Some Telco Users in Balkans, Moldova, in Dark over Rights

Consumers of telecom companies in five Balkan countries and Moldova face challenges in making sure their rights to privacy are respected, new research by BIRN has concluded.

The challenges range from language barriers that disadvantage national minorities to a lack of transparency or clarity with regards company services and secrecy surrounding how and when telecoms providers share user data with public authorities.

Such shortcomings, the research warns, pose a significant risk to the privacy rights of consumers in the countries concerned – Albania, Bosnia and Herzegovina, Kosovo, North Macedonia, Serbia and Moldova.

Applying methodology developed by Ranking Digital Rights, an independent research programme at the Washington-based New America policy think-tank, BIRN analysed the practices of the two biggest telecom companies in each country: Albtelecom and Vodafone Albania in Albania; BH Telecom and Telekom Srpske in Bosnia and Herzegovina; Ipko and Vala in Kosovo; A1 and T-Mobile in North Macedonia; Moldcell and Orange Moldova in Moldova; and Telekom Srbija and Yettel in Serbia.

The research found that telecom companies in Bosnia and Herzegovina, Kosovo, Moldova, and North Macedonia face a common challenge: language barriers and the comprehensibility of important documents outlining the rights and responsibilities of both the telecom company and the customer.

“… in some cases, the language used in these documents can be complex and difficult for users to understand,” the research paper states.

In Bosnia and Herzegovina, the BH Telecom Terms of Services document is written in complex, legalistic language that may be hard for many users to understand.

Despite their role in connecting people, in many cases telecom companies in these countries are falling short when it comes to non-majority communities.

In Kosovo, Vala’s Terms of Services are available in Albanian but not in Serbian, despite both being official languages of the country. Any non-Albanian speaker will have great difficulty understanding their rights and responsibilities as a Vala user.

Similarly in Moldova, both Moldcell and Orange Moldova provide their Terms of Services only in Romanian, while in North Macedonia, both T-Mobile Macedonia and A1 have their Terms of Services documents available in Macedonian and English but T-Mobile – unlike A1 which does have an Albanian version – does not provide an Albanian-language version. Roughly 25 per cent of the country’s population is ethnic Albanian and Albanian is one of the country’s official languages.

“This omission is especially important since it might exacerbate ethnic and national tensions in countries where such tensions already exist,” BIRN notes in its research.

The companies’ responses can be found in the full report.

‘Under the radar’

Illustration. Photo: EPA-EFE/YAHYA ARHAB

According to BIRN’s findings, none of the telecom companies analysed provides users with clear information about content or account restrictions. 

In Bosnia and Herzegovina, BH Telekom does not disclose any information about content or account restrictions; Telekom Srpske’s policy is vague, with the company pledging to notify users of temporary restrictions in an appropriate manner and in the shortest possible time. It provides no detail on how or when notification will be made or the reasons for the restrictions. 

“In Serbia, Moldova, Albania and North Macedonia, telcos operate under the radar with little transparency regarding their content and account restrictions policies,” the report says. 

“These companies provide no information on the circumstances under which content may be restricted or accounts closed and offer no clear remedies or recourse for affected users.”

In Kosovo, privately-owned Ipko does not disclose any information about content or account restrictions, while publicly-owned Vala says that it can restrict a user’s account without prior notification. 

“This lack of transparency from telcos can be seen as a violation of users’ freedom of expression,” BIRN states. “It can also raise concerns about the adequacy and fairness of the restriction process, as customers may not be informed of the reasons behind the restriction or told how to challenge it.”

The findings also underscore the secrecy surrounding interactions between these telecoms companies and the state; the lack of transparency concerning the sharing of user information and data in the region is a cause of growing concern.

The report highlights a number of scandals and controversies involving telecoms providers in the region in recent years, including allegations of price manipulation by the three major firms in Albania, wiretapping accusations in Bosnia and Herzegovina, accusations of unfair competition in Kosovo, bribery and illegal wiretapping scandals in North Macedonia, violations of user privacy and wiretapping allegations in Moldova, and accusations of unfair competition and the illegal collection of user data during elections in Serbia.

“These incidents demonstrate the importance of vigilant oversight and strong regulatory frameworks to ensure that telecom companies operate transparently and ethically and protect consumers’ rights,” the research concludes.

In North Macedonia, Crime of Online Stalking Still Goes Unpunished

In the past few years, online sexual violence has exploded in the Balkans. In North Macedonia, the most scandalous case was the case of “Public Room”, an online chat group on the encrypted application Telegram with over 7,000 members, where explicit photos, social media profiles, personal data and child pornography were shared without consent.

The group was shut down in 2020 but no one was formally punished. A year later, another such group appeared with the same name and purpose and on the same application, again with thousands of male members.

Appalled by the violence, hundreds expressed their revulsion and support for the victims through multiple protests.

The sheer size and nature of “Public Room” sparked huge reactions from the public. “Because the case had to do with child pornography and things that we want to turn a blind eye to, there was a bigger turnout for these topics,” Kalia Dimitrova, editor-in-chief of the Macedonian feminist platform Meduza, told BIRN.

In March 2022, the creator and administrator of the Telegram group were sentenced to four years in prison for the production and distribution of child pornography.

One 22-year-old member of “Public Room” was also indicted for the same crime, and the Public Prosecutor’s Office says that some other activities in the group are being investigated.

The Prosecutor’s office said it requested data from Telegram about the identities of users of “Public Room” but has not yet received an answer. Without this, it says, the Public Prosecutor cannot act.


Several protests against the online violence have been organised in Skopje. “Inaction is Complicity” the banner reads. Photo by BIRN

Laws changed but action lags behind

 As a result of public pressure over “Public Room”, changes to the criminal code were passed that introduced the new crime of “stalking”.

This crime anticipates a fine or imprisonment of up to three years for persons who follow or attempt to make unwanted contact with another person without authorization in the physical, but also in the digital, space.

This crime came into force in February this year and the Ministry of the Interior says that ten victims of the crime of “stalking” have been registered so far; in two of the ten cases, the crime was committed over the Internet. The Public Prosecutor’s Office says that only one charge has been filed for this crime.

A potential alleviating circumstance after “Public Room” is that victims no longer have to physically go to the police station to report the violence. This can now also be done online through the official email cybercrime@moi.gov.mk or on the online platform Red Button on the website of the Ministry of the Interior.

Although these changes have been welcomed, many believe that North Macedonia’s institutions remain sexist towards the victims. Dimitrova particularly emphasizes the importance of the police, because that is “the first point of the victims’ demand for justice and every second policeman is sexist or maybe a perpetrator of violence himself”.

Even when faced with an inadequate institutional response, activists continue to urge victims to report violence. But Dimitrova hesitates to back this advice, suggesting that there is a high probability that the victim will be judged and doubly victimized when seeking justice.

“We hope that micro-steps are taken and some institutional memory is created on how to deal with these cases in future. But it is sad that this ends up happening on the backs of the victims,” Dimitrova said.

Katerina Koteska, a lawyer from Bitola, also believes that victims often face condemnation, inappropriate questions and double victimization from institutions when seeking help. At the same time, Koteska says many obstacles also come in the form of prejudice by society at large.

Koteska represented a victim from the so called Bitola “Public Room” whose intimate screenshots from a video call were shared in a Facebook group. The victim was well known in the town and this was reflected in the court process itself. Hoping for greater understanding, Koteska wanted to hire a woman as the professional responsible for assessing the psychological state of the victim.

“However, she rejected my request on the grounds that she did not want to get involved in this case, as she would be gossiped about, and it would be something that would be heard around town. In other words, I think she didn’t want to get involved in such a scandal,” explained Koteska.

Natasha Boshkova, a lawyer from the Skopje-based human rights umbrella organisation called “Coalition Margins” expected a more responsible attitude from the institutions after working on a case related to “Public Room”, which was rejected by the Prosecutor’s Office after almost three years due to lack of evidence.

“I believe that this approach is harmful and contrary to the obligation of institutions to act with due care, i.e. to promptly and efficiently take everything within their jurisdiction to find the perpetrator, collect evidence and punish him, and to give the victims compensation for the damage they suffered,” Boškova told BIRN.


