Following the drone and flag incident that plagued what should have been a friendly and peaceful football match, the majority of Serbian news media websites were the victims of a direct distributed denial-of-service (DDoS) attack by hackers apparently working for Albanian interests, causing all but one such media website and associated servers to go offline for hours before being restored.
Such attacks, where malware on thousands of computers is enlisted by hackers to tie up targeted website servers and cause them to freeze or crash is considered “distributed” because it comes from a vast variety of specific computers in this fashion and “direct” because it happens in sync as a concentrated attack. For servers of news media, banks, and other sites where the public requires constant access to ever-changing data, such attacks can be devastating in terms of the loss of consumer trust and money they cause.
“On Tuesday, after 9 pm, websites of all relevant media in our country were targeted by a massive organized hackers’ attack, and only one remained intact” Zoran Zivkovic, president of the Association for Information Security of Serbia said, according to a recent InSerbia article. The one that “remained intact” apparently had very strong security in place able to defend against such a powerful and organized effort at attack, however, the other media networks’ servers were less fortunate and fell to the attack. An attack of this caliber has not been seen before in Serbia or the entire region, and this fact alone is a serious cause for concern. Mr. Zivkovic and other security analysts have noted that an attack of this level of sophistication, duration, and the ability to take out a great deal of bandwidth would require resources beyond even what the Albanian government itself has in place, however, it is possible, probably even likely, that Albanian agents—whether truly governmental or from a splinter political movement—paid for hackers to construct and carry forth this complex attack.
A year ago, in September of 2013, InSerbia published an editorial I wrote that was a critique of a book by political scientist Prof. Thomas Rid, a London-based scholar who believes that cyber-war is not “real” war. Indeed, Prof. Rid’s book is entitled “Cyber War Will Not Take Place”, so his thesis her is pretty clear even before one opens up the book’s cover. Prof. Rid, having his expertise in political science and military history, spends most of his book describing the differences between real, conventional, warfare and what some scholars and professionals call “cyber-war”.
He concludes that while cyber-crime is a real issue, cyber-war is not. As I stated in my 2013 article, I believe he is quite wrong. My editorial, entitled “The Coming Threat of Cyber War”, lists how cyber-attacks and other elements of intelligence-gathering or disruption commonly associated with hacking or cyber-crime could be employed on a tactical level for the gain of governmental, terroristic, or paramilitary entities. Now, we see a drone fly into a major sporting event bearing a flag that caused great disruption in that event and following that action, the systemic, organized, denial of service attacks that took down most of Serbia’s online news media presence. This is severe, this is cause for worry, and regardless of exactly who orchestrated these actions, it is motivated by politics and not the type of fiscal gain we find motivating most common crime. Indeed, as noted above, whomever cooked up this plot probably had to spend—not make—quite a bit of money on it.
I have long believed that someday, somewhere, someone would launch an attack large or small that could not be defined as anything except an action of cyber-war. This is one such example of an attack. It meets the criteria I set forth in my article for a bona fide cyber-warfare attack, per its motivations, its enlistment of operatives either dedicated to a cause or in the pay of people dedicated to such a cause, and its coordination with other actions to bring about terror or social strife. There is evidence of involvement in at least the drone-flag action at the highest levels of the Albanian ruling class and this incident happened at a key athletic event at a crucial time in Serbian-Albanian relations. Truly, it was political in catalyst yet outside the bounds (by far) of accepted, polite, political or diplomatic discourse. The fact it was followed by cyber-attacks on Serbian media outlets greatly underscores that these attacks were part of a concentrated, directed, extra-political action. Though no shots were fired, it was closer to the dirty deeds of warfare than possibly closer to the proper techniques of diplomacy and we all know it.
Some observers have worried that the drone that flew into the match bearing the flag could have instead carried a biological or chemical weapon, or a small bomb. That is a valid concern. Likewise, while these DDoS attacks were mainly an annoying situation for a few hours upon one evening, it is very likely future attacks could seek to undermine governmental websites, steal sensitive data, disable communications such as email or even telephony, or disrupt power grid functions.
