Author: BIRD

Romania Recognises Cyber Harassment as Form of Domestic Violence

Posted on by BIRD

As of July 9, Romania will recognise cyber harassment as a form of domestic violence under recently-adopted amendments to the country’s 2003 Law on Domestic Violence published in the Official Gazette on Monday, Romanian media reported.

The move follows a ruling against Romania in February by the European Court of Human Rights over the state’s failure to protect the Internet privacy of an abused woman whose Facebook profile and emails were accessed by her former husband.

There are frequent reports in the Romanian media of sexual violence against women and minors in which the perpetrators make first contact via social media.

Under the amendments, ‘cybernetic violence’ includes “online harassment, online messages that instigate hatred for reason of gender, online stalking, online threats, publication of information and intimate graphic content without consent, [and] … illegal interception of communications” of a digital or online nature.

The use of social networks or emailing services “with the aim of shaming, humiliating, provoking fear, threatening, [and] silencing the victim” of domestic abuse also constitutes cybernetic violence, under the new text of the law.

The changes task the National Agency for Equality of Opportunity between Women and Men with promoting research in the field of artificial intelligence that would help “prevent potential risks of technologies that perpetuate sexism, gender stereotypes and cybernetic violence”.

In an op-ed published on the news portal hotnews.ro, lawyers Monica Statescu and Simona Ungureanu hailed the amendments as “an important step in protecting a significant segment of the victims of aggressive behaviour online.”

The lawyers called for “the adoption of an explicit set of rules that incriminate any violent online activity regardless of the relation between the victim and the aggressor”.

Pandemic Worsens Crisis for Media in Central, Eastern Europe

Posted on by BIRD

The COVID-19 pandemic in nine countries of Central and Eastern Europe has caused major difficulties to the media in continuing their work, especially the print media, and has further undermined press freedom, a report published on Friday by the Berlin-based media NGO n-ost said.

The report looks at the situation facing the media in Bulgaria, Croatia, the Czech Republic, Hungary, North Macedonia, Poland, Romania, Serbia, and Slovenia.

Its main conclusions are that the pandemic has accelerated the transition from print to online media, but that “recent surges in online readership have not translated into more financial stability”.

It said that the “lockdowns have caused print media sales and advertising revenue to collapse” and that “various emergency laws and provisions allowed governments increased control over public information”.

While the economic situation differs from country to country, the situation in each with regards to media freedom tends to be similar.

The majority of governments in the region, it said, have used the health situation to tighten control over the information flow, limiting access to COVID-19-related data beyond those officially announced, for example.

Some countries, like Serbia or Hungary, passed laws or regulations penalizing reporting on unauthorized information.

Some media outlets in Bulgaria either cut pay for journalists during the crisis, or fired staff, or shut down entire newsrooms.

The situation is especially hard for Bulgarian regional publications, “which have been struggling to stay afloat for years, [and] are expected to bear the brunt of the coronavirus-related crisis”, the report said.

According to the same report, the COVID-19 pandemic has also hit freelance journalists in Croatia hard.

“According to a survey conducted by the Trade Union of Croatian Journalists in April, 28.7 per cent of 164 freelance journalists surveyed had had all their assignments (and 26 per cent most of their assignments) cancelled since the beginning of the crisis,” the report said.


Journalists watch on TV the broadcast of the program convention of President Andrzej Duda presented in the village of Szeligi, Poland on May 1, 2020. Due to the outbreak of the coronavirus, the event takes place without the participation of the public. Photo: EPA-EFE/RADEK PIETRUSZKA POLAND OUT

In the Czech Republic, Respekt, one of the country’s most important print weeklies, “reported a 60-70 per cent drop in advertising revenues compared to pre-pandemic levels”, it noted. Similar falls happened in other print media.

“In contrast to print media, online news platforms recorded surging visitor numbers in March and April, in some cases increases of more than 100 per cent … However, figures from mid-May suggest that visitor numbers are returning to pre-crisis levels,” the report said.

The situation is similar in Poland and Hungary. Some two-thirds of Hungary’s media outlets told the Hungarian Publishers’ Association that the situation caused by the pandemic had caused major disruption to operations. One of the most affected areas is the advertising market.

“The stagnation of the advertising market played a significant role in the loss of revenue, which according to the advertising companies, may reduce the overall size of the market by 38 per cent, or HUF 75 billion [some 213,4 million EUR] in 2020 on a year-to-year basis,” the report said.

In North Macedonia, some media had to form their own internal solidarity fund in order to help colleagues that risk losing their jobs.

In Romania, businesses affected by the lockdown have stopped advertising, depriving the local media of one of their most important sources of income.

“Interviews with local media managers indicate that they have lost 70 to 80 per cent of their advertising budgets since the pandemic began, pushing them to the verge of collapse,” the report noted.

