Albania blames Iran for cyberattacks
September 16, 2022
On September 6, 2022, the Albanian government cut diplomatic ties with the Islamic Republic of Iran and issued an ultimatum to diplomatic staff at the Iranian embassy in the Albanian capital, Tirana, to leave the country within 24 hours.
The move came after a series of cyberattacks on Albanian institutions this summer. The first attack, which targeted the government server administrata.al, took place in May.
The second took place in July and targeted the government portal e-Albania.al, where Albanian citizens can log in using their ID or passport number and apply for official documents, schedule appointments with Albanian consulates, etc. Subsequent US and Albanian investigations concluded that Iranwas behind this "reckless and irresponsible" attack.
The Iranian Foreign Ministry dismissed these allegations as "baseless" and "unsubstantiated" and blamed "third parties" for Albania's decision to cut ties. It also denounced the move to sever diplomatic relations with Iran as "injudicious" and "lacking in foresight."
Albanian police computer system taken offline
Then, on September 10, Albaniapublicly blamed Iranian hacking groups for another digital assault on the previous day, this time targeting the Albanian police force's Total Information Management System (TIMS), which contains data on those entering or leaving the country.
When it became clear on September 9 that there had been a security breach, police departments across the country were ordered to take TIMS offline for 24 hours. The Albanian government accused Iranian hacker groups of being behind the attack and moved to reassure citizens that there had been no significant data leak.
Threat to Albania's national security
Colonel Dritan Demiraj served in the Albanian Armed Forces for 35 years. During this time, he led the Albanian Special Operations Battalion, which was deployed to Iraq in 2004 and Afghanistan in 2010. As a former minister of the interior in Albania (2017), he knows how important national security is. That is why he considers the government's decision to cut diplomatic ties with Iran to be the right one.
"For several years, the staff at this embassy was involved in activities that exceeded its diplomatic mission and could have harmed the national security of the Republic of Albania, our partners and our citizens," he told Deutsche Welle.
"An offensive act of aggression"
Dr. Afshin Shahi, associate professor and lecturer in Middle East Politics and International Relations at Bradford University in the UK, says that the Albanian government's decision to expel Iranian diplomats can simply be seen as an act of self-defense.
"In the world we live in, cyber security is one of the most important prerequisites of running a nation state. It is directly linked to the economic, political, military and societal security of any state. The Islamic Republic's cyberattack paralyzed important infrastructure in Albania. This is clearly an offensive act of aggression that violates Albanian national sovereignty," he told DW.
NATO and US condemn attacks
On September 8 and 11 respectively, NATOand the White House National Security Council condemned the cyberattacks and confirmed their support for Albania's efforts to mitigate the impact of the attacks and recover from them. Albania has been a member of NATOsince 2009.
It is widely thought that the presence of some 3,000 members of the opposition People's Mujahedeen of Iran (Mujahedeen-e-Khalq, MEK) in Albania is the motivation for these cyberattacks. Tehran considers MEK to be a terrorist organization.
The People's Mujahedeen of Iran
Founded in Iran in 1965, the MEK is an Islamic political group with socialist tendencies. It took up arms against the Pahlavi dynasty and supported Ayatollah Khomeini in the 1979 Islamic Revolution in Iran. Shortly after the revolution, conflicts of interest and power struggles with the authorities ensued, and the MEK was banned in Iran – like many other political groups at that time. The organization then went into exile and continued its opposition activities from abroad, later moving to Iraq, from where it ran military operations against Iran during the Iran-Iraq war.
Albania took in members of the MEK in 2013 at the request of Washington and the United Nations. The July cyberattack took place before a planned MEK conference in Albania. The event was cancelled as a result of the attack.
The MEK in Albania: a red rag to Iran
According to Colonel Demiraj, these claims do not tell the whole truth. They are, he says, "not completely true, because from my point of view, the dispute between the two countries existed even before Albania's decision to shelter members of the MEK. Another reason is that the government of Albania has openly positioned itself on the side of the US. This is undoubtedly not viewed kindly by the Mullah regime in Tehran, which has in the past also attempted to attack members of the MEK in Albania."
Dr. Shahi does not entirely share this view and says that although Albania is a close US ally and a NATO member, it doesn't have major disagreements with the Islamic Republic. "The problem only started when Albania decided to accommodate 3,000 MEK members. Although MEK is an archenemy of the Islamic Republic, under international law, Tehran has no right to embark on such act of aggression. Even if they were only aiming to target the MEK members, it is still a deliberate violation of Albanian national security."
Indications of links to the Iranian government
Referring to a Microsoft report, the Albanian government said that four Iranian hacking groups are suspected of being involved in the attack, one of which is linked to EUROPIUM, a group Microsoft says is "publicly linked to Iran's Ministry of Intelligence and Security (MOIS)."
Amin Sabeti, a London-based cyber-security expert, agrees that the cyberattacks were carried out by hackers linked to the Iranian government, the Islamic Revolutionary Guard Corps (IRGC) and the Iranian Ministry of Information. According to Sabeti, these attacks target political opponents, journalists and activists both inside and outside the country, and the government spies on them through these means.
However, he says that this attack was a new departure: "The Islamic Republic has never attacked another country on this level before, and this is the first time they targeted another country's infrastructure," he told DW.
Further attacks possible?
When it comes to the national security of Albania, Colonel Demiraj is confident that Albania and its partners would be able to cope in the event of an escalation.
Dr Shahi says that given the vital nature of cyber security, NATO has no choice but to broaden its notion of collective security. "In order to create an effective deterrent, it should introduce new cyber security parameters in its constitution to send a clear message that a cyberattack on one NATO member is a cyberattack on the entirety of NATO."
Edited by Bettina Marx, Yalda Zarbakhch and Aingeal Flanagan