Kosovo Ruling Party Criticised for Electing Supporter to Media Regulator Board

Local and international media organisations expressed concern on Wednesday after Kosovo’s parliament voted Luljeta Aliu-Krasniqi as member of the board of the Independent Media Commission, IMC.

“We regret to see this development, as it runs counter to the process of IMC’s depolitisation that [the ruling Vetevendosje party] VV had started. This election is a major step towards political recapture, in the very same way it was done in the past,” the European Centre for Press and Media Freedom, ECPMF, said in a statement.

Aliu-Krasniqi, in many public appearances on TV debates in recent years, has been seen as supportive of Kosovo’s ruling party, and the ECPMF said that “in no way can she be considered independent”.

“In light of Kosovo’s membership bid, we will immediately initiate exchange with the Council of Europe and PACE to inform them about this unsettling development that will have a major impact on the independence of IMC,” ECPMF said.

Aliu-Krasniqi took the IMC seat with the support of 48 votes in parliament.

Despite Aliu-Krasniqi’s election, the IMC board remains unfunctional because of a lack of enough members to make up a quorum. The vote to elect another board member failed on Wednesday, as none of four male candidates received enough votes from MPs.

The Association of Journalists of Kosovo, AJK, said that the IMC should preserve its political and party independence “in order to carry out the work of monitoring and regulating the audio-visual scene in Kosovo in an unaffected manner”.

“The election of Aliu-Krasniqi goes in contradiction to this effort and could contribute the anti-media climate that this government has created in many cases during last two years,” AJK said.

“The vote by the ruling party, Vetevendosje, of a public advocate of its policies in government openly shows this party’s intent to put independent media institutions under its control,” it added.

The IMC is an independent institution responsible for the regulation, management and oversight of broadcasting in Kosovo.

It licenses public and private broadcasters, establishes and implements policy and regulates broadcasting rights, obligations and responsibilities of individuals and entities who provide audio and audiovisual media services.

‘Shame, Guilt’: Can North Macedonia Crack Down on Online Harassment?

Lumturije Qamili was used to being contacted by business clients via WhatsApp, so when she saw a new message from an unknown number one day in late 2021, she instinctively opened it. The sexually-explicit content she was confronted with was offensive, but there was something familiar in the way it was written.

A friend of Qamili and a cousin had both shown her similar messages they had received months earlier, containing the same kind of vulgar content and the same spelling errors. They suspected the same person was harassing them, using a dialect of Albanian that pointed to their hometown, Kicevo in North Macedonia.

On January 4, 2022, Qamili posted screenshots of the messages on Facebook and Instagram, and in no time at all 16 women got in touch to say the same thing had happened to them. The phone numbers were different, but the spelling mistakes were not.

Qamili encouraged the others to go to the police, but they were reluctant – some were married, others engaged. Almost no one wanted to run the risk of being shamed for someone else’s wrongdoing.

The next day, Qamili walked into the police station in Kicevo, armed with the screenshots, and reported that she was being harassed on social media.

“I reported the case on January 5, 2022, after realising that the same thing happened to many other girls,” she told BIRN. One of them was Mona [not her real name], who also went to the police the same day, accompanied by her husband.

Mona had been harassed for months on WhatsApp, Viber and, later, Facebook by an account under the name of ‘Agron’. He called her at work, using the same number that Qamili had been contacted from.

The case, however, has yet to be solved.

North Macedonia has since amended the Criminal Code to better address such cases and keep pace with the changing nature of such threats, but implementation will be key, argue experts, who say such harassment can have a lasting impact on its victims.

“Shame and guilt are often connected, and considering that such experiences often place guilt on the victim, the victim herself experiences guilt that she may be responsible for something like this,” said Kicevo psychologist Valdeta Adili. “Victims are dominated by fear and often show somatic symptoms in disordered eating, sleeping, anxiety, and isolation.”

The town of KIcevo in North Macedonia. Photo by Kicevo Municipality

Protected on paper, but in practice?

In February this year, amendments to North Macedonia’s Penal Code recognised for the first time stalking and online harassment as crimes.

The move came two years after it emerged that explicit pictures and personal information of women and girls were being shared between thousands of members of a Telegram group in North Macedonia called Public Room.

The law now foresees a fine or prison sentence of up to three years for anyone convicted of stalking, harassment, abuse or intimidation, in person or in written form, or misusing someone’s personal data. The penalties are greater if the perpetrator is a current or former intimate partner of the victim or if the crime is committed against a child.

Lidija Petkoska, an MP from the opposition VMRO-DPMNE party who has actively pushed for changes to the law to address the issue, welcomed the amendments and expressed hope that would provide “a certain guarantee and protection for victims who suffer any kind of violence”.

But she voiced concern that state institutions in North Macedonia are still not sufficiently gender-sensitised or have the mechanisms in place to respond in a timely manner.

“No matter how good and well-intentioned the laws are, they have been made in vain if they do not work in reality,” Petkoska told BIRN. “A woman’s safety from harassment, that is, from violence, is extremely important and must be a priority in society.”

Women, however, have little faith in the institutions that should protect them, according to research published in September 2021 by the ‘Ladybug’ Centre for Equal Opportunities, based in the western town of Tetovo. 

Two-thirds of female respondents between the ages of 18 and 25 reported receiving messages from boys or men containing various forms of sexual harassment, hate speech, threats, or insults. They reported feelings of fear, anxiety, self-isolation, and depression after the messages. But only 3.8 per cent of these went to the police.

Immage by Pixabay

Speed is key

A month after Qamili and Mona reported the harassment, Qamili received a letter from the police saying that the number she received the messages from did not exist. Qamili binned the letter and lost hope that the perpetrator would ever be found. She speculated that the police may know his identity, but failed to act. “The letter I got was just a formality,” Qamili told BIRN.

Mona received a phone call, during which a police officer told her they had been unable to trace her harasser because the phone number had been bought without an ID and was not registered.

Under the law in North Macedonia, since 2014 it is possible to buy a SIM card without an ID, but it cannot be activated without one.

“I have no idea who he was,” said Mona. “I left the country a couple of weeks later and didn’t have the chance to continue insisting he be found.”

