Croatian PM Accused of ‘Shameful’ Accusations Against Journalist

Andrej Plenkovic was accused of “shameful” behaviour for claiming during Monday’s pre-election debate on the private RTL channel that a journalist from the Croatian public broadcaster, Maja Sever, prepared his political rival Davor Bernardic for the televised showdown.

“Shameful behaviour by Prime Minister Andrej Plenkovic, who accused colleague Maja Sever of working for the [opposition] SDP [Social Democratic Party] during a debate with Davor Bernardic on RTL. Unworthy of the office of Prime Minister,” Hrvoje Zovko, president of the Croatian Journalists’ Association, wrote on Twitter.

Zovko also claimed that Plenkovic constantly accuses journalists of working for the opposition.

But Plenkovic told reporters on Tuesday that this was not an attack on Sever, who he said he respects.

“If anyone has a feeling for journalists, then I have,” Plenkovic said.

The long-awaited TV debate ahead of this Sunday’s elections saw the two likeliest candidates for the next prime minister face each other in the studio – Plenkovic from the ruling conservative Croatian Democratic Union, HDZ, and Social Democratic Party, SDP president Bernardic.

During the debate, Plenkovic asked Bernardic if Sever prepared him for the show, because Bernardic came to the studio with a sheaf of documents, which included data and graphs that he tried to use to prove the failures of Plenkovic’s government.

Sever is president of the Trade Union of Croatian Journalists and a longtime journalist with Croatian public broadcaster HRT. She collaborates with the host and editor of the HRT talk show ‘Nedjeljom u dva’ (‘Sunday at 2 pm’), Aleksandar Stankovic, on which Plenkovic was a guest on June 14.

During that show, Stankovic confronted Plenkovic with some of his unfulfilled promises. Afterwards, according to media reports, Stankovic received criticism from his superiors for attacking the prime minister too much.

On Monday evening, Sever wrote on social media that before the HRT show on June 14, she and Stankovic prepared a few graphs and a list of Plenkovic’s statements and promises from the 2016 election campaign.

“It is an ordinary and simple journalistic job. I emphasise journalistic… The comments by the president of the HDZ [Plenkovic], who permits himself to say… that I was preparing someone for debate, is another attack by Andrej Plenkovic on independent journalism,” Sever wrote.

On June 23, Plenkovic also accused N1 TV journalist Hrvoje Kresic of agitating for the opposition after Kresic asked him if he would go into self-isolation when it was revealed that he had been in contact with tennis player Novak Djokovic, who was infected with coronavirus during a tennis tournament in Zadar in Croatia.

“I know you like to agitate for a team that you would like to not be in opposition, but in power,” Plenkovic told the N1 reporter. Kresic replied that he was not agitating but asking questions as a journalist.

The Croatian Journalists’ Association responded to this by saying that Plenkovic should stop making “inadmissible accusations against journalists who ask legitimate questions”.

“Journalists work neither for the government nor for the opposition, they work exclusively in the public interest,” the association said.

Dating Apps Help Balkans Rekindle Love in the Time of Corona

Online dating has for, some time now, been the “new normal” for finding romance, with more people around the world using this method during the coronavirus pandemic as they seek a safe way to connect with potential partners. The take-up of online dating in the Balkans is patchier and less Tinder-focused, though data suggests that here, too, the pandemic is changing how people are using the apps.

The global online dating services market was worth $6.69 billion in 2018, according to an Allied Market Research report, and this is projected to reach $9.20 billion by 2025. There are hundreds of online dating websites and apps currently on the market, though Tinder makes a strong case for being the most popular dating app on a global scale.

Launched in 2012, Tinder allows users to anonymously swipe to ‘like’ or ‘dislike’ other users’ profiles, based on the photos they post. The US company behind Tinder, Match Group, says its app is more than just a regular dating app, describing it as a “cultural movement” that invented the now-famous “swipe culture”, where users quickly swipe through profiles and make instant decisions about how and whom to date.

Tinder officially claims “tens of millions” of users worldwide, with estimates putting the ‘movement’ at more than 50 million in 190 countries using 40 languages. Tinder users go on more than a million dates per week, with the biggest markets for the app being the US, the UK and Brazil.

During the coronavirus pandemic, despite widespread restrictions on movement and stay-at-home policies, the use of dating apps has increased globally. And Tinder is no exception, with the app recording a rise in use in many of the virus-stricken nations of Europe. In Italy, one of the countries with the largest number of coronavirus cases in Europe, Tinder saw an increase of 29% in the number of daily messages exchanged between active users during the second half of February and March, the company told BIRN in a statement. In Germany the increase over the same period was 33%, while in France it was 23%.

The company also noted an increase in the length of conversations by users; in Italy the increase was 28%, while in Spain, also one of the countries hardest hit by the pandemic, the increase was 26%.

