Cyberattacks in North Macedonia, Bulgaria, Greece, and Turkey reveal that government defenses are weak—and many NATO members are at risk.
On the night of July 15, 2020, the Balkan nation of North Macedonia was anxiously awaiting the preliminary results of its parliamentary election. Soon after the polls closed, in what was first believed to be a minor technical glitch, the website of the State Election Commission went down.
The polling results were nowhere to be found on the website in the next several hours, as the commission resorted to manually announcing the latest updates on a makeshift YouTube channel. And things didn’t get any better in the late hours of the night.
That night, the country suffered the biggest cyberattack in its history. The website of the electoral commission stayed down for the next few days, recovering from a full-scale distributed denial-of-service (DDoS) attack that paralyzed its functions, as thousands of IP addresses targeted the site. Months later, the authorities’ probe into the matter has yet to produce any findings about who might have been behind the attack.
While authorities claimed that the cyberattack did not have any serious consequences on the election process and the results themselves, it managed to highlight how fragile the IT systems of government institutions in the country are. A few weeks later, hackers also targeted several ministries, again demonstrating the urgent need for better cybersecurity measures.
The lack of expertise among the staff, insufficient financial resources, and the overall neglect of officials when it comes to the topic of cyberdefense are among the main issues plaguing state institutions across the region. It’s not only North Macedonia; many other countries in the region just aren’t doing enough when it comes to having strong cyberdefense systems. And in most cases, individuals prove to be the weakest link because they have not been trained and educated on how to defend against such attacks.
In March 2020, North Macedonia became NATO’s newest member. Looking to boost its overall defense capabilities, the country is now also putting its hopes on NATO’s assets and expertise when it comes to improving its cybersecurity.
However, during the last few years, NATO member states across the region have also been hit hard by various cyberattacks. In 2019, neighboring Bulgaria suffered the largest theft of personal data in the region, after its National Revenue Agency was hacked. More than 5 million Bulgarians have had their personal data exposed, and the hacked database was shared on various hacking forums.
Authorities charged a 20-year-old Bulgarian cybersecurity expert for the hack, although the motives behind it remained unclear. The attack illustrated just how weak cybersecurity practices at Bulgarian government institutions were.
With the country currently in a political turmoil and facing its next parliamentary elections in March 2021, the cyberattack on the National Revenue Agency could also serve as a warning of what’s about to come.
Apart from ransomware attacks, DDoS and malware attacks are some of the most common tools that hackers have been using to target state institutions. In most cases, the damage that these types of attacks can do could be very expensive.
“DDoS are one of the most common hacker attacks … due to the fact they are relatively simple and inexpensive to implement, compared to other types of attacks,” said Ljubica Pendaroska, a Skopje-based privacy and data protection expert.
“But the potential harm that they can do could be worth millions—counted in lost earnings, compromised systems, creating distrust in institutions, data theft, and the like.”
According to Pendaroska, such threats should constantly keep state institutions on alert and maintain an institutional awareness of the need for highly organized and functional protection systems.
The motives for these cyberattacks can vary. For some, as is the case with ransomware attacks, the gains could be purely financial. Others, however, might have more malicious intentions.
Montenegro, a NATO member since 2017 and an EU hopeful, held elections at the end of August. Fearing a reprisal of meddling attempts like the one that the Balkan country suffered in 2016, when a Russia-backed attempted coup took place, Montenegrin authorities held a joint mission with cybersecurity experts from the United States toward the end of 2019.
The mission aimed to prepare both sides for any possible Russian hacking attempts that could target the election processes in the two countries. However, as a recent suspected Russian hacking attack on U.S. government agencies showed, this might not be such an easy task—no matter how developed or technologically advanced a country might be.
“This was a cunning cyber-espionage campaign that was very hard to detect. It reveals that the U.S. government needs to enhance its cyberdefenses,” said Bilyana Lilly, an assistant policy researcher at Rand Corp.
