Klara Dervishi

In recent days, Albania faced a cyber attack that threatened to delete all the data that was on the e-Albania portal. According to the Albanian authorities, the attack was successfully dealt with by not tolerating the hacking of any DATA, and the FBI is also involved in the investigation. It seems that one of the links of this attack was an episode where many Albanians received strange threatening messages on their phones.

Many Albanians received on their phones between July 16-19 some strange messages that have rightly been called by experts as episodes of the same attack that e-Albania data portal also faced.

All the messages came from unidentified numbers from the same sender “IKUB 2016”. “IKUB” is the name of one of the companies that cooperated in the establishment of the government system “e-Albania” portal, which was attacked by hackers at the same time as these messages arrived on the phones.

Faktoje.al sent IkubINFO an email, where the main question was whether these messages were sent from this company’s server and whether or not the company itself has launched an investigation?

The answer from IKUB never arrived and in parallel with the company, Faktoje.al also asked the State Police who said that they have already initiated an investigation:

“From our side, investigations have started in cooperation with the Prosecutor’s Office at the Court of First Instance in Tirana. Since the case is under investigation, we cannot provide further details. Thank you for your cooperation!”

State Police Email

Faktoje.al contacted a software engineer to understand if such messages have the same sending source as presented in the message and in the specific case for IKUBINFO.

How can such messages be easily sent?

Contacted by Faktoje.al, Armand Salillari, Senior Intelligent Network Engineer for Effortel Sofia Bulgaria says that:

“A telephone operator can buy a module and use it to send sms-es to regular customers using a sim card, and the name of the sender can be set as you like, IKUBINFO for instance, as in the case in question”

But this hypothesis falls due to the fact that:

An employee of any telephone operator has used the functions of the SMS Server installed on the premises of the telephone operator to generate and send the SMS in question. This would be very difficult to accomplish, as in the last case, text messages (SMS) were sent to subscribers of different operators in the country. Telephone operators would find it easier to investigate and identify the user if these SMS-es were generated by an internal employee or one of their internal functions”

Where did the sender find the contacts to launch similar messages to several numbers at the same time?

The software engineer sees this connected more with some cyber attack involving also e-Albania

“If the hacking of e-Albania was true and on the scale that was declared, it would not be surprising that the functions of e-Albania were used to send these messages. Ikub is a company that participated in the establishment of e-Albania and it would not be surprising if they have created a function for sending sms-es as a form of testing, which could have been found by hackers and easily used”.

Are these messages related to the cyber attack on e-Albania?

Considering that the American FBI is also involved in investigating where the cyber attack on e-Albania came from, the investigation of the Albanian prosecution should be even more complex and difficult. (“A full in-depth investigation is underway, not only by Microsoft DART (Cyber Security Team), but also by our responsible agencies which are working closely with us and the FBI,” said the Director of the National Agency of the Society of Information (AKSHI) Mirlinda Karçanaj / July 29, 2022).

What did Albanian Prime Minister Edi Rama say on July 20 about the cyber attack?

“The attack is organized by a state. It’s a state behind this attack. We are not able to identify which state. It’s two states we are suspicious of. I say this, meaning the attack is extremely complex and aggressive. And the systems have not failed in terms of destruction, the state data have not disappeared. Besides, data are not kept in the way people imagine. Because AKSHI does not keep any data. We are under the conditions of a highly sophisticated cyber attack that has included NATO in the counterattack. We are working with a team beyond our own,” said Rama

But on August 3rd, at least as claimed by the “Homeland Justice” site, otherwise known as “Drejtësia e Atdheut”, some of what the site calls e-mails received on the prime minister’s account were made public. The Prime Minister’s press office itself did not respond to a written request from Faktoje.al to confirm whether the e-mails were real or fake news.

Here’s how SMS servers work

But why is it so easy to send SMS-es by setting the sender as you wish, and make him not necessarily identifiable

Here’s how SMS servers work. In this link , you can easily find out how the group messaging machine works in the section “How can I send a bulk SMS”?

And here are the 5 steps you can send a message to several phone numbers simultaneously. But the question that arises is clear: How and where can you find the contacts of the people you want to send an SMS to?

Armand Salillari: The latest cyber attack on the e-Albania portal has given hackers the opportunity to take control of the SMS Server or the functions of the SMS Server that e-Albania uses to notify citizens of the requested services. This would be even more reliable if the SMS recipients are subscribers to different operators and part of different tariff plans. It would be even easier to generate SMS-es if hackers have found a ready-made template in e-Albania systems. The investigation and identification of the persons responsible is very difficult and will depend on the general investigation of the attack on the portal.

Is the content of the messages related to the cyber attack?

Why should our taxes be spent on the terrorists of Durrës?”,

“Albanian politicians have sacrificed people to support ISIS and MKO terrorists”

These were two of the messages that arrived on many phones. Doubts increase due to the fact that in these messages 3 phone numbers were recommended to be contacted and these numbers included a phone number of the President’s Office, another one of the wife of former president Ilir Meta, Monika Kryemadhi, and a third number from the Prime Minister’s office.

The messages came during the time the Iranian opposition was holding its summit in Durrës.

On July 23 and 24 of this year, the Iranian opposition organized a summit in the city of Durrës, a location the American Embassy in Albania instructed American citizens to avoid on those dates because “the United States Government is aware of a potential threat targeting the world high-level meeting of free Iran, which would be held near Durrës from July 23 to 24,” said this message.

And soon after that, on July 22nd, the Iranian opposition announced that it had canceled the high-level world meeting on the recommendation of the Albanian government for security reasons.

*This content is produced as part of the regional initiative Western Balkans Anti-Disinformation Hub