Meeting certain needs


Illustration. Photo: Unsplash/Andrej Lisakov

The increase in the use of dating apps can be seen as fulfilling the need for intimacy during the prolonged period of lockdown and isolation caused by the coronavirus pandemic, experts say.

“We cannot put a limit on the human need for intimacy, closeness and sexuality during these times – that’s why there has been an increase in the use of dating platforms by as much as 30% in the last two months,” Skopje-based psychologist Bojana Stojmenovic tells BIRN.

Aside from intimacy, the apps also satisfy the need for instant gratification. These and other apps can be seen as a coping mechanism for getting that gratification, especially at a time when the pandemic has forced many societies indoors and brought everyday activities to a halt.

“A key element of the new dating apps and platforms is the speed and availability of finding the desired partner. We live in a time when we are used to instant gratification, to getting things with one click – for instance, we can get a pizza, a call from our favourite friend, our long-awaited shoes or even a partner,” Stojmenovic points out.

While Tinder is the most popular dating app across Europe, in Romania and Bulgaria it is Badoo that is used the most. Created in 2006 by Russian entrepreneur Andrey Andreev, Badoo now has more than 450 million users globally, with daily messages sent between users exceeding 350 million.

While the company does not have specific data on how much these numbers have increased in the Balkans during the pandemic months, it reports that the length of the daily conversations have, like on Tinder, increased.

“Our data shows that more conversations are happening, with increases of up to 35%. Data is showing and users are telling us that conversations are longer, and with paragraphs rather than one-liners,” Tristan Pineiro, Badoo’s global head of communications, tells BIRN in a statement.

According to Pineiro, these developments suggest a resurgence in sustained courtship and long-distance seduction. “We are re-learning the art of courtship and conversation, and hope that coming out of this all daters – particularly men – will have a newfound respect for honest connection and communication, which in turn equates to better and more successful matches, based on shared interests and deep connection,” he says.

And with video chatting now becoming an essential part of life and keeping in touch, Badoo expects that this “new normalization” will take hold in the dating world, too, Pineiro adds.

Online dating apps in North Macedonia: fact or fiction


Illustration. Photo: EPA-EFE/SASCHA STEINBACH ILLUSTRATION

In other Balkan countries, dating apps are used more sparingly, even under the present circumstances of movement restrictions and curfews.

One such place is North Macedonia, where romantic courtship is still conducted in a predominantly conservative manner. A source working in the adult online dating industry tells BIRN that the use of dating apps like Tinder in North Macedonia are still frowned upon.

“The reason for this is that we are a small market and a conservative environment. For example, an app like Bumble, where only female users can make the first contact if interested, would hardly work in our country,” the source says.

Also, many of the dating profiles contain bogus images, since users are reluctant to use their own pictures. “I think this happens because most of them are still ashamed of using such apps. Also, the number of male users is often disproportionately bigger than the number of female users, and this is not good in terms of how the dating apps function,” the source adds.

During the previous decade, North Macedonia had a dating website called Prijateli that existed for several years. According to the source, a few years back there was some interest in making a dating app specifically designed for North Macedonia, but after the potential investors conducted a market study, they decided against it.

For some, Instagram functions as a dating app instead. 35-year-old Marija from Skopje says that when it comes to dating, her experiences using this social network have been varied.

“There are two types [of people connecting with me]. Some start to like my photos, and then write to me. Others are approaching me as soon as they become my followers on the network,” Marija tells BIRN. “Most are behaving nicely, they begin by either complimenting me, or look for general info, such as where I live, my age, and so on.”

“However, there is also a second category of people who openly want to have sex, stating their intent in the opening conversation. But it is also interesting that 90 percent of those are either married or in long-term relationships and are constantly posting pictures and videos of how happy and in love they are,” Marija explains.

Instagram is also the preferred choice for 32-year-old Skopje resident Dejan when it comes to online dating.

“I don’t like to use dating apps. I have tried several times, and in most cases the profiles turned out to be fake. It’s different with Instagram, since you can actually see if the person you approach responds by liking your pictures or replying to your messages. I feel that this is a much more transparent way than using dating apps,” Dejan tells BIRN.

Regardless of how people are dating online, through apps or social media, the trend toward using the internet to find romance remains strong. And as uncertainty continues over how long the societal effects of the pandemic will last, online dating looks set to become a permanent fixture of Balkan’s dating scene.

The Life and Times of Red Mud Reservoir № VII

The Life and Times of Red Mud Reservoir № VII’ is a collaboration between an anthropologist (Ian M. Cook) and a graphic artist/illustrator (Gyula Németh) about a bauxite tailings storage facility in the settlement of Almásfüzitő, Hungary. It is based on the investigative story previously published by the Atlatzo.

