
Cyber security in the Balkans is an area that can be easily attacked and exploited. This is because the advancement of this field in this region is slower compared to western countries.
As a result, Kosovo is often endangered and has been the target of cyber-attacks aimed at stealing information and hacking government portals.
Bajram Zeqiri – Cyber Threats Researcher, in an exclusive interview for “The Geopost”, has shown the global and regional challenges and threats, in terms of cyber security.
Below you will find the full interview with Mr. Zeqiri:
The Geopost: How do you see the current situation in the Balkans in terms of cyber security?
The Balkans are not immune to cyber-attacks, we have the last case when an unknown actor called “White-Tur” has conducted a very sophisticated campaign against the state of Serbia, creating sites similar to the Ministry of Defense, where the purpose of this campaign has been stealing the credentials of military personnel. Also, throughout history, other groups have had their presence in the Balkans as the group of Iranian origin “DNSpionage”, attacking organizations in various sectors such as telecommunications, law enforcement and government agencies in Albania. The presence of other sponsored groups is not absent in the Balkans, where these groups carry out various operations against the Balkan states by stealing state secrets.
The Geopost: How endangered is Kosovo by these attacks?
Kosovo, like other countries around the globe, is at risk of cyber-attacks, not only in the field of cybercrime like Ransomware attacks, but also in the spectrum of theft of confidential information.
The Geopost: Where do most attacks come from, from Russia or China?
From a strategic point of view, China, due to its geographical position, does not show much interest in conducting cyber operations in our region, while Russia already has a physical presence in the region, but also in the cyber plane is quite present.
The Geopost: How do you comment on the big cyber-attack, which took place last night on banks in Ukraine?
Since the Revolution of Dignity in 2013, Ukraine has been systematically explored by Russia in the cyber sphere. The case of the attack that took place yesterday with DDoS on the portals of PrivatBank and Oschadbank and the main portals of the Ministry of Defense and the Armed Forces of Ukraine is just a cyber operation by Russia, where it demonstrates its cyber power over Ukraine.
The Geopost: How does Russia deal with concrete attacks on Serbia and other countries?
It all depends on the motive of the campaign, which is prepared in advance then the operation begins. If the campaign aims to steal confidential documentation from the opposing state, state-sponsored groups of Russian origin initially carry out the “reconnaissance” phase or detection phase. This phase can take months until potential victims are identified and compromised in search of vulnerabilities in technology infrastructure assets.
After the discovery phase, the arsenal is prepared with the tools that will be used in this operation. The third phase continues by sending emails to their victims or exploiting vulnerabilities in the systems that were identified during the detection. In the moment of compromise “hacking” these groups are quite sophisticated to stay inside the organizations without being detected by security mechanisms.
And the final stage begins with the extortion or theft of information that is destined to be stolen, be it state secrets or blue-prints, patents, military designs, etc.
Groups of Russian origin are quite noisy when carrying out these operations, leaving a lot of particles and artifacts while carrying out these operations, but they have a goal to get to the information they are looking for.
The Geopost: How dangerous are the Chinese cameras installed in Kosovo and the region for the Balkans?
Most CCTV cameras sold in the Kosovo market are products originating in China such as the “Hikvision and Dahua” brands. These brands are prohibited from being installed within the US federal government infrastructure. These brands have been banned since the 2019 National Defense Authorization Act (NDAA).
Cameras that are installed in the North of Kosovo pose a threat and directly threaten the national security of Kosovo. By not going into too much detail of these brands in the technical field. The biggest danger of these cameras is the abuse and misuse by different groups and for what motive these cameras are installed. Who observes those cameras, where these recordings are stored, in which territory they are stored in the cloud and whether they are stored outside the territory of the Republic of Kosovo? For all these issues that affect the level of national security, the security organs in Kosovo must act.
The Geopost: How much do Europe and America help to block Russian cyber-attacks?
Europe and America contribute in many cases to the mitigation of cyber-attacks, where the National Cyber Security Unit “KOS-CERT” receives classified information from many other CERT countries about any attack, potentially aimed at Kosovo.