From what I know of the extant technology in place for internet and all levels of telephonic communications in Serbia, it is a combination of new upgrades that are quite up-to-date and much older, often Cold War-era Yugoslav systems. When we look at back-up systems and physical security going beyond what’s possible with just contemporary software, we find even more legacy systems from the 1980s and 1990s. This is cause for great concern. This is proof that Serbia is decently at risk for extensive, complex, and highly-disruptive cyber-attacks. And the fact that hackers apparently backed by the Albanians would undertake a cyber-attack is proof enough that the Albanians and others who are anti-Serbian are willing to use these weapons to wage their battles. That to me sounds a lot like “cyber-war”, and it’s cause for Serbia to take all measures possible to ensure at the national and corporate levels alike there is a more robust presence of cyber-security, because now we are not just dealing with criminals who might wish to steal our credit card numbers, but with political operatives that wish to silence our media, ruin football matches, and in general inspire dread and terror.
I have long been interested in what is now known as cyber-security, going back as far as the later 1980s when kids were into dial-up services, modems, weird stuff one could conjure with software like dBase III or HyperCard, and the amazing world of telephone systems. “Hackers” were people who were more interested in breaking into computer systems to learn how they worked and in some cases, to exploit their weaknesses either for personal satisfaction or actual financial or other gain. “Phreakers”, a less-common term but an earlier one, were the kids who were trying to con the phone system into free calls via a series of dial-tones that replicated legitimate ones these systems produce; while this technology over the course of the past decade has been greatly reduced as has the interest of hackers in phone systems, the general issue of telephone systems involved in the operations of the internet is still very key because in most nations, telephone company central offices still handle most internet traffic—even that for the government and military, though such at times goes through specialized and more-secure facilities.As the internet became more and more popular and vital to so many areas of life and as technology swung towards a fully-digital, fibre-optic-mediated means of transmission, we saw hardware improvements as well as the software improvements the consumer is more familiar with come into play. What hackers have known for decades is that “hacking” isn’t just being able to break into a computer system or deny it service via an attack on its bandwidth, but all means of gaining entry or control of all facets of the software and hardware aspects that facilitate computer communications via the broad internet or specific, more-isolated, intranets.
I want to stress that in the Balkans and Russia—probably elsewhere, too—there’s something of a climb to make in conveying that cyber-security is, on a national level or beyond just a corporate level, a serious concern. Many information technology security professionals will argue over their own favorite approaches to making systems more secure and robust, however, that is only one level of the battle. Before we can debate what silver bullet is best to shoot the werewolf, we have to convince the powers that be that indeed there are werewolves in the first place. We have a cultural split, with many of the Thomas Rid types, the academics, the retired colonels and such saying “this is a small police matter, a crime of theft at worst” versus the other cultural outlook, one I’m loathe to call “the hacker culture” for how Hollywood this sounds, but the IT professional culture, at the least. And there are academics who are very disturbed about the prospect of cyber-conflict, as well: RAND researchers and authors John Arquilla and David Ronfeldt have been worried about cyber-war and writing very thoughtful and in-depth work on the concept since around 1996, so this cannot be seen as a fully new issue, either. The fulcrum is this: Scholars of conventional war are looking at what they believe war to be and not to be, and while not denying that cyber-attacks can be costly and problematic for society, they’re seeing these attacks as a totally different creature than actual warfare, with no lives lost, no rockets slamming into buildings, no stray bullets hitting innocents. Yet what is missed is that for centuries warfare has been predicated on doing actual harm—the whole option of virtual harm was not even a concept. The closest analog would have been burning books, a removal or withholding of information. Now, withholding or destroying data or the access to data networks constitutes a very real apex of damage to how post-industrial society functions, and to hamper or destroy crucial parts of society for political gain does seem like warfare, or at the least, the same creature with different fangs.
