False reports of bombs placed in more than 110 Sarajevo schools, which police treat as terrorism, have drawn attention to BiH’s cyber security and vulnerability.
Cyber security experts still do not have enough information to give a final judgment on the background of such a threat in Canton Sarajevo, but they point out that BiH is facing a long process of strengthening human and technical capacities, but also adopting a legal framework in this area.
“In this case, I do not see any terrible impact such as cyber attacks on critical infrastructure, power outages, water supply or payment transactions, where you directly cause great economic damage. Such attacks are also designed for such things. This is a completely different connotation, because schools and our children are targeted, something we are most sensitive to,” says Vahidin Đaltur, a cyber security expert and forensic expert in digital forensics.
Apart from the obligation of parents to pick up their children, the event in CS did not cause panic, none of it had economic benefits, it did not paralyze the state, which are the goals of cyber attacks.
“We can start from the most banal thing, that teenagers did it for some of their own reasons. It is difficult to say whether it is a background or a political message, but for what has been done, you need 20 minutes,” Daltur points out.
He claims that we are far from any serious readiness to defend against cyber attacks.
There is no prevention
“We need three to five years, at least, in order to make an expert team, procure equipment with which we could do serious monitoring, prevention, alarming and everything that is needed,” adds Daltur, Avaz writes.
Cybercrime is gaining momentum in Bosnia and Herzegovina (BiH), which confirms the growing number of reports. The victims of hackers are most often companies, however, there are also cases of attacks on citizens, most often through social networks. The police stated some of the ways of protection.
Hackers extracted 180 thousand dollars from a Tuzla company!
The focus of cybercriminals are most often BiH businessmen who do business with foreign companies, and their business communication takes place mainly via the Internet, specifically e-mail.
Investigators state that 180 thousand dollars is the largest amount of money for which one company from Tuzla Canton (TC) was damaged, and there are also cases in which 15, 18, 39, 40, 50, 60, and 100 thousand euros were stolen by cybercriminals.
Citizens are also targeted!
Apart from companies, cybercriminals often target citizens, who become their victims through social networks, most often Facebook, according to the Tuzla police. Investigators there say that citizens often do not understand the policy of a social network, and they imagine a hacker as someone who sits and directs himself directly toward a given person.
”In principle, they have tools that people download to their computers, and the scam is mostly done by asking you to participate in a prize or video game in communication with you via Facebook Messenger, and the code you will receive from Facebook needs to be sent to the person who contacted you, giving you a bonus or something similar. Basically, this is the code that Facebook sends you to access your profile, and when you give it to a third party, you automatically give access to your profile,” they explained from the cantonal police in Tuzla.
How is the investigation conducted?
”In the case of intercepted e-mail conversations, headers are excluded, and by their analysis, we follow the trace of money. On the other hand, when it comes to Facebook, we communicate with them directly, and they send us the data of the people who carried out the attack on request. However, there are problems in terms of the duration of the process. Namely, we have been waiting for this data for several months, and if we receive, for example, two thousand IP addresses, all of them must be analyzed and determined to which telecom operator they belong. Then the court issues an order to act and these are all proceedings that take an extremely long time,” is the answer we received from the investigator regarding the complexity of the work.
Police suggestions for company employees
When concluding negotiations between economic entities in which communication was performed by e-mail correspondence, before paying funds to the other party’s account, it is necessary to additionally check the recipient’s account in some other way (by phone, fax, or similar).
Regularly change passwords to access e-mail, using longer combinations of alphanumeric and uppercase characters.
Police suggestions for citizens
If they are suspiciously contacted by their ‘friends’ or ‘acquaintances’ on social networks, with requests for material or financial benefits before providing the same, through other means of communication, to conduct detailed checks with persons who allegedly request this help from them.
The Police Administration suggests to citizens to keep their personal data, not to disclose it and use it to third parties, and to try to follow standard measures for the protection of a user profile on social networks and Internet services in the form of using longer passwords which will contain combinations of several different characters as well as the two-level authentication measures offered by most internet services today, Klix.bawrites.