Author: Klevis Paloka
In December 2020, Albania adopted the National Strategy for Cyber Security and the action plan for the next 5 years.
"Albania, like other countries, is in many cases the victim of malicious cyber activity, carried out by criminal actors, including state and non-state actors, who can use the network infrastructure in Albania and abroad", mentioned in strategy approved national.
The adoption of such a strategy was also a request of the European Commission, which in the progress report of October 2020, stated that Albania lacks an anti-cybercrime strategy.
"Albania has not yet adopted a cybercrime strategy and needs to create a more effective law enforcement response that focuses on the detection, traceability and prosecution of cybercriminals", it is said in report.
So in this drafted document that ACQJ has, it is emphasized that "it is currently observed that the necessary means to obtain and create cyber intelligence, using the human and logistical resources necessary to exercise law enforcement activity, are lacking". One of the challenges suggested in the following is related to increasing the capacities to face the technology, but also to the request to change the composition of the structure, their approach, technical and logistical capacity.
But despite this, the capacities of one of the institutions that deal with the investigation of virtual crime still remain modest.
An unofficial source of ACQJ, says anonymously that although a Unit called "C" has been set up and focuses on the fight against cybercrime, it has only 15 employees. This unit was actually introduced only in September 2020, when it was renamed as a structure.
But what are the most common cybercrimes?
Common forms of cybercrime prevalent in Albania include fraud related to Internet banking, such as phishing and spam.
The most recent case discovered by the police sent two people into custody and put 5 others under investigation. These citizens inside and outside the country have used bank card data which are suspected to have been stolen from different citizens outside the territory of the Republic of Albania, with the aim of benefiting financially by purchasing mobile phone equipment. Unit "C" discovered that a financial damage of about 33.000.000 ALL had been caused in a company.
The explosion of the phenomenon of cybercrimes is also reflected through statistics by the General Prosecutor's Office. In the annual report for 2020, 156 files are declared open and placed under investigation, but in only 6 cases cyber fraudsters, threats or fines have ended up in handcuffs. The trend shows lower figures for 2019, where the report of the central prosecution body shows that during this year 115 criminal proceedings were registered in this area of criminality. The same report mentions that the "hacking" has also included internationals in the investigations, which in many cases has been processed through letter orders.
"Germany, Romania, the United Kingdom and the USA have sent 4 letters on cybercrime offences. While our Prosecutor's Office has sent 47 letters of order (or 7.5% of the total of letters of order) to countries such as: China, Germany, USA, Great Britain, Holland and Poland for the commission of criminal offenses of cybercrime", states the General Prosecutor in crime report.
Ping pong with the investigation
The police tell ACQJ that on average every day, 5 to 8 citizens ask for help at the police stations, for the misuse of data on social platforms, starting from threats on Instagram, Facebook, attacks on WhatsApp to the most sophisticated forms of piracy.
"Two parents have called for an investigation into the online bullying of their son, who was attacked on Instagram after a photo was taken of him", says the expert of unit C, who indicates that after examining the page, he intervened by blocking the account. "The offenders were minors and thus it was impossible to prosecute them", emphasizes the official for ACQJ, according to whom this is the easiest case to solve.
So it is difficult to say an exact number of monthly reports, according to a source of ACQJ, the increase of denunciations in the last two months is in the figures of 1000%. This situation has been influenced by the restriction of movements by Covid-19 which, according to the police expert, further impacted a closer relationship with technology and virtual communication.
But internal sources close to the police say that the police with the capacities they currently have find it impossible to detect every case in the face of the daily flow, especially since the cases that are sent to the prosecutor's office are returned again to be completed.
"The problem lies in the evidence, so how much power do you have to evidence, but normally when you have few actors to make their evidence, it will be less with the number of those who denounce and the more cases you send to the Prosecutor's Office, the more work will be loaded, as the Prosecution will return the cases for additional information. While at the same time you have to deal with new denunciations or spotting scams that can circulate on the Internet. You also have to deal with training as new practices always appear and it is impossible to fight with these capacities", the police specialist tells ACQJ.
"It has definitely increased during the pandemic. While we are doing a lot of mistake if we keep saying only in a particular field as in all fields there is cyber crime and none can be singled out", the source of ACQJ concludes the elaboration.
Among those injured in the network is Matias Ndini, who runs a film studio. Trying to make work addresses on social networks spread and known everywhere, the 24-year-old found himself in front of an unfavorable situation a year ago.
