By Ferdinand Dervishi
(original article in Albanian)
Following the event of August 2nd, 2023, when a well-organized group, led by a Senior Police Officer, attempted to or successfully carried out an unauthorized intrusion into the TIMS system, the concerns of the American Embassy has increased.
The first person to publicly address the situation was the Chargé d’Affaires of the US Embassy in Tirana, Martin McDowell. The same concern was expressed afterwards by David Wisner, the Charge d’Affaires at the US Embassy and Christiane Hohmann, the Ambassador of the EU delegation in Albania.
But as the concern of the Americans diplomats developed, i.e. in an increasing trend, the Albanian officials responsible for the event, in sync with each other, reflect strategies trying to emit ignorance as a means to manipulate the public opinion, but also to reduce the scope of the scandal.
Two days after the meetings of the American representatives, on August 25, the first individual accused of being responsible of the intervention, published an article where, among other things, he tried to justify and minimize the event. A few hours later, as if they were fully synchronized in a cast, the Prime Minister also took the same stance. Both aimed to convince the public opinion that, with the TIMS system, there was nothing to worry about and that nothing has happened.
On August 30th, last in line, it was the Minister of the Interior, Taulant Balla, who would try to bring down the created chaos, but by lying from “a” to “z”.
He stated that what had happened was within the framework of the measures that public institutions are taking against the cyber-attack of a year ago. So the Minister talks about measures taken a year following the attack, and for a measure targeting only the Police, at a time when millions and millions of euros from the state budget were spent to close the information leakage holes (according to a public denunciation of MP Agron Shehaj, the National Agency of the Information Society AKSHI, has made 30 million euros of secret tenders for data storage).
But this reminder one year after the events, also contradicts our own stereotype, since in the last decades, in Albania we start making repairs or put patches immediately after a bomb explodes in our hands; only after we are scorched by wildfires in the summer; only after we are flattened by floods and snow in winter; as all our fields and hills are planted with cannabis; as our personal and state data are stolen; as people are killed on our beaches by speedboats, etc., etc.
The Minister further stated that “there are no concerns relating to a data leak from the TIMS system.” Yes. This may even be true. The accused individuals may have been unable to copy the TIMS system because they were incompetents, or because they may have got tired waiting the system itself or by its delays. But since the time at disposal of the attack was more than enough, and considering that the alarm was given in the meantime, why not think that the data was successfully copied and were transferred to their destination?
Meanwhile, an evil mind may have taken care to place a hard drive, possibly empty, next to the only computer with known passwords.
This concern has also been raised by the police officers of the database and server sector, who sent an anonymous e-mail to all security structures, writing: “Go run and stop the people who have the disk with the most sensitive police data in their pocket. This is an alarm that should wake up the entire state.” Furthermore, the minister should know that, in the Criminal Code, “attempt” is almost equivalent to “theft”, in this case, of TIMS data. It is the same as the relation between “attempted murder” and “murder”.
Further, in the statement, the Minister said that the actions were carried out by “a new team within the General Directorate of Police, (which) from June, has undertaken a complete change in the way of technical administration and security…”
But here the question marks are both numerous and bitter. Who is hiding behind the characters that the Minister calls “new team” and within the “General Directorate of Police”? Who is part of this “new team” which is not only within the Department of Technology and Information? What connects these people to each other who form a “new team”? Are they the same people who may have been accused of leaking data in the same way, in previous professional circumstances, as the Senior official? Why is the main author accused by his colleagues’ e-mail, as the man behind the scandal of the sale of data from the tax directorate database, and a month ago, of the theft of the entire database of the Albanian Cadastre containing all real estate assets of Albanians, a theft that was under the pretext of creating the new digital cadastre?
Who selected and catapulted him to the sensitive post of Director of the IT Department in the General Directorate of Police? Why he, and his team, all recently appointed, have not been equipped with specific security certificates for the job position they would take on? Why can’t anyone give an accurate answer as of how they were appointed? And finally, why they have been appointed with the greatest secrecy?
At the end of his public statement, the Minister said that “it is not true that there are charges over the case, but I have requested that the information available to the police surveillance agency, to be also evaluated by the prosecution in the case there is any element, this is a new standard to be followed…”
Here again, a minimizing strategy seems to appear. Because forwarding the case, from the AMP to the Prosecutor’s Office, this has absolutely the value of a criminal charge, while the part where the Minister talks about “new standards” he is setting in the Police, for many who know him well, this sounds ridiculous.
And why, starting from the main individual accused for the incident, continuing with the Minister and the Prime Minister, everyone seems interested in minimizing this event? Why does it appear to have the consequences of a hot potato, and why do the American representatives appear deeply concerned, and why does it have the elements to be classified as a file that should be pursued by SPAK?
Because, first, the event has the appearance and content of a well-thought-out and well-organized action/attack against one of the most delicate sectors of the Police. The attack or action has been calculated to take place at the end of the official working hours, and if you read the e-mail that the police officers forwarded to some major media, to SPAK, Altin Duman, Taulant Balla, Muhamet Rrumbullaku, Neritan Nallbat, Ardi Veli, the Prime Minister, SHISH and Transparency Unit of SHISH, one has the impression that they may have felt terrorized throughout this attack.
Two situations in particular appear to be extreme. The first when the main author of the attack ordered his subordinates to block all access to the e-mail or any computer that is part of the State Police for Ardit Muça, the key whistleblower of the incident to his superiors, so that he would not communicate or write e-mails to his superiors. And the second, when the main author of the attack, according to the e-mail, “asked to urgently contact the person responsible for the security cameras of the premises, where the data export was carried out by unknown persons, but at that moment the person responsible for the cameras did not respond.”
