Increased cryptocurrency traffic is often the only source of knowledge that a major ransomware attack has occurred, as a huge number of attacks go unreported.

Arben Murtezić

For a man who spends his life in the middle of discussions about religion and nation that often sound, and sometimes are, centuries old, the news about cyber attacks can almost make him happy. So we are still, in a way, part of the modern world. On the other hand, of course, it is a problem whose seriousness can hardly be overestimated.

Information about the recent attack on the portal and servers of the Parliamentary Assembly of Bosnia and Herzegovina is quite scarce and it is really not unusual. This is one of the rare situations where the limitation of transparency is somewhat justified. Attackers should not be provided with precise information about what they were able to do. In addition, in such cases, it is difficult to establish, beyond a reasonable doubt, who the attacker is. In an atmosphere of mistrust, additional sowing of doubt and baseless blame is unnecessary. As always when we are faced with a problem, the causes and excuses are sought in the complex state system. But the fragmentation and absence of a state strategy does not make particular sense, because there is a global consensus that the unification of certain standards is necessary. For example, the USA and Japan are signatories to the Budapest Convention, which is a document of the Council of Europe. However, there are also disunities.

In this sphere, institutions at all levels in Bosnia and Herzegovina are also faced with the fact that young professionals put work in the civil service at the top of their wish list, dozens of candidates who meet the requirements are waiting for each position, especially those with degrees in social sciences. This is not the case when it comes to IT-related positions, systematized positions remain empty for a long time because qualified personnel are employed in private companies. The problem here is also in the regulations that mostly recognize formal schooling and do not valorize certificates and professional education. However, it should be known that even the institutions of the richest countries generally do not have the necessary resources, but are forced to resort to various forms of public-private partnership.

When it comes to the attack on the media house based in Mostar, they have presented more information to the public and it seems to be a standard ransomware attack. This is probably the biggest scourge in the digital world in terms of damage and prevalence. It is blackmail software that locks, “kidnaps” files and those who control the program demand a certain amount of money, often in cryptocurrencies, to allow the victim to regain access to the data. A representative of the affected television told the media that there are no guarantees that the data will be unlocked or that the attack will not be repeated. Essentially, the situation is like almost any blackmail. The extent of this problem is also reflected in the fact that a significant number of Western companies keep certain amounts of bitcoins in reserve in order to be able to pay off the blackmail quickly enough. Increased cryptocurrency traffic is often the only source of knowledge that a major ransomware attack has occurred, as a huge number of attacks go unreported. One of the reasons is reputational risk, but something else is important for our context. It follows from the above that the trust that companies and even private individuals have towards government agencies is very low even in the most developed countries. Simply put, it doesn’t seem to make much difference whether ransomware hit you in Paris or Sarajevo, or whether you’re a citizen of Bosnia and Herzegovina or Belgium. There is no discrimination here, and you can rely almost as little on the help of state authorities or EU institutions.

 

Arben Murtezić, Director of the Center for the Education of Judges and Prosecutors of the Federation of Bosnia and Herzegovina