Serbia also noted a decrease in newspaper circulation during the crisis. Unofficial data that the report quotes say that “daily newspapers, with the exception of Danas, have seen a drop of between 35-50 per cent in circulation during the crisis”.

According to the report in Slovenia “the media’s advertising revenues have been slashed by a third after private companies went out of business”.

“Confronted by the crisis, media outlets have laid off staff, forcing journalists into the government’s special COVID-19 job retention scheme or cutting their salaries by 10 to 20 per cent,” the report said.

The Life and Times of Red Mud Reservoir № VII

Posted on by BIRD

The Life and Times of Red Mud Reservoir № VII’ is a collaboration between an anthropologist (Ian M. Cook) and a graphic artist/illustrator (Gyula Németh) about a bauxite tailings storage facility in the settlement of Almásfüzitő, Hungary. It is based on the investigative story previously published by the Atlatzo.

It is one output from the project ‘Black Waters’, a hybrid investigative-research and advocacy project that responds to the need for engaging reporting on environmental damage, corruption and the consequences for social justice in Central and Eastern Europe (CEE). Over twelve months, a team of researchers, journalists and audio-visual artists developed novel multimodal methodologies, conducted mixed-methods research, and reported their findings.

Project is run by the Center for Media, Data and Society at the Central European University in partnership with Atlatszo and the Balkan Investigative Reporting Network. It was supported by the Open Society Initiative for Europe. The research team further included Alexandra Czeglédi (research assistant), Gabriella Horn (investigative journalist) and Márta Vetier (researcher). 

The non-public figures who appear in the following pages are composite characters based on interviews in the settlement. They are not intended to represent real people. The story is narrated by the reservoir itself and covers the historical, political, theoretical, cultural and social aspects of Red Mud Reservoir № VII and those who live in its vicinity.

North Macedonia: Facebook Pages Target Users with ‘Identical Content’

Posted on by BIRD

The Atlantic Council’s Digital Forensic Research Lab, DFRLab, which works to counter disinformation online, says its researchers have found dozens of Facebook pages linked to at least 10 Macedonian news outlets, demonstrating “several characteristics pointing to coordinated activity, including the near simultaneous publication of identical content”.

While some of these Facebook “assets” acknowledged their connection to the outlets whose content they were amplifying, others had no known connection.

“The assets also demonstrated signs of inauthenticity, as they were created as various interest pages, but ultimately promoted content from news sites to which they disclosed no connection,” DFRLab said.

It added this was clearly an efficient strategy, as the pages in every network had more followers than the official Facebook pages of the promoted media outlets.

A total of four separate networks or subsets of coordinated Facebook assets were amplifying content published by some of these websites: Republika Online, Kurir, Denesen, News24, Puls 24, Galama Club, among others. 

Only one of these is a tabloid. The others publish mostly political content: one of the outlets is openly pro-opposition. The others offer more balanced reporting on internal affairs. 

DFRLab research found coordination within networks of pages, but not across the four networks. There was also no sign that North Macedonian media outlets themselves managed the inauthentic networks.

The Facebook pages were created between 2009 and 2018 and were mostly managed from North Macedonia. Some were managed from the US.

According to DFRLab’s research, some of the Facebook pages seemed connected to Adinamic Media, which publishes news sites supporting the main opposition VMRO-DPMNE party. 

This media company is believed to have links with the Hungarian pro-government public TV network, Magyar Televizio, MTV.

Researchers said the presence and success of these networks had added to the political polarization in North Macedonia ahead of early parliamentary elections due this year. 

“The use of an inauthentic network on social media may enable political forces to mislead people and spread manipulated content to garner voter support, raising a concern on the integrity of the electoral process in the country,” DFRLab said.

VMRO-DPMNE, Putin and right-Wingers

Different pages amplified the same content at the same time from the same media outlets. Red boxes highlight posts from official Facebook pages of Vistina and Republika showing simultaneous posting by official and amplifier pages. Photo: Courtesy of DFRLab

According to the research, the first network consisted of seven Facebook pages that were amplifying articles published by Republika Online, Kurir, Denesen and Vistina

Vistina is a tabloid and doesn’t cover political topics. The remaining three mainly report on political issues and feature pro-VMRO-DPMNE views. All are owned by the same media holding, Adinamic Media, which is connected to Hungary’s MTV, the report said.

According to the Organized Crime and Corruption Reporting Project (OCCRP), a former senior executive at MTV, Agnes Adamik, established Adinamic Media in 2017. The company then purchased a majority of shares in three media companies in the country, mostly supporting VMRO-DPMNE.

According to some experts, these acquisitions helped Hungary’s Prime Minister, Viktor Orban, expand his and his country’s influence in the Balkans. They also supported his then ally in Macedonia, Nikola Gruevski, who obtained asylum in Hungary after fleeing a prison sentence in his home country in 2018.

