Tag: security

Serbia Targets Purchase of Powerful Swedish Facial Recognition Software

Posted on by Ivana Jeremic

Serbia’s interior ministry planned to buy Swedish-made facial recognition software last year and still might despite deep concern over the legality of such technology under the country’s current legislation, BIRN can report.

According to the manufacturer, Griffeye Analyze DI Pro has the capacity to recognise faces based only on the eyes and, under certain conditions, even when the eyes are not visible. Experts say it can also download large amounts of personal data from the internet and then search, sort, cross and process it based on metadata such as GPS coordinates, the time when an image was taken or phone serial numbers.

The software, which Europol has used since 2019, was on a ministry procurement wish-list for the third quarter of 2021. The purchase has not been made and the ministry did not respond to BIRN requests for comment. But Serbia’s Personal Data Protection Commissioner, Milan Marinovic, said police were unlikely to pass up the opportunity to acquire such technology.

“The idea was to get that technology by the end of 2021. I am convinced that the Ministry of Interior has not given up on it,” Marinovic told BIRN. “No police in the world would give up on such things because it suits them.”

He questioned the legality under current Serbian law, however.

“We are talking about a global threat that I do not like. The software can also physically track you,” said Marinovic. “In Serbia, we do not have the right to such a sophisticated type of data processing of citizens.”

In September 2020, the interior ministry announced a Draft Law on Internal Affairs containing contained provisions for the legalisation of an extensive biometric video surveillance system. It was withdrawn after public outcry.

“Once the system is in place, it means it will be very difficult to remove and it is an irreversible situation,” said Bojan Perkov of the Belgrade-based SHARE Foundation, which promotes human rights and freedoms online.

Griffeye did not respond to a request for comment, but its website says the software is intended to support investigators working on cases involving the sexual abuse of children. SHARE’s Filip Milosevic said it is a threat to privacy.

“Quick, easy and complete insight into the life of each individual,” Milosevic told BIRN.

“Such tools create very detailed profiles of individuals by crossing absolutely all their existing digital information. This can be information owned by the state, and the police can get access – traffic, cameras, financial system, health, social – complemented by data that citizens leave as a digital trace using devices and the Internet, such as Internet searches, site visits, applications, profiles on social networks, history of shopping, movements, interaction with other people.”

Greek Post Restarts Services After Cyber-Attack Downs System

Posted on by Ivana Jeremic

Hellenic Post, ELTA, announced on Wednesday that it had restarted the system that enables objects and items to be sent abroad after a cyber-attack brought the computers down.

Days before, financial services and the sending of simple correspondence were also re-activated. The suspension of these operations, among other things, has caused delays in the payment of pensions.

After the cyber-attack in March brought down the ELTA computer systems, the company isolated the entire data centre and temporarily suspended the commercial information systems of all post offices.

The cyber-attack, aimed at crippling the operations of ELTA, started from malicious zero-time software, which was installed on a workstation and, with the ‘HTTPS reverse shell technique”, connected to a computer system controlled by the cyber group, said ELTA.

Kathimerini newspaper also reported that the hackers used ransomware – nowadays the most common form of corporate cyberattacks. Most times, the victim receives a phishing email including a malicious link or is infected with a ransomware attachment.

“This specific malware, when executed, encrypts part of the victim’s hard drive and, in order for the victim to receive the decryption key and retrieve the data, a ransom must be paid to the attacker,” Dimitris Aretis, Senior Manager EY Cybersecurity Consulting, told BIRN.

“Bitcoin or other cryptocurrencies is used as the form of payment as it provides anonymity to the attacker and makes the transfer of funds untraceable,” he added.

US President Joe Biden on March 22 warned US companies of potential Russian cyber-attackers. But a source from ELTA told BIRN that Russian hackers were not involved in this case.

The Communications Privacy Protection Authority, ADAE, which is responsible for the criminal investigation of the case, declined to comment to BIRN on the issue.

On January 17, two hospitals in the Attika region, Sotiria and Asklipieio Voulas, fell victim of cyber blackmailers who used the same type of ransomware.

