Photo: Meta.mk

Written by: Meri Jordanovska and Antonija Popovska

Eight cities, a total of 905 false bomb threats, of which 876 were in elementary and high schools. Almost a third of the threats occurred on Wednesday, while the fewest threats occurred on Monday. February was the month with the most threats – only on five days during the school week (not including weekends) there was no false bomb threat placed in a school facility. Elementary schools were targeted more often than high schools.

In short, these are the conclusions from all previous false bomb threats in the country analysed by Meta.mk, after obtaining data from the Ministry of Interior, using the Law on Free Access to Public Information. The MOI provided us with a list of all threats of explosive devices to schools and 42 other institutional facilities.

According to the figures, it turns out that there was a total of 905 false bomb threats, and it is evident that the main target of the perpetrators were schools, with the intention of instilling fear and panic precisely among children and their parents.

The first bomb threat was reported on October 26th of last year, and the last one for which there was a record, was on March 2nd of this year.

Infographic: Meta.mk

According to the current trend of bomb threats, it can be concluded that after implementing the new protocols in schools, the threats that profoundly influenced and disrupted the educational process, causing fear and panic among the population may possibly disappear completely.

According to the data, there were more bomb threats in primary schools – 544, than in high schools – 332. Threats in eight cities have been registered across the country, most of which were in Skopje (836), Kumanovo (25), Prilep (17), and Bitola (12).

The false threats of explosive devices that have been placed were sent from 76 email addresses, which practically means that an average of 12 false threats were sent from one email address.

In January, the students were on winter break, so only two false bomb threats were recorded during that month, on January 5th, which again indicates that the targets of the false threats were schools and in particular, the students. The highest number of false threats occurred in February – a total of 439, with only five days during the work week without a bomb threat. In November of last year, there were 30 threats, in December 272, and on March 1st of this year, a record was reached – as many as 120 schools and other institutions received a false bomb threat in a single day. The next day, March 2nd, there were 30 threats, and then, according to the protocols which were implemented, this issue is not being reported to the public.

Infographic: Meta.mk

Namely, according to the protocol of the MOI which has been in place since the beginning of the month, the public is no longer informed about whether there are threats of explosive devices placed in primary and high schools, as well as other facilities in the country unless the competent authorities decide to disclose such information. The new protocols were introduced to minimize panic and anxiety among the public and to ensure that the daily routine of students, teaching staff, and parents is maintained without unnecessary stress.

In addition to this, there is also a confidential protocol in place. According to testimonies from teaching staff in schools, the police conduct checks before the start of classes, and entry into the facilities is not allowed without prior notice. Private security checks external persons when they enter and leave the school, and cameras must constantly be turned on.

A specific pattern in bomb threats cannot be precisely determined, except that such threats have been more frequent towards the middle or end of the work (school) week, rather than at the beginning.

Mitko Dimovski, the principal of the Skopje high school “Orce Nikolov,” which received the most email threats, says that a certain pattern can still be established among the senders of the false threats, as they always “targeted” the shifts of the second-year and fourth-year students.

“What was most indicative is that most of the threats were received during the shifts of the second-year and fourth-year students. There was no precise sending time, but it always happened during the same shift. To prevent students from missing classes, we decided to change the shifts in such a way that the first-year and third-year students started having classes in the shift during which the second-year and fourth-year students previously had classes. However, even with this change, threats still occurred during the shifts of the second-year and fourth-year students. Now, with the new instructions from the MOI, the school has been secured, checks are carried out, there are no threats since the addresses have been changed, and classes are held normally without interruptions, he said to Meta.mk.

Computer experts are not optimistic that the perpetrators can be located

So far, the police have identified three minors as suspects for some of the false threats of explosive devices which have been planted, but there is no resolution to the cases yet.

On November 2nd of last year, N.N. from Skopje was arrested on suspicion of being linked to the bomb threats, but criminal charges were not filed against him. On December 5th, a minor from Skopje was charged with terrorism. According to the MOI, he created an email address through which he sent threatening messages about explosives which have been planted in four high schools, accessing the network of a telecommunications operator from his personal computer.

