost Romania’s role in the global cybersecurity game, SRI’s Cyberint centre says it is trying to create “an ecosystem” already being nurtured by courses offered by Cyberint at several universities across the country.

Likewise, Bitdefender partners with universities and high schools in training the next generation.

They may be people like Alexandru Coltuneac, a White Hat Hacker so called because of his transition from developing an Internet virus as a teenager to using his self-taught skills to help giants like Google, Facebook, PayPal, Microsoft and Adobe test their product security.

“I have set myself a target,” Coltuneac told BIRN. “I want to find at least one vulnerability in a product of each big company.”

Coltuneac, who is one of a number of Romanian White Hat Hackers recognised by Google and other companies as stars of ‘bug hunting’, now runs his own company together with a colleague.

Called LooseByte, the firm offers businesses cybersecurity tests and services to improve their protection levels.

Coltuneac said he finds pleasure in outsmarting the world’s best professionals.

“It’s a way of doing hacking without harming anyone,” he said.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now