Panagiotis Stathis, chief of the 1st Health District of Attica, told BIRN that the hackers attacked the servers of the hospitals. The hackers did not get access to patients’ personal health data but only to the hospitals’ invoices and visitors. Sources told BIRN that the investigation into these cases is still ongoing.

Croatian Teen Suspected of Hacking Communication Company’s Data

Posted on by Ivana Jeremic

Croatian news site Index.hr reported that the prime suspect for hacking the database of Croatia’s telecommunication operator’s, Tele Operator A1, exposing around 10 per cent of user data, is a 14-year-old primary school pupil from Slavonski Brod.

Police reportedly waited for the suspect at home after he came back from school on Monday and questioned him in the presence of his parents. They then searched his home and, according to reports, found the equipment he used to hack Tele Operator A1.

As the suspect is a minor, the police were unable to give many details, but Renato Grguric, head of the police’s Department of Cyber-Security, said there was “enough evidence that the person in question is the hacker. When the investigation is over, adequate criminal charges will be brought”.

The police also said that he had an accomplice, who was not from Croatia and who did not participate in the hacking itself.

Grguric said that when a crime perpetrator is a minor, the emphasis is not on punishment but on preventing further crimes. “People usually get three to five years in prison for a crime like this, but that’s not the point. In this case, the responsibility is on the minor, not the parents. Every person over 14 is responsible for their own actions,” Grguric explained.

On February 9, Croatian Tele Operator A1 was the target of a hacking attack that compromised round 10 per cent of A1’s user data, exposing their names, addresses, personal identification numbers and phone numbers.

The hacker demanded a $500,000 ransom or threatened to sell the data on the dark web. A1 did not pay the ransom and the hacker claimed to have sold the data anyway.

Romanian Intelligence: Hospitals Need ‘Urgent’ Protection from Cyber-Attacks

Posted on by Ivana Jeremic

Days after authorities announced that the Witting public hospital in Bucharest had been targeted by hackers, the Romanian Information Service, SRI, has called on the government to take “urgent” action to protect state-owned medical institutions from these disruptive threats.

Romania’s national intelligence service has warned of widespread deficiencies when it comes to cybersecurity in hospitals, in spite of their increasing reliance on informatics and online systems to run their daily operations.

“Such attacks against some hospitals in Romania represent a sign of alarm about the low level of cybersecurity that exists,” the agency’s statement issued on Friday said, stressing “the need to adopt centralized decisions” that make it mandatory for all medical institutions to impose “minimal cybersecurity measures”.

The intelligence service has briefed the ministries of Health and Transport and Infrastructure concerning the “way in which the attack [reported this month against the Witting hospital] was conducted”, warning the two ministries about the “vulnerabilities of which attackers took advantage”, the SRI statement on Friday said. 

The secret service also presented both departments with a “series of measures to be implemented on urgent basis, in order to limit the effects generated of the attack as well as to prevent future ransomware attacks.

“Although they are of a medium or reduced complexity, this kind of ransomware attacks can generate major dysfunctions in the activities carried out by medical field’s institutions,” the SRI statement explained.

In the absence of clear general standards, the level of cybersecurity in public hospitals and most Romanian state institutions largely depends on the competence and awareness of the personnel in charge, specialists told BIRN.

On 22 July this year, the SRI said the servers of the Witting hospital in Bucharest were targeted by a cyberattack conducted with a ransomware application known as PHOBOS.

“After encrypting the data, the attackers demanded that a ransom be paid for them to decrypt them again,” the intelligence service said at the time.

The attack did not affect the functioning of the hospital, which assured the continuity of operations using data from offline registries. According to the SRI, no ransom was paid to the hackers.

The intelligence service said the attack resembles others that targeted four Romanian hospitals in the summer of 2019. The systems of the four hospitals were not protected by antivirus and were also compromised using PHOBOS.

