Kosovo’s s cyber(in)security

Open Data Kosovo
5 min readNov 11, 2022
Ilustrim: Sulmet kibernetike — Foto: REL/Shutterstock

Author: Kreshnik Gashi

War in Ukraine and cyber-attacks in the region have raised fears and alarms about possible cyber-attacks in Kosovo, which has still not managed to have a cybersecurity strategy.

Such risk has also been estimated in the last Progress Report, which states that Kosovo has major problems in cyber security while there is still a lack of investments in digitalization. This Report revealed the lack of capacity of Kosovo’s institutions to guarantee adequate funding for protection from cyber-attacks, as well as the lack of performance of prosecution authorities in the investigation of cybercrimes.

The Progress Report data indicate that the 37 cyber-attack cases reported in 2021 were not detected by the police and the prosecution authorities.

The same Report shows that no case was even completed by the court.

The data show that there are several cases of cyber-attacks in the justice system, but they have not been decided by final judgments.

One of the largest case files is the one against a group of hackers who stole bank data and profited several hundred thousand euros by misusing cards. The group that is being tried before Prishtina Court has not yet been found guilty by a final judgment.

In addition, the information technology expert, Diar Elshani, also sees international cooperation as a serious problem, which prevents the prosecution and criminal proceedings against persons suspected of cybercrimes.

“Kosovo must raise its human and infrastructural capacities, but international cooperation must also be enhanced. Kosovo mostly relies on such cooperation and if we were not to receive assistance from outside we would have many problems” — says Elshani.

The outbreak of the war in Ukraine fueled a debate on cyber protection in the country. During February and March, the institutions mentioned that they will take measures for data protection.

Warnings of attacks have been mentioned by several institutions.

Kosova Telekom, the company providing telecommunications services in the country, reported that it was the target of a cyber-attack.

Similarly, the Independent Media Commission and several other government agencies were targeted.

The data indicate that the Independent Media Commission was hit by a cyber-attack on 19 January of this year.

Due to this attack, the internal system as well as the official electronic addresses, documents and files of this public institution came out of the officers’ management.

The case was reported to the Police while investigations revealed that a group of internationally renowned hackers stand behind this attack. Thus far, IMC has not managed to return the lost materials, while according to the management of this institution, the first steps have been taken to increase cyber security.

The attacks concerned still do not have a clear answer as to who the actors were involved and who intended to carry out attacks on these Kosovo institutions.

Being asked to provide information as to what sage the investigation of these events stand, the State Prosecutor’s Office responded that they are investigating, but without providing details as to who the attackers may be and where the attack came from.

In its reaction, the Kosovo Government assured the citizens that the state assets were not affected and no data we taken in September’s attacks.

Rifat Hyseni, a cybersecurity expert and at the same time an officer with the Government of Kosovo, says that Kosovo is in the early stages of digitalizing data and providing services.

“In Kosovo, both public and private institutions are simply still at an early stage of digitalization and automation of service processes and all services provided to citizens or businesses. Therefore, we have a slightly smaller exposure to risk than developed countries” — says Hyseni.

According to him, investments in security in this direction should also be increased in order to avoid possible attacks.

Although having high internet coverage in the country, Kosovo is among the countries providing quite a few digital services.

During this year, there was an advancement in the provision of services as citizens were enabled to register their vehicles digitally.

However, the country continues to invest quite a few funds in capacity building and digital service provision.

The Progress Report mentions that Kosovo has only the basic capacities in cybersecurity, but there are major deficiencies, especially in investments and strategic determination.

For several months, the country has not managed to complete the Cybersecurity Strategy.

The document, which is in the final stage of drafting, is expected to be approved, but the implementation is expected to start next year.

The basic law on cybersecurity has not yet been passed by the Assembly of Kosovo and as a result, many processes in digitalization and investments in cybersecurity have not been implemented.

Attack by Iran

The theft of data by a group from Iran from the Albanian Police databases revealed other security problems.

Kosovo institutions carry out sensitive communications with partners in non-secure forms.

Unencrypted e-mails are not considered to be secure communications.

Such an email, exchanged between the Kosovo Police and Albania Police revealed the information and the suspect for the plan to kill the country’s Prime Minister. Even in other law enforcement institutions, such as the prosecution office and court, communications are not encrypted and are carried out by e-mails or simple forms of communication.

The cybersecurity expert, Diar Elshani, says that Kosovo may face risks from cyber warfare, similar to the regional countries.

“Critical infrastructure includes all that is vital for the functioning of a state or society, such as the infrastructure of the electrical network, banking infrastructure, telecommunication networks, for example, mobile operators and others. Thus, Kosovo may also face what we have seen in the region” — says Elshani.

Iran’s attack has changed some procedures in the way how electronic devices are used in security institutions. The data indicate that the institutional offices have been recommended not to use USBs and devices such as external hard drives to access their computers.

This investigative article is prepared as part of the project “Increasing Citizen Participation in the Digital Agenda — ICEDA” financially supported by the European Union. The contents of this research article are the sole responsibility of Open Data Kosovo and the author, and may in no way be taken to reflect the views of the European Union.