No one ever claimed responsibility for the electoral commission attack, and the name of the group that targeted TIME.mk – ‘Anonopsmkd’ – gave little away. But a subsequent message contained a good clue as to its ideological leanings.

If the biggest ethnic Albanian party in the country, the Democratic Union for Integration, is granted the post of premier, “expect that the whole of Macedonia will be turned upside down,” the hackers warned, “and you will face a complete ‘blackout’ within 24 hours. So don’t play with the Macedonian people.”

An ethnic Albanian did not become prime minister, for other reasons. And Anonopsmkd has been largely inactive ever since. But the episode demonstrated the threat posed by cyber-attacks motivated by nationalist or right-wing ideology. And if such groups do not have the expertise themselves, there are always hackers-for-hire, experts say.

“Today, it is not uncommon for groups to hire attackers on the dark web who will do a certain amount of work for a certain amount of money,” said Metodi Hadji-Janev, associate professor of international law at the ‘General Mihailo Apostolski’ Military Academy in Skopje. “The fact is that cyberspace is an attractive channel for attacks with various motives.”

Cybersecurity analyst Suad Seferi told BIRN: “There is always the potential for far-right ideological threats in cyberspace. While they may be rare, they can still be very dangerous.”

From homegrown to state-sponsored

Illustration: EPA-EFE/SASCHA STEINBACH

Several global institutions have already felt the wrath of far-right extremism; in April 2020, far-right extremists published more than 25,000 email addresses belonging to major organisations such as the World Health Organisation, the World Bank, and the US National Institutes of Health.

The threat isn’t always homegrown.

Over the past couple of years, North Macedonia has been targeted by hackers in neighbouring countries, most notably a group calling itself ‘Powerful Greek Army’.

Two years ago, the group hacked dozens of e-mail addresses and passwords of employees in North Macedonia’s finance and economy ministry and the municipality of the city of Strumica.

Then in February this year, Powerful Greek Army struck again, this time targeting the North Macedonia’s education ministry.

Motives can vary – from political, ideological, to financial. Sometimes, it’s just about showing off.

“In the region there are these types of cyber incidents where the main goal of the attacker is to boast that they have successfully breached the defence systems of the governmental institutions of the targeted country,” said Milan Popov, a Skopje-based cybersecurity engineer.

“They usually deface the landing page of the institution to mark their presence. While institutions usually deny these attacks, in most cases they are indeed happening.”

There is also the state-sponsored variety, Popov told BIRN.

“China, Russia, and North Korea have been using them for different purposes from disabling the enemy’s major infrastructure to special operations to gather useful information. For example, North Korea mostly uses such attacks to finance itself with extortion from ransomware and all kinds of malwares.”

Big potential for cyber-attacks in the Balkans

Illustration: EPA-EFE/FELIPE TRUEBA.

In the Balkans, a region still grappling with the legacy of conflict, the potential for malicious cyber activity is enormous, experts say. Hacking groups from Turkey and Greece, for example, have frequently traded blows in recent years, with hackers targeting state institutions in either country depending on the issue of the day.

Far-right groups in other countries can capitalise on similar disputes to further their political goals, as Anonopsmkd tried.

“I remember that during the 90s there were similar cyber wars going on between Albanians and Serbs, when hacking was simpler and chaos could be created in most institutions with just a few clicks,” said Seferi, recalling the period when socialist Yugoslavia was falling apart and Serbs and Albanians were at odds over Kosovo.

IT systems used by state institutions today are much more advanced, but much still depends on their level of preparedness and the expertise they have to hand.

“The risks for state institutions are constant and they should be equipped with experts in that field that can help prevent such cyber-attacks,” said Seferi.