It is one output from the project ‘Black Waters’, a hybrid investigative-research and advocacy project that responds to the need for engaging reporting on environmental damage, corruption and the consequences for social justice in Central and Eastern Europe (CEE). Over twelve months, a team of researchers, journalists and audio-visual artists developed novel multimodal methodologies, conducted mixed-methods research, and reported their findings.

Project is run by the Center for Media, Data and Society at the Central European University in partnership with Atlatszo and the Balkan Investigative Reporting Network. It was supported by the Open Society Initiative for Europe. The research team further included Alexandra Czeglédi (research assistant), Gabriella Horn (investigative journalist) and Márta Vetier (researcher). 

The non-public figures who appear in the following pages are composite characters based on interviews in the settlement. They are not intended to represent real people. The story is narrated by the reservoir itself and covers the historical, political, theoretical, cultural and social aspects of Red Mud Reservoir № VII and those who live in its vicinity.

North Macedonia: Facebook Pages Target Users with ‘Identical Content’

The Atlantic Council’s Digital Forensic Research Lab, DFRLab, which works to counter disinformation online, says its researchers have found dozens of Facebook pages linked to at least 10 Macedonian news outlets, demonstrating “several characteristics pointing to coordinated activity, including the near simultaneous publication of identical content”.

While some of these Facebook “assets” acknowledged their connection to the outlets whose content they were amplifying, others had no known connection.

“The assets also demonstrated signs of inauthenticity, as they were created as various interest pages, but ultimately promoted content from news sites to which they disclosed no connection,” DFRLab said.

It added this was clearly an efficient strategy, as the pages in every network had more followers than the official Facebook pages of the promoted media outlets.

A total of four separate networks or subsets of coordinated Facebook assets were amplifying content published by some of these websites: Republika Online, Kurir, Denesen, News24, Puls 24, Galama Club, among others. 

Only one of these is a tabloid. The others publish mostly political content: one of the outlets is openly pro-opposition. The others offer more balanced reporting on internal affairs. 

DFRLab research found coordination within networks of pages, but not across the four networks. There was also no sign that North Macedonian media outlets themselves managed the inauthentic networks.

The Facebook pages were created between 2009 and 2018 and were mostly managed from North Macedonia. Some were managed from the US.

According to DFRLab’s research, some of the Facebook pages seemed connected to Adinamic Media, which publishes news sites supporting the main opposition VMRO-DPMNE party. 

This media company is believed to have links with the Hungarian pro-government public TV network, Magyar Televizio, MTV.

Researchers said the presence and success of these networks had added to the political polarization in North Macedonia ahead of early parliamentary elections due this year. 

“The use of an inauthentic network on social media may enable political forces to mislead people and spread manipulated content to garner voter support, raising a concern on the integrity of the electoral process in the country,” DFRLab said.

VMRO-DPMNE, Putin and right-Wingers

Different pages amplified the same content at the same time from the same media outlets. Red boxes highlight posts from official Facebook pages of Vistina and Republika showing simultaneous posting by official and amplifier pages. Photo: Courtesy of DFRLab

According to the research, the first network consisted of seven Facebook pages that were amplifying articles published by Republika Online, Kurir, Denesen and Vistina

Vistina is a tabloid and doesn’t cover political topics. The remaining three mainly report on political issues and feature pro-VMRO-DPMNE views. All are owned by the same media holding, Adinamic Media, which is connected to Hungary’s MTV, the report said.

According to the Organized Crime and Corruption Reporting Project (OCCRP), a former senior executive at MTV, Agnes Adamik, established Adinamic Media in 2017. The company then purchased a majority of shares in three media companies in the country, mostly supporting VMRO-DPMNE.

According to some experts, these acquisitions helped Hungary’s Prime Minister, Viktor Orban, expand his and his country’s influence in the Balkans. They also supported his then ally in Macedonia, Nikola Gruevski, who obtained asylum in Hungary after fleeing a prison sentence in his home country in 2018.

The Facebook pages in this network posted almost identical articles and at the same frequency. The total number of followers of the seven pages was more than 690,000, while the official Facebook pages had less than 300,000 followers.

“This may indicate that since these outlets had not been successful in growing audiences for their official Facebook pages, they decided to create coordinated networks to amplify their content,” the researchers say.

The second network comprised 17 Facebook pages publishing content from three news outlets: Markukle, News24 and Signal. These also report political issues, but their content is not openly anti-government. 

Some publish supportive articles on Russian President Vladimir Putin, portraying him as an influential leader who upholds traditional values and helps friends in need. News24 sometimes amplified Russia Today and Sputnik videos.

As for the third network of pages, the DFRLab researchers found that the “amplifier pages … may be connected to Filip Petrovski, a right-wing presidential candidate in the 2019 North Macedonia presidential elections and a former member of VMRO-DPMNE party”.