Even if the U.S. government itself remains vulnerable, Washington is a cyberpower that can aid smaller countries. Various U.S. agencies can assist Bulgaria, Romania, North Macedonia, and other U.S. partners in the region, and they have done so on multiple occasions, Lilly explained.
In the Balkans, a region known for its political and economic instability, cyberattacks on state institutions could be used to fuel tensions among the many countries that have ongoing disputes, which could in turn have political and economic consequences.
Cyberwar missions like the one that the United States and Montenegro had last year can be particularly helpful, especially at a time when these cyberattacks are also becoming more advanced and harder to predict.
“The institutional mind cannot think like the criminal alone, and, unfortunately, hackers are often one step ahead of the system,” Pendaroska argued.
“However, the constant aspiration of the institutions should be to invest in and implement appropriate, tested software solutions that will increase the resistance against such attacks,” she added.
In the spring and summer of 2019, Romania also saw a part of its critical infrastructure in the health sector—clinics and hospitals—suffer several ransomware attacks. In May 2020, amid the COVID-19 pandemic, Romanian authorities managed to prevent similar attacks, with hackers preparing to send coronavirus-themed emails to various hospitals across the country.
Recently, the Romanian capital of Bucharest won the race to host the EU’s new research center for cybersecurity, which aims to assist the fight against private and state-sponsored hackers. Having an institution of this caliber in the region would show a strong commitment to building efficient capacities for thwarting cyberattacks.
Determining who is behind cyberattacks isn’t always the easiest task; sometimes they come from within as NATO allies attack each other. Turkey and Greece, with a history of mutual confrontations and currently entangled in a spat about oil drilling in the Eastern Mediterranean, exchanged blows in cyberspace in 2020.
Last January, Turkish hackers took down several Greek government websites using massive DDoS attacks. Greek hackers retaliated by attacking Turkish public service websites, as well as several Turkish media outlets.
In both cases, however, it was difficult to prove whether the cyberattacks were state-sponsored or simply carried out by nationalistic hackers on both sides. Either way, the attacks again showed the fragile state of cybersecurity practices in longtime NATO member states such as Greece and Turkey.
“These institutions are critical for the country, and attacking them has a political meaning. But still, this does not do anything to prove that the Turkish state is backing the hackers,” said Minhac Celik, an Istanbul-based strategic cybersecurity researcher. “What the attack’s success explains,” he added, is that Greek cyberdefenses are weak.
And such weaknesses could cost both sides. In the particular case of Turkey and Greece and their spat over the Eastern Mediterranean, in which many other countries and actors are involved too, vulnerabilities like these could be exploited by outside actors looking to capitalize on the situation—including malign actors or rogue nations, which could simply deploy various hacker groups and target one of these sides, or maybe both, if that suits their purpose. Russia, which could also have a stake in matter since it is involved in energy projects across the region, could use some of these tactics to undermine stability—something that was also outlined by U.S. Secretary of State Mike Pompeo this month.
The various types of cyberattacks that have hit the Balkans—from meddling in the electoral process to large personal data breaches and targeting the health and other critical sectors amid a pandemic—clearly show that authorities across the region need to be much more determined when it comes to strengthening and improving their cyberdefenses.
NATO, on the other hand, maintains that it has all of its cybersecurity capacities available for member states, especially when there are threats aimed at various democratic processes. “Any attempts to interfere with democratic elections, including through hacking, are unacceptable, so we must remain vigilant,” a NATO official said in a statement.
However, the multiple attacks on various state institutions in member countries during the last few years suggest that NATO definitely needs to do more to counter such threats. With recent cyberattacks in the United States showing that no matter how developed a country is, the consequences of such actions can be vast, other NATO allies could become sitting ducks if there aren’t sufficient protections in place for all member states.
Bojan Stojkovski is a freelance journalist covering foreign policy and technology based in Skopje, North Macedonia. His work has also appeared in ZDNet and Nature. Twitter: @bostojkovski