An IT expert, who asked to remain anonymous, told BIRN that in such investigations, speed is of the essence in determining the geolocation of the device in question. Delay gives the perpetrator time to physically destroy the device or the SIM, and the digital trail can disappear.

Despite what Qamili and Mona were told, the police told BIRN that the case was still active.

“[…] we inform you that immediately after receiving the reports at the police station of Kicevo, in order to clarify the case the Public Prosecutor’s Office of the Republic of North Macedonia was notified and a request was submitted for the provision of data for the owner of the phone numbers from which number the harassment was carried out,” the police said in a written response. “Once the case is resolved, we will notify you accordingly.”

Even if the perpetrator is found, the new crimes incorporated into the Penal Code in February this year would not apply, said legal expert Vedije Ratkoceri. But that does not mean another criminal offence may apply.

“Even if the police manage to identify the harasser now, the harasser would not be able to be prosecuted for a criminal offence that has been incorporated into the Penal Code with the amendments of February 2023,” Ratkoceri told BIRN. 

“This means that in order to accuse someone of a criminal offence, the person must be incriminated under a criminal offence in the Penal Code at the time the action was committed.”

Lidija Petkoska, an MP from the opposition VMRO-DPMNE party who has actively pushed for changes to the law to address the issue. Photo by VMRO-DPMNE

Sowing fear

Qamili said that the harasser of her and the other women would often ask to meet his victims, a fact she found even more worrying.

“I’m almost 30 years old, and I know how to deal with such cases,” Qamili said. “I was afraid that the same thing could happen to a young girl who probably doesn’t know how to react in such cases; they could be afraid or even agree to meet the abuser.”

BIRN asked the police whether any female minors had reported being harassed last year but received no response.

Mona said the phone calls were particularly disturbing, occurring as they did when she was alone at work on the late shift. “I was scared because I didn’t know who it could be and didn’t know his intention,” she said.

Adili, the psychologist, said fear is a common response.

“Of course, the same situation does not affect everyone in the same way, and it depends on the personality of the person, on the circumstances in which he/she finds himself/herself, but in essence it remains a traumatic experience,” Adili told BIRN.

The fact that so many victims fail to go to the police reflects a belief that nothing will be done, she said, as well as a tendency to play down the seriousness of such harassment.

“When we talk about trauma, we always revisit it, but this is necessary to overcome it,” she said.

“The reason for not reporting is often the minimisation of harassment or the denial that something like this is not normal. There are also matters of the personal boundaries that we build and keep in relation to the environment in which we live.”

Qamili said she never feared for her own safety, but for the safety of others.

“I think the harasser himself was trying to hide, but I was worried that he could be dangerous for Kicevo.”

Rights Groups Warn Turkish Govt Control of Internet Threatens Elections

Only days before Turkey’s critical May 14 presidential and parliamentary elections, watchdog organisations Human Rights Watch, HRW, and Article 19 said in a question and answer report that the Turkish government’s control over the internet and tech companies policies endangers the elections.

“The Turkish government has accelerated its efforts to enforce censorship and tighten control over social media and independent online news sites ahead of this election,” said Deborah Brown, senior technology researcher at Human Rights Watch.

“The vote will test whether voters in Turkey can rely on social media for independent news and to express their views on the election and its outcome, despite government efforts to put companies under its heel,” she added.

The two organisations said President Recep Tayyip Erdogan’s government should refrain from threatening or throttling social media to prevent opposing views from circulating during the election.

They recalled that the government has stepped up its prosecutions of journalists, political opponents, and others for criticizing the President and the government online, or just for sharing or liking critical articles on social media.

In Sunday’s parliamentary and presidential elections, Erdogan and his ruling Justice and Development Party, AKP, face their biggest ever challenge to their rule.

Polls show the race is tight between Erdogan and his challenger for the presidency, Kemal Kilicdaroglu. The race between their respective alliances for a majority in parliament is also neck-and-neck.

The government frequently blocks websites and orders removal of content that voices opposing views, and has a record of blocking access to popular social media networks at times of political unrest or when it anticipates criticism, as it did after the devastating February 2023 earthquakes.

But the rights groups also urged the tech companies to resist government pressure.

“Social media platforms and messaging services should prioritize human rights over profits to respect the right of voters in Turkey to participate in a democratic election by resisting government pressure and putting in place contingency plans against throttling,” the report said.

“Social media companies may face intense pressure to remove content the government views unfavourably, including assessments from independent monitors,” said Sarah Clarke, director of Article 19 Europe.

“It is crucial for companies to resist these pressures and do everything in their power to push back against measures that would make them complicit in rights abuses during this critical election period.” Clarke added.

In recent years, the government has increased its censorship of the media and internet, using draconian laws and regulations.

Turkey ranked in 165th place out of 180 countries in the 2023 press freedom index of the watchdog organisation Reporters Without Borders, RSF. It classifies the Turkish government’s control over media outlets as high.

Meagre Resources Leave Montenegro Exposed to Cyber Threats

First they blamed Russia, then a gang called Cuba Ransomware. Months later, authorities in Montenegro still have no definitive answer as to who was behind “unprecedented” cyber-attacks in August last year targeting a host of government services.

Whatever the answer, experts say Montenegro remains just as vulnerable to such attacks, citing a shortage of talent and a lack of investment in cybersecurity.

With more attacks likely, the country should take advantage of its status as a newly-minted member of NATO to enlist outside expertise, say some.

“Montenegro is a NATO member, and we should seize the opportunity to invite experienced experts from NATO countries,” said veteran IT system engineer Ivan Bulatovic.

“They can help us make a plan, acquire the necessary equipment and train personnel to successfully deal with the cyber-attacks that await us in the future.”

Perpetrator still unknown

The attacks of August 22 last year compromised a string of public services, including the websites of the government and the Revenue and Customs Administration.

According to the Ministry of Public Administration, 17 “information systems” in 10 institutions were infected, with 150 computer directly affected.

Four days later, the National Security Agency told reporters that Russia was to blame, but offered no evidence. Then, Public Administration Marash Dukaj told Montenegro’s public broadcaster that it was in fact the work of a cybercriminal extortion group by the name of Cuba Ransomware.