Kalia Dimitrova. Photo by Zarko Culic

Greater public awareness, but problem far from solved

Because of “Public Room”, online sexual harassment and violence have become more present in public discourse and awareness of this problem has increased among the public and institutions and, according to Dimitrova, among the victims themselves.

“Something very important happened, and that is the victims recognizing themselves as victims. [“Public Room”] gave more women and girls the opportunity, especially younger ones, to realize that some of the things that happen to them were normalized, and that, in fact, they are not normal and should not be.”

However, mere recognition of violence by the victims is not enough to eradicate the phenomenon. It is also important to change the behaviour of perpetrators, which is why experts believe that preventive measures and education of young people are needed.

Koteska says young people should know what intimate communication between two people is, and be aware that resending explicit photos is not only a breach of trust but also a crime punishable by law.

Dimitrova says North Macedonia’s institutions still do not realize that online and physical identities are practically equal, and still inadequately treat cases of online violence.

“As younger generations, we should insist in our efforts that there is no border between the real world and the digital world,” she said.

For Dimitrova, the problem lies not only in institutions but also in social values, as well the fact that aggression is often present in homes and at school. That is why violence is often perpetuated in all relationships – romantic, friendships and family – both during one’s youth but also later in life.

“When we talk about violence, it is externalized from reality and we approach those problems in a demagogic way. As a society, we need to face the fact that violence is a part of our lives, without exception, and we need to bring it down to that level,” Dimitrova concluded.

Serbian School Shooting Has Tested Limits of Public’s ‘Right to Know’

The mass shooting at the Vladislav Ribnikar Elementary School in Belgrade on May 3, in which ten pupils and one employee were killed, is one of the most tragic events in Serbia’s recent history.

While the parents of the children were waiting minute by minute for information about the fates of their own children and other children, the media began to publish unconfirmed information about the number of victims of the massacre.

The majority of the media clearly estimated that the public’s right to know the about the number of dead and injured, even unofficial and unverified, outweighed the interests of families and minors in protecting their rights to private and family life.

At the official press conference, several hours after the massacre, the Chief of the Belgrade Police presented the details of the pre-investigation procedure.

One of the first pieces of information from the judicial authorities was that no criminal charges could be brought against the perpetrator due to his young age.

To inform the public about the crime, the Chief of Belgrade Police took the initiative to disclose crucial details that would typically be presented in the criminal charge to the prosecutor if a criminal proceeding was able to take place.

He presented the public with a list of potential and planned victims of the minor perpetrator.

And while the public might feel that the media’s unofficial and inaccurate information represented a disturbance of the right to family life, in regards to the presentation of official information by the competent authorities, the red light of concern began to flicker, resonating within the hearts of the parents whose children attended Vladislav Ribnikar Primary School.

By publishing a list of potential and planned victims, those “potential targets” became actual targets of the media and internet bullies, which brought the already distraught children additional fear and pain.

And that brings us to the main question: Did the public have the right to know who the potential victims were?

Rights of minors should prevail over ‘right to know’


Ambulance cars stand ready at the site as police officers block a street near the Vladislav Ribnikar elementary school in Belgrade, Serbia, May 2023. Photo: EPA-EFE/ANDREJ CUKIC

The right to privacy and protection of minors are two main rights that collide with the right of the public to know, given that in this crime, both the perpetrator and the victims were minors.

Therefore, the answers to all questions should be sought in the regulations that protect the rights of minors.

Minors enjoy special protection: whether we speak about the perpetrator of a crime (whose data protection also protects the data of the victims in this case) or about the victims. Although before a criminal court in Serbia, the victims are deprived of most of their rights and are not the centre of the proceedings, the UN Convention on the Rights of the Child mandates that child victims must be given special status, because any form of violence against children is deemed a violation of their right to life, survival, and development.

Hence, the Constitution of Serbia is the first line of protection for minors. Namely, although criminal proceedings are public (as a guarantor of the right to a fair trial), it is stipulated that the public can be excluded from all the proceedings conducted before the court or from part of the proceedings in order to protect the interests of minors or the privacy of the participants in the proceedings.

The interest of minors is an explicit reason for excluding the public from hearings in court by Serbian Criminal Procedure Code. A special Law on juvenile offenders and the criminal protection of minors upholds the mentioned constitutional right through detailed provisions and a specific institutional base.

Although this regulation applies to minors – older than 14 years – not specifically to children, logic dictates that children enjoy even more protection. Police powers towards minors are regulated by special police regulation.

On the other hand, the Law on Police stipulates the public nature of police work. The Ministry of Interior should regularly and fully inform the public about its work. But there are exceptions. The ministry cannot violate the regulation on data confidentiality and the dignity of citizens, or threaten the right to personal freedom and security.

The Law on public information and media regulates public information provided through the media. The specific rule is that minors must not be recognisable in the information that may harm their right or interest.

All these regulations and institutional guarantees uphold the golden rule that the protection of minors prevails over the public’s right to know.

Police should have known the ‘golden rule’


People leave flowers and light candles for the victims of a shooting in front of the ‘Vladislav Ribnikar’ elementary school in Belgrade, Serbia, May 2023. Photo: EPA-EFE/ANDREJ CUKIC

Who collected the personal data of the children? First of all, the data was obtained by police officers in the preliminary investigation procedure when exercising their powers regarding a criminal offence.

According to the Law on Data protection, processing of data carried out by competent authorities for the purposes of investigation and detection of criminal acts presents processing for special purpose. At the moment when they found out that the perpetrator was a child, special provisions of the Law on Police were activated for implementation: in such cases, a special police officer for minors acts, with special knowledge of children’s rights. That police officer had to have known the golden rule.

Who communicated the personal data of the children? The Chief of Belgrade Police, as official representative of the Ministry of Interior, showed the information to all media present in the live broadcast. In doing so, he said that while his actions were probably illegal, he did it for the sake of the public’s right to knowledge.

But in doing so, he committed a crime of “unauthorized collection of personal data” – the most serious one, as he acted in the name of Ministry of Interior. The role of prosecution in this case has to be more proactive. Such an obligation is stipulated by the special protocol on the actions of judicial authorities in the protection of minors from abuse and neglect.

In doing so, the Chief of Belgrade Police opened the possibility of a misdemeanor charge for illegal processing of data through the right to privacy was breached.

Who can be held responsible for these actions?

Apart from the criminal responsibility of the Chief of Belgrade Police, a misdemeanour charge can be brought against Minister of Interior, Bratislav Gasic. The minister is the one accountable for misdemeanour conduct within the ministry. The Data Protection Commissioner can initiate the procedure. Moreover, the Ministry of Interior is responsible for the nonpecuniary damage that minor victims and their families have suffered by these illegal acts.

Police chief opened a Pandora’s box

The Chief of Belgrade Police acted unlawfully, against the rights of children. With that, he unleashed Pandora’s box of targeted secondary victimization that spread through the Internet and social networks outside Serbia’s borders and beyond the reach of Serbian laws and authorities.

The Serbian public saw the Chief of Belgrade Police for the first time on television. A terrible event forced closed and captured institutions to open up and show all of their weakness and, above all, an incomprehension of human rights and boundaries that protect the right to private life, which, when crossed, threaten safety, security, and peace of mind.

These are the very values that the police should be safeguarding.

Katarina Golubovic is a Belgrade-based attorney at law specialised in the human rights field.

The opinions expressed are those of the author and do not necessarily reflect the views of BIRN.

Turkish Silence over Data Breach Speaks Volumes, Says Lawyer

Days after news broke of a major personal data leak in Turkey, the government has yet to comment. Lawyer Veysel Ok, whose Media and Law Studies Association, MLSA, exposed the leak, says the silence speaks volumes.

According to Ok, the personal data of nearly 100 million people – Turks and foreigners alike – who live or once lived in Turkey has been stolen and offered for sale online.

The data comes from e-Devlet [e-Government], the main public administration portal in Turkey and which holds a raft of data concerning the education background, health details, bank credentials and tax status of residents.

“This topic has been on the agenda of the country for four days, but the Interior Ministry hasn’t issued a single statement and we don’t know whether an investigation has been launched,” Ok told BIRN in an interview on Monday.

“If this happened in a European Union country, the minister would have resigned the same day. Unfortunately, the personal and private information of the citizens have now become public information and we still don’t know how that happened.”

Asked whether Turkey’s laws and regulations are up to the task of securing personal data and digital rights, Ok replied: “The current laws and regulations are more than enough but the government uses them to target journalists and not for the real purpose.”

Major defender of journalists

German-Turkish journalist Deniz Yucel (L) hugs his Turkish Lawyer Veysel Ok during his welcome party at the Festsaal Kreuzberg in Berlin, Germany, 24 March 2018. For over a year, journalist Deniz Yucel was imprisoned in Turkey without prosecution and released earlier on 16 February. Photo: EPA-EFE/HAYOUNG JEON

A 39-year-old lawyer and activist, Ok grew up in Diyarbakir in southeastern Turkey, the de-facto cultural capital of Turkey’s oppressed Kurdish population.

Ok said the context in which he grew up led him to become a human rights defender; he moved to Istanbul to study law and began working with rights groups and journalists.

He has spent the past 15 years defending journalists and has his work cut out in a country that under President Recep Tayyip Erdogan has become one of the biggest jailers of journalists in the world.

Ok set up MLSA in 2017 after authorities began rounding up journalists and closing media outlets as part of a crackdown on dissent in the wake of a failed coup in mid-2016.

MLSA is now one of the most prominent defenders of journalists and freedom of speech in Turkey. Ok said that MLSA currently represents some 100 journalists pro bono and provides education and training to lawyers and journalists about their rights and freedoms.

The MLSA project Free Web Turkey, which monitors digital rights and censorship, first brought to the attention of the public the massive hack of the e-Devlet portal.

MLSA immediately shared the news and has filed criminal complaints against those responsible as well as the Interior Ministry, which is ultimately responsible for the security of the data.

Anyone who signs up to the site can view ID numbers, phone numbers and information about family members. More sensitive information – including full home addresses, real estate deeds, driving licences and education details – is available for a fee. Even Erdogan’s own data is on offer, as is that of main opposition leader Kemal Kilicdaroglu, BIRN found when it accessed the site.

The website originally identified is now inactive, but similar sites offering the same data have popped up.

Ok called the leak “very risky and dangerous” for the personal security of the public. “For instance, the addresses of women who are victims of domestic violence can be learnt by male perpetrators via this site, putting at risk these women’s lives and physical security,” he told BIRN.

Laws used to target journalists

Screenshot of the website offers personal information of citizens including President Recep Tayyip Erdogan. Photo: BIRN

Asked about Turkey’s readiness to secure digital rights and personal data, Ok offered the example of Deutsche Welle journalist Bulent Mumay, who this month was handed a suspended sentence of one year and eight months for publishing information about a construction company in defiance of a court order.

Mumay argued he was being punished for not submitting to censorship.

In Turkey, journalists are often targeted by courts. According to a report by the Progressive Journalists’ Association, in 2022 alone at least 174 court cases have been opened against journalists and media organisations and at least 40 journalists have been imprisoned or fined by the courts.

“The current laws and regulations on personal data protection are not effectively used for its original purpose but to target journalists,” Ok said.

“Unfortunately, this data is leaked and now available to everyone. Now we should learn how this data leaked and who is responsible. That’s why we have filed criminal complaints against the perpetrators and the Interior Ministry.”

Analysing Algorithms: Bosnian Media Complain of Facebook Guessing Game

Media outlets in Bosnia and Herzegovina have a headache, and part of the cause is Facebook.

As anywhere else around the world, the social media giant, owned by Meta, is a vital means for Bosnian media outlets to reach readers.

But editors and journalists in Bosnia tell BIRN they struggle with its inconsistency in content moderation and a lack of transparency about its algorithms. And when they call Facebook for clarification, too often they are left hanging.

“The same content is treated differently on two different Facebook profiles,” said one in an anonymous response to a BIRN survey of newsrooms, referring to the same text posted on the Facebook pages of two different media. “On one, it’s coloured orange [denoting semi-restricted content]. On another, it’s green, without any warnings or restrictions.”

“It’s confusing, and the procedure lacks transparency,” said another. “There’s no explanation; analysing algorithms comes down to experience.”

Analysing algorithms

Posting content that is deemed to violate Facebook rules can have far-reaching consequences for small media outlets, which rely on the platform’s sheer scale to reach an audience and attract advertisers. Repeat occurrences of content being flagged as false or misleading can result in a media’s visibility being reduced, or it being locked out altogether.

Meta’s website states: “Pages, groups, accounts and websites that repeatedly share misinformation will face some restrictions, including having their distribution reduced. This includes content rated False or Altered by fact-checking partners; content that is nearly identical to what fact-checkers have debunked as False or Altered…

But even content that passes the grade must negotiate complex algorithms that push, promote or suppress visibility, determining which feeds it reaches and how often. How these algorithms work exactly is kept under wraps, and they are constantly changing.

Experimentation is the only way to get anywhere close to figuring them out, said social media expert Haris Alisic.

“Algorithms are a business secret of every company in the IT industry,” Alisic told BIRN. “That’s their competitive advantage… And, of course, there is no significant transparency around it. They do share some stuff, but it’s very general. Based on that, it is hard to figure out how the algorithm really works.”


Social media expert Haris Alisic. Photo: Courtesy of Haris Alisic.

According to Facebook, its algorithm uses “hundreds of signals” to make a prediction as to how likely a user is to engage with a post. One of the signals is, ‘Who posted the story?’

Based on these signals, the algorithm creates a “relevancy score” – “our best guess at how meaningful you will find this story”.

Facebook, however, is constantly tweaking its algorithm in response to a range of factors, including news events. Keeping up is a matter of trial and error.

Moderating content

In Bosnia, hate speech, harassment and incitement to violence remain major issues almost three decades since the end of a 1992-95 war. This is reflected in the media, and online.

Most cases of digital rights violations in Bosnia identified in BIRN’s Annual Digital Rights Report 2022 concerned “breaches related to reputation, endangering security, discrimination and hatred, and pressures on individuals because of publishing information on the internet, among others”.

But social media companies on the whole lack detailed understanding of each society in which they operate.

According to a 2022 report on content moderation in Bosnia, published by Article 19, 

“87% of Facebook’s spending on misinformation goes to English-language content, despite the fact that only 9% of its users are English speaking”.

“It has also been revealed that most resources and means in terms of content moderation are being allocated to a limited number of countries.”

Content moderation becomes a problem for media outlets if it is inconsistent or ignorant of local context.

“In their policy explanations, Facebook names different reasons why certain content can be flagged, from hate speech to disinformation,” said another media worker surveyed. 

“But in reality, we could see this kind of content still not removed or marked in any way, so the reader is aware of it. The responsibility of flagging the content is somehow left more to the users [individuals and organisations] and less to the company [Facebook], which is inviting people to its platform to use it but yet doesn’t protect them from this kind of content.”

In order to weed out misinformation and disinformation, Facebook relies on local fact-checkers; in the case of Bosnia, one of its partners is Raskrinkavanje, a team of 14 with backgrounds in media, political sciences, international relations and human rights.

Raskrinkavanje flags content, but it falls to Facebook to limit its reach. Media outlets need to check what they’re posting, said Elma Muric, communications editor at Raskrinkavanje.

“Journalists are not only obliged to disseminate correct information but also to stick to the ethics of journalism and fairly and impartially report about happenings and phenomena in the world,” Muric told BIRN. 

“Journalists who do follow the professional and ethical standards in their reporting, for sure, will not publish anything that could be flagged as disinformation or fake news.”


META’s office in Paris. Photo: Courtesy of Haris Ališić.

Mixed experiences

Besides their headaches in trying to figure out algorithms, some editors and journalists say they also struggle to get answers from Meta itself on any number of issues.

“Tried twice; they were slow and inefficient,” said one. “Didn’t really fix the problem I was having.”

Another said: “Enable simpler contact with Meta and easier access to information, especially algorithmic changes and recommendations.”

“We need clearer procedures regarding algorithm rules,” the journalist added. “There is no alternative, especially since we keep talking about the importance they [Facebook] have regarding the public debate and online participation.”

Not everyone shares such frustration. One journalist who took part in the survey told BIRN about their experience resolving an attempted scam:

 “I reached out to the Meta team and in a very short time I had a phone call with one of their crew, who checked from their side, and besides assuring us that it was a scam, not a real note from them, they shared advice on what to do to protect ourselves immediately, and how to recognise in the future if something is sent from there, or if it’s again some scam.”

Alisic described his own experience dealing with Facebook as “amazing”.

“We had a very close relationship. We still do,” he said. “They were always very professional and very quick to respond. They have very hard-working people.”

Given Facebook’s sheer size, inevitably there will be issues with communication, he said.

“You have to understand that there are tens of millions of pages on Facebook. It is literally impossible for them to be able to respond to everything timely, quickly, or personally, so just like in every other company, I guess they have to prioritise.”

BIRN contacted Meta for a response to this story, but received no reply.

Belgrade School Shooting Has Online Ripple Effect in Balkans

After two recent mass shootings in Serbia, one at a school in Belgrade, there was a surge of attempted copycat attacks in the Balkan region, but also a series of digital violations including the spread of misinformation, breaches of privacy, fake footage and misleading claims.

Albania experienced several disturbing incidents of its own, including a fake gun scare at a school in Tirana and a fatal stabbing stemming from an online feud in Gramshi, highlighting the role of online platforms in escalating conflicts among Albanian youth.

In Montenegro, incidents such as a concerning Facebook post by a pupil in Zabljak and threats made on a school’s Viber group in Podgorica highlighted the delicate balance between freedom of expression and the responsibility for safety within society, while Croatia faced its own challenges following the Serbian mass shooting, with incidents including a ‘hit list’ made by a student from Bjelovar being circulated on TikTok and a gun photo being shared in a Zagreb school’s WhatsApp group.

Following the mass shootings in Serbia, threats were made on social media in Bosnia and Herzegovina and a young man was arrested after allegedly announcing online that he planned to replicate the violence.

In Kosovo, false information was spread online through the sharing of misleading articles and recycled misinformation, while a threatening message was posted on Instagram in North Macedonia.

False reports and videos in Serbia

The mass shooting by a teenager at the Vladislav Ribnikar Elementary School in Belgrade on May 3, in which eight students and a teacher were killed, sent shockwaves through society and was followed by online violations such as the circulation of fake footage, the invasion of victims’ relatives’ privacy and the proliferation of misinformation.


A man reacts as he walks past police officers blocking a street near the ‘Vladislav Ribnikar’ elementary school in Belgrade, Serbia, 03 May 2023. Photo: EPA-EFE/ANDREJ CUKIC

The right to privacy of the families who were affected was violated by the tabloid website Republika, which on May 9 published a sensationalist report about the funeral proceedings, contravening Serbia’s journalistic code and inflicting further anguish on the grieving families.

False reports also began to circulate on media websites and social networks. Unfounded claims emerged that a wounded teacher had also succumbed to their injuries, that vaccinated citizens were ineligible as blood donors, and that N1 TV had demanded the release of the suspect.

Days after the shooting, a video claiming to depict the school massacre was circulated on social media. The footage was shared widely on TikTok on May 6, but closer scrutiny revealed that it was not from Belgrade but had been taken during a different school shooting in the United States.

On May 6, another video surfaced on TikTok, purporting to show students from the school that was targeted in Belgrade bullying the perpetrator. Accompanied by captions insinuating that the footage captured the moments preceding the massacre or depicted the treatment that the perpetrator endured at the school, the video gained widespread circulation.

However, it was soon discovered that the video was unrelated to the Belgrade incident and originated from a school in Russia several months earlier.

Violence in Albania echoes Serbian shooting

On May 10, Albanian media outlet Gazetatema.net published a video showing the mass shooting in Serbia. In the days following the shooting, there were also two violent incidents in Albania involving young men and weapons.


Police officers close off the crime scene at Cetinje, Montenegro, 12 August 2022. Photo: EPA-EFE/BORIS PEJOVIC

The first incident happened in Farka in Tirana when a 20-year-old male entered a schoolyard and discharged shots into the air using a fake gun, inciting fear among students and staff. The motives behind the incident remain under investigation.

In the second incident, a 15-year-old Albanian lost his life in a stabbing near his school in Gramshi. The stabbing occurred as a direct result of an online feud between the attackers and the victim’s cousin.

Online threats made in Montenegro

In the aftermath of the mass shooting in Serbia, there were also two online incidents in Montenegro that were reported to have been related to the crime in Belgrade.

The first incident unfolded in the town of Zabljak, where Montenegrin police questioned a 13-year-old pupil after he wrote a Facebook post that alarmed the authorities.

The pupil wrote: “I understand the shooter in the Serbian elementary school. I would do the same, but I don’t have access to guns.” The authorities took his statement seriously and initiated an investigation. However, charges were eventually dropped, with the prosecution urging local social workers and the school to intervene and address the situation.

In another case, Montenegrin police questioned a pupil from an elementary school in Podgorica after threats were made in the school’s Viber group. The school management reported that the pupil had sent a photo of a gun along with a list of students he intended to harm.

Prompt action was taken by the authorities, who questioned the pupil and his parents, and the plastic gun was handed over to the police. The outcome of the investigation has not yet been made public.


Illustration of TikTok logo displayed on a phone in Los Angeles, California, USA, 17 May 2023. Photo: EPA-EFE/CAROLINE BREHMAN

Croatia faces school safety concerns

In the aftermath of the mass shooting in Serbia, there were also two incidents involving school students in Croatia.

On May 12, a pupil in the city of Bjelovar who claimed to have drawn inspiration from the shooting in Belgrade compiled a ‘hit list’ containing the names of her classmates. The list allegedly surfaced on the popular social media platform TikTok before being removed after the student was detained by the police.

However, concerns remained as it is possible that screenshots of the list might still be circulating privately among other students. The student was expelled from the school the same day.

In another incident that occurred on May 18 at the Dragutin Domjanic Elementary School in Gajnice in Zagreb, an eighth-grade boy who had argued with a friend allegedly took a photo of a gun and bullets at his home and shared it in a WhatsApp group.

The school promptly contacted the police, who reportedly spoke with the boy. The parents sent a message saying that the boy was under supervision at home and that everyone was safe, while the school emphasised that students should continue attending classes as usual because the overall safety of the school was being maintained.

Copycat shooting threatened in Bosnia

In the wake of the mass shooting in Serbia, a young man in Bosnia and Herzegovina threatened a copycat incident in the city of Bihac. The young man posted a threatening message on Instagram, claiming to be preparing to stage a massacre at a school of economics. Police arrested him on charges of endangering security and terrorism. Reuters reported that he had a history of threats and bullying on social media and that charges against him were dropped last year because he was too young to be prosecuted.

Meanwhile, a threatening video was circulated on social media, made by a man from the town of Banovici who said he was going to commit a massacre in Bosnia and Herzegovina, linking it to the recent mass shooting in Serbia. Authorities from both countries worked together to identify the individual and prevent any potential violence.

Incidents in Kosovo and North Macedonia

In Kosovo, a misleading article entitled “SERIOUS: The Moment When a 14-Year-Old Kills His Classmates in Serbia is Published” was published by the Sprint.al website. The article claimed to feature a video depicting the Belgrade school shooting.

However, investigations by BIRN Kosovo’s Kryptometer team revealed that the video was not filmed in Serbia, as claimed, but in Mexico in 2017.

Meanwhile in North Macedonia, a student from the Slavcho Stojmenski high school in Shtip posted a threatening message on Instagram on May 11 and was subsequently detained by the police. The motives behind the student’s actions have not yet been made public.

Bosnia has been covered by Elma Selimovic and Aida Trepanić, Albania by Nensi Bogdani, North Macedonia by Bojan Stojkovski, Montenegro by Samir Kajosevic, Kosovo by Diedon Nixha, Croatia by Matej Augustin and Serbia by Bojan Perkov and Ninoslava Bogdanović of SHARE Foundation

Battle for Balkan Cybersecurity: Threats and Implications of Biometrics and Digital Identity

The Balkan region has witnessed a significant increase in internet penetration and the integration of Biometrics and Digital Identity BDI technologies into various sectors, BIRN research shows.

Between 2020 and 2023, Albania, Bosnia and Herzegovina, North Macedonia, Kosovo and Serbia all experienced a notable increase in cyberattacks, specifically phishing and ransomware incidents.

BIRN has mapped 40 cases and has collated data on notable cyberattacks targeting the Balkan region’s BDI systems into a database. Research focused on cases that resulted in a significant data breach and/or compromised large amounts of data.

Data collection involved document analysis, case study examination and interviews with IT employees. These approaches provide insights into the state of BDI and cybersecurity threats in the Balkan region, as well as notable cyberattacks targeting critical infrastructure and public institutions.

The research shows a prevalence of cyberattacks targeting critical online infrastructure, services and computers. Inadequate public awareness and cybersecurity policies, and limited regional collaboration, have exacerbated the challenges the Balkan countries face in combating cybercrime.

The public sector, banks and individual citizens were primary targets of these cyberattacks. Perpetrators exploited vulnerabilities in the digital infrastructure and security measures of both private and public entities. 

A growing reliance on biometrics and digital identity in online banking, e-government services and border control is a key regional trend. Technological advances aimed at improving security and efficiency drove this reliance. However, implementing BDI systems has raised concerns about protecting individuals’ privacy, data, and the potential misuse of personal information. 

Addressing cybersecurity threats in the Balkan region requires increased public awareness, improved cybersecurity policies and practices and enhanced regional collaboration. 

The Balkan region faces significant risks and opportunities due to its growing reliance on biometrics and digital identity. Balancing security with privacy and data protection is crucial in this context.

The Balkan region has witnessed a significant increase in internet penetration and the integration of Biometrics and Digital Identity BDI technologies into various sectors, BIRN research shows.

Between 2020 and 2023, Albania, Bosnia and Herzegovina, North Macedonia, Kosovo and Serbia all experienced a notable increase in cyberattacks, specifically phishing and ransomware incidents. 

BIRN has mapped 40 cases and has collated data on notable cyberattacks targeting the Balkan region’s BDI systems into a database. Research focused on cases that resulted in a significant data breach and/or compromised large amounts of data.

Data collection involved document analysis, case study examination and interviews with IT employees. These approaches provide insights into the state of BDI and cybersecurity threats in the Balkan region, as well as notable cyberattacks targeting critical infrastructure and public institutions. 

The research shows a prevalence of cyberattacks targeting critical online infrastructure, services and computers. Inadequate public awareness and cybersecurity policies, and limited regional collaboration, have exacerbated the challenges the Balkan countries face in combating cybercrime.

The public sector, banks and individual citizens were primary targets of these cyberattacks. Perpetrators exploited vulnerabilities in the digital infrastructure and security measures of both private and public entities. 

A growing reliance on biometrics and digital identity in online banking, e-government services and border control is a key regional trend. Technological advances aimed at improving security and efficiency drove this reliance. However, implementing BDI systems has raised concerns about protecting individuals’ privacy, data, and the potential misuse of personal information. 

Addressing cybersecurity threats in the Balkan region requires increased public awareness, improved cybersecurity policies and practices and enhanced regional collaboration. 

The Balkan region faces significant risks and opportunities due to its growing reliance on biometrics and digital identity. Balancing security with privacy and data protection is crucial in this context.

Cyberttacks reveal cracks in North Macedonia’s defences

North Macedonia has become a target of almost relentless hacker attacks, placing various state institutions in jeopardy. These attacks are a sobering reminder of the country’s inadequate cyber security capabilities, leaving it ill-prepared and vulnerable. An attack on the Health Insurance Fund in February 2023 for example disrupted its operations for several weeks, exposing gaps in cyber security.

The Agriculture Ministry’s experience in September 2022 further exposed the weaknesses in the government’s defences; its staff had limited internet access for over a month following a cyberattack. 

These incidents have shed light on the urgent need for the government in Skopje to invest in strengthening its cyber security infrastructure and safeguarding sensitive data and systems from malicious actors.

Multiple leaks of email addresses and passwords from various ministries have also raised concerns. These breaches underscore the importance of bolstering cyber security measures across government entities. Recognizing these challenges, the country’s national centre for responding to computer incidents has conducted a report outlining noteworthy trends based on cybersecurity incidents.

One concerning trend highlighted in the report is the increasing number of Macedonian websites falling victim to hacking, particularly through phishing tactics. Attackers often install malicious content on server operating systems, allowing them to compromise websites. The report emphasizes the urgency of addressing this issue.

Another alarming development involves Macedonian public IPv4 addresses being identified abroad as sources of attacks and data theft from foreign servers. This discovery raises concerns about the security of these addresses, necessitating enhanced measures to prevent such activities and protect sensitive information.

A case involving compromising email accounts of government and public sector organizations in North Macedonia is of particular significance. Attackers exploited vulnerabilities in mail servers to send phishing emails from compromised accounts. This highlights the critical importance of securing email systems and preventing unauthorized access.

Furthermore, several North Macedonian organizations have fallen victim to cyberattacks due to compromises or vulnerabilities in their email servers. In some instances, hackers executed ransomware attacks by exploiting unaddressed vulnerabilities. These incidents underscore the need for robust security measures to protect against evolving threats.

Cyberattack motive per country in per cents.

Distributed Denial of Service or DDoS attacks have also posed a significant threat, targeting numerous institutions and organisations in North Macedonia over the past few years. These attacks disrupt services by overwhelming servers with an overwhelming amount of traffic.

According to MKD-CIRT’s report, the number of reported incidents increased from 1,443 in 2020 to 1,880 in 2021. However, it is worth noting that these figures include malicious activities detected outside the country, where Macedonian IP addresses were identified as the source of harmful activities. This highlights the need for collaborative efforts to combat cyber threats beyond national borders.

The escalating wave of cyber attacks and the vulnerabilities exposed in North Macedonia’s cyber security apparatus necessitates urgent action. Strengthening defences, investing in advanced technologies and fostering international cooperation are vital to safeguarding the country’s critical infrastructure, sensitive data, and digital systems from malicious actors in an increasingly interconnected world.

Cyberattacks Targeting Industries and Institutions in Kosovo Prompt Action

Over the past three years, Kosovo has faced a significant number of cyberattacks targeting various industries. Among the most common attacks are password thefts from social networks. Some notable attacks include wealth gain schemes, attacks on banks, hacking of politician profiles, and various scams.

In April 2020, Banka Ekonomike, one of Kosovo’s largest banks, fell victim to a ransomware attack known as DoppelPaymer. According to a threat assessment by the Danish Centre for Cyber Security in 2021, the hackers leaked over 70 GB of data, including sensitive information such as clients’ names, credit card numbers, income details and client loans. The leaked data also contained sensitive information about bank employees.

Just five months later, in September 2020, the Facebook account of former Deputy Interior Minister Zafir Berisha was hacked. The incident occurred shortly after Berisha was appointed Kosovo’s National Cyber Security Coordinator. As of April 2023, there is no official information on the identity of the hackers.

Target in the countries in per cents.

Public institutions in Kosovo have been targeted with phishing. The Ministry of Interior confirmed phishing cyberattacks in February 2022, although it said no infrastructure damage or significant harm occurred. These phishing attacks, where institutions receive fraudulent emails appearing to be from official sources, are quite frequent.

All reported cases have been handed over to the police, but there is no official update on the progress of investigations. 

Due to the lack of a centralized approach to combating hackers, Kosovo has introduced a legal foundation to prevent cybercrime. As part of a proposed bill to enhance computer security, a State Authority for Cyber Security will be established.

Furthermore, in response to the cyberattacks, the government has proposed the creation of an Agency for Cyber Security. In September 2022, the government approved a draft cyber security law that includes the formation of this agency. 

The law aims to strengthen computer security in Kosovo, and additional measures include establishing a 24/7 contact point within the police. These initiatives seek to bolster the country’s defences and protect against future cyber threats.

Bosnia grapples with rising cyberattacks and data leaks

In Bosnia and Herzegovina, there have been 11 cases of data leaks resulting from hacking attacks since 2020, BIRN research reveals. Ransomware and phishing campaigns were the most prevalent types of attacks.

One of the most recent notable cases occurred in September 2022 when a ransomware attack targeted the servers of the Parliament of Bosnia and Herzegovina. The parliament’s website and computers were rendered inaccessible for over two weeks.

However, many hacking incidents remain hidden from the public. The Ministry of Interior of Republika Srpska, one of the two entities in Bosnia and Herzegovina, reported 23 registered ransomware attacks during the targeted period.

Regarding phishing campaigns, Police recorded 107 such attacks, mainly targeting individuals. The police spokesperson for Republika Srpska noted the complexity of accurately registering such cases, as they can be classified as the creation and introduction of computer viruses, computer sabotage, unauthorized access to protected computers, computer networks, telecommunications networks, or electronic data processing.

In the Federation of Bosnia and Herzegovina, Bosnia’s other entity, Police reported a total of 117 cyberattacks; 33 were ransomware attacks, with the majority targeting private companies and individuals. Public institutions were subjected to various hacking attacks on 30 different occasions during the monitored period.

Type of attack depending on the target in per cents.

In September 2022, Bosnia’s Intelligence-Security Agency OSA urged institutions and individuals to safeguard their information and communication systems due to increased cyberattacks. OSA emphasized the importance of conducting security assessments and implementing protective measures promptly to proactively prevent attacks. They also highlighted their cooperation with domestic and international partners to counter the intensifying threats.

The first report on cyber threats in Bosnia and Herzegovina revealed that the country faces millions of cyberattacks each month. However, it lacks the necessary strategies, legislation and capacity to protect its citizens, institutions, and companies effectively.

During November 2022, over 9.2 million distinct cyberattacks targeted a wide range of entities in Bosnia, as highlighted in a report presented by the Center for Cybersecurity Excellence, CSEC, and BIRN in mid-April.

From Ransomware to Phishing, Serbia Faces Persistent Wave of Attacks

Serbia has seen its share of cyberattacks over the past years, from major national incidents to almost daily phishing and scam campaigns. 

The first one coincided with the Covid-19 pandemic. In early March 2020, the local public utility company Informatika in Novi Sad, Serbia’s second largest city, was hit by ransomware compromising its infrastructure and employees’ data. 

Another big cyber threat occurred in May two years later, blocking the databases of the Republic Geodetic Authority for nine days, with the attack, launched from five IP addresses, involving two malwares and Phobos ransomware.

Public institutions were not the only ones targeted. According to international cyber security platforms and watchdogs, hacker groups, such as LockBit and Quilin claimed they attacked BIG CEE and Gigatron, two large private companies and chains, and obtained their financial and employees’ data. 

Malware, ransomware, phishing and, to a degree, Distributed Denials of Service, DDos, are the main threats. According to the National CERT of the Republic of Serbia, the information security organisation, the most common incidents in 2020 and 2021 involved attempted intrusions into ICT systems and unauthorized data collection. In that period, around 40 million cyberattacks on Information and Communication Technology (ICT) systems occurred.

Phishing campaigns remain one of the most widespread methods jeopardizing the cyber security of government, but also the financial sector. 

Numerous banks have warned their clients of ongoing phishing and scam emails being circulated, with perpetrators setting up fake social media accounts and organizing fraudulent giveaways. Another frequent target of phishing campaigns was the public enterprise Post of Serbia. Scammers use Viber and other messaging apps, or email, to allegedly inform recipients that their packages are held and that they need to pay money to recover them. 

Although these cases get reported, a recent report by the State Auditing Institution points out that communication between institutions and the National CERT needs to improve, as public and governmental bodies and companies often do not inform the authorities of incidents. For that reason, some attacks remain unidentified for a long period, increasing the risk and damage to the information infrastructure and data.

Type of attack per country in per cents.

Cyber activists have discovered that the app MojDoktor [My Doctor], used for health appointments and connecting Serbian health centres with the integrated information system, was exploited for almost three years. This included several email servers from a local health centre, which were used for spam, phishing, but also malware and virus attacks.

Most cases in the past three years were reported to the Special Prosecution Office for High Tech Crime and Organised Crime. However, the perpetrators often remain unknown, and court epilogues are few. 

Series of cyber intrusions shakes Albania

Albania has faced several cyberattacks that have targeted its key institutions and businesses. These attacks have caused significant disruptions and raised concerns about cybersecurity.

Methodology Used in the Research

To explore the intricate world of BDI and cybersecurity in the Balkan region, this research
adopted a qualitative approach using mixed methods, including a desk review of relevant
studies and reports, interviews with IT employees at IT departments in public companies and
institutions, and the case study research design. This research methodology is appropriate for
enabling a deep understanding of the complex relationship between cybersecurity and BDI in
the Balkan region.

A multifaceted data collection approach was employed for this research, including document
analysis and case study examination. The researchers first conducted a literature review of
government and NGO reports, news articles, and industry reports.

Secondly, the researchers collated data on notable cyberattacks targeting the Balkan
region’s BDI systems into a database and interviewed IT employees. Selected
case studies offered invaluable insights into cyberattacks on critical infrastructure and public
institutions, servers and revealed large data breaches and leaks.

To analyze the data, the report relied on qualitative content and comparative analysis methods
to analyze cyberattack incidents across five Balkan countries. The research also relied on
triangulation, a technique used in mixed-methods research, to enhance validity and reliability by
cross-checking data from different sources.

One notable incident occurred on January 30, 2023, when Air Albania, a prominent airline company, fell victim to a cyberattack. The attackers, identified as the LockBit ransomware group, claimed they infiltrated Air Albania’s online infrastructure to extort a ransom. They claimed to have stolen and encrypted the company’s data, demanding payment for its release. 

The ransom notice was displayed on the LockBit group’s Dark Web Tor Blog page. Despite the attack, Air Albania assured the public that its data remained secure and that system updates were being implemented. The company did not comment further on the incident.

Another significant cyber incident involved Credins Bank, one of Albania’s largest financial institutions. On December 23, 2022, Credins Bank had to suspend its online services due to a cyberattack orchestrated by the Homeland Justice group. The attackers claimed they targeted the bank in response to the Albanian government’s support for the Iranian opposition group, MEK. 

In a concerning development, Homeland Justice shared documents allegedly obtained from the bank on one of their Telegram channels. The bank did not confirm the authenticity of these leaked documents, titled “ALLAccountsCustomers.zip,” which cautioned against their circulation.

The Albania Police Supervisory Agency also faced a cyber threat. On September 21, 2021, the agency reported an attempted attack on its servers. The attack was successfully blocked, however, and the agency stated that no data had been stolen.

The most significant cyber incident to date in Albania occurred on July 15, 2022, when the government’s centralized e-services system was breached. This breach affected various government infrastructure, resulting in the gradual leakage of sensitive information over several months. 

The attackers, masquerading as the Homeland Justice group on social network accounts, exposed emails belonging to the State Police director and a list of employees from the secret services. 

Microsoft Threat Intelligence investigations revealed that the initial access to the system occurred in May 2021 through a vulnerability in a SharePoint Server. By July 2021, the attackers had fortified their access using a misconfigured service account. Ransomware and wiper malware were employed to achieve their objectives. 

Microsoft and the FBI suggested that Iran might be behind the attack, leading Albania to sever diplomatic relations with Iran as a response. Iran has denied involvement, but Albania believes Tehran was responsible due to its decision to grant refuge to an Iranian opposition movement that is considered a terrorist group by the Iranian government.

These cyber incidents in Albania highlight the growing threat of cybercrime and the need for enhanced cybersecurity measures to protect critical infrastructure and businesses. The attacks have not only caused disruptions but also strained diplomatic relations. Albania’s government and institutions must remain vigilant and collaborate with international partners to strengthen their cybersecurity defences and mitigate future risks.

Journalists involved in conducting this research are Igor Ispanovic, Azem Kurtic, Gjergj Erebara, Xheneta Murtezaj, and Bojan Stojkovski.

Share Your Experience: Social Media Company’s Content Removal During Turkish Elections

During Turkey’s key May elections, were your posts removed or restricted by Meta (Facebook and Instagram), Twitter or YouTube?

Were your posts marked as against community standards or was the decision taken due to Turkish court cases? Do you think that the assessment was fair?

We are looking for people, from media organisations to ordinary citizens, to share their experiences with us to help with a story that we are working on. Scroll down for information on how to take part.

The key things we want to know:

  • We would like to have insight into how many of your posts were removed, restricted, or flagged.
  • What was the reason for this?
  • We would like to have screenshots of your post/s, and social media companies’ assessment for their decision.
  • Was the assessment fair and well-explained?

How to take part?

To submit your experience, just fill out the form available here.

You can also contact us via email: readerstories@birn.eu.com

Or you can reach us on social media:

FB: @balkaninsight

TW: @balkaninsight

IG: @balkan_insight

‘Shame, Guilt’: Can North Macedonia Crack Down on Online Harassment?

Lumturije Qamili was used to being contacted by business clients via WhatsApp, so when she saw a new message from an unknown number one day in late 2021, she instinctively opened it. The sexually-explicit content she was confronted with was offensive, but there was something familiar in the way it was written.

A friend of Qamili and a cousin had both shown her similar messages they had received months earlier, containing the same kind of vulgar content and the same spelling errors. They suspected the same person was harassing them, using a dialect of Albanian that pointed to their hometown, Kicevo in North Macedonia.

On January 4, 2022, Qamili posted screenshots of the messages on Facebook and Instagram, and in no time at all 16 women got in touch to say the same thing had happened to them. The phone numbers were different, but the spelling mistakes were not.

Qamili encouraged the others to go to the police, but they were reluctant – some were married, others engaged. Almost no one wanted to run the risk of being shamed for someone else’s wrongdoing.

The next day, Qamili walked into the police station in Kicevo, armed with the screenshots, and reported that she was being harassed on social media.

“I reported the case on January 5, 2022, after realising that the same thing happened to many other girls,” she told BIRN. One of them was Mona [not her real name], who also went to the police the same day, accompanied by her husband.

Mona had been harassed for months on WhatsApp, Viber and, later, Facebook by an account under the name of ‘Agron’. He called her at work, using the same number that Qamili had been contacted from.

The case, however, has yet to be solved.

North Macedonia has since amended the Criminal Code to better address such cases and keep pace with the changing nature of such threats, but implementation will be key, argue experts, who say such harassment can have a lasting impact on its victims.

“Shame and guilt are often connected, and considering that such experiences often place guilt on the victim, the victim herself experiences guilt that she may be responsible for something like this,” said Kicevo psychologist Valdeta Adili. “Victims are dominated by fear and often show somatic symptoms in disordered eating, sleeping, anxiety, and isolation.”

The town of KIcevo in North Macedonia. Photo by Kicevo Municipality

Protected on paper, but in practice?

In February this year, amendments to North Macedonia’s Penal Code recognised for the first time stalking and online harassment as crimes.

The move came two years after it emerged that explicit pictures and personal information of women and girls were being shared between thousands of members of a Telegram group in North Macedonia called Public Room.

The law now foresees a fine or prison sentence of up to three years for anyone convicted of stalking, harassment, abuse or intimidation, in person or in written form, or misusing someone’s personal data. The penalties are greater if the perpetrator is a current or former intimate partner of the victim or if the crime is committed against a child.

Lidija Petkoska, an MP from the opposition VMRO-DPMNE party who has actively pushed for changes to the law to address the issue, welcomed the amendments and expressed hope that would provide “a certain guarantee and protection for victims who suffer any kind of violence”.

But she voiced concern that state institutions in North Macedonia are still not sufficiently gender-sensitised or have the mechanisms in place to respond in a timely manner.

“No matter how good and well-intentioned the laws are, they have been made in vain if they do not work in reality,” Petkoska told BIRN. “A woman’s safety from harassment, that is, from violence, is extremely important and must be a priority in society.”

Women, however, have little faith in the institutions that should protect them, according to research published in September 2021 by the ‘Ladybug’ Centre for Equal Opportunities, based in the western town of Tetovo. 

Two-thirds of female respondents between the ages of 18 and 25 reported receiving messages from boys or men containing various forms of sexual harassment, hate speech, threats, or insults. They reported feelings of fear, anxiety, self-isolation, and depression after the messages. But only 3.8 per cent of these went to the police.

Immage by Pixabay

Speed is key

A month after Qamili and Mona reported the harassment, Qamili received a letter from the police saying that the number she received the messages from did not exist. Qamili binned the letter and lost hope that the perpetrator would ever be found. She speculated that the police may know his identity, but failed to act. “The letter I got was just a formality,” Qamili told BIRN.

Mona received a phone call, during which a police officer told her they had been unable to trace her harasser because the phone number had been bought without an ID and was not registered.

Under the law in North Macedonia, since 2014 it is possible to buy a SIM card without an ID, but it cannot be activated without one.

“I have no idea who he was,” said Mona. “I left the country a couple of weeks later and didn’t have the chance to continue insisting he be found.”

An IT expert, who asked to remain anonymous, told BIRN that in such investigations, speed is of the essence in determining the geolocation of the device in question. Delay gives the perpetrator time to physically destroy the device or the SIM, and the digital trail can disappear.

Despite what Qamili and Mona were told, the police told BIRN that the case was still active.

“[…] we inform you that immediately after receiving the reports at the police station of Kicevo, in order to clarify the case the Public Prosecutor’s Office of the Republic of North Macedonia was notified and a request was submitted for the provision of data for the owner of the phone numbers from which number the harassment was carried out,” the police said in a written response. “Once the case is resolved, we will notify you accordingly.”

Even if the perpetrator is found, the new crimes incorporated into the Penal Code in February this year would not apply, said legal expert Vedije Ratkoceri. But that does not mean another criminal offence may apply.

“Even if the police manage to identify the harasser now, the harasser would not be able to be prosecuted for a criminal offence that has been incorporated into the Penal Code with the amendments of February 2023,” Ratkoceri told BIRN. 

“This means that in order to accuse someone of a criminal offence, the person must be incriminated under a criminal offence in the Penal Code at the time the action was committed.”

Lidija Petkoska, an MP from the opposition VMRO-DPMNE party who has actively pushed for changes to the law to address the issue. Photo by VMRO-DPMNE

Sowing fear

Qamili said that the harasser of her and the other women would often ask to meet his victims, a fact she found even more worrying.

“I’m almost 30 years old, and I know how to deal with such cases,” Qamili said. “I was afraid that the same thing could happen to a young girl who probably doesn’t know how to react in such cases; they could be afraid or even agree to meet the abuser.”

BIRN asked the police whether any female minors had reported being harassed last year but received no response.

Mona said the phone calls were particularly disturbing, occurring as they did when she was alone at work on the late shift. “I was scared because I didn’t know who it could be and didn’t know his intention,” she said.

Adili, the psychologist, said fear is a common response.

“Of course, the same situation does not affect everyone in the same way, and it depends on the personality of the person, on the circumstances in which he/she finds himself/herself, but in essence it remains a traumatic experience,” Adili told BIRN.

The fact that so many victims fail to go to the police reflects a belief that nothing will be done, she said, as well as a tendency to play down the seriousness of such harassment.

“When we talk about trauma, we always revisit it, but this is necessary to overcome it,” she said.

“The reason for not reporting is often the minimisation of harassment or the denial that something like this is not normal. There are also matters of the personal boundaries that we build and keep in relation to the environment in which we live.”

Qamili said she never feared for her own safety, but for the safety of others.

“I think the harasser himself was trying to hide, but I was worried that he could be dangerous for Kicevo.”