The Facebook pages in this network posted almost identical articles and at the same frequency. The total number of followers of the seven pages was more than 690,000, while the official Facebook pages had less than 300,000 followers.

“This may indicate that since these outlets had not been successful in growing audiences for their official Facebook pages, they decided to create coordinated networks to amplify their content,” the researchers say.

The second network comprised 17 Facebook pages publishing content from three news outlets: Markukle, News24 and Signal. These also report political issues, but their content is not openly anti-government. 

Some publish supportive articles on Russian President Vladimir Putin, portraying him as an influential leader who upholds traditional values and helps friends in need. News24 sometimes amplified Russia Today and Sputnik videos.

As for the third network of pages, the DFRLab researchers found that the “amplifier pages … may be connected to Filip Petrovski, a right-wing presidential candidate in the 2019 North Macedonia presidential elections and a former member of VMRO-DPMNE party”.

Petrovski opposed the country’s change of name to North Macedonia and has called for the cancellation of the related Prespa agreement with Greece, signed in 2018. Petrovski also posts News24 articles on his own Facebook account.

Two pages in this network had names related to Petrovski, and their “about” sections contained details from his biography and political views.

The fourth network of Facebook assets amplified content published by two outlets, Net Medical Diet, which reports on health, and Galama. According to the research, the eight amplifier pages were managed from North Macedonia and from the US.

DFRLab also found five Facebook pages amplifying content from outlets owned by EM media, in which Adinamic Media has a majority of shares.

“Although the DFRLab was not able to identify coordination between them, there is a likelihood that EM Media was using these assets for content promotion,” the report said.

Google Brings Fact-Checking to Images

Posted on by BIRD

After introducing fact-check features to Search and News, Google announced on Monday that it was “surfacing fact-check information in Google Images globally to help people navigate these issues and make more informed judgments about what they see on the web”.

As of June 22, searches on Google Images have triggered a “Fact-Check” label under the thumbnail image results. Tapping one of the results to view the image in a larger format reveals a summary of the fact-check that appears on the underlying web page. The labels may appear for fact-check articles about specific images and for fact-check articles that include an image in the story.

Fact-check labels appear on results that come from independent, authoritative sources on the web that meet Google’s criteria, the media giant said. 

For these sources, Google uses ClaimReview, an open method used by publishers to indicate fact-check content to search engines. For instance, YouTube also leverages ClaimReview to surface fact-check information panels in Brazil, India and the US. The full fact-check library can be accessed through a dedicated search tool and an open API

“Just as is the case in Search, adding this label in Google Images results does not affect ranking; our systems are designed to surface the most relevant, reliable information available, including from sources that provide fact-checks,” Google said.

“Taken together, these efforts not only highlight the significant contributions of the fact-check community, but they also ensure that people have access to critical context about the information—and now images—they encounter online,” Google added.

The Castle: How Serbia’s Rulers Manipulate Minds and the People Pay

Posted on by BIRD

His Twitter name is ‘Robin Xud’, a Serbian homage to the legendary English outlaw hero who robbed from the rich and gave to the poor.

And just like the Sheriff of Nottingham in the ballads of Robin Hood, Xud’s enemy resides in a castle, in this case an Internet database registered in 2017 at www.castle.rs

Staring into two monitors in a dimly-lit room, Xud – who spoke on condition BIRN did not reveal his true identity – is part of a small team of programmers tracking the online operations of Serbia’s ruling Serbian Progressive Party, SNS.

According to Xud’s band of merry men and the findings of a BIRN investigation, the Progressives run an army of bots via the ‘Castle’ working to manipulate public opinion in the former Yugoslav republic, where President Aleksandar Vucic, leader of the party, has consolidated power to a degree not seen since the dark days Slobodan Milosevic at the close of the 20th century.

With the help of the programmers, this reporter gained exclusive access to the network for several months in 2019, observing how hundreds of people across Serbia log into the Castle everyday during normal working hours to promote Progressive Party propaganda and disparage opponents, in violation of rules laid down by social network giants like Twitter and Facebook to avoid the coordinated manipulation of opinion.

It is a costly operation, one that the Progressive Party has not reported to Serbia’s Anti-Corruption Agency. But the party doesn’t foot the bill alone.

This investigation reveals that some of those logging into the Castle are employees of state-owned companies, local authorities and even schools, meaning their botting during working hours is ultimately paid for by the Serbian taxpayer.

“Right now, over 1,500 people at least are botting every day,” said Xud. “They sit there in their jobs and instead of working they spit on their people.”

‘This is not activism’


Row of campaign billboards of the ruling Serbian Progressive Party (SNS) in Belgrade, Serbia, 2020. Photo: PA-EFE/KOCA SULEJMANOVIC

The Progressive Party took power in Serbia in 2012, four years after Vucic split from the ultranationalist Serbian Radical Party and declared himself a changed man who now favours integration with the European Union after years of demonising the West.