Petrovski opposed the country’s change of name to North Macedonia and has called for the cancellation of the related Prespa agreement with Greece, signed in 2018. Petrovski also posts News24 articles on his own Facebook account.

Two pages in this network had names related to Petrovski, and their “about” sections contained details from his biography and political views.

The fourth network of Facebook assets amplified content published by two outlets, Net Medical Diet, which reports on health, and Galama. According to the research, the eight amplifier pages were managed from North Macedonia and from the US.

DFRLab also found five Facebook pages amplifying content from outlets owned by EM media, in which Adinamic Media has a majority of shares.

“Although the DFRLab was not able to identify coordination between them, there is a likelihood that EM Media was using these assets for content promotion,” the report said.

Google Brings Fact-Checking to Images

After introducing fact-check features to Search and News, Google announced on Monday that it was “surfacing fact-check information in Google Images globally to help people navigate these issues and make more informed judgments about what they see on the web”.

As of June 22, searches on Google Images have triggered a “Fact-Check” label under the thumbnail image results. Tapping one of the results to view the image in a larger format reveals a summary of the fact-check that appears on the underlying web page. The labels may appear for fact-check articles about specific images and for fact-check articles that include an image in the story.

Fact-check labels appear on results that come from independent, authoritative sources on the web that meet Google’s criteria, the media giant said. 

For these sources, Google uses ClaimReview, an open method used by publishers to indicate fact-check content to search engines. For instance, YouTube also leverages ClaimReview to surface fact-check information panels in Brazil, India and the US. The full fact-check library can be accessed through a dedicated search tool and an open API

“Just as is the case in Search, adding this label in Google Images results does not affect ranking; our systems are designed to surface the most relevant, reliable information available, including from sources that provide fact-checks,” Google said.

“Taken together, these efforts not only highlight the significant contributions of the fact-check community, but they also ensure that people have access to critical context about the information—and now images—they encounter online,” Google added.

The Castle: How Serbia’s Rulers Manipulate Minds and the People Pay

His Twitter name is ‘Robin Xud’, a Serbian homage to the legendary English outlaw hero who robbed from the rich and gave to the poor.

And just like the Sheriff of Nottingham in the ballads of Robin Hood, Xud’s enemy resides in a castle, in this case an Internet database registered in 2017 at www.castle.rs

Staring into two monitors in a dimly-lit room, Xud – who spoke on condition BIRN did not reveal his true identity – is part of a small team of programmers tracking the online operations of Serbia’s ruling Serbian Progressive Party, SNS.

According to Xud’s band of merry men and the findings of a BIRN investigation, the Progressives run an army of bots via the ‘Castle’ working to manipulate public opinion in the former Yugoslav republic, where President Aleksandar Vucic, leader of the party, has consolidated power to a degree not seen since the dark days Slobodan Milosevic at the close of the 20th century.

With the help of the programmers, this reporter gained exclusive access to the network for several months in 2019, observing how hundreds of people across Serbia log into the Castle everyday during normal working hours to promote Progressive Party propaganda and disparage opponents, in violation of rules laid down by social network giants like Twitter and Facebook to avoid the coordinated manipulation of opinion.

It is a costly operation, one that the Progressive Party has not reported to Serbia’s Anti-Corruption Agency. But the party doesn’t foot the bill alone.

This investigation reveals that some of those logging into the Castle are employees of state-owned companies, local authorities and even schools, meaning their botting during working hours is ultimately paid for by the Serbian taxpayer.

“Right now, over 1,500 people at least are botting every day,” said Xud. “They sit there in their jobs and instead of working they spit on their people.”

‘This is not activism’


Row of campaign billboards of the ruling Serbian Progressive Party (SNS) in Belgrade, Serbia, 2020. Photo: PA-EFE/KOCA SULEJMANOVIC

The Progressive Party took power in Serbia in 2012, four years after Vucic split from the ultranationalist Serbian Radical Party and declared himself a changed man who now favours integration with the European Union after years of demonising the West.

As the opposition splintered, the Progressive Party established itself as the dominant political force with Vucic as its strongman. It is widely expected to win handsomely in parliamentary elections on June 21.

Serbia’s minister of information during the 1998-99 Kosovo war, when NATO bombed to halt a wave of ethnic cleansing and mass killing in Serbia’s then southern province, Vucic has presided over a steady decline in media freedom since taking power.

Critics find themselves shouted down and pushed to the margins, the most vocal dissenters often targeted for online abuse.

In April this year, the Progressive Party’s online escapades made international headlines when Twitter announced it had taken down 8,558 accounts engaging in “inauthentic coordinated activity” to “promote Serbia’s ruling party and its leader.”

BIRN has reported previously on how some of these accounts made their way into pro-government media, their tweets embedded in articles as the ‘voice of the people’.

