The false threats of explosive devices that have been placed were sent from 76 email addresses, which practically means that an average of 12 false threats were sent from one email address.
In January, the students were on winter break, so only two false bomb threats were recorded during that month, on January 5th, which again indicates that the targets of the false threats were schools and in particular, the students. The highest number of false threats occurred in February – a total of 439, with only five days during the work week without a bomb threat. In November of last year, there were 30 threats, in December 272, and on March 1st of this year, a record was reached – as many as 120 schools and other institutions received a false bomb threat in a single day. The next day, March 2nd, there were 30 threats, and then, according to the protocols which were implemented, this issue is not being reported to the public.
Computer experts are not optimistic that the perpetrators can be located
So far, the police have identified three minors as suspects for some of the false threats of explosive devices which have been planted, but there is no resolution to the cases yet.
On November 2nd of last year, N.N. from Skopje was arrested on suspicion of being linked to the bomb threats, but criminal charges were not filed against him. On December 5th, a minor from Skopje was charged with terrorism. According to the MOI, he created an email address through which he sent threatening messages about explosives which have been planted in four high schools, accessing the network of a telecommunications operator from his personal computer.
Later, on December 22nd, a 15-year-old from Kavadarci was also charged for suspicion of sending bomb threats to three primary and three high schools in Kavadarci on December 4th and 12th. According to the MOI, he sent the messages through a “hacked” email address, directly from his personal computer.
Five days ago, a criminal charge for terrorism was filed against a 15-year-old minor. On February 4th, using his mobile phone, he created an email address and on the same day, using his laptop from his home, sent a threatening message to the official email address of a high school in Skopje.
However, the question of whether minors and students are really behind the majority of the threats of explosive devices, which are not only happening in the country but also in many countries around the world, remains an open question. Inasmuch as the Minister of Interior, Oliver Spasovski, has stated on several occasions that the bomb threats in schools represent a hybrid attack on the country, that they are launched from abroad, and that it is a matter of a hybrid war, as a continuation of the real war that Russia is waging in Ukraine.
Regarding the source of the bomb threats, Spasovski on one occasion stated that they were being sent from IP addresses in Iran and Russia, as well as VPN addresses whose providers were also from these countries.
“Interestingly, the payments for VPN services are made with cryptocurrency, which further complicates investigative efforts,” he said.
Prime Minister Dimitar Kovachevski has also reiterated on several occasions that cyber warfare and hybrid attacks are part of the war being waged in Ukraine, as they are not limited to this country, but are also occurring in many NATO member states.
According to experts on the matter, if the bomb threats are indeed supported by foreign countries, it will be difficult to locate the perpetrators, who obviously have a good knowledge of how to evade detection.
“The informants use proxy servers, i.e. email systems that do not cooperate with our law enforcement agencies, nor do they cooperate with other law enforcement agencies such as the FBI and the like. Simply put, a user name is created without recording which IP address the emails are sent from. They are registered in countries that do not cooperate and use email systems in which you cannot detect which IP address the email was sent from. This is because there are ways to protect email systems that do not keep IP addresses and do not require alternative addresses for registration. For example, Gmail is different. If you want to create an email address on Gmail, you need to enter two emails and a phone number for validation, which serves as proof that you are the sender,” explains Ivan Chorbev, a professor and former dean of the Faculty of Computer Science and Engineering (FINKI) for Meta.mk.
He says that the only way to track down the senders is if they make a mistake and are caught that way. Professor Aleksandra Mileva from the Department of Computer Technologies and Intelligent Systems at the “Goce Delcev” University in Shtip is of the same opinion.
“There are several ways to send an anonymous email or surf the Internet anonymously, without leaving traces in the electronic message or traces of access to a particular web server that could lead to the real user. There are providers of anonymous email accounts that do not track you, do not require any information about you during registration, and do not keep logs of sent messages. There are also services for sending emails without any registration, such as those for one-time use (so-called “burner” emails). However, to truly hide the sender’s IP address, special no-log or zero-log virtual private networks (VPNs) are used, which hide the user’s IP address and do not allow web pages and services to learn the user’s true address, while at the same time, the traffic sent through them is encrypted,” she explains.
Their no-log policy, according to Mileva, guarantees that they do not track, record, or keep logs of their users’ activity, i.e., they do not keep information about IP addresses, the pages which were accessed, traffic logs, and the like.
“The situation is similar when it comes to using the Tor browser, which redirects traffic through multiple network nodes and makes it impossible to trace back to the actual sender” Mileva explains.
Due to all these well-developed mechanisms, Professor Chorbev believes that it is a good decision not to disclose data about bomb threats to the public, because if practice shows that they are false, they should be ignored, as the authorities have been doing these past few weeks.
This investigative story was prepared as part of the project “Increasing Civic Engagement in the Digital Agenda – ICEDA”, co-funded by the European Union and implemented by the Metamorphosis Foundation (North Macedonia), the e-Governance Academy (Estonia), Movement Mjaft! (Albania), Partners for Democratic Change Serbia (Serbia), NGO 35mm (Montenegro), and Open Data Kosovo (Kosovo).
This investigative story was prepared with the financial support of the European Union. The content of this investigative story is the sole responsibility of the Metamorphosis Foundation and the author and in no way reflects the views of the European Union.
Link to the original article: The pattern of false bomb threats: 905 threats, eight cities, 76 email addresses [infographic] | Meta.mk