Serbian Police Attack Journalists In Second Night of Clashes

Serbian police clashed with thousands of angry citizens on Wednesday night, on the second day of protests against the official handling of the coronavirus crisis and the announced reimposition of restrictive measures, including a curfew on weekend. Besides the capital city of Belgrade, protests were held in other cities, including Novi Sad, Nis, Kragujevac and Smederevo.

In Belgrade, violent clashes with police lasted hours, with police using tear gas to disperse crowds. In Kragujevac, protesters smashed some of the windows of the police building.

Protesters in Novi Sad threw rocks and rubbish bins at the windows of the ruling Progressive Party facilities, at Radio Television of Vojvodina and at city hall, breaking some windows.

Miran Pogacar, one of the people who called for protests in Novi Sad, blamed pro-government infiltrators for the violence in Novi Sad. Pogacar was arrested some hours later and is still in custody.

In Belgrade, 19 policemen and 17 protesters were injured on Wednesday night, according to city hospital data.

Cameras caught numerous examples of the police using excessive force, with several attacks on journalists also reported.

Journalists from Nova.rs portal, Beta news agency, as well as from the Serbian public broadcaster RTS were all attacked while covering the protests on Wednesday night – the latter by the protesters.

Three journalists of Nova.rs said they were attacked by police, although they had identified themselves as journalists.

Marko Radonjic said he was hit by a police baton and threatened with arrest. Police hit another journalist, Milica Bozinovic while knocking her phone to the ground. Her colleague Natasa Latkovic’s journalists ID was thrown by the police, Nova.rs said.

Beta news agency said police injured their reporter, despite showing them a journalist’s ID. The journalist suffered cuts to his head and near his eye, and the police also returned to beat him while he was lying on the ground.

“They beat him with batons, even though he let them know that a journalist was on duty, even when he fell to the ground,” Beta said.

In Nis, protesters surrounded the journalist and the cameraman from Radio Television of Serbia, RTS, insulted them and grabbed their microphones and camera cables, while the cameramen was hit on the head with a bottle.

The violence stopped after journalists from Juzne vesti intervened and helped their colleagues escape the area. RTS has been widely criticized by protesters for not properly reporting the rallies.

The SafeJournalists network, which represents more than 8,200 media professionals in the Western Balkans, on Thursday condemned the violence against journalists and asked the authorities to guarantee their rights to work.

“In accordance with its mandate, the police must ensure a safe working environment for journalists and must determine who and why has violated their rights during the protest. It must determine whether the powers of the police have been exceeded and, if so, prosecute the responsible persons,” it said.

Interior Minister Nebojsa Stefanovic said on Wednesday night at a press conference that the police had acted with restraint while they were pelted with stones and torches and had reacted in self-defence.

“They started intervening when the violence became unbearable and when their lives were in danger,” Stefanovic said.

Tanja Fajon, president of the European Parliament’s Stabilization and Association Committee between Serbia and the EU, wrote on Twitter on Wednesday that the footage from Serbia looked brutal and that the safety and health of people should come in the first place.

“The use of force is unacceptable. Angry people accuse President Vucic of deliberately concealing the real health picture [with COVID-19] until the recent elections. Safety and health of people are in the first place. But not with repression,” Fajon wrote on Twitter. .

President Aleksandar Vucic on Wednesday blamed far-right organisations, anti-migrant extremists and fantasists who “believe the Earth is a flat plate” for the violence.

“These people were not talking about coronavirus – they were talking about some kind of betrayal, about migrants, the 5G network and the earth as a flat plate, and these people were not there for the first time, only their degree of aggression was higher,” Vucic said.

He added that one reason for the protest was to weaken the position of Serbia ahead of the continuation of the EU-aided dialogue with Kosovo.

Violent protests erupted on Tuesday evening after Vucic announced that, due to the rise in COVID-19 cases, the capital might again be under a curfew this weekend.

During the now lifted state of emergency, Serbian citizens spent several whole weekends under curfews. Serbia was one of few countries in Europe to impose such tough measures.

Critics accused the President of manipulating health measures for his own political gains. He lifted heavy restrictions ahead of the elections on June 21.

In the run-up to the election, no restrictions were in place. During that time, political parties held rallies, the government allowed football games to take place in the presence of thousands of people, while the state Crisis Staff said situation with the coronavirus was no longer alamring.

The day after the elections, BIRN published an investigation that showed that more than twice as many infected patients had died in Serbia than the authorities announced, and hundreds more people had tested positive for the virus in than was admitted.