As the opposition splintered, the Progressive Party established itself as the dominant political force with Vucic as its strongman. It is widely expected to win handsomely in parliamentary elections on June 21.

Serbia’s minister of information during the 1998-99 Kosovo war, when NATO bombed to halt a wave of ethnic cleansing and mass killing in Serbia’s then southern province, Vucic has presided over a steady decline in media freedom since taking power.

Critics find themselves shouted down and pushed to the margins, the most vocal dissenters often targeted for online abuse.

In April this year, the Progressive Party’s online escapades made international headlines when Twitter announced it had taken down 8,558 accounts engaging in “inauthentic coordinated activity” to “promote Serbia’s ruling party and its leader.”

BIRN has reported previously on how some of these accounts made their way into pro-government media, their tweets embedded in articles as the ‘voice of the people’.

This story lifts the lid on the scope of the Progressive Party’s campaign, how it directs the tweets, retweets and ‘likes’ of an army of people and how ordinary Serbs are footing part of the bill.

“This is not about activism, where a person writes what he wants or what he believes in,” said Xud. “These people have tasks; it is literally written what they need to criticise and how to criticise”.

The Progressive Party did not respond to questions submitted by BIRN for this story. However, in early April, after the Twitter announcement, Slavisa Micanovic, a member of the party’s main and executive boards, took to the platform to dismiss claims about a “secret Internet team” within the party, saying everything was public and legitimate.

“What exists is the Council for Internet and Social Networks, established in the party congress of 2012 and which can be found in the Statute and deals with promoting the party on the Internet and social networks,” Micanovic tweeted.

Reporting for duty

One August day in 2019 began like this:

At 7.56 a.m., a user named Nada Jankovic logged into the Castle from the town of Negotin, near Serbia’s eastern border with EU members Romania and Bulgaria. “Good morning, duty officer,” Jankovic wrote. Minutes later, in Sabac, just west of Belgrade, Dusan Ilic joined in with the words, “Good morning all”.

The bots had reported for duty, each entering the Castle system via a private account.

Xud and his team first accessed the Castle in January 2019 via an account with a weak password.

The Castle, they found, links to all Facebook and Twitter accounts operated by each user – frequently more than one per user – and lists five Twitter profiles they are obliged to follow: the official accounts of the ruling Progressive Party, President Vucic and Interior minister Nebojsa Stefanovic, as well as the accounts of two Progressive Party officials – deputy leader Milenko Jovanova and Micanovic.

‘Daily performance reports’ contain the name of the user, the municipality where they logged in and the extent of their activity on a given day: comments, likes, retweets and shares.

Points are allocated depending on how busy a user has been, though it is not clear whether this translates in rewards.

“The system is designed to follow every step the bot takes, from morning to night,” said Xud. “Everything is recorded in the Castle.”

Once logged on, the bots await their instructions.


Active users inside Castle system. Screenshot: BIRN

On August 2, it was to shoot down criticism of Vucic’s appearance the day before on a pro-government private television channel called Pink

Vucic had caused a storm when he read from classified state intelligence documents the names of judges and intelligence officials who he alleged had approved covert surveillance against him between 1995 and 2003, a period when Vucic, then a fierce ultranationalist, was in and out of government.

Critics accused him breaking the law by quoting from classified files.

So the Castle kicked in, with the following instruction:

“When replying to this and similar tweets, use this guideline: According to the Law on Data Secrecy (Article 9), the President of the Republic has the authority to extend the secrecy deadline (Art. 20) and revoke the secrecy seal (Art. 26) if it is in the public interest.”


An example of a guideline for Twitter in Castle system. Screenshot: BIRN

Days later, on August 5, a picture of Vucic started doing the rounds on Twitter in which he wore sneakers that critics said were worth 500 euros. The Castle turned its sights on his political opponents, Dragan Djilas and Vuk Jeremic; one bot tweeted, “Where did Djilas get half a million euros in his account from?”

In the space of just one day that BIRN monitored, the Castle bots were sent 60 different Twitter posts they were instructed to combat; the majority were posted by opposition leaders Djilas, Jeremic, Bosko Obradovic, Sergej Trifunovic, Dragan Sutanovac, Zoran Zivkovic and Velimir Ilic.

The Castle ‘special bots’ in charge of issuing instructions stressed the need to avoid detection; in late January 2019, users received a link to a statement by Vucic in which he condemned insults directed by his former mentor, the firebrand Radical Party leader Vojislav Seselj, at a female MP from the opposition Democratic Party, Aleksandra Jerkov.

The instruction read: “We are writing comments on this news in the sense: He (Vucic) did not apologise, because there is nothing to apologise for. He condemned the insults as he would for anyone, unlike the opposition which supports opposition leaders who call women derogatory names.”

“Write in your own words,” it stressed. “DO NOT COPY THE GUIDELINE!!!”


