How Albania Accidentally Exposed Its Own Intelligence Operatives

The Republic of Albania, a NATO member, has been posting sensitive information about its secret service online, publishing thousands of payments made by the spy agency.

By doing so the identities of foreign and domestic operatives have been uncovered, and number plates used by the intelligence officers, and other sensitive details published to the web. The leak was discovered by the author, and was first published The Independent. We recommend reading the article for more details on what the spreadsheets disclosed, such as tantalising clues about the operations of the clandestine agency.

This in-depth article details how the leak was discovered, and, the Albanian authorities’ apparent inability to remove the leaks from the web after they were repeatedly notified of them.

What happened was, in fact, simple.

In an effort to boost transparency and combat corruption, the Albanian Ministry of Finance and Economy publishes — almost on a daily basis — spreadsheets of day-to-day payments of all government institutions on their website.

Image 1. In a boost to foster transparency, expenditures of government agencies are available for almost every day of the year on Albania’s Finance Ministry’s website.

One of the columns in the spreadsheets refers to the specific Albanian governmental institution, such as the Prime Ministry, the Presidency, and the various courts in the country.

Image 2. A sample of a spreadsheet available on the website of the Albanian Finance Ministry.

But that’s not all, the payments can also be filtered by the State Intelligence Service (Albanian: Shërbimi Informativ Shtetëror), commonly known by its acronym SHISH, including a veritable sea of information about domestic and foreign intelligence operations and intelligence personnel of a NATO country.

Image 3. A spreadsheet filtered for only entries related to SHISH, Albania’s security agency. The Finance Ministry has removed the description and receiving party of the money since the first publication highlighting the security breach.

The leaks contained dozens of names of regional and national operatives, names, positions and identification card numbers of at least eight foreign based operatives of the SHISH, two of whom hold sensitive posts at NATO in Belgium. Other intelligence officers were posted to countries that included Greece, Kosovo, Macedonia, Serbia and Italy.

In their payments, the SHISH also disclosed a large number of vehicle registration plates, sometimes by including the make and model of cars used by Albanian intelligence officers.

Image 4. The spreadsheets also include a large number of vehicle registration plates, sometimes even detailing the brand and model type of vehicles used by the Albanian intelligence officers.

Names and identification cards of regional operatives retracting large amounts of cash payments from the SHISH were also included in the spreadsheets. The specific dates and regional headquarters are mentioned per payment.

A government source, who asked not to be identified, suggested that the cash was used to pay informants. The information appeared to get updated on a daily basis, when the Ministry would simply upload a new spreadsheet online.

Payments also included dozens of trips to other countries, occasionally disclosing to what country the SHISH agents where traveling. For example, one agent received 2,000 euro in cash for a trip to Slovenia in January 2018.

Image 5. An Albanian intelligence officer withdrew 2,000 euros for a trip to Slovenia, the spreadsheets show.

Following the publication on The Independent, the SHISH and the Ministry of Finance vowed to remove the information, in order to stop more people from obtaining it. However, shortly after that, the SHISH published a statement that “the news on the leaking of secret information by the SHISH is not true.”

Image 6. A statement from the SHISH claiming that no secret information was leaked.

A longtime former official of the Albanian intelligence service told Bellingcat that the “inability [of the Albanian authorities] to remove the data comes from the fact that they don’t feel personally responsible for the leaks. That is why the information continues to be online and will probably stay online.”

A spokesperson at Albania’s Finance Ministry referred us back to the SHISH, as “this is related to the relevant institution [SHISH] and if it has a position they should clarify it.” A spokesperson at the SHISH was not immediately available for comment. The latter used his personal Facebook to get in touch with journalists, but has, since the initial publication, deactivated his account. A SHISH intelligence officer was also contacted via WhatsApp, but while the person did read our messages, no reply was sent at the time of publication.

Meanwhile, this is not the first time that sensitive information about the SHISH showed up on the web.

Image 7. The identification card of Helidon Bendo, director of Albania’s State Intelligence Service, or SHISH.

In 2017, the office of the Albanian President uploaded what is known as a “decriminalisation form” of Helidon Bendo, the SHISH’s director, to prove he had not been prosecuted for any crimes. This method is used to ban convicted people from holding elected positions or key government functions in the Albania. The file was uploaded to the internet without obscuring the intelligence director’s identification card. It also failed to obscure his home address.

Editorial support by Natalia Antonova and Christiaan Triebert.