This story lifts the lid on the scope of the Progressive Party’s campaign, how it directs the tweets, retweets and ‘likes’ of an army of people and how ordinary Serbs are footing part of the bill.

“This is not about activism, where a person writes what he wants or what he believes in,” said Xud. “These people have tasks; it is literally written what they need to criticise and how to criticise”.

The Progressive Party did not respond to questions submitted by BIRN for this story. However, in early April, after the Twitter announcement, Slavisa Micanovic, a member of the party’s main and executive boards, took to the platform to dismiss claims about a “secret Internet team” within the party, saying everything was public and legitimate.

“What exists is the Council for Internet and Social Networks, established in the party congress of 2012 and which can be found in the Statute and deals with promoting the party on the Internet and social networks,” Micanovic tweeted.

Reporting for duty

One August day in 2019 began like this:

At 7.56 a.m., a user named Nada Jankovic logged into the Castle from the town of Negotin, near Serbia’s eastern border with EU members Romania and Bulgaria. “Good morning, duty officer,” Jankovic wrote. Minutes later, in Sabac, just west of Belgrade, Dusan Ilic joined in with the words, “Good morning all”.

The bots had reported for duty, each entering the Castle system via a private account.

Xud and his team first accessed the Castle in January 2019 via an account with a weak password.

The Castle, they found, links to all Facebook and Twitter accounts operated by each user – frequently more than one per user – and lists five Twitter profiles they are obliged to follow: the official accounts of the ruling Progressive Party, President Vucic and Interior minister Nebojsa Stefanovic, as well as the accounts of two Progressive Party officials – deputy leader Milenko Jovanova and Micanovic.

‘Daily performance reports’ contain the name of the user, the municipality where they logged in and the extent of their activity on a given day: comments, likes, retweets and shares.

Points are allocated depending on how busy a user has been, though it is not clear whether this translates in rewards.

“The system is designed to follow every step the bot takes, from morning to night,” said Xud. “Everything is recorded in the Castle.”

Once logged on, the bots await their instructions.


Active users inside Castle system. Screenshot: BIRN

On August 2, it was to shoot down criticism of Vucic’s appearance the day before on a pro-government private television channel called Pink

Vucic had caused a storm when he read from classified state intelligence documents the names of judges and intelligence officials who he alleged had approved covert surveillance against him between 1995 and 2003, a period when Vucic, then a fierce ultranationalist, was in and out of government.

Critics accused him breaking the law by quoting from classified files.

So the Castle kicked in, with the following instruction:

“When replying to this and similar tweets, use this guideline: According to the Law on Data Secrecy (Article 9), the President of the Republic has the authority to extend the secrecy deadline (Art. 20) and revoke the secrecy seal (Art. 26) if it is in the public interest.”


An example of a guideline for Twitter in Castle system. Screenshot: BIRN

Days later, on August 5, a picture of Vucic started doing the rounds on Twitter in which he wore sneakers that critics said were worth 500 euros. The Castle turned its sights on his political opponents, Dragan Djilas and Vuk Jeremic; one bot tweeted, “Where did Djilas get half a million euros in his account from?”

In the space of just one day that BIRN monitored, the Castle bots were sent 60 different Twitter posts they were instructed to combat; the majority were posted by opposition leaders Djilas, Jeremic, Bosko Obradovic, Sergej Trifunovic, Dragan Sutanovac, Zoran Zivkovic and Velimir Ilic.

The Castle ‘special bots’ in charge of issuing instructions stressed the need to avoid detection; in late January 2019, users received a link to a statement by Vucic in which he condemned insults directed by his former mentor, the firebrand Radical Party leader Vojislav Seselj, at a female MP from the opposition Democratic Party, Aleksandra Jerkov.

The instruction read: “We are writing comments on this news in the sense: He (Vucic) did not apologise, because there is nothing to apologise for. He condemned the insults as he would for anyone, unlike the opposition which supports opposition leaders who call women derogatory names.”

“Write in your own words,” it stressed. “DO NOT COPY THE GUIDELINE!!!”


Instruction to defend Vucic. Screenshot: Robin Xud

Botting while at work, on the taxpayer dime

Among those receiving such guidelines is Milos Jovanovic, a former public sector employee in the youth office of the local authority in Cukarica, a municipality of the Serbian capital, Belgrade, but now deputy director of the Gerontology Centre in Belgrade, which helps care for the elderly.

Jovanovic is paid out of state coffers. But according to BIRN monitoring, last year he spent much of his working day logged into the Castle. He declined to comment when contacted by BIRN.

Fellow Castle users are Mirko Osadkovski, employed in the local authority in Zabalj, northern Serbia, as a member of the Commission for Statutory Issues and Normative Acts and a local councillor, and Damir Skrbic, head of the communal services in the municipality of Apatin near the western border with Croatia.