Serbia will do well to take the recent DDoS attacks as a grave lesson: all websites, all internet presences, all channels of computer-mediated communications as well as all telephony beyond what we normally consider as computer communications will require astute stewardship and protection, because there are enemies—whether state-actors or otherwise—who will exploit any digital weakness they can find.
Why is it that when something happens in Serbia the first scapegoat they offer are Albanians. The first group to blame are Albanians by serbs be it politicians or common folk. I fully understand your security concerns but just because something happened at a football match should not be immediately pinned on a group of people that you have subjugated, rapped, killed, abused, etc. As I am typing there is an article “Cyber Attacks on U.S. Banks” on this website. Are we to insinuate that the Albanians were responsible for these attacks as well?
Stop with the finger pointing until you have concrete evidence and a real suspect. And as smart as you portray yourself to be it is premature to assume blame on a group of people or nation without facts. Get over your Albanianphobia.
Interesting article. I agree that the concept of war needs to be re-dimensioned. Also, I think whether cyber-war is happening or not isn’t being questioned anymore. Not in Washington at least. An insightful read here: [link]
As the author of the article, I will address the comment about “why are the Albanians being blamed?”. Well, the investigation thus far by the Serbian authorities seems to indicate that someone in Albania—and very likely someone with high political connections—was responsible for the drone and the cyber-attacks both. I am an American, and while I would say I am pro-Serbian, I also write for the Croatian media. As a journalist, I do not take sides, however, evidence indicates involvement of the Albanians and also, who but the Albanians or Kosovo would have anything to gain from these attacks? Criminal hackers seeking reward in money would not, nor would Islamic terror groups or anyone else. So it’s pretty clear, even if the Albanian government wasn’t directly involved, someone within Albania with a lot of money and power was behind all this.
To: Mike
From one american to another please read the following sentence once more:
Mr. Zivkovic and other security analysts have noted that an attack of this level of sophistication, duration, and the ability to take out a great deal of bandwidth would require resources beyond even what the Albanian government itself has in place, however, it is possible, probably even likely, that Albanian agents— whether truly governmental or from a splinter political movement—paid for hackers to construct and carry forth this complex attack.
The first part of the sentence is unbiased and the latter part is pure speculation. And its not even evidence based.
If you follow the media in Serbia from the Yugoslavian era to the present, then Albanians were always used as the scapegoat for social ills. When Milosevic made his speech in Kosovo/a about no one shall beat you, which stemmed from a story that a serb was beaten by Albanians and a beer bottle was broken in his rectum. When the real truth came out the Serbian himself had broken the beer bottle in his rectum and was to embarresed to admit it he blamed it on the Albanians. This caused a greater uproar then the recent football match. Another example is the rampant inflation rate that Serbia experienced was blamed on the Albanians when it had nothing to do with them. Such stories were always reported to divert people from the truth.
Hackers have become a nuissance throughout the world because we as human have put our trust on a few firewalls and have become complacent when it comes to securing data of any kind be it a small business or a government entity. And Serbia seriously needs to face its hooligan problem just like England did for the sake of the common fan.
firstly i agree with the writer that a cyber attack can be in many ways just as dangerous as an armed conflict. I have to say that I actually enjoyed his writing style. At this point it’s fair to add that I come from Albania myself [one of the few who ain’t hacking…lol] the thing is that as far as i know my people most of us are unninterested about what happens in Serbia or elsewhere. We DON’T vote having in mind how to get all Albanians in the Balkans under one state or thinking about the Albanian lives lost in Kosovo (not from cyberwar…). Although the first might seem as a fair objective for any nation and the second a right feeling for anyone on this planet. And we don’t really care for religion,in case I should add that. Such things make Albania one of the most tolerant societies in Eastern Europe. And we don’t have nightmares about neighbours thirsty for revenge. For us football is just that, being vs Serbia or any we’d cheer our team and not shout about killing the other…by the way,cheer up!!