"Since I have a film studio and advertising on social networks has now become necessary, I decided to request Instagram with my studio addresses to make my addresses as verifiable addresses and after a day I received a message from Instagram that I had to send my data by filling out a form and all the other data you needed and since I definitely wanted to do it, I didn't think twice and sent them the data. Then I got a reply that you will be notified within 48 hours. It's been a week and I haven't received any notifications, I tried to log in to my Facebook, but I couldn't because someone else had managed to steal my data. After this happened to me, I went online and looked closely at who the message had come from and found that even though it was from a real site, as soon as I clicked on that page it sent me to another page that possible for the other person to steal my data", says Ndini.
But besides they managed to steal his data on social networks, they also took a lot of money from him. So he continues to suffer this fraud that was done to him, since now Facebook has forbidden him to advertise his work, damaging it.
"After this happened after 2-3 days I get a call from the bank that you made a payment of 5 dollars at 5 in the morning, then my concern increased and I notified the bank directly to suspend me from any action that happened because someone had managed to steal my bank details. But then I found out that the people who got my Facebook address had sponsored on their personal page with my bank address, since I had it connected for the job I needed. They managed to spend $150, but after multiple emails with Facebook, they refunded my money again. But this thing left me with consequences because for more than a year I have not been able to advertise my work, because Facebook has suspended my debit card, and for me this is a very important thing, since looking at it now technology has advanced and everything is done through social networks, this hinders me in my daily work", says the manager of "MBN Production".
Thanks to an in-depth search on the Internet and to protect himself in the future, Matias managed to find out from which country his data was stolen.
"I managed to find out through some scammers that the people who had accessed my addresses and managed to steal my data and spend $150 from my debit card were in Nigeria”, the 24-year-old concludes his story, who at the end has a message for young people to make sure that they will not fall prey to any fraud before doing anything online.
But in addition to these scams for stealing personal data, there are also scams that are done in the search for donations for children who are sick and need money to have an operation outside of Albania. These people manage to collect money from people through a bank account.
From the data provided by the Albanian Center for Quality Journalism, this was one of the last cases detected by the Police. 3 suspects through several posts on Instagram collected significant sums through appeals for charity using the data of a child abroad.
But a surprise WhatsApp message informing the user that he has won a lottery turned out to be another form of cyber fraud. Even for this finding of "pirates", the police warned citizens to be careful.
This is also confessed by journalist Dritan Laçi, who was sent such a message on WhatsApp.
"It all started from a message on my whatsapp number, where I was informed by a foreign number that I had been selected as the winner of the whatsapp lottery. Of course, the amount was tempting and who wouldn't want to acquire that amount. But in order to 'own' the amount, I had to follow a series of technicalities, where I had to send the data in an email, then they took me a bank card and a page where I had to communicate with their mail. Of course, the whole procedure had its doubts", says Laçi.
The 40-year-old says that he followed this scam almost to the end to understand how far people go to send these messages.
"I got in touch with a banking specialist who explained to me why the data they had provided was not original, that is, starting from email, bank, post office, where the fraud had gone as far as to make the fraud credible, they had built a page of which was "fake". The whole point was for the people who fell prey to this scam to pay into the bank account of the person who created this mega-scam, an amount ranging from $180 to $300, if you wanted the mastercard they dropped by express mail the money. Of course I followed all the technicalities required of me to understand how far the scam went, but I didn't fall for it", the journalist concludes his story.
But apart from these scams that aim to acquire money, the most vulnerable age group is that of minors and teenagers, who are more exposed to pornographic materials or sexual harassment, carried out through the Internet.
The national strategy sounds the alarm by emphasizing, according to a study, about 12 9-year-old school children say that their parents have no knowledge of the dangers of the unsafe Internet.
"From the study of the situation in 7 regions of the country, ascertained through awareness campaigns, in which about 12.000 children of 9-year-old schools were involved, to a large extent the children confirm that their parents do not have clear information about the dangers of using of the Internet not safe from children", is accepted in the official document.
This disturbing fact is also confirmed by the director of the Center for the Protection of Children's Rights in Albania (CRCA), Altin Hazizaj, who adds that during the pandemic there was a high number of sites that distributed pornographic materials. As for the part of cooperation with state bodies, he describes them as long processes and not always fruitful.
"There has been a 1000% increase in sites that distribute child pornography during the pandemic, even with Albanian children. While on the part of the state institutions, it is a long process and not always with results, since the Police still do not have the right equipment to find the servers that distribute these pornographic materials. Out of 100-200 cases that we have reported to the Police, only one case has been successful", says Hazizaj.
A report published in August 2020 by UNICEF.
According to this organization, between 5000 and 20.000 referrals are made annually by international partners in just one year. "From 2016 to 2018, only 12 cases were investigated and only 1 case was discovered", says the report.
It is also noted in this report that "The methods used by law enforcement agencies in investigating crimes before the digital age are no longer sufficient and adequate in the face of the evolution of cybercrime and continuous technological developments".
