Belgrade Security Forum on Cyber Security in the Western Balkans, 2014 (Source: Flickr)
On the 7th of September, Albanian Prime Minister Edi Rama announced the immediate severance of diplomatic ties with Iran, thereby ending a relationship that had been steadily deteriorating. Underlying this decision was a cyberattack back in July on Albanian public services, for which Albania and the United States have blamed Iran as the perpetrator. On the 12th of September, Albania suffered another cyberattack. Meanwhile, the digital infrastructure of North Macedonia and Kosovo have also experienced cyberattacks, as well as Montenegro’s public administration which is still recovering from cyberattacks last August.
Albanian-Irani relations on an all-time low
Numerous Albanian government digital services were on a temporary shut-down due to a cyberattack suffered on the 15th of July this year. The cyberattack was yet another moment of controversy between the two nations. Tensions were already running high when Albania decided to host the Mujahedin-e-Khalq organization (MEK), who have been residing in the country since 2014. The cult-like revolutionary group has a tumultuous history, in which the United States and the United Kingdom marked it as a terrorist organisation, only to be delisted by the United Kingdom in 2009 and by the United States in 2012. In Iran, the group is still regarded as a terrorist organisation to this day. Nowadays, approximately 3,000 MEK supporters reside in Camp Ashraf 3 in Manez, located about 30 kilometres west of the Albanian capital Tirana.
On the 7th of September , the Albanian government ordered all Iranian diplomats and staff to leave the embassy and cut all diplomatic ties with immediate effect. Rama announced that the decision followed after an in-depth investigation, which was conducted with help of Microsoft, provided indisputable evidence of Iran’s involvement in the cyberattack. After the Iranian diplomats and staff left the premises of the embassy in Tirana, Albanian counter-terrorism police searched the building. Hours before their departure, a reporter saw a man burning papers in a rusty barrel. Five days after the Albanian response to the cyberattack, the country suffered another cyberattack, for which Rama holds ‘the same aggressors’ accountable.
Montenegro’s public administration paralysis
Last August, Montenegro was also hit by a cyberattack from which the digital infrastructure still suffers to date. Government and judicial websites remain offline and operating public services are limited. Due to technical problems caused by the cyberattack, which put a large part of the digital infrastructure of Montenegro’s public administration in paralysis, multiple trials had to be postponed. To assess the damage of the cyberattack to Montenegro’s digital infrastructure, a team of the FBI joined the investigations.
The Montenegrin Agency for National Security (ANB) accused Russian services as perpetrators of the coordinated cyberattacks, and told the press that Montenegro is currently involved in a hybrid war. Montenegro was added to Russia’s list of ‘enemy states’ following Montenegro’s decision to join EU sanctions against Russia over the invasion of Ukraine. Although historic ties between Russia and Montenegro are strong, relations between both countries have worsened in the last decade with multiple accusations from the Montenegrin side of Russian involvement in attempts to destabilize the political climate of Montenegro. These attempts happened after Montenegro started seeking NATO-membership and joined sanctions against Russia’s annexation of Crimea and its military support for separatists in the Donbass since 2014. Russia’s foreign ministry denied the allegations.
Future of the digital infrastructure on the Western Balkans
The cyberattacks on Albania and Montenegro, although both countries accuse different parties to be responsible for the attacks, fit in a trend of countries on the Western Balkans finding themselves as a target for cyberattacks. Recently, Kosovo Telecom was one of the many targeted national institutions in Kosovo. It led to a proposal by the government to establish an Agency for Cyber-Security after a draft law was established on September 14. Throughout the week, government websites and internet service in Kosovo were targeted by cyberattacks. Albania already suffered from massive leaks of personal data back in April 2021 right before the general elections. North Macedonia State Electoral Commission was targeted by a DDos attack in July 2020 during the parliamentary election, causing it to be brought down. The website of the North Macedonian Ministry of Education was taken down this September by hackers.
Although not all cases brought forward a specific perpetrator behind the cyberattacks, there are accusations that Russian state security bodies are involved. Especially with the Western Balkans publicly siding with Western governments in imposing sanctions against Russia following the invasion of Ukraine, the countries are likely to find themselves higher up on the target list. After the cyber-attacks on state institutions in Kosovo, Albania and Montenegro, all state institutions in North Macedonia were urged to double check and strengthen their online security protocols against cyberattacks.
The wave of cyberattacks on the Western Balkans put another emphasis on the strengthening of the digital infrastructure in the region, and increasing international cooperation between the EU and its potential member states. Especially as political trust and stability is partially decided by the functioning of (digital) public services, getting a grip on the wave of cyberattacks is crucial to tackle political instability in the region.