Later, on December 22nd, a 15-year-old from Kavadarci was also charged for suspicion of sending bomb threats to three primary and three high schools in Kavadarci on December 4th and 12th. According to the MOI, he sent the messages through a “hacked” email address, directly from his personal computer.

Five days ago, a criminal charge for terrorism was filed against a 15-year-old minor. On February 4th, using his mobile phone, he created an email address and on the same day, using his laptop from his home, sent a threatening message to the official email address of a high school in Skopje.

However, the question of whether minors and students are really behind the majority of the threats of explosive devices, which are not only happening in the country but also in many countries around the world, remains an open question. Inasmuch as the Minister of Interior, Oliver Spasovski, has stated on several occasions that the bomb threats in schools represent a hybrid attack on the country, that they are launched from abroad, and that it is a matter of a hybrid war, as a continuation of the real war that Russia is waging in Ukraine.

Regarding the source of the bomb threats, Spasovski on one occasion stated that they were being sent from IP addresses in Iran and Russia, as well as VPN addresses whose providers were also from these countries.

“Interestingly, the payments for VPN services are made with cryptocurrency, which further complicates investigative efforts,” he said.

Prime Minister Dimitar Kovachevski has also reiterated on several occasions that cyber warfare and hybrid attacks are part of the war being waged in Ukraine, as they are not limited to this country, but are also occurring in many NATO member states.

Bomb threats in schools became a daily occurrence on a global scale

According to experts on the matter, if the bomb threats are indeed supported by foreign countries, it will be difficult to locate the perpetrators, who obviously have a good knowledge of how to evade detection.

“The informants use proxy servers, i.e. email systems that do not cooperate with our law enforcement agencies, nor do they cooperate with other law enforcement agencies such as the FBI and the like. Simply put, a user name is created without recording which IP address the emails are sent from. They are registered in countries that do not cooperate and use email systems in which you cannot detect which IP address the email was sent from. This is because there are ways to protect email systems that do not keep IP addresses and do not require alternative addresses for registration. For example, Gmail is different. If you want to create an email address on Gmail, you need to enter two emails and a phone number for validation, which serves as proof that you are the sender,” explains Ivan Chorbev, a professor and former dean of the Faculty of Computer Science and Engineering (FINKI) for Meta.mk.

He says that the only way to track down the senders is if they make a mistake and are caught that way. Professor Aleksandra Mileva from the Department of Computer Technologies and Intelligent Systems at the “Goce Delcev” University in Shtip is of the same opinion.

“There are several ways to send an anonymous email or surf the Internet anonymously, without leaving traces in the electronic message or traces of access to a particular web server that could lead to the real user. There are providers of anonymous email accounts that do not track you, do not require any information about you during registration, and do not keep logs of sent messages. There are also services for sending emails without any registration, such as those for one-time use (so-called “burner” emails). However, to truly hide the sender’s IP address, special no-log or zero-log virtual private networks (VPNs) are used, which hide the user’s IP address and do not allow web pages and services to learn the user’s true address, while at the same time, the traffic sent through them is encrypted,” she explains.

Their no-log policy, according to Mileva, guarantees that they do not track, record, or keep logs of their users’ activity, i.e., they do not keep information about IP addresses, the pages which were accessed, traffic logs, and the like.

“The situation is similar when it comes to using the Tor browser, which redirects traffic through multiple network nodes and makes it impossible to trace back to the actual sender” Mileva explains.

Due to all these well-developed mechanisms, Professor Chorbev believes that it is a good decision not to disclose data about bomb threats to the public, because if practice shows that they are false, they should be ignored, as the authorities have been doing these past few weeks.

This investigative story was prepared as part of the project “Increasing Civic Engagement in the Digital Agenda – ICEDA”, co-funded by the European Union and implemented by the Metamorphosis Foundation (North Macedonia), the e-Governance Academy (Estonia), Movement Mjaft! (Albania), Partners for Democratic Change Serbia (Serbia), NGO 35mm (Montenegro), and Open Data Kosovo (Kosovo).

This investigative story was prepared with the financial support of the European Union. The content of this investigative story is the sole responsibility of the Metamorphosis Foundation and the author and in no way reflects the views of the European Union.

Link to the original article: The pattern of false bomb threats: 905 threats, eight cities, 76 email addresses [infographic] | Meta.mk

Share: