Cyber Incident Victim: Balkan Investigative Reporting Network
Date:
Dec 2023
Location:
United States of America
Summary
The Balkan Investigative Reporting Network experienced a distributed denial-of-service attack that overwhelmed its website with excessive traffic, causing temporary inaccessibility following its reporting on fraudulent copyright claims linked to convicted Turkish fraudster Yasam Ayavefe. The attack occurred after the organization published articles detailing false copyright complaints and previous cyberattacks targeting media outlets covering Ayavefe's criminal history and attempts to suppress content, including offers of financial incentives for article removal and successful legal actions to erase online content in Turkey. This incident mirrors prior DDoS attacks against the network and partner media after investigations into Ayavefe's acquisition of honorary citizenship despite his criminal convictions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Balkan Investigative Reporting Network (BIRN) experienced a distributed denial-of-service (DDoS) attack targeting its Balkan Insight website on December 22, 2023, beginning at 16:03 local time. The attack generated approximately one billion queries, overwhelming BIRN's servers with abnormal traffic volumes and causing intermittent website inaccessibility over the following two days. This incident occurred three days after BIRN published an article detailing fraudulent copyright infringement complaints it received regarding two previous reports about convicted Turkish fraudster Yasam Ayavefe. The targeted articles included a February 15 piece documenting a cyber-attack against Greek outlet Documento after it exposed Ayavefe's wife obtaining fake identification documents, and a July 26 report about Ayavefe's legal representative demanding BIRN remove content about his client.
The DDoS attack followed a pattern of digital retaliation against media outlets covering Ayavefe. In September 2022, BIRN and Greek partner Solomon sustained similar DDoS attacks after publishing an investigation into Ayavefe's acquisition of honorary Greek citizenship despite his 2017 fraud conviction in Turkey and 2019 arrest in Greece for passport fraud. Inside Story also faced DDoS attacks after reporting on Ayavefe's citizenship. The December 2023 copyright complaints, submitted via BIRN's hosting provider under fabricated identities (Rocky Paul and Sharon Henkel), falsely alleged that Blogspot and Tumblr accounts originally published BIRN's articles. Forensic analysis showed the complaints relied on backdated republications of BIRN's work. Ayavefe's representative Bener Ljutviovski had previously offered BIRN advertising contracts in July 2023 in exchange for removing articles, claiming they caused "material and moral damage," which BIRN rejected. BIRN's IT security team mitigated the December attack using existing defensive tools, restoring normal operations after sustained disruption. Ayavefe had previously secured removal of 201 Turkish online items through court orders, including police communications.