Osadkovski did not reply to emailed questions. Skrbic declined to comment when reached by phone.

But they are not the only ones.

The Castle database contains the names of at least two Progressive Party people elected to the local assemblies of Vrsac, near the Romanian border northeast from Belgrade, and Sabac – Milana Kopil and Nenad Plavic respectively.

Kopil responded that she would not comment for BIRN. “As someone who supports the policies of Aleksandar Vucic, I have absolutely nothing positive to say about BIRN,” Kopil said. Plavic said he would only talk after the June 21 election.

Then there are those employed in public enterprises such as state-owned power utility Elektroprivreda Srbije, and others who work in schools.

In August last year, the Nis-based portal Juzne vesti published the ‘testimony’ of an unnamed Progressive Party member and former member of the party’s ‘Internet team’ who said that the bots had been organised by party officials with the intention of creating a false image of public satisfaction with the government. He also said that most of the bots were employed in public companies and risked dismissal if they did not follow orders.

Costly operation

The website http://castle.rs/ was first registered in October 2017. Its ownership has not been visible since the privacy clause for this domain was activated. But there is ample evidence that it is controlled by the Progressive Party, not least the IP address.

According to the IPWHOIS Lookup tool on ultratools.com, the IP address found in the code of a mobile application that existed in Castle, 77.46.148.99, was registered in March 2016 at the same address as the party’s Belgrade headquarters in Palmira Toljatija Street. It is one of eight IP addresses leased by the party, from 77.46.148.96 to 77.46.148.103.


SNS as an owner of the IP addresses. Screenshot: WHOIS

The ultimate owner is Telekom Srbija, a state-owned telecommunications company.

BIRN asked Telekom Srbija how much the Progressive Party pays for use of its static IP addresses and when the lease agreement was made. The company replied:

“Telekom Srbija has a commercial contract with the SNS, just as we have commercial contracts with thousands of other legal entities. We repeat, we cannot disclose the details of contracts with our customers.”

However, Andrej Petrovski, a cyber forensics specialist and Director of Tech at the Belgrade-based SHARE Foundation, which works to advance digital rights, said such an operation “does not come cheap.”

“Apart from renting a certain server or buying it and physically keeping and maintaining it – which is the more expensive operation – they also need to buy a domain, a certificate for protection of communication and fixed IP addresses,” Petrovski told BIRN.

“They need administrators who will administer the database and of course there is the cost of the people who work, who are managed through that application.”

Successive Serbian governments have used their hold on power to fill public sector bodies with party loyalists, and the Progressives are no different.

Petrovski said he doubted any other political party had the resources to mount a similar operation on such a scale.

“At the moment, I don’t think any other political party has the money to invest in something like this or is big enough to have an efficient system,” he said. “SNS is proud to have the most activists and to be the largest party in Serbia. It’s logical they are the only ones with the resources and the need for such a tool.”

Hidden costs


Supporters of Serbian progressive party wait in the sun in front of the Serbian national assembly building in Belgrade, Serbia, 2017. Photo: EPA/KOCA SULEJMANOVIC

Political financing laws in Serbia require parties to report their expenses to the Anti-Corruption Agency, which is tasked with preventing financing abuses.

But the Progressive Party’s financial reports since 2013 make no explicit mention of the money spent to create and maintain the Castle system.

“In itself, it is not against the law on financing political activities for a party to buy such software or pay activists to work on it, but it must be recorded in the financial reports,” said Nemanja Nenadic, programme director at the Serbian chapter of Transparency International.

“If it is not recorded financially, then that is a problem.”

“If it was paid for by someone other than the party itself, then it should have been reported as a gift, as a contribution given to the political party by the person who made the payment,” Nenadic told BIRN.

BIRN asked the Anti-Corruption Agency whether the Progressive Party had ever reported such costs. In its response, the Agency cited all obligations a political entity has in terms of reporting its holdings and expenses, but did not comment on the specific case.

Mladen Jovanovic, head of the National Coalition for Decentralisation, which promotes civic participation in local politics, said there was a simple explanation for how some of those working on Castle are paid: from state coffers via public sector jobs.

“The flow of money needs to be checked,” said Jovanovic, whose coalition follows the misuse of public money in Serbia. “That’s the task of the prosecution, because we’re talking about corrupt work that damages the budget.”

“That old dream of all totalitarian regimes, that all citizens say what the leader thinks, has been realised in virtual time by creating in essence virtual citizens.”

On the receiving end


Illustration. Photo: Unsplash/camilo jimenez

Like any other political party, the Progressive Party does not deny promoting itself on social media, but says its ‘Internet team’ is made up of party activists no different from those canvassing for support on the streets.

