It has already been reported that on the morning of May 9, instead of the usual content, the clients of the Latvian telecommunications operator Balticom were surprised by the 'Victory Day' celebrations broadcast live from Moscow.
De Facto found out that at the beginning the TV screens were showing footage from the May 9 parade in Red Square, but not from this year. Many viewers therefore perceived the broadcast as a Russian propaganda campaign. However, the parade was followed by a different message, against Vladimir Putin and the Kremlin regime. Putin was named as the main cause of all the troubles. The video was interrupted by slogans such as "Stop the totalitarianism with us". At the very end, the former flag of the Russian Empire, which is used by various far-right organisations, flew across the screen.
On May 9, hackers managed to sneak the same video into the TV channels in some Russian regions. Several Ukrainian channels also reported the attack.
"The propaganda material was available on Balticom clients' TV sets for less than 10 minutes. After changing the channel, the broadcast started again. Several of the company's customers complained that they felt uncomfortable watching the broadcast.
"Since we are living in a hybrid war, I don't know if it is right to talk about the content at all. The main thing is that this attack happened and anything could have been broadcast. But what I can say for sure is that there was a Russian parade for 30 seconds or minutes at the beginning and then war stories, violence stories started to appear," says Anastasija Muižniece, Executive Director of Balticom.
The hacking attack occurred on a server that is remotely operated by Balticom's outsourced service provider from Bulgaria. "The attack was on a server that is essentially hosted by us, here at Balticom, but administered from Bulgaria by our partners," said Muižniece.
Balticom has asked the Bulgarian partner for an explanation. They provided the necessary information, including the IP addresses of the attackers. This information has been passed on to the State Security Service (VDD) and the information technology security incident prevention authority "Cert.lv", which is investigating the case. The last known IP addresses, however, do not yet allow to say for sure from which country the hackers originated.
"The compromised servers were not only in Latvia, but also in other countries, but the distribution of this roll did not take place everywhere it could be accessed. Apparently, the attackers chose specific countries and specific TV stations to show this content," says Gints Mālkalnietis, a cybersecurity expert at Cert.lv.
The mechanism by which the Bulgarian service provider Balticom accessed the server was compromised.
"We are doing everything we can to make sure this never happens again. Of course, no other operator or server can be 100% protected from similar attacks," says Balticom's Muižniece.
This is the second case in the last month where a cyber attack has resulted in propaganda content reaching Latvian viewers. In mid-April, a 20-minute live broadcast of Ukraine's "Freedom" on the Tet platform featured songs and propaganda clips by Russian artists. Tet explained that the channel received this signal from a satellite.
The latest incidents have prompted politicians to consider what improvements should be made to prevent such hacking attacks.
"In principle, our civil protection is based on the principle that if we hear a siren, we turn off Latvian radio or television, and if we turn it on and a potential adversary has taken over the airwaves, the airtime, the cables, the satellite signal, then we are left without information," said Ainārs Latkovskis, chairman of the National Security Committee of the Saeima, outlining the problem.
The Commission met in closed session this week to discuss the European Parliament elections and possible incidents. The meeting also reportedly touched on recent hacking attacks on television broadcasts. The issue was also to be discussed with the media supervisory authorities.
One solution is to ask telecoms providers to tighten up security solutions, but decision-makers want to await the results of investigations into specific cases first.