Cuba Ransomware group posted it hacked Montenegrin Parliament data. Photo: Printscreen/securityweek.com

“This group has created a special virus for this attack, a virus that cannot be created in a month, and perhaps not even in a year,” Dukaj said at the time. “These attacks were planned over a lengthy period of time; the very creation of the virus cost about $10 million and it has not been used anywhere so far.”

What is Cuba Ransomware?

Cuba Ransomware is recognised as a major hacker group, collecting more than $60 million in ransom since 2019.

However, the US Cybersecurity and Infrastructure Security Agency, CISA, says “there is no indication Cuba Ransomware actors have any connection or affiliation with the Republic of Cuba.”

More than six months later, the National Security Council announced that, “given the specific nature and complexity” of the attack, it had been unable to determine exactly who was the perpetrator, despite the assistance of the FBI in the United States and the French National Cybersecurity Agency, ANSSI.

Bulatovic said the confusion only reinforced a perception that the authorities are at a loss to respond.

“It has not yet been announced what exactly happened, which systems were or are still compromised, how much and which data was lost, and what is the plan to prevent this or similar attacks in the future,” he said.

“The impression was that there was no plan of how to deal with such an attack, even though this type of incident is far from unusual in today’s world and happens on a daily basis.”

The Ministry of Public Administration rejected the criticism, telling BIRN: “We informed the public on several occasions that we had backup data from information systems and that the data was recovered through the restore procedure.”


Timeline: BIRN/Igor Vujcic.

Shortage of expertise

Experts say the mixed messages and lack of answers reflect serious shortcomings in Montenegro’s system of cybersecurity.

The Computer Incident Response Team, CIRT, a state cybersecurity team, has just seven employees, while nine officials work in the Directorate for System and Information and Communication Infrastructure. That’s the extent of Montenegro’s cybersecurity manpower when it comes to general defence of the public administration.

Dusan Polovic, director general of the Directorate for Infrastructure, Information Security, Digitisation and e-Services in the Ministry of Public Administration, conceded there were issues with the hiring and retention of staff, in particular because of the pay disparity between the public and private sectors.

Polovic said that a government decision to hike the basic pay of IT professionals in the public sector by 30 per cent had helped “to a certain degree”.

Even then, a typical salary for an IT professional on the public payroll rarely exceeds 1,000 euros per month, compared with a starting rate of 1,300 euros offered by private companies.

“Depending on one’s experience and seniority level, the salary can go all the way to 5,000 or even 6,000 euros per month,” said Danilo Nikovic, owner of the recruitment and human resources consultancy Millennial Consulting.

Most find work abroad or work online for foreign clients, he said. “This profession is in short supply everywhere in the world and therefore very well paid.”

Marko Lakic, an expert witness for the IT sector, said that Montenegro has cybersecurity experts, but only a handful work in state institutions.

“People who work as public officials cannot cope with digital security challenges,” Lakic told BIRN. “The state simply cannot pay experts as much as they can earn in the private sector.”

‘Basic’ digital maturity

Montenegro’s own Cybersecurity Strategy for the period 2018-2021 cites an “insufficiently developed awareness of the importance of investing in cybersecurity at the highest management levels.”

While many countries struggle with a lack of cybersecurity experts, the strategy states, the problem is more acute in Montenegro, which has a population of just 630,000 people.

Last year, a report by the European Bank for Reconstruction and Development, EBRD, characterised Montenegro’s level of “digital maturity” as “basic”.

It recommended adjusting educational curricula and introducing testing and certification of all civil servants using digital systems; the country should also introduce cybersecurity requirements for all digital service providers, not only in the public sector, it said, and ensure close coordination on security controls and practices.

Indeed, experience in the region shows that such attacks are only becoming more common and severe.


Dusan Polovic is the Director General of the Directorate for Infrastructure, Information Security, Digitization and e-Services in the Ministry of Public Administration. Photo: Gov.me

In September last year, just after the attacks on Montenegro, the Slovenian defence ministry and police were also targeted, though no critical systems were affected after authorities scrambled to contain the incident. The same month there was an attack on the state-level parliament and several other institutions in Bosnia and Herzegovina, rendering thousands of civil servants unable to carry their work.

Then in January, multiple institutions in Serbia came under cyber-attack, including domains under the jurisdiction of the main intelligence body, BIA. The hacker group Anonymous claimed responsibility.

Cybersecurity Ventures, one of the world’s leading publishers in the field, predicts the annual cost of global cybercrime will reach $10.5 trillion by 2025, up from $3 trillion in 2015.

Ban on browsing?

Eight months after the attacks in Montenegro, some digital services are still not functioning.

Polovic told BIRN that the only system under the Ministry of Public Administration that remains affected is the Open Data Portal, where public administration bodies can publish data in an open format.

But BIRN was unable to access a number of others, including Covid Odgovor.me, the Government’s website in charge of publishing the latest news on COVID-19 and Vertical and oblique ortho shots at the Ministry of Ecology, Spatial Planning and Urbanism.

According to the National Security Council, reports on the August 2022 attacks “contain a large amount of data important for the improvement of cybersecurity in Montenegro.” It did not specify who authored the reports, though the Council received input from the FBI, ANSSI and Montenegro’s own Council for Information Security. 

The Ministry of Public Administration told BIRN that the reports were “classified in such a way that we do not have the authorisation to present their content, but that they can be used precisely for the purpose of improving security”.

The FBI declined to comment for this story, while ANSSI did not respond.

Bulatovic said that more attacks were “inevitable” and that Montenegro should look at bringing in private sector expertise, both local and international.

“They can train IT colleagues from the government and the ministries in how to apply the latest attack protection technologies,” he said. 

“In addition, it is important to organise security training for all employees in the public administration, so that they can acquire basic knowledge about cybersecurity and use it in their daily work. For example, they must know how to recognise a fake email.”

Polovic said that that several such sessions had already been organised through the EU’s Cyber Rapid Response project for Montenegro, North Macedonia and Albania, with a focus on incident management and risk analysis. 

He said that the Ministry of Public Administration had also launched multiple educational initiatives that will result “in the provision of expert training in this area.”

