Password hack claim puts cyber security on the public agenda in North Macedonia · Global Voices
Metamorphosis Foundation

Ministry of Finance of Republic of North Macedonia in Skopje. Photo by Meta.mk, used with permission.
This story is based on reporting by Global Voices content partner Meta.mk News Agency, a project of Metamorphosis Foundation.
In North Macedonia, a hack targeting the email addresses and passwords of government officials may have missed its mark. But the attempt did succeed in briefly making cyber security a national talking point.
Twitter recently suspended the anonymous Twitter profile named “Powerful Greek Army”, which on May 10 published a text file that it claimed contained the emails and passwords of employees at the Macedonian ministries of Finance and Economy.
“Macedonia's”
Ministry OF Economy & Ministry OF Finance Hacked #PGA
Database LEAK: https://t.co/4xcyCtXtjO
(Includes all of the employees passwords & emails)
— Powerful Greek Army (@PowerfulArmyGR) May 10, 2020
The Government of Republic of North Macedonia promptly knocked back the claim, however, and noted that the hackers had in fact only published passwords no longer in use.
Дел од е-маил адресите не се во функција повеќе години, бидејќи нивните корисници не работат веќе во министерствата, а лозинките на сите објавени е-маил адреси се стари и се променети пред повеќе од седум години и во тие сандачиња не може да се пристапи преку објавените лозинки.
Part of these email addresses have been inactive for many years since their users don’t work anymore at these ministries, and the passwords of all the published email addresses are either old or were changed more than seven years ago. The respective user accounts and their mailboxes cannot be accessed through the published passwords.
In another media statement, the Minister of Economy Kreshnik Bekteshi explained that “no damage has been done” to the ministry's system and noted the ministry's IT department had informed him that no confidential data was stolen.
The minister further stated that both ministries have had their systems for official email services renewed and that complex passwords had been introduced for official email addresses, along with cyber security protocols that decrease the risk of systems getting compromised.
In their initial statement, the Government noted that its work strengthening the IT systems in state institutions was part of a comprehensive National Cyber Security Strategy and Action Plan.
That has not stopped pro-opposition profiles, including members of the VMRO-DPMNE troll army, from trying to use the scandal as proof of ruling party incompetence, however.
Ова не се лични работи бе црепојно, службени мејлови се од министерствата за економија и финансии. Кој ќе одговара за овој башибозук??
— ︽☆︽ Чиз™ ︽☆︽ #АΨ (@C4i7Z) May 13, 2020
These are not personal matters, you dummy, but official mails from the ministries of economy and finance. Who would be held accountable for this bashi-bazouk [unruly or chaotic management]
Media close to this political party, such as Hungarian-owned Alfa TV and its associated website express.mk, attempted to raise tensions with unverified sensationalist headlines such as “Employees in panic, Greek hackers breach [ministries of] finance and economy.”
Such comments are in spite of the fact that any breach, if one did occur, likely occurred during the period from 2006 to 2017 when the VMRO-DPMNE party was still in power.
Indeed, in the three weeks since the alleged hack took place, no-one has produced evidence that would contradict the government's position that the password list was at least seven years old.
Around the same time, the @PowerfulArmyGR Twitter profile boasted that it had hacked the websites of two Macedonian educational institutions and posted screenshots of supposedly vandalized web pages.
However some Macedonian Twitter users doubted the hacker credentials of the “Powerful Greek Army,” implying that the list might have been built from previous hacks.
Others cast doubts on the national identity of the hackers which was never independently verified, with some users speculating that the leak might be the work of opposition moles or foreign agents.
А како знаеме дека се грчки а не руски хакери кои само се претставуваат како грчки за да извршат хибриден напад на нашата земја а со тоа и на НАТО? ?
— Миталик (@DiMithril) May 13, 2020
How do we know they are Greek, when they might be Russian hackers who only pose as Greeks to conduct hybrid attacks on our country, and, in so, doing, attack NATO too?
Much of the social media noise focused on the simplicity of some of the passwords, and what they revealed about their creators, however.
One in particular lit up social networks — “cicecice” (pronounced tseetse) is best translated into English as “tittit” or “boobboob” — a slang for female breasts.
Enter password:
– cice
Password to weak ⛔️
– cicecice
Password accepted✅
— Зимзелено Дрво? (@NemaPariNemaMir) May 13, 2020
At least one Twitter user was prepared to give that particular finance ministry employee, or former employee, the benefit of the doubt.
@alter_gella said the account owner could have meant čiče, a word that means “uncle” and is spelt almost the same way, but pronounced chiche.