Instruction to defend Vucic. Screenshot: Robin Xud

Botting while at work, on the taxpayer dime

Among those receiving such guidelines is Milos Jovanovic, a former public sector employee in the youth office of the local authority in Cukarica, a municipality of the Serbian capital, Belgrade, but now deputy director of the Gerontology Centre in Belgrade, which helps care for the elderly.

Jovanovic is paid out of state coffers. But according to BIRN monitoring, last year he spent much of his working day logged into the Castle. He declined to comment when contacted by BIRN.

Fellow Castle users are Mirko Osadkovski, employed in the local authority in Zabalj, northern Serbia, as a member of the Commission for Statutory Issues and Normative Acts and a local councillor, and Damir Skrbic, head of the communal services in the municipality of Apatin near the western border with Croatia.

Osadkovski did not reply to emailed questions. Skrbic declined to comment when reached by phone.

But they are not the only ones.

The Castle database contains the names of at least two Progressive Party people elected to the local assemblies of Vrsac, near the Romanian border northeast from Belgrade, and Sabac – Milana Kopil and Nenad Plavic respectively.

Kopil responded that she would not comment for BIRN. “As someone who supports the policies of Aleksandar Vucic, I have absolutely nothing positive to say about BIRN,” Kopil said. Plavic said he would only talk after the June 21 election.

Then there are those employed in public enterprises such as state-owned power utility Elektroprivreda Srbije, and others who work in schools.

In August last year, the Nis-based portal Juzne vesti published the ‘testimony’ of an unnamed Progressive Party member and former member of the party’s ‘Internet team’ who said that the bots had been organised by party officials with the intention of creating a false image of public satisfaction with the government. He also said that most of the bots were employed in public companies and risked dismissal if they did not follow orders.

Costly operation

The website http://castle.rs/ was first registered in October 2017. Its ownership has not been visible since the privacy clause for this domain was activated. But there is ample evidence that it is controlled by the Progressive Party, not least the IP address.

According to the IPWHOIS Lookup tool on ultratools.com, the IP address found in the code of a mobile application that existed in Castle, 77.46.148.99, was registered in March 2016 at the same address as the party’s Belgrade headquarters in Palmira Toljatija Street. It is one of eight IP addresses leased by the party, from 77.46.148.96 to 77.46.148.103.


SNS as an owner of the IP addresses. Screenshot: WHOIS

The ultimate owner is Telekom Srbija, a state-owned telecommunications company.

BIRN asked Telekom Srbija how much the Progressive Party pays for use of its static IP addresses and when the lease agreement was made. The company replied:

“Telekom Srbija has a commercial contract with the SNS, just as we have commercial contracts with thousands of other legal entities. We repeat, we cannot disclose the details of contracts with our customers.”

However, Andrej Petrovski, a cyber forensics specialist and Director of Tech at the Belgrade-based SHARE Foundation, which works to advance digital rights, said such an operation “does not come cheap.”

“Apart from renting a certain server or buying it and physically keeping and maintaining it – which is the more expensive operation – they also need to buy a domain, a certificate for protection of communication and fixed IP addresses,” Petrovski told BIRN.

“They need administrators who will administer the database and of course there is the cost of the people who work, who are managed through that application.”

Successive Serbian governments have used their hold on power to fill public sector bodies with party loyalists, and the Progressives are no different.

Petrovski said he doubted any other political party had the resources to mount a similar operation on such a scale.

“At the moment, I don’t think any other political party has the money to invest in something like this or is big enough to have an efficient system,” he said. “SNS is proud to have the most activists and to be the largest party in Serbia. It’s logical they are the only ones with the resources and the need for such a tool.”

Hidden costs


Supporters of Serbian progressive party wait in the sun in front of the Serbian national assembly building in Belgrade, Serbia, 2017. Photo: EPA/KOCA SULEJMANOVIC

Political financing laws in Serbia require parties to report their expenses to the Anti-Corruption Agency, which is tasked with preventing financing abuses.

But the Progressive Party’s financial reports since 2013 make no explicit mention of the money spent to create and maintain the Castle system.

“In itself, it is not against the law on financing political activities for a party to buy such software or pay activists to work on it, but it must be recorded in the financial reports,” said Nemanja Nenadic, programme director at the Serbian chapter of Transparency International.

“If it is not recorded financially, then that is a problem.”

“If it was paid for by someone other than the party itself, then it should have been reported as a gift, as a contribution given to the political party by the person who made the payment,” Nenadic told BIRN.

BIRN asked the Anti-Corruption Agency whether the Progressive Party had ever reported such costs. In its response, the Agency cited all obligations a political entity has in terms of reporting its holdings and expenses, but did not comment on the specific case.

Mladen Jovanovic, head of the National Coalition for Decentralisation, which promotes civic participation in local politics, said there was a simple explanation for how some of those working on Castle are paid: from state coffers via public sector jobs.

“The flow of money needs to be checked,” said Jovanovic, whose coalition follows the misuse of public money in Serbia. “That’s the task of the prosecution, because we’re talking about corrupt work that damages the budget.”

“That old dream of all totalitarian regimes, that all citizens say what the leader thinks, has been realised in virtual time by creating in essence virtual citizens.”

On the receiving end


Illustration. Photo: Unsplash/camilo jimenez

Like any other political party, the Progressive Party does not deny promoting itself on social media, but says its ‘Internet team’ is made up of party activists no different from those canvassing for support on the streets.

But BIRN’s analysis of the Castle database shows that the bots do not stop at promoting the party; they frequently target public figures, including journalists and NGO activists.

Zoran Gavrilovic, a researcher for the think-tank Bureau for Social Research, BIRODI, experienced this first hand after he appeared on television to discuss his findings with regards the ruling party’s dominance of the media landscape in Serbia.

Facing a string of insults and threats via Twitter, Gavrilovic responded with the tweet: “A bot is a person who, of free will or due to blackmail, abuses the right to free speech in online and offline space. Botting is a corrupt form of behaviour directed against the public, governance, freedom of speech and the rights of citizens.”

Speaking to BIRN, Gavrilovic said lawmakers should act to rein in such behaviour.

“I look at it as like the para-military formations of the 1990s [during the Yugoslav wars]. There’s no public debate. You are simply an enemy who should be spat on and kicked immediately. It is a para-political organisation.”

The Castle, however, is not the Progressive Party’s first attempt at manipulating public opinion in Serbia via social media.

In 2014, Xud and his fellow programmers uncovered an application called ‘Valter’, after the popular 1972 Yugoslav film about Partisan resistance fighters, Walter Defends Sarajevo.

Unlike the Castle, which works via the Internet, Valter was installed on the home computers of activists and members of the Progressive Party’s Internet team.


Valter software from 2014. Screenshot: Robin Xud

Valter was eventually replaced by Fortress, but when the Serbian portal Teleprompter reported on its existence in April 2015 hackers managed to take down the text and eventually the entire site, which no longer exists. Teleprompter no longer exists.

While the Progressive Party did not respond to a request for comment on this story, Vucic did hit back when Twitter took down the almost 9,000 accounts it accused of “inauthentic coordinated activity” to promote him and his party.

“I’ve no idea what it’s all about, nor does it interest me,” he told a news conference on April 2. “I’ve never heard that anyone on Twitter ever had anything positive to say about me.”

Such denials ring hollow for people like Xud. “People have to know that something like this exists,” he said.

Andjela Milivojevic is a Serbian investigative journalist, specialising in reporting about corruption and crime. For nearly ten years, she worked for the Centre for investigative journalism of Serbia and is now a freelance reporter for several media outlets in Serbia and Kosovo.

This article has been produced as part of the Resonant Voices Initiative in the EU, funded by the European Union’s Internal Security Fund – Police. The content of this story is the sole responsibility of BIRN and can in no way be taken to reflect the views of the European Union.

Google for Nonprofits Further Expands in Balkans

Posted on by BIRD

Media giant Google has announced that Google for Nonprofits, which offers eligible organizations access to Google products that can help them solve some of the challenges that nonprofits face, has expanded to ten more states: Nigeria, Tanzania, Ghana, Pakistan, Ukraine, Bosnia and Herzegovina, Malta, Cyprus, Iceland and Ecuador.

The Google products can help nonprofits deal with such challenges as finding new donors and volunteers, working more efficiently, and getting supporters to take action.

As of June 9, nonprofits in the 10 new countries will have access to digital tools to continue operations, maintain productivity and raise awareness, such as Gmail, Docs, Calendar, Drive, and Google Meet and various others.

Google for Nonprofits provides access to these products at no charge: G Suite for Nonprofits and nonprofit discounts for G Suite Business and Enterprise; Google Ad Grants; YouTube Nonprofit program and Google Maps Platform. Eligible nonprofits should nevertheless check the availability of these products in their respective countries.

Some of the benefits include unlimited email addresses at a nonprofit’s custom domain via Gmail, the use of a Google Meet video conference and its premium features, that can host up to 100 participants, use of shared drives for additional storage, a 24/7 support by phone, chat, and email. Users will also be able to access Google Docs, Sheets, Forms, and Slides from any device, with 30GB of storage space per user across Gmail and Google Drive.

Thanks to Google Ad Grants, nonprofits will be able to receive up to $10,000/month in text-based ads on Google Search to raise awareness for their nonprofit organisation.

Google for Nonprofits is available in 67 countries, receiving over 1,000 new applications each week from organizations around the world. Apart from Bosnia, other countries from the region on the list include Serbia, Romania, Croatia and Bulgaria.

Arena Housing Project Launches ‘Online Collaborative Environment’

Posted on by BIRD

The digital platform, which facilitates and promotes cross-border journalism and research focusing on the housing crisis across Europe, has launched its new online infrastructure, which will help journalists “work&talk in confidence, create private folders, wiki pages and group conversations”, Arena Housing Project announced via its Twitter account on June 3.

The platform now offers various tools for its registered members, such as Arena Housing Cloud and Office, Arena Housing Wiki and Arena Housing Chat. It already hosts vast public resources, including the Arena Housing Knowledge Base, a comprehensive repository of different kinds of informative resources regarding housing (reports, data sets, visualisations as well as public policy and court cases;) and the Arena Housing List, launched in September 2019, which provides members with a place to share data sources, reports, media articles, contacts and other resources concerning housing.

The Arena Housing Project was created following the 2019 Dataharvest conference, as a consequence of a transnational nature of the housing crisis in Europe. Its goal is to “empower journalists and other researchers working on housing across Europe and assist them in doing cross-border collaborations, so that their work gets more visibility and achieves a greater impact”. 

“The Housing Project also has the ambition to bridge the knowledge and communication gap across European borders and between the local, national and EU levels,” its website says.

So far, Arena has developed a network of journalists and other professionals working on housing issues in towns and cities across Europe.

Signal Announces Blur Tool to Protect Protesters’ Privacy

Posted on by BIRD

The latest version of Signal for Android and iOS introduces a new blur feature in the image editor that is designed to help protect the privacy of the people in photos shared over the application, Signal has announced

The US giant announced a change in its much-used application after a series of protests against police brutality in the US that then spread around the world, following the police killing of African American George Flloyd, and more recently, of Breonna Taylor. 

‘’Now it’s easy to give every face a hiding place, or draw a fuzzy trace over something you want to erase. Simply tap on the new blur tool icon to get started,” Signal says.

The update has already been submitted to app stores, and is expected in the coming days. The new feature leverages the latest system and platform-level libraries for Android and iOS. In order to maintain privacy, all of the processing happens locally on users’ own devices.

These system libraries are not perfect and don’t detect every face 100 per cent of the time. These flaws and potential biases mean that it is important to extend their default functionality so that users can always draw with the blur brush to manually obscure additional faces or areas in a photo.

Hackers Expose Gaping Holes in North Macedonia’s IT Systems

Posted on by BIRD

North Macedonia’s officials are trying to persuade the country that after hackers recently leaked dozens of email addresses and passwords from staffers in public institutions, the situation is under control.

But, as they did so, some of the key pages of Skopje’s main local government’s website could not be reached since Thursday – in what looked like yet another serious breach of cyber-security.

Some pages on Skopje city’s official website, including the one about taxes, are currently marked not secure for use due to an “expired security certificate” – which experts said could lead to another breach of data privacy.

Web browsers such as Mozila and Google Chrome blocked access to some of the pages on the skopje.gov.mk website, meaning that the system could either be vulnerable to a hacker attack, or that the website’s users could be vulnerable to a “man-in-the-middle attack”, or MITM.

This is when attackers secretly alter communications between two sides and steal key information, such as passwords, messages or credit card numbers.

The latest security breach came after a Greek hacking group, called “Powerful Greek Army” leaked dozens of email addresses and passwords from staffers in the North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica – and bragged about their exploits on Twitter on May 10.

When and how the hackers got into these systems is still unclear, but both the North Macedonia’s Interior Ministry in charge of cyber-crime and the Greek authorities promised a swift joint investigation.

Recently, the Powerful Greek Army hacker group also took down the website of the Institute for Sociological, Political and Juridical Research at the country’s main Sts Cyril and Methodius University in Skopje.

Over the past few years, the government has promised to take action following a series of sophisticated and coordinated IT security breaches and hacker attacks on websites containing citizens’ data.

But some consider the country’s current response to cyber threats far too weak.

Speaking about the latest May 10 attack, the authorities shrugged off the threat, insisting that the hacked email accounts could not be accessed with the leaked passwords or with any other data sets. The data obtained by the hackers was more than seven years old, dating from 2013, they added.

“We have no evidence that the current email systems of those institutions have been hacked lately, and we are investigating all the details related to this case,” the government said in an upbeat statement.

It added that official email systems had been updated since 2013, and that protocols with complex passwords for official email addresses have been set, as well as other cybersecurity protocols in the systems that should reduce the risk of systems being compromised.

However, experts warn that although some steps have been taken, they are far from meeting the criteria that are needed. They say the latest incident should be seen as a warning about the kind of cybersecurity practices now being used in the country.

Experts say too many old operating systems are still being used, leaving state institutions vulnerable to hackers attacks, while staffers in these institutions lack proper training on security protocols.

A study in 2018 by the Ponemon Institute, which conducts independent research into data protection, looking at the cost of data breaches, said an average public-sector data breach could cost up to 2 million euros.