Secure Comms: Cracking the Encrypted Messages of Balkan Crime Gangs

Posted on by Ivana Jeremic

When Serbian police arrested the leaders of a notorious crime gang in the first few days of February this year, in the search for evidence they seized 44 mobile phones equipped with an encrypted messaging app created by Canada-based Sky ECC.

Sky ECC described itself as “a global leader in secure messaging technology”, helping to keep a host of industries safe from identity theft and hacking. Law enforcement authorities in the United States and Europe, however, say it was created with the sole purpose of facilitating drug trafficking and had become the messaging app of choice for transnational crime organisations.

Using equipment that President Aleksandar Vucic said Serbia had “borrowed from friends”, police managed to access the app. What they found was gruesome, and damning – photos of two dead men, one of them decapitated.

Led by Veljko Belivuk, the gang – part of a group of violent football fans – is suspected of drug trafficking, murder and illegal weapons possession.

Belivuk and his associates, who remain in custody but have not yet been charged, allegedly used the app to organise criminal activities, and to brag about their exploits. In this, they were not alone.

On March 9, three days after Vucic displayed the photos, police in Belgium and the Netherlands made what Europol described the next day as a large number of arrests after secretly infiltrating the communications of some 70,000 Sky ECC devices and, from mid-February, reading them ‘live’.

On March 12, US authorities indicted Jean-Francois Eap, chief executive officer of Sky Global, the company behind Sky ECC, and Thomas Herdman, a former high-level distributor of Sky Global devices, accusing them of conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act, RICO. Eap issued a statement denying any wrongdoing.

Critics of the government under Vucic say Belivuk had long acted with impunity, protected by reported ties to a number of senior governing officials.

Serbia boasted of a “war” on organised crime. But the timing of Belivuk’s arrest and the operation against Sky ECC raises fresh questions about what preceded the Serbian police swoop – whether Serbia acted alone, or was prompted to do so by evidence unearthed elsewhere.

Either way, the downfall of Belivuk and Sky ECC has shed new light on the lengths Balkan crime gangs have gone to evade surveillance, and the challenge facing authorities to strike back. It has also fuelled talk of the need to criminalise such software, raising alarm among some who say this would punish legitimate users, from political dissidents to investigative journalists.

The Serbian Interior Ministry and Security Intelligence Agency, BIA, did not respond to requests for comment.

“Organised crime groups from the Balkans have adapted quickly and cleverly in recent years to innovate and use technology to their advantage,” said Walter Kemp, director of the South-Eastern Europe Observatory at the Global Initiative Against Transnational Organised Crime.

While some still carry cash across borders or use wire transfers, others are using encrypted communication tools, laundering money through cryptocurrencies and elaborate financial schemes and branching into cyber and cyber-enabled crime, Kemp told BIRN. 

“But while criminals are first-movers and quick adapters in using technology, law enforcement agencies are lagging behind.”

This message will self-destruct


Screenshot: skyecc.com

Founded in 2008, Sky ECC surged in popularity after messages sent via another encrypted messaging service, EncroChat, were intercepted and decoded in a French and Dutch-led operation in mid-2020, leading to the arrest of over 800 people Europe-wide and the seizure of drugs, guns and large sums of suspect cash.

Sky devices offered self-destructing messages, an encrypted vault and a panic button in the event the user believed the device had been compromised. Sky ECC was installed exclusively on secure devices from Apple, Google and Blackberry, which could be bought online. All that was required of a user was to pay a subscription.

At the time of the police operation, three million messages per day were being sent via Sky ECC. Roughly 20 per cent of its 170,000 users were in Belgium and the Netherlands, with the greatest concentration in the Belgian port of Antwerp, a popular destination for illegal drugs arriving in Europe from South America. 

Europol, the European Union’s police agency, said that information acquired from “unlocking the encryption” of Sky ECC would help solve serious and cross-border organised crime “for the coming months, possibly years.”

For Balkan clients, there were three websites promoting the app in languages of the region – skyecceurope.com, skyeccbalkan.com, skyeccserbia.com.

It is unclear if these operated under the umbrella of Sky Global or were independent distributors.  BIRN contacted them but did not receive any reply. The website of Sky Global is also now in the hands of authorities. BIRN was unable to reach the company for comment.