After the elections, when the numbers of deaths and infections again started to increase, many towns and cities in Serbia announced states of emergency linked to the pandemic.

The Castle: How Serbia’s Rulers Manipulate Minds and the People Pay

His Twitter name is ‘Robin Xud’, a Serbian homage to the legendary English outlaw hero who robbed from the rich and gave to the poor.

And just like the Sheriff of Nottingham in the ballads of Robin Hood, Xud’s enemy resides in a castle, in this case an Internet database registered in 2017 at www.castle.rs

Staring into two monitors in a dimly-lit room, Xud – who spoke on condition BIRN did not reveal his true identity – is part of a small team of programmers tracking the online operations of Serbia’s ruling Serbian Progressive Party, SNS.

According to Xud’s band of merry men and the findings of a BIRN investigation, the Progressives run an army of bots via the ‘Castle’ working to manipulate public opinion in the former Yugoslav republic, where President Aleksandar Vucic, leader of the party, has consolidated power to a degree not seen since the dark days Slobodan Milosevic at the close of the 20th century.

With the help of the programmers, this reporter gained exclusive access to the network for several months in 2019, observing how hundreds of people across Serbia log into the Castle everyday during normal working hours to promote Progressive Party propaganda and disparage opponents, in violation of rules laid down by social network giants like Twitter and Facebook to avoid the coordinated manipulation of opinion.

It is a costly operation, one that the Progressive Party has not reported to Serbia’s Anti-Corruption Agency. But the party doesn’t foot the bill alone.

This investigation reveals that some of those logging into the Castle are employees of state-owned companies, local authorities and even schools, meaning their botting during working hours is ultimately paid for by the Serbian taxpayer.

“Right now, over 1,500 people at least are botting every day,” said Xud. “They sit there in their jobs and instead of working they spit on their people.”

‘This is not activism’


Row of campaign billboards of the ruling Serbian Progressive Party (SNS) in Belgrade, Serbia, 2020. Photo: PA-EFE/KOCA SULEJMANOVIC

The Progressive Party took power in Serbia in 2012, four years after Vucic split from the ultranationalist Serbian Radical Party and declared himself a changed man who now favours integration with the European Union after years of demonising the West.

As the opposition splintered, the Progressive Party established itself as the dominant political force with Vucic as its strongman. It is widely expected to win handsomely in parliamentary elections on June 21.

Serbia’s minister of information during the 1998-99 Kosovo war, when NATO bombed to halt a wave of ethnic cleansing and mass killing in Serbia’s then southern province, Vucic has presided over a steady decline in media freedom since taking power.

Critics find themselves shouted down and pushed to the margins, the most vocal dissenters often targeted for online abuse.

In April this year, the Progressive Party’s online escapades made international headlines when Twitter announced it had taken down 8,558 accounts engaging in “inauthentic coordinated activity” to “promote Serbia’s ruling party and its leader.”

BIRN has reported previously on how some of these accounts made their way into pro-government media, their tweets embedded in articles as the ‘voice of the people’.

This story lifts the lid on the scope of the Progressive Party’s campaign, how it directs the tweets, retweets and ‘likes’ of an army of people and how ordinary Serbs are footing part of the bill.

“This is not about activism, where a person writes what he wants or what he believes in,” said Xud. “These people have tasks; it is literally written what they need to criticise and how to criticise”.

The Progressive Party did not respond to questions submitted by BIRN for this story. However, in early April, after the Twitter announcement, Slavisa Micanovic, a member of the party’s main and executive boards, took to the platform to dismiss claims about a “secret Internet team” within the party, saying everything was public and legitimate.

“What exists is the Council for Internet and Social Networks, established in the party congress of 2012 and which can be found in the Statute and deals with promoting the party on the Internet and social networks,” Micanovic tweeted.

Reporting for duty

One August day in 2019 began like this:

At 7.56 a.m., a user named Nada Jankovic logged into the Castle from the town of Negotin, near Serbia’s eastern border with EU members Romania and Bulgaria. “Good morning, duty officer,” Jankovic wrote. Minutes later, in Sabac, just west of Belgrade, Dusan Ilic joined in with the words, “Good morning all”.

The bots had reported for duty, each entering the Castle system via a private account.

Xud and his team first accessed the Castle in January 2019 via an account with a weak password.

The Castle, they found, links to all Facebook and Twitter accounts operated by each user – frequently more than one per user – and lists five Twitter profiles they are obliged to follow: the official accounts of the ruling Progressive Party, President Vucic and Interior minister Nebojsa Stefanovic, as well as the accounts of two Progressive Party officials – deputy leader Milenko Jovanova and Micanovic.

