Who hacked the website of North Macedonia’s state election commission on election day?

Who hacked the website of North Macedonia’s state election commission on election day?
The website of North Macedonia’s state election commission was targeted by hackers immediately after polls closed in the snap general election on July 15.
By Valentina Dimitrievska in Skopje July 19, 2020

The website of North Macedonia’s State Election Commission (SEC), or to be more exact the site's election section, was targeted by hackers immediately after polls closed in the snap general election on July 15, leaving the question of who stands behind the attack?

Even though the elections passed in a free and democratic manner and were among the most peaceful in the country so far, the denial-of-service (DDoS) attack left a big stain on the election — the first since the country changed its name to North Macedonia and become a Nato member.

The election ended with a narrow lead for the ruling Social Democrats (SDSM) ahead of the opposition VMRO-DPMNE. Some VMRO-DPMNE supporters have already indicated they will not accept a new SDSM-led government. 

The SEC was hacked immediately after voting ended at 9pm on Wednesday. The election section then recovered for few minutes but the results disappeared again, preventing journalists and other interested people from monitoring the election results, which were announced with a huge delay a day after the election.

At the same time as the SEC site was brought down, the local news aggregator Time.mk was also hacked, but it recovered more quickly.

“We are under DDoS attack,” owner of Time.mk, Igor Trajkovski, said in a tweet at the time of the cyber attack. It was reported that Time.mk was attacked with more than 20mn IP addresses on July 15.

Institutional flaws

Most countries take measures to protect their electoral infrastructure in order to provide the maximum security on election day, which was not the case here in North Macedonia.

The cyber attack on the SEC website, which targeted the election platform, raised many questions about the way institutions in North Macedonia protect the election process.

The Macedonian Public Security Bureau does not even run its own website where people can get information about cyber security.

Officials from the local software company Duna Computers, which was selected before the election to manage the SEC’s electronic system for election statistics, said that the application for the election is a separate platform, which is independent from the SEC website, pointing out that the problem was with the SEC servers.

"We immediately told them that what happened was an attack and that there was no connection with Duna's election application,” Duna Computers’ owner Aleksandar Pajkovski said.

The attack was stopped as soon as Austrian telecommunication company A1 Austria, which has a unit in North Macedonia, A1 Makedonija, whose network SEC is using, intervened.

The cyber attack also raised other issues, such as controversial software procurement. Local media reported the day after the election that the procurement of the software by SEC was disputable, as Duna Computers was selected without a transparent tender.

Two local firms were invited to provide the software for processing election data, Duna and iVote, and Duna was selected by the SEC on June 19. The appeal by iVote was rejected and Duna officially won the contract on July 8, one week before the election.

Left wondering 

The unprecedented cyber attack slowed the entire procedure of entering the votes while citizens and the media are still wondering what really happened.

As there are many doubts about the results, SEC president Oliver Derkoski said that the commission will now decide whether to have a manual count of the votes, something that happened in Kosovo's election in October 2019.

After he read the first results, Derkoski, who comes from the opposition VMRO-DPMNE, said that the website was probably a target of external hackers and that the issue will be investigated. 

Strangely, the cyber attack was only reported a day after the election, to the interior ministry, which is led by minister Nake Culev. also from VMRO-DPMNE. Culev is part of the interim government, including opposition members, that has run the country since January 2020 to open the way for the snap elections.

Election credibility undermined 

The civic association MOST, which regularly monitors the country's elections, pointed out that although the election took place in a fair and democratic way, the hackers’ attack on the election platform might be a deliberate attack to disturb the electoral process.

MOST said that due to the attack, there is no complete insight into the initial election results.

"The timing with which the attack took place indicates that probably a previously planned attack was made to disrupt the credibility of the election process," MOST officials said.

Some staunch VMRO-DPMNE supporters hinted in a casual conversation with bne IntelliNews that nothing is accidental and that the attack could have been ordered from abroad by ex-prime minister and former VMRO-DPMNE leader Nikola Gruevski, who fled to Budapest in 2018 to avoid a prison sentence.

They even warned that if the formation of a new government does not go in favour of VMRO-DPMNE, which has not admitted defeat in the election and wants to return to power, “blood will be shed.”

VMRO-DPMNE hopes that the SDSM will fail to form a government, opening the way for the opposition party to return to power.

In a private conversation, some VMRO-DPMNE supporters even warned that should the party fail to return to power there will be political turmoil that will be much worse than the storming of the parliament in 2017, when the SDSM elected Talat Xhaferi from the ethnic Albanian party Democratic Union for Integration (DUI) as speaker. The attack on the parliament left more than 100 people injured including SDSM leader (later prime minister) Zoran Zaev, and current Defence Minister Radmila Sekerinska. That prompted court processes against many VMRO -DPMNE officials.

Levica (the Left) looks like a rightist party

The election was also marked by hate speech and a narrative of violence which came mostly from political newcomers.

Dimitar Apasiev, leader of Levica (the Left) that will enter the parliament for the first time, was accused by the SDSM by using “hate speech and threats with a fascist narrative”. 

Despite its name and initial role as a supporter of workers’ rights, Levica is closer to the right-wing conservative VMRO-DPMNE.

"We condemn the dangerous calls from Levica and we ask the Public Prosecution Office to react, as there is no tolerance for threats with a fascist narrative,” SDSM said.

Law professor Apasiev, who will become one of the party’s two MPs, said in a Facebook post following the election “You lick us in vain. We'll shoot everyone!”

In another post he used street language in his reaction to SDSM threats to file charges against the following comment: 

“Sorospiski [Soros-connected] sweethearts. I am a new to politics, but I am a professor in law. Don't hit me with these bullets.”

VMRO-DPMNE claims the Colourful Revolution of 2016 was financed by philanthropist George Soros.

Apasiev, who claims election theft as he is convinced his party should have won several more seats in the assembly, also told a news conference that he does not want to enter into coalition with the SDSM.

After the election, Zaev announced he is going on holiday and will launch coalition talks to form a new cabinet after the big Macedonian national holiday on August 2.