Serbian nationals arrested in France and UK

Sky and EncroChat devices were, until recently, easy to find on Serbian and Croatian advertising sites, their price ranging from 600 euros to 2,200 euros depending on the type of phone and subscription. Subscriptions were commonly paid with cryptocurrency, to avoid leaving a trace.

A police official in Bosnia and Herzegovina said they were also in use among criminals there.

“They use those special apps and providers you can’t interfere with, and there’s no trace of their existence in the phone. The use is legal here,” the official, who declined to be named, told BIRN.

While police were unable to intercept the communication, he said, in some cases an arrested person would confess to using such apps and provide access.

A senior Interpol official, who spoke on condition of anonymity, said Balkan drug gangs were using EncroChat to communicate with South American cartels concerning the trafficking of drugs to Europe.

French authorities had been investigating EncroChat since 2017, stepping up efforts in 2019 and secretly installing an implant on all EncroChat devices disguised as a system update. The implant caused the device to transmit all data that had not been erased to a French police server and to Europol and collected data created after the device had been compromised.

The company eventually alerted users but millions of messages had already been intercepted.

Dutch and French police as well as Europol declined to give any further details regarding possible connections to Balkan crime gangs, citing the ongoing nature of the investigation.

A French newspaper report on March 27, however, said that a Serbian national had been arrested in a suburb of Paris following the Sky ECC operation on suspicion of selling its devices. In the UK, reports say another Serbian, 29-year-old Milos Bigovic, pleaded guilty in a UK court in August 2020 after he was arrested trying to smuggle cocaine hydrochloride into southern England on a cruise ship, his communications having been intercepted in the operation against EncroChat.

In Serbia, some criminals went further; in 2019, when police busted a major marijuana farm that had been run with the help of several security service officials, investigators found that those involved had communicated via a custom-made app called ‘Razgovor’ [Conversation].

Those arrested handed over their phones, apparently confident that police would not discover the app hidden behind the calculator interface. They were wrong and police, according to the indictment, gained access to conversations in which the suspects agreed on the production and distribution of drugs.

Admissible in court


Members of Veljko Belivuk’s group are being transferred for interrogation with a strong police presence. Photo:mup.gov.rs

It remains unclear whether foreign authorities supplied Serbia with evidence against Belivuk and Co obtained as part of the operation against Sky ECC, or if Serbia only harvested content from the devices it seized in the arrests.

Bearing in mind that most of the content sent via Sky devices disappeared soon after being sent, it is doubtful police in Serbia were able to recover much from the seized devices.

Authorities in Serbia did not respond to BIRN’s questions.

In the case of intercepted communication, for it to be used as evidence in court the police must have had prior court permission to conduct surveillance. It is not known whether Belivuk and his gang were under court-sanctioned surveillance. BIRN asked the court but was told such information cannot be disclosed.

The issue came before a UK court in February, when appeals judges rejected an attempt to prevent prosecutors from using as evidence messages sent via EncroChat.

The case rested on whether communications had been intercepted by French police while ‘being transmitted’ by the device or while ‘stored’ on it. As the material had been extracted from the device itself and was unencrypted, the Appeal Court found that the evidence had not been gained by ‘interception’ and was admissible, the BBC reported.

Criminalising encryption

Sky Global has denied any wrongdoing, with CEO Eap saying “We stand for the protection of privacy and freedom of speech in an era when these rights are under increasing attack. We do not condone illegal or unethical behaviour by our partners or customers. To brand anyone who values privacy and freedom of speech as a criminal is an outrage.”

But Serbian Interior Minister Aleksandar Vulin said the use of such devices should be illegal.

“It is indisputable that it is used by criminals,” Vulin said on March 7. “I am in favour of it being a crime, as I believe that the purchase of any telephone number, regardless of whether it is prepaid or postpaid, must be done with an ID card.”

“It may not stop criminals from using it, but if nothing else it will give the police another reason to arrest them and remove them from the streets.”

Some journalists and rights advocates say this is a slippery slope.

“Encryption is a tool. And like any tool, it can be used for good and for bad,” said Fabian Scherschel, a freelance journalist, writer and podcaster who has covered the topic closely.

“We’ve already seen legislation against so-called ‘hacker tools’ massively backfire and threaten to criminalise the legitimate work of IT security specialists and journalists. I have a feeling this legislation could cause similar problems. It will also, most likely, make it easier to spy on the general populace, who has no intention of using encryption to hide criminal behaviour whatsoever.”

Diego Naranjo, head of policy at the Brussels-based advocacy group European Digital Rights, EDRi, said it was important to challenge the narrative that encryption is only used by criminals.

“As any other interference with human rights, an attack on encryption or privacy-enhancing technologies needs to be prescribed by law, necessary and proportionate to the aims to be achieved in a democratic society,” said Naranjo.

He noted that the EncroChat and Sky ECC cases had demonstrated that law enforcement agencies have ways to penetrate such communication.

“We may be already in the Crypto wars 3.0, and it is up to us to ensure that encryption is perceived as a tool to ensure human rights and not something only criminals use.”

Lidija Komlen Nikolic, Serbian Deputy Appellate Public Prosecutor, warned of the dangers of criminalising the use of such apps.

“The idea is to enable state authorities, the police, to be able to find evidence more easily for the fight against organised crime or any other type of crime,” Nikolic told N1 regional broadcaster.

“But there should not be the presumption that all of us, who have devices or have software that uses some kind of encryption, are potential perpetrators of a crime.”

Pandemic Leads to Rise in Cyber Abuse of Children in Albania

Posted on by Ivana Jeremic

Thousands of children in Albania are at greater risk of harm as their lives move increasingly online during the COVID-19 pandemic, UNICEF and local experts warn.

The closure of the country in March last year due to the spread of the novel coronavirus, including a shift to online schooling, has led to an increase in the use of the Internet by children, some of them under the age of 13.

According to a 2020 UNICEF Albania study titled “A Click Away”, about 14 per cent of children interviewed reporting experiencing uncomfortable online situations, while one in four said they had been in contact at least once with someone they had never met face-to-face before.

The same study said that two in 10 children reported meeting in person someone they had previously only had contact with online, and one in 10 children reported having had at least one unwanted sexual experience via the internet.

A considerable number of those who had caused these experiences were persons known to the children.

UNICEF Albania told BIRN that, after the closure of schools and the introduction of social distancing measures, more than 500,000 children found themselves faced with a new online routine. Online platforms suddenly became the new norm.

“If before the pandemic 13-year-olds or older had the opportunity to gradually become acquainted with social media, communication applications or online platforms, the pandemic suddenly exposed even the youngest children to information technology,” the office told BIRN.

Growth in child pornography sites

According to another report, by the National Centre for Safe Internet and the Centre for the Rights of the Child in Albania, there has been an alarming rise in reports of child pornography sites on the Internet.

This report, titled ‘Internet Rapists: The Internet Industry in the Face of Child and Adolescent Protection in Albania’, is based on data obtained from the National Secure Internet Platform, National Helpline for ALO Children 116-111 and the National Centre for Secure Internet in Albania.

“The number of reported sites of child pornography has reached a record 6,273 pages, or 600 times more than a year ago,” the report states.

It said that “40 per cent of the cases of pornographic sites, videos or even images with the same content are with Albanian children, while over 60 per cent of the cases of pornography are with non-Albanian children”.

The 15-17 year-old age group is most affected by cyber incidents, it said.

Cybercrime experts at the Albanian State Police also told BIRN: “There has been a general increase in criminal offenses in the area of ​​cybercrime.”

In August last year, UNICEF Albania published another study, “The lost cases”, noting that between 5,000 and 20,000 referrals are made annually by international partners such as Interpol, Europol and the National Centre for Missing and Exploited Children to the cybercrime department of Albanian police regarding the possession, distribution, production and use of child sexual abuse materials in Albania.

But according to official data of the Ministry of Interior, between 2016 and 2018, only 12 cases were investigated under Article 117 of the Criminal Code, ‘pornography with minors’, and only one case was ended in conviction.

Computer Virus Stops Sarajevo Municipality Issuing Birth Certificates

Posted on by Ivana Jeremic

A Sarajevo municipality has temporarily stopped issuing birth certificates due to a computer virus that locks documents in its database for the second time in some two weeks.  

The central Centar Municipality, whose offices are next door to the Bosnian presidency building, said on its website that the problem caused by a “ransomware virus” was detected on Saturday. Such viruses typically block computer systems and their originators demand payment in exchange for removing them.  

But the municipality denied that it was the target of a hacker attack, or that the central electronic register with all birth and death certificates in Bosnia’s Federation entity was in danger of being wiped out, as the Interior Ministry of the Federation entity was quoted as saying by the media.   

“Information about a targeted attack on the IT system of the Center Municipality and the destruction of the registar and documents is not true,” the municipality said. It added the problem was reported to the police, as it was the second time in a little over two weeks that this happened.  

On May 22, the municipality reported on its website that the issue of birth, death and marriage certificates was stopped because of “an electrical problem” but added that it was soon resolved.

Bosnia lags behind with the introduction of e-government, but the Centar municipality has provided a number of services electronically. 

Montenegro Court to Examine Publication of Self-Isolating Citizens’ Names

Posted on by Ivana Jeremic

Montenegro’s Constitutional court had agreed to examine whether the government violated the human rights of citizens ordered to self-isolate during the coronavirus by publishing their names.

On Friday it said it would consider the appeal brought by the local NGO Civil Alliance against the decision to publish the names of people undergoing self-isolation, which the alliance said violated their constitutional right to privacy.

The court will examine whether the decisions of National Coordination Body for Infectious Diseases violated constitutional rights,” the court said. 

The government published the names on March 21, despite warnings from opposition parties and civic society organizations that it risked violating constitutionally guaranteed human rights.

The government said it had to publish the list because some citizen were not respecting self-isolation obligations. It also claimed it had the approval of the Agency for Personal Data Protection. It stressed that security forces could not control every citizen who should be in self-isolation, and anyone who failed to self-isolate posed a threat to the entire community.

Prime Minister Dusko Markovic said no compromises would be made with those who violated preventative measures amid the global COVID-19 pandemic. He also warned that the government would continue to publish the names of citizens who had been ordered to self-isolate.

“The lives of our citizens are the priority. We have estimated that the right to health and life is above the right to unconditional protection of personal data,” Markovic said.

Opposition parties and the civil society sector urged the government not to publish the lists, insisting it would violate the constitutional right to privacy. They also warned that citizens whose names were published might sue the state before the court.

The Head of the EU Delegation to Montenegro, Aivo Orav, called on the authorities to find the right balance between protecting the health and respecting the confidentiality of health information and the right to privacy of citizens.

On April 8, the Prosecutor’s Office filed criminal charges against a medical staffer in the Health Centre in the capital, Podgorica, after he published the list of names of infected people and their ID numbers on social networks.

It said that the man, known only by the initials M.R., was not unauthorized to collect and use personal information on COVID-19 patients through the IDO system and forward them via Viber to other persons.

Turkish Police Hunt Musical Minaret Hackers

Posted on by Ivana Jeremic

In last two days, unknown persons in Turkey have hacked mosques’ digital audio systems in the coastal city of Izmir and played the anti-fascist song Ciao Bella and other songs with revolutionary messages.

After videos of the stunt were widely shared, Izmir police announced that they had started an investigation on Thursday and detained several people for insulting religion.

The detainees included Banu Ozdemir a former city official of main opposition Republican People’s Party, CHP.

The Turkish Religious Authority, the Diyanet, announced that it had filed a criminal complaint about the hacking.

“These people are unknown and evil-minded. They insulted our sacred religious values in the holy month of Ramadan. We have filed a criminal complaint at the city prosecutor’s office,” the chief cleric in Izmir, Mufti Sukru Balkan, said on Thursday.