Government data breaches are meanwhile two-and-a-half times more likely to remain undetected for a year or more than those in the private sector, said a report by The Daily Swig, which focuses on bugs, viruses and data security issues.

In 2018, the then North Macedonia’s government adopted a national strategy and an action plan on cyber-security, but little has been done since.

In recent years, there have been other examples of poor protection of state institutions. Last year, a former member of parliament was arrested for hacking into the Central Registry.

In 2015, the Ministry of Information Society and Administration and the State Prosecution Office were among several institutions targeted by a hacker group, believed to have ties with jihadist groups in the Middle East.

Outdated operating systems are big concern


Photo: Screenshot

One of the major problems for North Macedonia’s IT systems is that most of the operating systems are outdated, and so are more vulnerable to attacks.

“The security of IT systems in the country most often does not meet the necessary standards,” Milan Popov, a Skopje-based cyber-security engineer with years of experience of IT security in the public sector, told BIRN.

“Old operating systems are still being used, websites often do not use security certificates, and weak passwords are used to log into systems,” he added.

“For example, many state institutions are still using the Windows XP system, known for its security vulnerabilities. All this leads to a great danger of compromising systems and potentially extracting sensitive data from users,” Popov continued.

The government adopted a national strategy and an action plan for cyber-security for the period of 2018-2022 in July 2018. The strategy aimed to define the critical infrastructure, and the role of each institution regarding cybersecurity efforts as a whole.

In 2019, it also formed a National Council for Cyber-security, comprising the ministers of Interior, Defence and Information Society. Although it was two years in the making, the council has held only one meeting so far, in January this year, when it held a constitutive session.

Regarding its goals, the council has stated that it will aim to implement the recommendations and cybersecurity practices of fellow NATO-member countries.

Strong and resilient cyber-defences are part of NATO’s core tasks of collective defence, crisis management and cooperative security.

One of NATO’s main objectives is strengthening its members’ capabilities in cyber-education, training and exercises. Member countries are also committed to enhancing information-sharing and mutual assistance in preventing, mitigating and recovering from cyber attacks.

According to the government budget for 2020, the country is investing just over 6 million euros in institutional IT support, from a projected budget of 71.6 million euros. The same amount was spent on IT support in 2019.

Staff need more education in IT security


Illustration. Photo: Unsplash

The email list published by the Powerful Greek Army hackers was concerning also as the employees of the Ministry of Economy and Finance might have used the same passwords for other accounts.

The attack aimed to reveal just how weak the system’s IT protection was. The hackers also promised a return visit. On their Twitter profile they wrote that they would “not stop attacking Skopje”.

The leaked lists contained examples of worryingly weak passwords. According to cyber-security experts, this alone was a cause of concern when it comes to the security of the administrative systems and the data of employees.

“Some of the security concerns here include passwords leaks, plaintext passwords, passwords that contain a part of the last name, are only in letters or only in numbers, are shorter than eight characters, and are without special characters,” Martin Spasovski, a Skopje-based software engineer, told BIRN.

Some of the methods that hackers use to steal passwords are phishing, password spraying, or keylogging. When it comes to passwords, he said users should always pay attention to password strength. In most cases, a strong password policy can make a difference in preventing such attacks.

To prevent more such incidents, state institutions have to educate IT staff more about the various challenges that hacking threats pose, experts note. “Protection requires a serious investment of hardware and software, but the most crucial need is to educate the IT staff on how to use all of this,” Popov emphasized.

“It’s also extremely important to educate non-IT staff on how to recognize various hazards such as social engineering, malicious websites, or working with sensitive data.”

A study conducted by international cybersecurity scholars in 2018 reached similar conclusions about the importance of training.

“Within public institutions, training in cybersecurity issues both for IT staff and general staff is very limited, and it is often at the discretion of management whether a member of staff is permitted to attend a general cybersecurity training or certification course,” it noted.

The Defence Ministry, one of the main components of the cyber-security critical infrastructure, says it regularly conducts cyber-security training for its employees.

“During 2019, 10 trainings on raising cyber-security awareness were conducted, in which 152 ministry employees participated. The Army also conducted training that covered over 1,200 members,” the Defence Ministry told BIRN in a statement.

For 2020, the Defence Ministry planned to conduct training for 150 employees that was supposed to start in April, but had to delay them because of the pandemic measures.

“Securing the cyberspace, being of utmost importance to all organizations involved in the digital world in any aspect, is the main focus of the Cybersecurity Specialist Academic Track – part of the Computer Networks Academy at SEDC”, Toni Todorov, senior DevOps engineer with SEDC, one of the country’s biggest computer education centres, told BIRN.

“Governments across Europe are heavily investing (and will invest even more) time and resources in raising awareness and remediating the threat to the security of their citizens, especially the digital kind,” Todorov added.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now