Seventeen years ago in Kosovo, the internet was considered a luxury, afforded only by a few who had computers and a telecom connection. Then after the war, all kinds of international armies, agencies, institutions and individuals poured into Kosovo, and they were all in need of good internet connectivity. Since such a grid was almost nonexistent, it had to be built from scratch. Progress was swift.
Now, 76.6 percent of Kosovo’s population are internet users and the country’s internet connectivity is one of the highest quality in the Balkans, with a nationwide broadband wireless backbone. Every house has a computer, and every shop, from bakeries and bars to carpenters, has wi-fi. But for all the technology, the majority of the population remains oblivious to the dangers lurking on the internet.
We leave traces of ourselves in almost every online interaction: pictures, email addresses, telephone numbers, names, voices, and other personal data that can be related to us. That data is protected by national and international laws, but that does not mean it is not susceptible to crime.
Hekuran Doli is an IT expert and the CEO of Cingerr, a company which handles data security for a number of portals, including some government websites. He tells K2.0 that not enough effort has been made to raise awareness about data security in Kosovo.
Hekuran Doli is the CEO of Cingerr, a group of highly qualified IT experts who build and integrate computing platforms designed to handle millions of requests per second.
Driton Zhubi, the executive director of Lens, an information and communication technology NGO, agrees. “In this age, you have transferred almost the entirety of your life online, including card numbers and personal documents,” he explains. This presents a danger for identity fraud amongst other issues. Zhubi believes that 90 percent of people in Kosovo wouldn’t even know if their personal data had been violated.
For this reason, Lens, operating with a grant from the European Commission, have launched a project aimed at protecting human rights in the digital age. “The main goal of the project is to organize civil society to help raise awareness among citizens about safeguarding their personal data and protecting their privacy rights,” says Zhubi. He explains that Lens coach other civil society organizations by sharing experiences and getting them ready to face such issues.
“The masses are poorly informed on how their information can be breached, and the ways a hacker can use it for data theft,” concurs Doli. Functioning since 2010, Doli says that the majority of traffic passes through Cingerr, a fact that has enabled them to face “more or less every possible attack directed at the websites of Kosovo.”
Doli points out that Kosovo has many unemployed young people with a lot of time on their hands and good internet connectivity. If there is a will and the resources to learn, it becomes a perfect breeding ground for hackers. Although he does not credit the local hackers with much ingenuity, nevertheless they are capable of performing the most common tricks for stealing information, some of which are outlined below.
The phishing method
The phishing method involves impersonating a web page. Doli outlines an example of the scam that took place in Kosovo and involved ‘Gazeta Express’: “[Hackers] opened a facebook page, and started promoting it under the name of this portal, news with the most bizarre titles,” he explains “When you clicked on it, a fake facebook page opened which required your username and password.” Many were deceived into entering their details and fell victim to data theft.
Although phishing is a crude method by hackers’ standards, it has been effective in Kosovo because people are not well informed. Doli reveals that only last month there were 30 thousand accounts stolen in Kosovo using this method. “In those 30 thousand people, surely there must be someone with important information. Now [the hacker] will keep [the information] and after a year reveal it. It may be inappropriate pictures or conversations.”
Doli says that all you need to do to protect yourself from phishing is make sure the website where you are typing your username and password is the correct name with https:// in front, for example: https://www.facebook.com.
Man In The Middle
A more advanced hack is the ‘Man in the middle’ method. “The attacker positions himself between you and the internet, so he can see all of your traffic including passwords,” explains Doli. “In that case there’s nothing you can really do other than using encrypted protocols.”
Doli says that this kind of attack is also known as ‘wiretapping.’ “Before, the state’s secret service did this, but now anyone with the internet and the right knowledge can do it,” he explains. “If he connects to your wireless then it is easy to steal everything.” Even on a shared wireless connection, such as in bars, there could be a hacker who is reading your data packages.
In order to protect yourself, Doli again emphasized the importance of https://. He also recommends using public networks or wireless only for surfing the web. If you need to sign in to accounts storing important information or conduct e-banking, do it from your own home.
The Virus Choice Attack
Doli says that the most widespread attacks are through viruses and mainly target Facebook accounts. “Each computer that has a virus has the potential to be wiretapped,” he explains. Viruses are more easily spread in Kosovo because the protective software being used is often pirated, and is therefore not properly updated and maintained. Keeping your operating system and antivirus program up to date, should solve the problem.
Personal data elsewhere
Hacking can present a danger to more than just your Facebook password. No matter how protected we are, we entrust our personal data with other people and companies, such as banks, and other institutions which are susceptible to hacker attacks. According to Doli, banks in Kosovo have also been attacked by foreign hackers but have kept the attacks and their losses secret.
Another crime is the theft of transactions. “For example, [hackers] get access to the email of a money receiver, usually someone that is doing trade with China, because information security is very low there as well,” Doli reveals. “They get access to that Chinese email, contact the company from Kosovo and tell them to transfer the money into another account. I had two or three cases like this.”
Other than hackers, who?
The data we store on our computer, and the information we share through our daily interaction with the online world can be accessed not only by hackers, but by other players as well, such as state institutions or media outlets.
Recent revelations that new technologies are being used for surveillance and interception with “chilling efficiency,” at least according to the UN Human Rights Council, also raise concerns for online safety.
In Kosovo, the law permits state institutions to intercept and monitor all electronic communications if authorised during the process of a criminal investigation. Article 68 of the Law on Electronic Communications allows these interceptions to continue for up to a year if it is deemed necessary by the state institution conducting the investigation. The Commission for Supervising the Process of Communication Interception has been established within the Kosovo court system to help ensure these laws are correctly enacted.
But there is information we publish about ourselves that can also be misused. The Lens NGO point out that people often reveal details of their personal life through social media; their emotions, worries, problems, celebrations and hopes, which can be used by others as means of manipulation or to create a certain impression of their personality.
Driton Zhubi is the director of Lens, a non-profit organization that aims to raise awareness of the detriments of the misuse of technology.
Zhubi believes that in Kosovo there are daily violations of individual privacy rights through the internet, and the biggest violators are the media, especially news portals, for whom social media has become a common source.
Publication of the names of accused, the names of minors, the faces of people in accidents are all daily privacy breaches, yet no media has been penalized because, as Zhubi opines, “nobody wants to be the antagonist.” For those who feel their rights have been violated, Zhubi advises individuals to complain to the Council for Written Media or the Agency for Data Protection, and as a last resort to address the court.
Privacy and personal data in the online era is being discussed and taught with an ever increasing intensity. However there is a lot of work to be done, because despite the fact that almost everyone is using the internet, few know how to protect themselves and their rights in this ‘brave new world.’ In addition to this, even those who are not public figures are not immune to public and state scrutiny of their online private lives.K
Photos: Fikret Ahmeti / K2.0.