In reply to those who have commented that it is biased to say that Albanian parties are behind these cyber-attacks and/or the football match drone attack, what I can say is this: the Serbian media is reporting Albanian links to these attacks. Never did I say that the government of Albania was certainly behind the attacks, however, it appears someone operating within the nation of Albania, someone with plenty of money, is probably the force behind these attacks. That cannot be said for sure, but that is where it appears the investigation is going. Is a Serbian investigation on the attacks biased? I cannot answer that, because I’m not investigating nor reporting on that story. Would it serve Serbia any purpose to launch a criminal investigation that was knowingly biased from the start? No. Serbia wants accurate answers as far as who attacked its news media’s sites.
Please read the news stories regarding these attacks here at In Serbia and in the Serbian media, also. See what they are saying. See what the Albanian media and other media is claiming, also, and draw your own conclusions. But it’s the same as any crime: you look for motive and ability to take an idea to action. Who has motive? Who has the resources? Start there.
Mike,
With all due respect. Hackers could have hacked computers in the territory of Albania proper. The same way the Pentagon assumes that the Chinese hack was done locally and not directly from the territory of China proper.
The hooligans at the football game embarrassed the country of Serbia. Serbia was trying to deflect any responsibility that it could not secure the safety of 11 players. Whomever organized that game did a poor job. The security forces did a poor job. They let a known hooligan that stopped the 2010 game walk the pitch as if he owned it.
Repeated stories came out that it was Albanians without proof. Who has motive for the incidence at the game and for the hacking incidences? Nationalists (be they Serb or Albanian) or someone who wanted both teams to be eliminated because both teams are a threat in the UEFA 2016. No one has considered that it could be an outside source because each country was to busy blaming the other. Who has resources? A lot of other countries besides the two nations of Albania/Serbia.
As far as the hacking between Albania and Serbia that has been going on for years. This is a more concentrated effort. And brings a lot of security concerns into question. The one question that everyone should be asking is who will benefit from this attack? Internet/Computer Security companies. And Albanians are a great way to instill fear into the heart of Serbians so that they can buy the latest and greatest security apps from the west or from Russia.
Serbia still has to deal with its hooligan problem nonetheless. Or the Serbian fans will suffer for it.
So Internet Security companies are surreptitiously attacking governments in order to sell them security patches? We’ve heard the thesis before. But seriously, come on! As if Internet/Security companies are not busy enough trying to stay on top of the latest cyber threats.
It’s not as if the CEO of some Internet security company ordered the attack. If anything, its anonymous hackers, and anonymous hardly has a coherent agenda.
Do you think the web would be a safer place without Internet security companies?
Isaul,
I didn’t say security companies are attacking governments but they will gain the most from such attacks on governments by hackers. “Anonymous hackers” you say and you say without a coherent agenda. Then how did anonymous automatically lead to Albanians being the backers of this: “…websites of all relevant media in our country were targeted by a massive organized hackers’ attack,….” Seems like anonymous was automatically given a name and was provided as proof and fact that an Albanian was responsible and is no longer anonymous.
The article is showing a security risk in Serbia (which isn’t only isolated to just this country) but is fueling it with fears that Albanians are now so sophisticated that they are out to steal every Serb credit card and personal and sensitive info from every Serb and they are well financed and organized with a coherent agenda (which is a contradiction to your comment). The catalyst is fear and the article is implying that fear=Albanians and beware they are coming via your internet connection without proof that these hackers are Albanian. Like I mentioned before there are hackers in both countries and all around the world. And if as you say hackers are anonymous how can they be Albanian without proof as in the article. Now is speculation to be considered proof or fact?
Serbians should look to other people and methods when they are trying to deflect a poorly organized game that lacked security and their hooligan fans are pure racists. That chanted Death to all Albanians and kill them until none are left. Again Serbia has a severe hooligan problem.