In March, the minister, Dukaj, said that the country would soon get a new addition to its cybersecurity infrastructure – the Agency for Cybersecurity. The agency should be founded once a new Law on Information Security is passed by parliament.

“This way, we establish a sustainable system for effective detection and defence against cyber threats and incidents of a high level of sophistication and ensure more efficient and safer functioning of the public administration and economy and contribute to public trust,” Maras said.

Lakic, however, identified a far simpler step – banning public servants and state officials from browsing web portals and watching YouTube content on state computers.

“Even with the existing infrastructure and employees – although I think they are not educated enough – it would greatly improve the security system,” he said. “We could solve over 80 per cent of threats just by making their behaviour more serious and responsible. We don’t even need money for this purpose, as we can do it without any additional investments.”

Child Pornography, Hate Speech and Cybercrime Surge in Balkans

Romania experienced a surge in cases involving child pornography in April, with some victims as young as seven years old, followed by Croatia.

The incidents left both countries reeling and have raised questions about how to prevent such crimes. The cases involve the production and sale of child pornography, pimping and trafficking of underage girls and the use of social media platforms like Facebook and Instagram to recruit underage girls.

Several incidents of hate speech and discrimination were reported in the Balkans, shedding light on the ongoing challenges of social tensions and intolerance in the region.

Incidents included derogatory statements about migrants in North Macedonia, racist comments from a pro-government publicist in Hungary, derogatory statements about the people of Sarajevo in Bosnia and Herzegovina, online threats and insults towards an economist in Albania and the detention of a Montenegrin port board member for inciting national and religious hatred on Facebook.

Finally, cybercrime and online violations increased in the Balkans as phishing campaigns, hacking groups, and fraudulent emails target citizens and institutions. These attacks have raised concerns about the potential risks of cybercrime and the need for increased vigilance and cybersecurity measures. Examples include a phishing campaign targeting directors and managers of companies in Bosnia, fraudulent emails allegedly from the head of the Public Security Bureau in North Macedonia, and the leak of classified information from Albanian authorities believed to have been obtained by Iranian hackers.

Child Porn Scandals Rock Romania, Croatia

In April, Romania saw a surge in cases involving child pornography, with victims as young as seven years old. Croatia recorded similar cases.


Women with their eyes covered with violet scarfs participate in a flash mob in front of Romania’s Internal Affairs Minister in Bucharest, Romania, 01 March 2020. Photo: EPA-EFE/BOGDAN CRISTEL

One of the most egregious cases in Romania on April 4 involved a family in Cotorca, a village near Bucharest, who produced and sold child pornography. The victims were an underage boy and a girl who were forced to have sex with adults and be recorded. The videos were sold for 50 to 100 euros each. One suspect was arrested, but the others remain in Cotorca, leaving many wondering whether justice has been served.

Another case, on April 7, involved the trafficking and pimping of two underage girls in Mehedinti, a county bordering Serbia and Bulgaria. The girls were physically and psychologically abused, coerced into prostitution and sold to men in Drobeta-Turnu Severin, a town over 350 kilometres west of Bucharest. The suspects, three young men aged 16 to 23, used social media and escort websites to recruit the victims.

In another case, Romania’s Directorate for Investigating Terrorism and Organized Crime on April 10 arrested three individuals for a pimping scam involving underage girls recruited on Facebook. Two suspects acted as “lover boys,” convincing two girls aged 14 and 15 to prostitute themselves in Austria, Germany, and the UK. The suspects continued to pimp the underage victims across Europe, using escort websites to find clients even after they were already under investigation by Romanian prosecutors.

Besides these cases, several arrests of individuals were made in Romania between April 12, April 26 and 27, who used social media platforms like Facebook and Instagram to recruit underage girls and produce and sell child pornography. The suspects were found with thousands of pornographic files involving children.

In Croatia, between March 30 and April 4, two men were arrested for involvement in child pornography, one of whom is accused of accessing and distributing at least 71 images and 15 videos. The other is suspected of downloading and storing over 16,000 photos and 270 videos. A third individual has been detained for sexual abuse and enticing minors to meet for sexual purposes.

Hate Speech and Discrimination in Balkans Highlight Ongoing Intolerance

A number of instances of hate speech and discrimination were reported across the Balkans in April, highlighting the ongoing challenges of social tensions and intolerance in the region.


A migrant clutches to a fence as they are waiting for a permission to move towards the train station at a refugee camp near Gevgelija, The Former Yugoslav Republic of Macedonia, 21 September 2015. Photo: EPA/NAKE BATEV

One case in North Macedonia occurred on April 1, when a Twitter user posted a message containing hate speech against migrants from Pakistan and Bangladesh who are considered a solution to a labour shortage in North Macedonia. The tweet, which contained inflammatory and unfounded accusations, sparked condemnation before it was deleted by the user.

On April 2, media outlets in Hungary shared a story claiming that migrants had kidnapped a baby from its mother in Serbia. The story first appeared in the Serbian media years ago, back in 2017, and was not confirmed at the time. It was accompanied now by racist comments from a pro-government publicist in Hungary.

In Bosnia and Herzegovina, the chair of the state presidency, Željka Cvijanović, made derogatory statements about Sarajevo’s population on April 7. In response to a statement by a member of the Presidency, Cvijanović made comments viewed as racist and inflammatory, sparking public outrage.

On April 9, Pejka Medić, former director of BH Radio 1 in Bosnia, announced her departure from the national public radio channel on Twitter. The tweet led to a barrage of hate speech and incitement, highlighting the discrimination and intolerance in social media spaces.

In Montenegro, Port of Bar board member Milos Ostojic was detained on April 25 for inciting national and religious hatred on Facebook. Ostojic had posted a video in which he made derogatory and inflammatory comments about Islam and Bosniaks, sparking condemnation.

Finally, on April 5, in Albania, the economist Dena Topi reported receiving online threats and insults after sharing videos of herself and her daughter wearing matching clothing. Critics accused Topi of seeking attention and breaking social norms, highlighting the challenges faced by women and mothers in the public sphere.

Phishing Campaigns, Cyber Attacks, Target Citizens, Institutions

In the last month, several instances of cybercrime and online violations occurred across the Balkans, highlighting the need for increased vigilance and cybersecurity measures.