The Diyanet had to suspend all calls to prayers, known as adhans, in Izmir because of the attacks until further notice.

The digital attacks and the playing of songs from minarets angered local politicians.

“We condemn these attacks on our mosques. Whoever has a problem with mosques also has problems with the nation,” Omer Celik, the spokesperson of the ruling Justice and Development Party, said on Thursday.

Tunc Soyer, the Mayor of Izmir, from the CHP, also called the incidents provocative. “The incidents made me and the people of Izmir very sad. This is a provocative and villainous act to set us against each other. We should not fall into this trap,” Soyer told the media.

Several Turkish media outlets said the attacks were likely organised by a Marxist hacker group known as Redhack.

Redhack previously hacked several Turkish government websites, including the Ankara city police department and the Turkish parliament. The group also hacked the email account of Berat Albayrak, the Finance Minister and son-in-law of President Recep Tayyip Erdogan.

Taylan Kulacoglu, an alleged member of Redhack, was arrested on May 20 after he led a group called “Movement of the Unnamed” on social media platforms that said it intended to “stop the manipulation and disinformation spread by pro-government social media trolls”.

President Erdogan’s Islamist government had close links to the mosques, which have backed the government’s policies during the COVID-19 pandemic.

The Aegean seaport of Izmir is an industrial, touristic and agricultural centre on the coast and is a stronghold of the main opposition CHP.

COVID-Related Boom Reveals Video Conferencing’s Dark Side

Posted on by Ivana Jeremic

More than ever before, because of the coronavirus outbreak, use of video conferencing is on the rise.

Whether it is attending work meetings or online seminars and conferences, or taking part in leisure activities like online fitness classes and birthday parties – video conferencing and social media apps have brought huge relief, and a sense of continuity, to people feeling trapped inside their homes by government-imposed lockdowns.

However, while the coronavirus wreaks havoc outside, this time of increased online activities has also generated growing challenges. While some of the most popular video conferencing and video sharing apps, such as Zoom, Houseparty, and TikTok, have seen record-breaking growth in the numbers of users, the apps have also faced serious data breaches and other cybersecurity-related issues.

Cybersecurity experts say that while use of the apps has clearly reduced the risk of people getting infected with the virus by going outside, the same isn’t true for other viral problems, talking about cyberspace.

“Disclosure of personal data, recording sensitive information, or storing people’s profiles on unauthorized servers are some of the risks that go hand in hand with the use of video-conferencing tools,” says Skopje-based cybersecurity practitioner Daniel Trenchov.

“Greater use of virtual telecommunication tools does eliminate pandemic-induced risks,” he adds, “but not necessarily cybersecurity ones.”

Zoom ‘bombing’ is on the rise:


Illustration. Photo: EFE/MATTIA SEDDA

Last Friday, Michael Oghia, a Belgrade-based internet governance consultant, was getting ready for his weekly Zoom conference call with colleagues all over the world.

Usually, the group uses these meetings to chat and discuss ongoing social developments. This time, however, they experienced something more unpleasant.

“Around 45 minutes into the event, when one of the speakers went to share his screen, all of a sudden a child pornography video appeared. Once I realized what was happening, I immediately shut my laptop out of shock,” Oghia said.

“I couldn’t believe it. For a moment I thought that maybe it didn’t even happen. Then re-entered the Zoom call and wanted to see if the others had experienced it. Around 15 or 20 minutes later, another Zoom-bombing happened – again child porn. It was absolutely vile,” Oghia told BIRN.

“Zoom-bombing” incidents like this have become a regular occurrence for those using the app lately. In the last few months, since the coronavirus outbreak started, the app has seen the number of daily users increase hugely from 10 millio to 300 million.

After the incident, Oghia contacted Zoom to report what had happened. The company replied that it would investigate.

“Zoom-bombing is on the rise, and in this particular case, I’ve heard of multiple instances over the past few days of it happening (one group was the UK-based Open Rights Group, for instance),” Oghia explained.