So, implicitly, we are dealing here with an attempt to damage evidences. The file with the evidence and testimonies about this event, fortunately also with a seized hard drive, as well as the footage in the premises where the attack took place, have already been sent to the Prosecutor’s Office of Tirana, even though the event as a whole has all the elements to be classified as a case that should be investigated by SPAK. Here’s why.
First, the attack lasted about 12 hours. It started at noon and ended the next day around 9-10 am, when AMP, Cybercrime and the Directorate of Standards blocked the scene. According to the anonymous e-mail of the police officers, they didn’t delay a minute to give the alarm: “Ardit Muço… immediately… informed the General Director of Police Mr. Muhamet Rrumbullaku and the Director of Crimes Mr. Neritan Nallbati .” Ardi Muço’s communication with his superiors took place around 3:00 p.m.
Meanwhile, the alarm fell on deaf ears. At this point, the questions are: why haven’t the two senior police leaders reacted immediately, or sooner? Have they shared the alarm with Minister Balla? What did the Minister say? Did he ask them not to react, or the other way around? Can it be proven with whom Directors Rrumbullaku and Nallbati communicated all day? How is it possible that the attackers were given infinite time to accomplish their goal? Who were the people interested in these individuals to achieve their goal? Who guaranteed them, who was the main figure behind the scene, who gave them “power”, immunity, guarantee, to continue to carry out the mission in the infinite time of 12 hours?
Who is responsible for not responding during this time? Why did the database and server staff feel terrorized by what was happening and why were they abandoned by their superiors? Why didn’t anyone dare to help them? Why were they abandoned by everyone?
Why did these people, who felt sorry for the state and the police, send an anonymous e-mail in the middle of the night as a desperate last attempt to wake up the state and stop some people who are too strong for their motives? Why did the situation change and Minister Balla – if we believe his words – or the police chiefs ordered an investigation only when SPAK and others learned about the incident?
And finally, who was the man who negotiated with the media, and successfully blocked them, from publishing the alarming email of the Police database and server employees?
Well, at this point, when Ministers and Senior police officers appear in the game, in front of them, in terms of justice, there is no place for the Prosecutor’s Office of Tirana, but for the SPAK!
0 – 0 – 0 – 0 –
What did the Minister of the Interior declare about the TIMS system.
Question: Is it functional at every border points? The Americans have officially come to you to tell you that they were concerned that the TIMS system data had been stolen. The Prime Minister promised us that no data was misused and there was no problem there, but the AMP has filed a complaint with the Prosecutor’s Office. If the fact did not happen, as the Prime Minister came to the conclusion, why did the case go to the Prosecutor’s Office?
Answer: Now, you ask the questions and give the answers. I guess I’m here to answer questions. The first thing is very clear, that in the media, suspicions always become ‘fait-accompli’. The truth is completely different. So, Albania was subject of by a cyber-attack in the summer of 2022 and from that moment, naturally, all institutions are taking measures to increase the defense firewalls against any form of cyber-attacks. We are not the only country, I don’t know that there is a country today in the world we live in, which has not been or is not almost every day under certain cyber-attacks. Word is, the US has just destroyed one of the biggest hacker gangs known to the US today. So the truth is that this is a battle. There is none of those concerns that was an allegedly leak of data from the TIMS system, even the claims raised at the beginning of July or at the end of August, the truth is that while a new team within the General Directorate of Police, since June has undertaken a complete change in the way of administration, in terms of technical and security aspects, it naturally happens that those who have left may be critical, may also have complaints, may even raise doubts about the work done by those who have taken over this task.
But I must guarantee every citizen of the Republic of Albania that no data from TIMS have been leaked and there have been no problems. Regarding what you say about the report, it is not true that there is a charge, but I have requested that the data available to the AMP, shall also be evaluated by the Prosecution if there is any element and this is a new standard which will be and will be established in all the dependency structures where I have the honour to lead, that in all cases, even when there is no conviction that has elements of a criminal offense, again this should be put to the Prosecutor’s Office to evaluate because I remember that I am also informed, as is the Special Anticorruption Prosecution, by certain employees, who were not identified, who raised this concern, and I think that this new standard that is being established will be respected every day and will be consolidated as a new standard in the Ministry of the Interior and in the structures of its dependence. We always want to guarantee that there are no problems at any border points, to guarantee that every citizen has no delays, and you have seen that during the month of August I tried to visit all the border crossing points myself and in all the points where I have been, I have been informed that we have no problems.
Question: Mr. Minister, has the physical protection plan of the head of SPAK changed, and if so, have there been threats against Mr. Dumani? Thank you.
Answer: I don’t want something to be thrown in the media and then it becomes part of the news of the day and then we all have to run to clarify it. The truth is completely different and I want to guarantee not only SPAK prosecutors, judges, but every citizen of this country that the State Police is on duty to guarantee that everyone is safe. So from this point of view, I have communicated with the Director General of the State Police, who I have asked to also contact Mr. Dumani, to guarantee that the State Police does its duty, as we intend to guarantee the public safety of every citizen, we have the maximum responsibility to guarantee the public safety of every official of this state, who with his work implements the Constitution and the Law, and naturally you can be sure that the attention of the State Police and the care of The State Police, even if there will be, until the moment we speak, I am not informed that there is a request or that we have a problem with what you are saying.