World

A NATO Minnow Reels From Cyberattacks Linked to Iran


TIRANA, Albania — Customers at one of Albania’s largest banks were shocked just before Christmas when a curt text popped up on their mobile phones: “Your account has been blocked. Your account balance is zero. Thank.”

The messages, which turned out to be fake, signaled the opening of a disruptive new front that Albanian authorities, the United States and NATO have identified as a large-scale Iranian-staged cyberattack against one of weakest members of the military alliance.

“It’s an attack – an invasion against the sovereignty of one country by another,” Prime Minister Edi Rama said in an interview in Tirana, the Albanian capital, calling the attacks. “Absolutely like a conventional military invasion just by other means.”

The onslaught has swept Albania, a Balkan country of less than three million people, into a spiral of instability and plunged it into major geopolitical battles involving Iran, Israel and the United States.

The reason for the attacks, which started with stealthy intrusions into government servers in 2021, but only started causing apparent disruption last year, appears to be due to Shelter of Albania’s Mujahedeen Khalq, known as MEKa secret Iranian dissident group, on its own soil.

Also playing a role is Washington’s polarizing politics, where prominent Republican hawks toward Iran have been strong supporters of MEK.

Hired by the Albanian government to investigate, Microsoft, in a report about the attack, attributing it with “high confidence” to “agents sponsored by the Iranian government,” identifying MEK as a “primary target.” The report added that the campaign against Albania was probably “retaliation for cyberattacks that Iran attributed to Israel” and Mujahedden Khalq.

An emblem stamped on secret Albanian documents leaked by the attackers shows a hunting eagle the symbol of a hacker group called Predatory Sparrow – which Iran blames for the attacks. attack on their own computer network – inside the Star of David.

Predatory Sparrow has claimed responsibility for a number of sophisticated attacks against Iranian targets, including a state broadcaster.

Albania, a country with a majority Muslim population, severed ties with the Islamic Republic of Iran in September, expelling its diplomats in response to what experts say was an attack. Europe’s most disruptive network targeting a NATO member since 2007, when Russia hacked computers. network in Estonia.

The attack on Albania not only disrupted government work and sought to erode trust in financial institutions — a serious threat in a country that fell into civil war in 1997 after funds Fraudulent investment collapse — but also involves the leak of a huge trove of documents. of confidential information.

The leaked data included the names and addresses of more than a thousand undercover police informants; email traffic of the head of the intelligence agency, a former president and former police chief; and banking information for more than 30,000 people.

The severity of the widespread attack posed a difficult test for NATO, of which Albania is a member and enjoys protection under the alliance’s commitment to collective defense. (NATO says it has no influence over its military networks or operations.) Albania has been a member since 2009, one of 14 formerly Communist countries to join.

Article 5, the foundation of the alliance, says that “an armed attack” against any ally in Europe or North America “shall be considered an attack against all.”

But cyberattacks, Mr. Rama said, are another form of aggression, and theoretically, “events are unfolding before our eyes when it comes to” them. Because of this, he said, Albania did not invoke Article 5. “How did the Union react? By attacking the identified country through the network, by using military means or by what?” he say.

NATO has limited itself pledge “support” Albania in strengthening its cyber defenses” and denounced “malicious cyber activities designed to destabilize and compromise the security of an ally and disrupt people’s daily lives .”

The attack on Albania began in 2021 when hackers infiltrated an unprotected government computer and then extended from that beach to networks used by Albanian intelligence agencies, police , border guards and other official agencies.

Lurking there for months without the authorities knowing, they downloaded huge amounts of data and then broke in last summer when they began deleting files from servers, crippling many services. government service. They then began leaking selective information, mostly confidential, on a Telegram messaging service channel called Homeland Justice.

Just as officials thought the holes in Albania’s defenses had been filled, hackers hit the private sector, hitting at least one major bank, the Bank of Credins, with announcements forgery about drained accounts and revealing confidential personal banking information.

“It keeps repeating itself,” lamented Mr. Rama. “This is a terrorist attack designed to create panic, fear, cause insecurity and make people believe that nothing is under control,” he added. “They’ve placed ticking bombs everywhere with no clear pattern of when or where these bombs will go off next.”

But the ultimate goal of the attack seems pretty clear. The Fatherland Justice channel regularly publishes articles denouncing MEK, the Iranian opposition group, as terrorists and demanding that Albania close a camp run by this group near the port city of Durres or face the situation. further turmoil.

Former members describe MEK, which in 2016 transferred many of its followers to Albania from its previous base in Iraq, as an evil cult. The US considered it a terrorist organization until 2012, but relied on Albania to provide shelter to thousands of its members after their camp in Iraq was attacked by pro-Iran militias.

“Welcome to hell… Snakes! Venomous snakes! How did you escape being condemned to hell? said a notice posted on the hacker’s Telegram channel in December after Albania refused to close the MEK camp. “As long as the MEK exists, so will we,” the hackers warned. “Why is our tax dollars being spent on the terrorists in Durres?” ask for another message.

To reduce the risk of panic, the Albanian government banned media outlets from publishing leaked information on the Homeland Justice channel. The US has sent experts from the FBI and other agencies, although Mr. Rama said: “Of course we would like to see the US government do more, help more and be more present in helping us. Build the best network defense possible. “Israel, which has a lot of experience dealing with threats from Iran, is also helping.

But these efforts, according to Gentian Progni, a cybersecurity expert in Tirana, kept suspected Iranian hackers lurking in Albanian networks until at least the end of January. He noted that they posted online a government identification document created on January 29.

“We were told that the hackers were no longer in the system, but we could see they were still there,” Mr. Progni said in an interview last month. “This is a bigger mess and more serious than anyone thought.”

MEK defectors question whether Iran was behind the attack and believe the real culprit may be the opposition group itself.

There are some indications that actors other than the Iranian state were involved. These include the mysterious appearance of a second Telegram channel calling itself Homeland Justice. The new fake channel contains many of the same posts as the original one linked to Iran but managed to remove content that embarrasses the Albanian government, such as a secret list of informants for the scene. monitoring and adding content that appears to amplify hostility towards Iran.

In contrast, the genuine Domestic Justice channel sought to assuage public outrage over the attack by repeatedly emphasizing that its target was not ordinary Albanians but MEK and the government. Albania for refusing to deport the group.

Mr. Rama said the Albanian government had resisted blackmail and refused to deport the MEK. Doing so would be the “greatest shame” for a country with a long history of sheltering refugees that no one else wanted, including thousands of Afghans by 2021.

But he complained that MEK “are not easygoing people, frankly” and that the group violated an agreement that they would not use Albania as a “safe haven to conduct political activities”. against the Iranian regime”.

Instead, the group has organized high-profile events in Albania aimed at rallying forces against Tehran, including an annual gathering called the Free Iran World Summit, with speakers appointed pay includes prominent American supporters such as Rudolph W. Giuliani, a former New York mayor and former personal attorney for former President Donald J. Trump.

Iranian dissidents have “friends on Capitol Hill lobbying for them” but have now been ordered to cease public activities against Iran, Mr. Rama said. MEK canceled the Free Iran event last year. “Now that’s not the case anymore,” the prime minister said, “We hope that they won’t try again because it’s not in the country’s interest and they have to accept that.”

Fatjona Mejdini contributed reporting.

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button