From phishing campaigns posing as law enforcement to hacking groups leaking classified information, citizens and authorities alike have been impacted by these digital attacks. These incidents have raised concerns about the potential risks of cybercrime and its impact on individuals, businesses, and governments in the region.


An exterior view of the Europol headquarters in The Hague, the Netherlands, 08 June 2021. Photo: EPA-EFE/JERRY LAMPEN

On April 6, citizens of Bosnia began reporting receiving emails signed by so-called police officer Mirsad Vilić, with police and Europol logos, informing them of an ongoing investigation and seeking personal information.

The emails were part of a phishing campaign, which has been ongoing since November 2022, targeting directors and managers of companies. The fraudster(s) were not identified. A Federation entity police press release warned that the aim was to establish contact with recipients to gain the benefit of their property.

Similarly, on April 6, North Macedonian citizens received fraudulent emails allegedly from the head of the Public Security Bureau, Sasho Tasevski, regarding an ongoing investigation with Europol. The emails stated that the recipients were subject to legal proceedings for fictitious crimes and requested personal information. The country’s Interior Ministry later confirmed that the emails were fake.

In Albania, on April 3, a group called Homeland Justice published three RAR files on Telegram containing documents from the Albanian Authority for Electronic and Postal Communications, AKEP, which were believed to have been obtained by Iranian hackers.

Homeland Justice also published three more RAR files on April 6, containing documents from the Albanian National Authority for the Security of Classified Information NSA, which were also believed to have been obtained by Iranian hackers.

Finally, on April 11, Homeland Justice published a third group of RAR files with attached documents from the NSA, which were again believed to have been hacked from Iranian sources.

Serbian Journalists, TV Hosts, Targeted with Threats, Intimidation

Serbia witnessed a disturbing trend of digital rights violations in April. Multiple incidents of threatening messages and intimidation were reported against public figures and journalists, highlighting the precarious situation of free speech in the country.

On April 10, Olja Bećković, a prominent journalist and host of the TV show “Utisak nedelje”, received threatening text messages on her personal phone from Sime Spasić, president of the Association of Families of Kidnapped, Murdered and Missing Persons from Kosovo and Metohija. The incident underscored the need for stronger legal protections for journalists and media professionals, who are often targeted for their work.

On the same day, Vlado Georgijev, owner of the Danube Cargo company, threatened journalists from Nova.rs who had published an article about his business. Georgijev’s actions were seen as a clear attempt to silence the media and impede free and independent reporting.

Adding to this trend, on April 9, presenter Ivan Ivanovic on Twitter reported that he had also received threats from Sime Spasic, directed towards his family. Such threats not only endanger the safety of individuals but also create a chilling effect on free speech and journalistic independence.

Hadzi Vasileva: Attacks on North Macedonia Journalists are Moving Online

Iskra Hadzi Vasileva has been working as a public prosecutor in North Macedonia for eight years.

In an interview with BIRN, she says that apart from Instagram, she doesn’t use social networks herself.

Her distance from the online world is a “double-edged sword”, she admits. On the one hand, it protects her privacy, but on the other, information gets to her more slowly.

Hadzi Vasileva is one of the few prosecutors in Skopje’s Public Prosecution Office who knows how to behave in front of a camera, and says prosecutors have to communicate better with the public.

“It is not very comfortable when you have to make a statement to the public because the courtroom is your territory, you know the arguments and the facts that you have to present,” she says. “But we have to find the balance.”

She believes this is why public and communications training at the Academy for Judges and Public Prosecutors is so important.


Last year there were four cases involving attacks against journalists. Photo by Robert Atanasovski

Threats to journalists shifting to the internet

The public first encountered her last October, when the Association of Journalists and the Public Prosecutor’s Office announced that for the first time a prosecutor had been appointed specifically to handle cases where journalists were under attack.

This was the first appointment of its kind in the region, and came at the request of the Journalists’ Association.

The move was motivated by the Journalists’ Association’s claim that a culture of impunity operated in North Macedonia, which was why the number of unsolved cases of journalists being attacked physically or online was rising.

After half a year of working on such cases, Hadzi Vasileva says that at the start she was not sufficiently aware of what the actual mandate would mean in practice.

“Now, I understand it more and more, as I communicate with you [journalists] and as I enter more into this subject and sphere,” she said.

She describes this activity as a preventive measure: “If we show a strong commitment and efficiency through specific subjects, I hope it will have the effect of fewer threats.”

Hadzi Vasileva says the statistics of crimes against journalists are improving. Last year, there were four such cases, two of which were handled by the Skopje Prosecutor’s Office.

“One case was closed, and the reason for that was that the identity of the user of a Twitter account could not be obtained. The other case was a physical attack on a television crew, and there was a verdict based on a guilty plea. Тhe court found the defendant guilty with protective supervision, which is a fair sanction that the Prosecutor’s Office welcomes.”


The prosecution is acting with speed and special attention in cases where journalists are the victims, Hadzi Basileva said. Photo by BIRN

The prosecutor also recalled the case of the portal Dokazm.mk, which, among others, targeted two journalists.

The portal owner was convicted of several crimes, including hate speech, as he had used the portal to conduct smear campaigns. As a result, the two journalists were exposed to hate speech through social networks. The first-instance verdict came with a prison sentence.

Hadzi Vasileva says they currently have another case before them, in the early stages, related to sexual harassment through a social network, where a journalist reported the case аs a victim.

The Prosecution Office has noticed a trend in which “the number of physical attacks is decreasing, but at the same time, the number of online threats is increasing”.

When it comes to physical attacks on journalists, Hadzi Vasileva notes that new amendments to the criminal code approved this year in parliament have improved the protection of journalists and media workers.

“In the case of some criminal acts, the legislature has intervened and recognized the quality of journalists or media workers to whom it has given increased protection.”

In practice, means that attacks on journalist will be more severely punished.

But she also noted that journalist victims in several cases, for several reasons, have not declared that the reason for the attack was related to their profession.

“That’s why we are trying to have contact through the public relations service of the Prosecution Office with the Association of Journalists in terms of tracking and recording the cases, to compare the data for accurate statistics,” she said.