But BIRN’s analysis of the Castle database shows that the bots do not stop at promoting the party; they frequently target public figures, including journalists and NGO activists.

Zoran Gavrilovic, a researcher for the think-tank Bureau for Social Research, BIRODI, experienced this first hand after he appeared on television to discuss his findings with regards the ruling party’s dominance of the media landscape in Serbia.

Facing a string of insults and threats via Twitter, Gavrilovic responded with the tweet: “A bot is a person who, of free will or due to blackmail, abuses the right to free speech in online and offline space. Botting is a corrupt form of behaviour directed against the public, governance, freedom of speech and the rights of citizens.”

Speaking to BIRN, Gavrilovic said lawmakers should act to rein in such behaviour.

“I look at it as like the para-military formations of the 1990s [during the Yugoslav wars]. There’s no public debate. You are simply an enemy who should be spat on and kicked immediately. It is a para-political organisation.”

The Castle, however, is not the Progressive Party’s first attempt at manipulating public opinion in Serbia via social media.

In 2014, Xud and his fellow programmers uncovered an application called ‘Valter’, after the popular 1972 Yugoslav film about Partisan resistance fighters, Walter Defends Sarajevo.

Unlike the Castle, which works via the Internet, Valter was installed on the home computers of activists and members of the Progressive Party’s Internet team.


Valter software from 2014. Screenshot: Robin Xud

Valter was eventually replaced by Fortress, but when the Serbian portal Teleprompter reported on its existence in April 2015 hackers managed to take down the text and eventually the entire site, which no longer exists. Teleprompter no longer exists.

While the Progressive Party did not respond to a request for comment on this story, Vucic did hit back when Twitter took down the almost 9,000 accounts it accused of “inauthentic coordinated activity” to promote him and his party.

“I’ve no idea what it’s all about, nor does it interest me,” he told a news conference on April 2. “I’ve never heard that anyone on Twitter ever had anything positive to say about me.”

Such denials ring hollow for people like Xud. “People have to know that something like this exists,” he said.

Andjela Milivojevic is a Serbian investigative journalist, specialising in reporting about corruption and crime. For nearly ten years, she worked for the Centre for investigative journalism of Serbia and is now a freelance reporter for several media outlets in Serbia and Kosovo.

This article has been produced as part of the Resonant Voices Initiative in the EU, funded by the European Union’s Internal Security Fund – Police. The content of this story is the sole responsibility of BIRN and can in no way be taken to reflect the views of the European Union.

Romanians Behind Cyber-Fraud Ring Plead Guilty in US

Fifteen defendants including several Romanians have pleaded guilty before a US judge of involvement in a multi-million dollar scheme to defraud US citizens through online auctions of non-existing goods, a US Justice Department statement issued on Monday by the US embassy in Bucharest said.

The defendants, many of whom were extradited from Romania in 2019, are yet to be sentenced in the US. Most of them operated from the city of Alexandria in Teleorman Country near the border with Bulgaria, in the south of Romania, court documents show.

The syndicate was active from 2013 and most of its members were arrested in 2018 in Romania.

They typically made money posting ads of cars that didn’t exist and convincing American victims to “send money for the advertised goods by crafting persuasive narratives, for example, by impersonating a military member who needed to sell the advertised item before deployment,” the statement read. To carry out the fraud, they created fictitious online accounts, often using stolen identities of US citizens. 

They also delivered fake invoices issued in the name of reputable companies to make the transactions look legitimate, and went as far as setting up call centres operated by ring members who impersonated customer support agents to assure victims of the authenticity of the ads.

The latest to plead guilty did so last week before a court in Kentucky. 

One suspect, Bogdan-Stefan Popescu, 30, who operated a carwash in Bucharest at the time of the events, admitted to managing the ring’s activities by distributing “the language and photographs for fake advertisements as well as usernames and passwords for IP address anonymizing services” used to defraud its victims in the US.

Popescu said he connected members of the syndicate with those “who would impersonate eBay customer service representatives over the phone”. Starting from 2013, he also oversaw Bitcoin transactions with the money obtained from the frauds, the plea documents show.

Another who last week pleaded guilty was Liviu-Sorin Nedelcu, 34, who posted fake vehicle ads online using fictitious entities to sell vehicles. Once Nedelcu and his co-conspirators convinced victims to purchase falsely advertised goods, they sent the victims invoices for payment that appeared to be from legitimate sellers, such as eBay Motors,” the US statement read. Nedelcu and his co-defendants “engaged in a sophisticated money laundering scheme to convert the victim payment into Bitcoin”.

Weeks before, on May 19, Vlad-Calin Nistor, 33, also pleaded guilty. He confessed to being the founder of a Bitcoin exchange company based in Romania and to having “exchanged over $1.8 million worth of Bitcoin for co-defendant Bogdan Popescu.” Another member of the ring, Beniamin-Filip Ologeanu, 30, also from Romania, worked with others to post advertisements in auction websites such as eBay and classifieds online service Craiglist and conspired with the gang US-based associates to launder the proceeds.