‘Daily performance reports’ contain the name of the user, the municipality where they logged in and the extent of their activity on a given day: comments, likes, retweets and shares.

Points are allocated depending on how busy a user has been, though it is not clear whether this translates in rewards.

“The system is designed to follow every step the bot takes, from morning to night,” said Xud. “Everything is recorded in the Castle.”

Once logged on, the bots await their instructions.


Active users inside Castle system. Screenshot: BIRN

On August 2, it was to shoot down criticism of Vucic’s appearance the day before on a pro-government private television channel called Pink

Vucic had caused a storm when he read from classified state intelligence documents the names of judges and intelligence officials who he alleged had approved covert surveillance against him between 1995 and 2003, a period when Vucic, then a fierce ultranationalist, was in and out of government.

Critics accused him breaking the law by quoting from classified files.

So the Castle kicked in, with the following instruction:

“When replying to this and similar tweets, use this guideline: According to the Law on Data Secrecy (Article 9), the President of the Republic has the authority to extend the secrecy deadline (Art. 20) and revoke the secrecy seal (Art. 26) if it is in the public interest.”


An example of a guideline for Twitter in Castle system. Screenshot: BIRN

Days later, on August 5, a picture of Vucic started doing the rounds on Twitter in which he wore sneakers that critics said were worth 500 euros. The Castle turned its sights on his political opponents, Dragan Djilas and Vuk Jeremic; one bot tweeted, “Where did Djilas get half a million euros in his account from?”

In the space of just one day that BIRN monitored, the Castle bots were sent 60 different Twitter posts they were instructed to combat; the majority were posted by opposition leaders Djilas, Jeremic, Bosko Obradovic, Sergej Trifunovic, Dragan Sutanovac, Zoran Zivkovic and Velimir Ilic.

The Castle ‘special bots’ in charge of issuing instructions stressed the need to avoid detection; in late January 2019, users received a link to a statement by Vucic in which he condemned insults directed by his former mentor, the firebrand Radical Party leader Vojislav Seselj, at a female MP from the opposition Democratic Party, Aleksandra Jerkov.

The instruction read: “We are writing comments on this news in the sense: He (Vucic) did not apologise, because there is nothing to apologise for. He condemned the insults as he would for anyone, unlike the opposition which supports opposition leaders who call women derogatory names.”

“Write in your own words,” it stressed. “DO NOT COPY THE GUIDELINE!!!”


Instruction to defend Vucic. Screenshot: Robin Xud

Botting while at work, on the taxpayer dime

Among those receiving such guidelines is Milos Jovanovic, a former public sector employee in the youth office of the local authority in Cukarica, a municipality of the Serbian capital, Belgrade, but now deputy director of the Gerontology Centre in Belgrade, which helps care for the elderly.

Jovanovic is paid out of state coffers. But according to BIRN monitoring, last year he spent much of his working day logged into the Castle. He declined to comment when contacted by BIRN.

Fellow Castle users are Mirko Osadkovski, employed in the local authority in Zabalj, northern Serbia, as a member of the Commission for Statutory Issues and Normative Acts and a local councillor, and Damir Skrbic, head of the communal services in the municipality of Apatin near the western border with Croatia.

Osadkovski did not reply to emailed questions. Skrbic declined to comment when reached by phone.

But they are not the only ones.

The Castle database contains the names of at least two Progressive Party people elected to the local assemblies of Vrsac, near the Romanian border northeast from Belgrade, and Sabac – Milana Kopil and Nenad Plavic respectively.

Kopil responded that she would not comment for BIRN. “As someone who supports the policies of Aleksandar Vucic, I have absolutely nothing positive to say about BIRN,” Kopil said. Plavic said he would only talk after the June 21 election.

Then there are those employed in public enterprises such as state-owned power utility Elektroprivreda Srbije, and others who work in schools.

In August last year, the Nis-based portal Juzne vesti published the ‘testimony’ of an unnamed Progressive Party member and former member of the party’s ‘Internet team’ who said that the bots had been organised by party officials with the intention of creating a false image of public satisfaction with the government. He also said that most of the bots were employed in public companies and risked dismissal if they did not follow orders.

Costly operation

The website http://castle.rs/ was first registered in October 2017. Its ownership has not been visible since the privacy clause for this domain was activated. But there is ample evidence that it is controlled by the Progressive Party, not least the IP address.