The Prosecutor’s Office also monitors proceedings in cases in which journalists are not harmed but are reported or are called as witnesses to give statements in proceedings, so that those proceedings are not used as pressure on freedom of expression.


There are no formal criteria who can declare itself as a journalist in front of the prosecution. Photo by Robert Atanasovski

Race against time for evidence

In cases concerning journalists, but also in other cases in which crimes are committed on the internet, the possibilities of investigation are sometimes limited, she said, “due to the anonymity that the internet offers”.

“The speed of the action is important, but also the speed of reporting the case,” she stressed.

In that race against time for evidence, the Prosecutor’s Office, through the police, cooperates with the operators of social networks, which are located in other countries, primarily the US.

“Usually, we go through the Ministry of the Interior, where there is a contact point for cooperation with the operators, and they also have their own policies that they act on,” she noted.

“In practice, there are examples of hate speech in our country, but the operator in the foreign country responds that in their jurisdiction, it is [deemed] freedom of speech. It has to be a crime both here and there,” she pointed out

The prosecutor clarified that the problem is termed the “volatility” of evidence, which means that the evidence is rapidly changing.

“If you don’t fix and secure the evidence right away, you’re likely to lose it in some cases,” she warned.

“In addition, each state has its own jurisdiction and norms regarding how long operators have to keep some of the data [and] due to the protection of personal data, these are limited periods of time, which can be electronic evidence in an investigation. In our country it is a year, in some countries it is six months, even shorter.”

But when it comes to attacks on journalists, Hadzi Vasileva assures that the Prosecutor’s Office is committed to act “with particular attention and speed”.

This does not mean that other victims do not receive appropriate treatment, but for journalists, she adds, “it is important that in addition to the protection of physical integrity, you also have a broader target of protection, that is freedom of expression, that is, in the broadest sense, the fundamental of our society.”


The prosecution does not act ‘ex officio’ on all complaints posted by journalists in the online media. Photo by BIRN

Not every online threat is hate speech

Hate speech in the online space is one thing, and a civil suit for defamation and slander is another, she notes.

“We have many examples in which a person who has been offended thinks he can also seek protection, but it is worthwhile to explain to the public that there is a difference.”

For a crime of hate speech, it is necessary to prove that the perpetrator in his or her speech intended in a broad sense, through expression, or representation of an idea, image or text, “to incite discrimination or violence, based on any of the discriminatory grounds against a person or group”.

This crime requires “an intensity and effect that constitutes the dissemination of such ideas and harms public order”.

Defamation or slander, on the other hand, refers to “injury of the personal or moral integrity of the individual, for which there is civil liability if the person’s dignity is injured”.

The Dokazm.mk case, in which content was published on a portal that did not respect journalistic professional standards, also raised the question of how and in what way the Prosecutor’s Office decides whether someone is a journalist or not.

“Formal criteria for the determination of a journalist before the Public Prosecutor’s Office do not exist, because they do not exist in our country either,” she cautions.

Investigations must contain evidence for prosecutors to act

“Some articles are of great interest for us. We discuss those things with our colleagues the very next day, when we come to work,” says Hadzi Vasileva, noting that serious journalistic investigations may present an obligation for the Prosecutor’s Office to initiate proceedings and investigate suspicions of crime.

However, the public impression often is that prosecutors are “deaf” to serious journalistic articles that reveal suspicions of crime and corruption.

She maintains that the responsiveness of her Prosecutor’s Office in this regard is good, but says also what her colleagues often repeat, which is that not every voice heard obliges prosecutors to act immediately.

She says published findings of journalists indicating corruption or crime must “contain enough clues and evidence and be of adequate quality to be the basis for criminal proceedings”.

She says that press reports do not always touch on issues that are for the Prosecutor’s Office. “Some of them may relate to systemic failures, or weaknesses”, she concludes.

Bosnia Lacks Capacity to Fight Millions of Cyber Attacks Monthly, Report Warns

The first report on cyber threats in Bosnia and Herzegovina has said the country is facing millions of cyber attacks each month, while lacking the strategies, legislation and capacity to protect its citizens, institutions and companies. 

“During November 2022, a wide range of targets were subject to over 9.2 million distinct cyber attacks recorded in Bosnia and Herzegovina,” it was said on Friday during a presentation of the report compiled by the Center for Cybersecurity Excellence, CSEC, and BIRN. 

With the help and support of the United Kingdom, CSEC monitored the number of attacks using two devices that simulate a digital target.

The most common form of cyber attacks recorded were distributed denial-of-service attacks, or DDoS, which aim to disable or disrupt the functioning of IT systems by bombarding them simultaneously from many different sources. 

“This report also highlights the lack of adequate computer emergency response teams, CERTs, as a key problem in Bosnia, along with the prolonged absence of an effective legislative framework,” it was added during the presentation before the parliament of Bosnia and Herzegovina, whose systems were targeted in attacks in September last year, as well as IT experts and lawmakers. 

CSEC recorded 3.8 million DDoS attacks in Bosnia in November last year alone, with media outlets being frequent targets. In addition to DDoS attacks, attackers often attempted to control computers, as well as exploit various databases and devices with Android operating systems.

However, since only two devices were used to monitor the attacks, the coverage of this threat report is not comprehensive, and it is assumed that the total number of attacks is far higher.

An updated threat report will be published every six months, providing the latest assessment of trends in the field of cyber threats and practical advice on how to protect against them.

Turkey Accused of ‘Persecuting’ Critical Media Ahead of Key Elections

A group of international media organisations and rights groups in a joint statement have accused the Turkish broadcasting regulator of punishing critical reporting ahead of important general and presidential elections on May 14.

“Twenty press freedom, freedom of expression and human rights organizations call on Turkey’s broadcast regulator (RTUK) to immediately stop fining broadcasters for their critical reporting. Journalists and broadcasters must be allowed to do their jobs of informing the public over critical issues and holding the government to account,” the joint statement said on Thursday.

Twenty media and human rights organizations, including Freedom House, the International Press Institute, the European Centre for Press and Media Freedom, the International Federation of Journalists, and Reporters Without Borders, are involved in this initiative.

The Radio and Television Supreme Council, RTUK, is a state agency that monitors and sanctions radio and television broadcasts.

“Instead of upholding freedom of expression and media pluralism in the country, RTUK is being weaponized by the governing parties to silence legitimate criticism and provide them with an unfair advantage in the May 2023 elections. This suppression of public debate is undermining the electoral process,” the joint statement said.

In recent months, following devastating earthquakes in southern Turkey, RTUK has been increasingly penalising TV channels for their critical coverage of government policies and election processes.

“We view these incidents as part of the Turkish government’s systematic attempt to stifle critical reporting and to control the information flow ahead of Turkey’s presidential and parliamentary elections on May 14, 2023,” the statement said.

“We call on the Turkish broadcast regulator, RTUK, to immediately end the persecution of independent broadcasters and act according to its mandate to secure freedom of expression and media pluralism in the country.”

The opposition, experts and international rights groups have accused the RTUK of going all out to crush the remaining independent media and of acting as a tool of the authoritarian government of President Recep Tayyip Erdogan who faces the greatest challenge to his 21-year of rule in elections on May 14.

The joint statement highlighted that in 2022 alone, RTUK issued 54 penalties to five independent broadcasters totalling 17.335.000 Turkish Lira (approximately 823,000 euros) in fines. By contrast, government channels received four penalties totalling 1,674.000 TL (about 80,000 euros).

Turkey ranked in 153rd place out of 180 countries in 2022 in the latest press freedom index of watchdog organisation Reporters Without Borders, RSF, which classifies the Turkish government’s control over media outlets as high.

Attack on Kosovo Journalist Condemned

Journalists’ associations and political leaders on Wednesday condemned the assault on Kosovo journalist Valon Syla who received medical treatment after the attack in a Pristina neighbourhood.

Kosovo Police confirmed that Syla was assaulted in Pristina’s Bregu i Diellit (Sunny Hill) neighbourhood around 22:30 on Tuesday. He was going home after participating in a TV debate.

“The victim received [medical] treatment while the others [attackers] fled the scene in a car with local licence plates,” police said in a statement.

Pristina Basic Prosecution said that Syla was assaulted by three persons and sustained body injuries.

No arrest has been made.

Speaking from Pristina hospital after receiving treatment, Syla told TV Dukagjini that he was assaulted by “three Islamic fanatics”.

“It all happened too quickly,” Syla, who is CeO and Director of Kosovo news portal Gazeta Metro, said.

Through a Facebook post on Wednesday, Syla alleged that the attack is linked with comments he made on social media about a local imam who received a Mercedes car as a gift some days ago from worshippers, on the day he retired.

“I don’t know if anyone ordered it [the attack] but it was enough to cause serious injuries on my head and my left hand,” Syla said.

The attack was condemned by the Association of Journalists of Kosovo, AJK, which asked for an “urgent investigation” into the incident.

“This attack is totally unacceptable and is an attempt to hinder and undermine freedom of speech and freedom of media in Kosovo,” the AJK said.

“AJK calls on relevant institutions to take necessary measures to urgently arrest those responsible for the attack and bring them before the justice,” it added.

The attack was also condemned by the European Federation of Journalists. “We call on the police and prosecutor to investigate the case and bring the perpetrators to justice,” EFJ said on Twitter.

Condemning the attack and wishing the journalist a speedy recovery, Kosovo’s Prime Minister, Albin Kurti, on Wednesday called it “intolerable and unacceptable”.

“Disagreements on beliefs and positions cannot and should not be a cause for physical attacks. In a democratic society which we proudly present and promote, we cannot allow that fear from free speech overweight freedom of speech,” Kurti said during a cabinet meeting.

Politicians and Public Targeted in Online Intimidation Cases

Political targeting has become a worrying issue in the Balkans, with threats and online harassment of politicians and individuals who criticise people in power, according to BIRN’s review of digital violations for the period from January to March this year.

Several cases of political censorship, intimidation and legal suppression of dissent have been reported across the region in the period.

These incidents include threatening messages sent to political figures on Twitter, the erasure of the digital profiles of dissenters, and legal indictments of critical journalists.

The spread of misinformation on social media platforms has also continued to be a significant problem, with cases reported in Hungary, Romania, Montenegro and Croatia.

Several countries, including Albania, Serbia, Hungary, North Macedonia, Romania and Croatia, have reported an increase in cyber threats in recent months.

Phishing attacks have been rampant, with hackers sending malicious messages and emails posing as reputable organisations and authorities, such as Díjnet in Hungary and Interpol in Serbia. Companies and individuals have also fallen victim to online scams, losing thousands of euros in the process.

Politicians and public figures under attack

There has been an increasing number of cases involving the political of targeting of critics in the period from January to March. Such actions have a chilling effect on freedom of speech and the press, as well as on the ability of civil society to hold governments accountable for their actions.


President of Serbia, Aleksandar Vucic addresses the media after the High-level Meeting of the Belgrade-Pristina Dialogue in Ohrid, Republic of North Macedonia, 18 March 2023. Photo: EPA-EFE/GEORGI LICOVSKI

On March 30, users of an anonymous forum on the Klix.ba website made alarming calls for the liquidation of two high-profile Bosnian individuals: Foreign Minister Elmedin Konakovic and Nermin Niksic, the president of the Social Democratic Party.  This caused widespread concern and condemnation among politicians and members of the public alike. Many politicians called for the security agencies to take action.

On January 16, Biljana Stojkovic, co-president of the Zajedno party in Serbia, was alarmed when she received a threatening message on Twitter. She reported the incident to the police, but said that she could not shake off the feeling of being watched and targeted.

The same day, Petar Djuric, president of the Citizens’ Association, was detained for criticising Serbian President Aleksandar Vucic on social media. He was taken into custody by the Service for Combatting Organised Crime, SBPOK, questioned and then later released.

Another incident occurred in Montenegro, where the opposition Social Democratic Party MP Draginja Vuksanovic Stankovic was insulted in obscene and degrading comments on daily newspaper Vijesti’s Facebook page on January 12.