“There will always be issues with safety concerns, but this is no excuse. I’ve used Zoom for years, and the ease of using the platform and the features it has have made video-conferencing easier. But they need to do an even better job at ensuring their privacy and making sure the security features are clear and easy to use.”

The incident prompted Oghia and his colleagues to prepare a short “zoom-bombing” prevention and resources guide to help others that are using Zoom and other video conferencing software.

In its latest statement, Zoom said that it would release an improved version of the app, addressing security concerns about phemonena like “bombing”, while also having upgraded encryption features.

More education in safe use of apps needed:


Illustration. Photo: EPA-EFE/AMEL PAIN

When it comes to the security of video-conferencing apps, several factors are crucial, cybersecurity experts explain. One is having a proper education in the safe use of these social tools.

“These apps have a very useful role and that is why their use should not be avoided, but it is necessary to educate ourselves more, to provide the highest possible protection,” a Skopje-based personal data protection expert, Ljubica Pendaroska, told BIRN.

It is essential to note that not every app is designed for use at home. Zoom was designed for use by large businesses with in-house IT specialists who would set up and control the software when using it, Pendaroska explained.

Now, especially during lockdowns, while Zoom is still mostly used for business purposes, people are using it more for family events such as birthdays, or even wedding celebrations.

“Potential hazards also come from the fact that these apps detect and remove issues most often on the go, or as they occur,” she said.

“What’s particularly concerning is that most of these tools are not encrypted by end-user to end-user, which increases the possibility of so-called ‘interception’ of communications by unwanted and malicious participants,” she added.

Houseparty, another popular video conferencing app, has also faced intense security scrutiny over the last months.

The app is popular with teenagers and youngsters who use it to play various group games, giving it a more fun-based approach compared to other apps. At the same time, these groups are potentially vulnerable to various security issues that can arise.

“There are also apps, for example like Houseparty, where to make it easier to find friends, you can connect your account with phone contacts and social media accounts,” Pendaroska noted. “This enormously increases the potential danger not only for your safety but also for the safety of all these contacts,” she added.

“There could be hacker attacks; during the meeting, the administrator can see details such as the operating system, IP address and location data of each of the participants; also, uninvited users in the communication, if the password is not authenticated, could use the conversation to spread malicious links or send files,” she explained.

Espionage concerns linked to China: 


Illustration. Photo: Pxhere

TikTok, a Chinese video-sharing social network, is increasingly popular in the Balkans, especially among teenagers who post various challenges to each other, such as dance-offs, sing-offs and so on.

But in some parts of the world, there are initiatives to ban it. In the US, lawmakers have introduced a bill to the Senate, which cites the company’s connection to the Chinese government, saying its potential collection of data from US citizens represents a security risk to the US.

Global cybersecurity companies have also identified many security vulnerabilities in the app that could allow malicious actors to manipulate its content and reveal the personal data of its users.

Cybersecurity experts say one way that tech companies could deal with such security risks and the consequences for their users is by having transparency reports.

“This could also include independent security audits of their code looking for weaknesses and flaws – akin to what Microsoft and Apple do with their operating systems, or what Google does with its “bug bounty” program,” Oghia suggested.

When it comes to the users themselves, the best prevention is to know not only what these apps bring to the table, but just as importantly, what their software solutions and vulnerabilities are.

Research by Picodi.com, an international e-commerce platform, says interest in video messaging clients has increased by seven times since the coronavirus restrictions were introduced in many European countries.

WhatsApp was the most frequently searched messaging app in 22 European countries. It is also a favourite app in the Czech Republic, Albania, Romania and Turkey.

Worldwide interest in the Zoom video app is skyrocketing, in Europe as well, with it being the most popular app in 14 countries, including Moldova, North Macedonia and Slovenia.

Besides WhatsApp and Zoom, people were massively using Skype – in Hungary, Poland, Slovakia and Greece, Viber – in Bosnia and Herzegovina and Montenegro, and Microsoft teams – in Croatia and Bulgaria.

Picodi.com analyzed the average number of online search queries of 19 messaging clients which enable video chatting.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now