Twitter Purges ‘Fake’ Accounts Glorifying Turkish Leader

Twitter said it had removed 7,340 “fake and compromised” accounts on Friday, which were linked to the youth branch of Turkish President Recep Tayyip Erdogan’s Justice and Development Party, AKP.

“The collection of fake and compromised accounts was being used to amplify political narratives favourable to the AKP, and demonstrated strong support for President Erdogan. We’re disclosing 7,340 accounts to the archive today,” Twitter wrote.

On Friday Twitter disclosed more than 32,000 accounts in all, mostly from China – 23,750 accounts, Turkey and Russia because they were suspected of being “state-linked information operations”.

Twitter said it had worked with the Australian Strategic Policy Institute ASPI and Stanford Internet Observatory SIO and had shared relevant data with them.

“Collaborative research provides us with a way to learn from past operations and mitigate future malign efforts,” SIO wrote on Twitter’s latest decision.

According to media reports, Erdogan ruling party and its youth branch run tens of thousands of essentially fake accounts, promoting the President. These accounts are often nicknamed the “Ak Trolls”.

Twitter also said that the accounts had hacked other accounts that were more critical of President Erdogan. They were also used for commercial activities, such as cryptocurrency-related spam.

Twitter’s policy on manipulation and spam prohibits “coordinated activity that attempts to artificially influence conversations through the use of multiple accounts, fake accounts, automation and/or scripting”.

Twitter previously deleted thousands of accounts from Egypt, Honduras, Indonesia, Saudi Arabia and Serbia for similar reasons.

Serbia was by far the top country in terms of the number of removed accounts. Twitter axed almost 9,000 accounts in April that were promoting Serbia’s ruling Progressive Party and its leader, President Aleksandar Vucic, so violating company policy on manipulation and spam.

Google for Nonprofits Further Expands in Balkans

Media giant Google has announced that Google for Nonprofits, which offers eligible organizations access to Google products that can help them solve some of the challenges that nonprofits face, has expanded to ten more states: Nigeria, Tanzania, Ghana, Pakistan, Ukraine, Bosnia and Herzegovina, Malta, Cyprus, Iceland and Ecuador.

The Google products can help nonprofits deal with such challenges as finding new donors and volunteers, working more efficiently, and getting supporters to take action.

As of June 9, nonprofits in the 10 new countries will have access to digital tools to continue operations, maintain productivity and raise awareness, such as Gmail, Docs, Calendar, Drive, and Google Meet and various others.

Google for Nonprofits provides access to these products at no charge: G Suite for Nonprofits and nonprofit discounts for G Suite Business and Enterprise; Google Ad Grants; YouTube Nonprofit program and Google Maps Platform. Eligible nonprofits should nevertheless check the availability of these products in their respective countries.

Some of the benefits include unlimited email addresses at a nonprofit’s custom domain via Gmail, the use of a Google Meet video conference and its premium features, that can host up to 100 participants, use of shared drives for additional storage, a 24/7 support by phone, chat, and email. Users will also be able to access Google Docs, Sheets, Forms, and Slides from any device, with 30GB of storage space per user across Gmail and Google Drive.

Thanks to Google Ad Grants, nonprofits will be able to receive up to $10,000/month in text-based ads on Google Search to raise awareness for their nonprofit organisation.

Google for Nonprofits is available in 67 countries, receiving over 1,000 new applications each week from organizations around the world. Apart from Bosnia, other countries from the region on the list include Serbia, Romania, Croatia and Bulgaria.

Computer Virus Stops Sarajevo Municipality Issuing Birth Certificates

A Sarajevo municipality has temporarily stopped issuing birth certificates due to a computer virus that locks documents in its database for the second time in some two weeks.  

The central Centar Municipality, whose offices are next door to the Bosnian presidency building, said on its website that the problem caused by a “ransomware virus” was detected on Saturday. Such viruses typically block computer systems and their originators demand payment in exchange for removing them.  

But the municipality denied that it was the target of a hacker attack, or that the central electronic register with all birth and death certificates in Bosnia’s Federation entity was in danger of being wiped out, as the Interior Ministry of the Federation entity was quoted as saying by the media.   

“Information about a targeted attack on the IT system of the Center Municipality and the destruction of the registar and documents is not true,” the municipality said. It added the problem was reported to the police, as it was the second time in a little over two weeks that this happened.  

On May 22, the municipality reported on its website that the issue of birth, death and marriage certificates was stopped because of “an electrical problem” but added that it was soon resolved.

Bosnia lags behind with the introduction of e-government, but the Centar municipality has provided a number of services electronically. 

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now