Meanwhile online political censorship is a tool that has been used by those in power. In Hungary, the Facebook profile of politician Orsolya Besenyi, who supported by the ruling Fideszparty but ran in the Jászberény local by-election as an independent, disappeared on January 16. Several days of posts on the Fidesz Jászság Facebook page were also deleted after Besenyi lost the by-election. The erasure of her digital presence was seen as a warning to other dissenters.

Online intimidation has also been used to silence critics in Hungary. After Ákos Hadházy, an independent MEP, reported that István Eged, the Fidesz party mayor of Pétervására, used EU funds for the benefit of his family, Eged sent Hadházy a threatening message on January 30, saying: “Be sure to see me again. … You will beg.” The message was seen as an indication that Eged wanted to stop any scrutiny of his actions.

Another case showed how social media can also be used by members of the public to intimidate and threaten others.

In Bosnia and Herzegovina on January 15, Emir Suljagic, the director of the Srebrenica Memorial Centre, posted a series of tweets commenting on an attack on a group of Serbs in Sarajevo.

Suljagic’s tweets included a picture of Bosnian Serb soldiers on the hills above Sarajevo during the 1992-95 siege. A Twitter user named SavoljuB responded: “Once Republika Srpska becomes part of Serbia, Potocari [where the memorial centre is located] will be flattened with an excavator and turned into a landfill.”

Misinformation in Montenegro, Hungary, Romania, Croatia

The spread of misinformation remains a significant problem on social media platforms as several recent cases in Montenegro, Hungary, Romania and Croatia show.


Visiting Speaker of the Hungarian Parliament Laszlo Kover and the President of the Parliament of Montenegro Ivan Brajovic (unseen) arrive for a joint news conference following their meeting at the Vila Gorica in Podgorica, Montenegro, 10 September 2018. Photo: EPA-EFE/BORIS PEJOVIC

On February 21, the German ambassador to Podgorica, Peter Felten, accused the Montenegrin news website Borba of publishing falsehoods. Felten told the newspaper Vijesti that Borba published a false story about a presidential election survey and said the German embassy had never done such a survey.

In Hungary, after a far-right march in Budapest, extreme right-wing media outlets Vadhajtások and Pesti Srácok on February 11 falsely accused last MP András Jámbor, his movement Szikra and left-wing news Mérce of organising violence that broke out, despite evidence that foreign members of Antifa being responsible.

The personal data of Hungarian left-wing activists was also published on social media and Telegram, leading to threats of physical violence. Meanwhile, a manipulated photo of László Kövér, the ruling Fidesz party speaker of the Hungarian parliament, was circulated on Facebook on February 6, falsely showing Kövér as a young man standing next to János Kádár, who was the Communist leader of Hungary.

In Romania on March 9, the Defence Ministry issued a warning to the public about misinformation on social media platforms such as Facebook and Instagram regarding mandatory military mobilisation. The ministry identified at least seven misinformation campaigns on this subject since the start of the Russian war in Ukraine, with the latest targeting citizens of Bucharest. The ministry said it believes that the aim of the campaigns is to generate confusion, panic and uncertainty among the population.

Also in Romania, dozens of mainstream media websites shared a piece of false information on February 12 about a change in the Romanian Road Code making it mandatory for drivers to carry a shovel and a supply of sand in the car during winter months, with drivers who weren’t equipped facing fines of up to 600 euros. However, police confirmed that no such change had been made to the Road Code. No original source was established for the fake news, which was shared by media outlets with large followings, including Newsweek, Capital, Click and Antena 3.

On January 20, a fake news article entitled “Secret CDC report confirms that 118,000 young people ‘suddenly died’ after vaccination” was published by SHTFplan, a conspiracy theory website, and circulated on social media in Croatia. The article falsely claimed that US presidential medical advisor Dr. Anthony Fauci used propaganda, lies, and manipulation to force parents to vaccinate their children and that 118,000 young people died after receiving the COVID-19 vaccine.

However, none of the information in the article no unusual increase in deaths after vaccination against the coronavirus has been reported. Fact-checkers at Faktograf concluded that the story was false.

Navigating cybersecurity threats

In recent months, several cyber threats have been reported across Europe. On March 31, a 28-year-old man from Albania was arrested for engaging in online fraud. The man is believed to have illegally obtained 100,000 euros by stealing personal account information from Kosovo citizens on various social media platforms. Once the perpetrator gained access to the accounts, he proceeded to demand money from the victim’s family members and close acquaintances.


A photo illustration shows the logo of social media messaging application Telegram on a mobile telephone screen, in Paris, France, 27 January 2021. Photo: EPA-EFE/IAN LANGSDON

On March 21 in North Macedonia, scammers used several humanitarian cases to lure donations on various social media channels, posing as relatives or close friends of people who are in need of donations for operations or other reasons.

On January 19, Russian hackers launched targeted phishing attacks on popular Facebook pages of Hungarian influencers, while on January 25, people in Serbia received false malicious messages from the Stara Pazova Health Centre and the Moj Doktor website as part of a phishing campaign in Serbia.

In Croatia, a company from Valpovo was scammed out of 31,000 euros when an unknown perpetrator falsely presented themselves as a director and requested a transaction to an account of another foreign company on January 18.

On January 24 meanwhile, a company from Zagreb lost hundreds of thousands of euros in a matter of minutes in an online scam. An employee received a message to update the company’s mobile banking app, which led to several hundred thousand euros being paid from the company’s account to ones owned by the unknown perpetrator

Phishing attacks have also been on the rise, with unknown people sending emails on behalf of Díjnet, an electronic bill service in Hungary, the Hungarian police and Interpol, accusing the recipients of involvement in child pornography.

In Bosnia and Herzegovina, sellers on the OLX.ba platform were targeted by cyber fraudsters who contacted them via Viber or other communication networks and requested bank card data after agreeing to purchase an item. Similarly, Bosnian lawyer Veronika Jancik fell victim to internet fraud when an unknown person asked for a voucher worth around 25 euros using a relative’s fake Instagram profile.

On February 17, hackers broke into the email system of the International Investment Bank in Budapest in Hungary and stole emails, documents, and other sensitive information.

On February 22, an unknown perpetrator blackmailed a company in Osijek in Croatia by making some of its computer data inaccessible and demanding payment of 0.5 bitcoin (around 11,400 euros) to a virtual account in order to unlock it.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now