The Albanian border management information system (TIMS) was back online on Sunday, and Prime Minister Edi Rama confirmed there was no serious data breach after it was subject to a second cyberattack over the weekend.
The latest attack comes just days after Rama accused Iran of being behind a 15 July cyberattack that brought all government websites and digital citizens’ services offline. He ordered all Iranian diplomats to leave the country within 24 hours, severing all diplomatic ties with Tehran.
“Another cyber attack by the same aggressors, already exposed and condemned by Albania’s friendly and allied countries, was recorded last night on the TIMS system! Meanwhile, we continue to work around the clock with our allies to make our digital systems impenetrable,” Rama wrote on Twitter on Saturday.
But on Sunday, he confirmed the system was back up and running, and the aggressors had not achieved their goal.
“Beyond the heavy feeling created by the penetration into these systems, just like when they break into a house and steal, the fact is that the aggression has not achieved its goal at all, no disappearance or serious data leak!” Rama wrote on Twitter.
Those trying to use the TIMS system, which records every person who enters and exits the country, were confronted by a message stating, “Albania is still paying for the terrorist acts of the MEK cult in Durres; this game will continue.”
Albania is home to the MEK group (People’s Mojahedin Organisation of Iran), who were transferred to Albania from an Iraqi refugee camp in 2016.
The group was founded in 1965 and engaged in militant action against the Iranian government for decades before forging an alliance with Iraq and siding with them during the Iraq-Iran war.
MEK was previously designated as a terrorist organisation by the EU, Canada, US and Japan, but this was repealed. They were given protection in 2004 by the US government under the Geneva Convention.
They aim to overthrow the Iranian government, and some 1000 members live in a closed, heavily guarded compound 40km outside Tirana.
However, some analysts say it is not just due to MEK that Albania is being targeted. Albania is staunchly pro-American, a member of NATO and is home to a NATO airbase and, potentially, a future, a NATO naval base.
Lawyer and politician Kreshnik Spahiu warned that the government should be vigilant against attacks.
“The Albanian government should be alert because it is in a direct war with Iran. Albania must be very prepared militarily, even with the intelligence services, but also as a society in terms of other attacks that in the future will no longer be on the Internet and social networks, but we will have consequences and physical victims”, he said.
The US National Security Council has reacted to the latest news of the attack, stating it supports Albania’s recovery efforts.
“The United States condemns the September 9th cyberattack against our NATO Ally, Albania. This malicious activity against Albania follows the July 15 cyberattack conducted by the Government of Iran. The U.S. government is supporting Albania’s efforts to mitigate and recover.” a statement on Twitter reads.
The Director of the Civil Aviation Authority, Maksim Et’hemaj said the attack was sabotage and called for the establishment of a Crisis Coordination Committee.
“In civil aviation, what happened with the TIMS system is classified by the definition, sabotage.In such cases, in cases of sabotage, the civil aviation asks the local authorities to set up what is called the Crisis Coordination Committee. We are talking about an abnormal, unusual situation,” he told Euronews Albania.
But it is not just Albania that has witnessed such attacks. Digital services in Kosovo and North Macedonia have also been targeted over the last few days, although it is not yet known who is behind them.
Meanwhile, the MEK, in March 2021, was accused by Facebook of running a troll farm out of their base in Albania.
In a statement published on their website, Facebook said they had investigated and disrupted a “long-running operation from Albania that targeted primarily Iran.”
“The network violated our policy against foreign interference, which is coordinated inauthentic behaviour on behalf of a foreign entity,” they wrote in their in-depth report.
The National Council for Resistance in Iran, an organisation including MEK, issued a statement to the media denying any accounts affiliated with MEK have been removed. They also denied that there was a troll farm in Albania affiliated with them in any way.
Meanwhile, security expert Ergys Muzhaqi said the country should brace for more attacks in the future, including from Serbia and Russia.
“We must be very clear that further attacks will be expected. We have Russian hackers who are just as famous, although Iranians are more dangerous. We have Serbian hackers, we have hackers who would like to participate in such a situation. Albania has no time to lose to take its measures”, he told the media.