According to the IPWHOIS Lookup tool on ultratools.com, the IP address found in the code of a mobile application that existed in Castle, 77.46.148.99, was registered in March 2016 at the same address as the party’s Belgrade headquarters in Palmira Toljatija Street. It is one of eight IP addresses leased by the party, from 77.46.148.96 to 77.46.148.103.


SNS as an owner of the IP addresses. Screenshot: WHOIS

The ultimate owner is Telekom Srbija, a state-owned telecommunications company.

BIRN asked Telekom Srbija how much the Progressive Party pays for use of its static IP addresses and when the lease agreement was made. The company replied:

“Telekom Srbija has a commercial contract with the SNS, just as we have commercial contracts with thousands of other legal entities. We repeat, we cannot disclose the details of contracts with our customers.”

However, Andrej Petrovski, a cyber forensics specialist and Director of Tech at the Belgrade-based SHARE Foundation, which works to advance digital rights, said such an operation “does not come cheap.”

“Apart from renting a certain server or buying it and physically keeping and maintaining it – which is the more expensive operation – they also need to buy a domain, a certificate for protection of communication and fixed IP addresses,” Petrovski told BIRN.

“They need administrators who will administer the database and of course there is the cost of the people who work, who are managed through that application.”

Successive Serbian governments have used their hold on power to fill public sector bodies with party loyalists, and the Progressives are no different.

Petrovski said he doubted any other political party had the resources to mount a similar operation on such a scale.

“At the moment, I don’t think any other political party has the money to invest in something like this or is big enough to have an efficient system,” he said. “SNS is proud to have the most activists and to be the largest party in Serbia. It’s logical they are the only ones with the resources and the need for such a tool.”

Hidden costs


Supporters of Serbian progressive party wait in the sun in front of the Serbian national assembly building in Belgrade, Serbia, 2017. Photo: EPA/KOCA SULEJMANOVIC

Political financing laws in Serbia require parties to report their expenses to the Anti-Corruption Agency, which is tasked with preventing financing abuses.

But the Progressive Party’s financial reports since 2013 make no explicit mention of the money spent to create and maintain the Castle system.

“In itself, it is not against the law on financing political activities for a party to buy such software or pay activists to work on it, but it must be recorded in the financial reports,” said Nemanja Nenadic, programme director at the Serbian chapter of Transparency International.

“If it is not recorded financially, then that is a problem.”

“If it was paid for by someone other than the party itself, then it should have been reported as a gift, as a contribution given to the political party by the person who made the payment,” Nenadic told BIRN.

BIRN asked the Anti-Corruption Agency whether the Progressive Party had ever reported such costs. In its response, the Agency cited all obligations a political entity has in terms of reporting its holdings and expenses, but did not comment on the specific case.

Mladen Jovanovic, head of the National Coalition for Decentralisation, which promotes civic participation in local politics, said there was a simple explanation for how some of those working on Castle are paid: from state coffers via public sector jobs.

“The flow of money needs to be checked,” said Jovanovic, whose coalition follows the misuse of public money in Serbia. “That’s the task of the prosecution, because we’re talking about corrupt work that damages the budget.”

“That old dream of all totalitarian regimes, that all citizens say what the leader thinks, has been realised in virtual time by creating in essence virtual citizens.”

On the receiving end


Illustration. Photo: Unsplash/camilo jimenez

Like any other political party, the Progressive Party does not deny promoting itself on social media, but says its ‘Internet team’ is made up of party activists no different from those canvassing for support on the streets.

But BIRN’s analysis of the Castle database shows that the bots do not stop at promoting the party; they frequently target public figures, including journalists and NGO activists.

Zoran Gavrilovic, a researcher for the think-tank Bureau for Social Research, BIRODI, experienced this first hand after he appeared on television to discuss his findings with regards the ruling party’s dominance of the media landscape in Serbia.

Facing a string of insults and threats via Twitter, Gavrilovic responded with the tweet: “A bot is a person who, of free will or due to blackmail, abuses the right to free speech in online and offline space. Botting is a corrupt form of behaviour directed against the public, governance, freedom of speech and the rights of citizens.”

Speaking to BIRN, Gavrilovic said lawmakers should act to rein in such behaviour.

“I look at it as like the para-military formations of the 1990s [during the Yugoslav wars]. There’s no public debate. You are simply an enemy who should be spat on and kicked immediately. It is a para-political organisation.”

The Castle, however, is not the Progressive Party’s first attempt at manipulating public opinion in Serbia via social media.

In 2014, Xud and his fellow programmers uncovered an application called ‘Valter’, after the popular 1972 Yugoslav film about Partisan resistance fighters, Walter Defends Sarajevo.