Child Pornography, Hate Speech and Cybercrime Surge in Balkans

Romania experienced a surge in cases involving child pornography in April, with some victims as young as seven years old, followed by Croatia.

The incidents left both countries reeling and have raised questions about how to prevent such crimes. The cases involve the production and sale of child pornography, pimping and trafficking of underage girls and the use of social media platforms like Facebook and Instagram to recruit underage girls.

Several incidents of hate speech and discrimination were reported in the Balkans, shedding light on the ongoing challenges of social tensions and intolerance in the region.

Incidents included derogatory statements about migrants in North Macedonia, racist comments from a pro-government publicist in Hungary, derogatory statements about the people of Sarajevo in Bosnia and Herzegovina, online threats and insults towards an economist in Albania and the detention of a Montenegrin port board member for inciting national and religious hatred on Facebook.

Finally, cybercrime and online violations increased in the Balkans as phishing campaigns, hacking groups, and fraudulent emails target citizens and institutions. These attacks have raised concerns about the potential risks of cybercrime and the need for increased vigilance and cybersecurity measures. Examples include a phishing campaign targeting directors and managers of companies in Bosnia, fraudulent emails allegedly from the head of the Public Security Bureau in North Macedonia, and the leak of classified information from Albanian authorities believed to have been obtained by Iranian hackers.

Child Porn Scandals Rock Romania, Croatia

In April, Romania saw a surge in cases involving child pornography, with victims as young as seven years old. Croatia recorded similar cases.


Women with their eyes covered with violet scarfs participate in a flash mob in front of Romania’s Internal Affairs Minister in Bucharest, Romania, 01 March 2020. Photo: EPA-EFE/BOGDAN CRISTEL

One of the most egregious cases in Romania on April 4 involved a family in Cotorca, a village near Bucharest, who produced and sold child pornography. The victims were an underage boy and a girl who were forced to have sex with adults and be recorded. The videos were sold for 50 to 100 euros each. One suspect was arrested, but the others remain in Cotorca, leaving many wondering whether justice has been served.

Another case, on April 7, involved the trafficking and pimping of two underage girls in Mehedinti, a county bordering Serbia and Bulgaria. The girls were physically and psychologically abused, coerced into prostitution and sold to men in Drobeta-Turnu Severin, a town over 350 kilometres west of Bucharest. The suspects, three young men aged 16 to 23, used social media and escort websites to recruit the victims.

In another case, Romania’s Directorate for Investigating Terrorism and Organized Crime on April 10 arrested three individuals for a pimping scam involving underage girls recruited on Facebook. Two suspects acted as “lover boys,” convincing two girls aged 14 and 15 to prostitute themselves in Austria, Germany, and the UK. The suspects continued to pimp the underage victims across Europe, using escort websites to find clients even after they were already under investigation by Romanian prosecutors.

Besides these cases, several arrests of individuals were made in Romania between April 12, April 26 and 27, who used social media platforms like Facebook and Instagram to recruit underage girls and produce and sell child pornography. The suspects were found with thousands of pornographic files involving children.

In Croatia, between March 30 and April 4, two men were arrested for involvement in child pornography, one of whom is accused of accessing and distributing at least 71 images and 15 videos. The other is suspected of downloading and storing over 16,000 photos and 270 videos. A third individual has been detained for sexual abuse and enticing minors to meet for sexual purposes.

Hate Speech and Discrimination in Balkans Highlight Ongoing Intolerance

A number of instances of hate speech and discrimination were reported across the Balkans in April, highlighting the ongoing challenges of social tensions and intolerance in the region.


A migrant clutches to a fence as they are waiting for a permission to move towards the train station at a refugee camp near Gevgelija, The Former Yugoslav Republic of Macedonia, 21 September 2015. Photo: EPA/NAKE BATEV

One case in North Macedonia occurred on April 1, when a Twitter user posted a message containing hate speech against migrants from Pakistan and Bangladesh who are considered a solution to a labour shortage in North Macedonia. The tweet, which contained inflammatory and unfounded accusations, sparked condemnation before it was deleted by the user.

On April 2, media outlets in Hungary shared a story claiming that migrants had kidnapped a baby from its mother in Serbia. The story first appeared in the Serbian media years ago, back in 2017, and was not confirmed at the time. It was accompanied now by racist comments from a pro-government publicist in Hungary.

In Bosnia and Herzegovina, the chair of the state presidency, Željka Cvijanović, made derogatory statements about Sarajevo’s population on April 7. In response to a statement by a member of the Presidency, Cvijanović made comments viewed as racist and inflammatory, sparking public outrage.

On April 9, Pejka Medić, former director of BH Radio 1 in Bosnia, announced her departure from the national public radio channel on Twitter. The tweet led to a barrage of hate speech and incitement, highlighting the discrimination and intolerance in social media spaces.

In Montenegro, Port of Bar board member Milos Ostojic was detained on April 25 for inciting national and religious hatred on Facebook. Ostojic had posted a video in which he made derogatory and inflammatory comments about Islam and Bosniaks, sparking condemnation.

Finally, on April 5, in Albania, the economist Dena Topi reported receiving online threats and insults after sharing videos of herself and her daughter wearing matching clothing. Critics accused Topi of seeking attention and breaking social norms, highlighting the challenges faced by women and mothers in the public sphere.

Phishing Campaigns, Cyber Attacks, Target Citizens, Institutions

In the last month, several instances of cybercrime and online violations occurred across the Balkans, highlighting the need for increased vigilance and cybersecurity measures.

From phishing campaigns posing as law enforcement to hacking groups leaking classified information, citizens and authorities alike have been impacted by these digital attacks. These incidents have raised concerns about the potential risks of cybercrime and its impact on individuals, businesses, and governments in the region.


An exterior view of the Europol headquarters in The Hague, the Netherlands, 08 June 2021. Photo: EPA-EFE/JERRY LAMPEN

On April 6, citizens of Bosnia began reporting receiving emails signed by so-called police officer Mirsad Vilić, with police and Europol logos, informing them of an ongoing investigation and seeking personal information.

The emails were part of a phishing campaign, which has been ongoing since November 2022, targeting directors and managers of companies. The fraudster(s) were not identified. A Federation entity police press release warned that the aim was to establish contact with recipients to gain the benefit of their property.

Similarly, on April 6, North Macedonian citizens received fraudulent emails allegedly from the head of the Public Security Bureau, Sasho Tasevski, regarding an ongoing investigation with Europol. The emails stated that the recipients were subject to legal proceedings for fictitious crimes and requested personal information. The country’s Interior Ministry later confirmed that the emails were fake.

In Albania, on April 3, a group called Homeland Justice published three RAR files on Telegram containing documents from the Albanian Authority for Electronic and Postal Communications, AKEP, which were believed to have been obtained by Iranian hackers.

Homeland Justice also published three more RAR files on April 6, containing documents from the Albanian National Authority for the Security of Classified Information NSA, which were also believed to have been obtained by Iranian hackers.

Finally, on April 11, Homeland Justice published a third group of RAR files with attached documents from the NSA, which were again believed to have been hacked from Iranian sources.

Serbian Journalists, TV Hosts, Targeted with Threats, Intimidation

Serbia witnessed a disturbing trend of digital rights violations in April. Multiple incidents of threatening messages and intimidation were reported against public figures and journalists, highlighting the precarious situation of free speech in the country.

On April 10, Olja Bećković, a prominent journalist and host of the TV show “Utisak nedelje”, received threatening text messages on her personal phone from Sime Spasić, president of the Association of Families of Kidnapped, Murdered and Missing Persons from Kosovo and Metohija. The incident underscored the need for stronger legal protections for journalists and media professionals, who are often targeted for their work.

On the same day, Vlado Georgijev, owner of the Danube Cargo company, threatened journalists from Nova.rs who had published an article about his business. Georgijev’s actions were seen as a clear attempt to silence the media and impede free and independent reporting.

Adding to this trend, on April 9, presenter Ivan Ivanovic on Twitter reported that he had also received threats from Sime Spasic, directed towards his family. Such threats not only endanger the safety of individuals but also create a chilling effect on free speech and journalistic independence.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now