Unlike the Castle, which works via the Internet, Valter was installed on the home computers of activists and members of the Progressive Party’s Internet team.


Valter software from 2014. Screenshot: Robin Xud

Valter was eventually replaced by Fortress, but when the Serbian portal Teleprompter reported on its existence in April 2015 hackers managed to take down the text and eventually the entire site, which no longer exists. Teleprompter no longer exists.

While the Progressive Party did not respond to a request for comment on this story, Vucic did hit back when Twitter took down the almost 9,000 accounts it accused of “inauthentic coordinated activity” to promote him and his party.

“I’ve no idea what it’s all about, nor does it interest me,” he told a news conference on April 2. “I’ve never heard that anyone on Twitter ever had anything positive to say about me.”

Such denials ring hollow for people like Xud. “People have to know that something like this exists,” he said.

Andjela Milivojevic is a Serbian investigative journalist, specialising in reporting about corruption and crime. For nearly ten years, she worked for the Centre for investigative journalism of Serbia and is now a freelance reporter for several media outlets in Serbia and Kosovo.

This article has been produced as part of the Resonant Voices Initiative in the EU, funded by the European Union’s Internal Security Fund – Police. The content of this story is the sole responsibility of BIRN and can in no way be taken to reflect the views of the European Union.

Insults, Leaks and Fraud: Digital Violations Thrive amid Pandemic

From January 26 to May 26, BIRN collected information about 163 cases of breaches of digital rights in Bosnia and Herzegovina, Croatia, Hungary, North Macedonia, Romania and Serbia.

Sixty-eight of the cases related to the manipulation in digital environment, while 25 related to publishing falsehoods and unverified information with the intention to damage someone’s reputation.

BIRN’s monitoring of digital rights, developed together with the SHARE Foundation, has shown that ordinary people were the most affected by such violations, with members of the public being the target in 126 of the cases.

State institutions or state officials violated digital rights in a total of 37 cases, meanwhile.

States rarely addressed the abuses arising from these violations, and in 45 cases, the perpetrators were not identified, while 139 of the total of 163 cases were not resolved.

Eight cases were the result of pressure related to the publication of information, 12 were linked to insults and unfounded accusations and 11 were hate speech and discrimination.

Medical and personal data breaches featured in 18 cases, computer fraud was registered on 11 occasions, while the destruction and theft of data and programs happened in three cases.

Beyond the countries listed above, BIRN noticed an unprecedented rise of digital violations in Montenegro and Turkey, where there were arbitrary arrests and data breaches.

Hackers, data breaches and illegal processing


Infografic: BIRN

Leaked documents, fake websites and the publication of people’s personal and health data have been commonplaces during the ongoing pandemic, but the scale and consequences of the breaches and of the illegal processing of data has yet to be established.

Speculation about the number and identity of COVID-19-infected people led to the mass exposure of personal and private data on social media and messaging platforms. In some cases, the leaks were small in terms of data, but had potentially serious consequences, particularly in situations in which patients’ personal data was revealed.

The most serious cases were reported in Croatia, North Macedonia and Montenegro.

In March in Croatia, a message containing a list of infected patients was shared among people living on the island of Murter, mostly through messaging apps.

Illegal personal data processing and privacy breaches took place in North Macedonia as well. The country’s Agency for Personal Data Protection filed criminal charges against an unknown person for publishing the personal data of people living in the town of Kumanovo.

The public in Serbia became concerned when it was discovered that the login credentials for Serbia’s information system for analysis and storage of health data during the pandemic were publicly available on a health institution website for eight days.

Citizens of Montenegro suffered most from stigmatisation due to a number of leaks of COVID-19 patients’ records. The infected patients’ identities were revealed in posts on social media, sparking hate speech against them.

Individuals who were violated self-isolation measures were also targeted, and often, it was governments that were revealing their personal information.

In Bosnia’s Serb-dominated entity, Republika Srpska, authorities launched a website on which they published the names of people who did not follow the entity’s self-isolation measures. The list can still be found online.

As a measure against the spread of the coronavirus, Montenegro’s government published a list of individuals who were put in self-isolation after  returning home from abroad. The lists, structured by municipalities, include the individuals’ names, surnames, the date when they were put into isolation, and their home addresses. The list was only removed a month after it was published.

People were also targeted by hacker attacks and fraudulent messages or emails, usually trying to collect their personal information or request payments to foreign banks or crypto-currency accounts, as cybercriminals took advantage of the public concerns and confusion created by the pandemic.

Scams, phishing campaigns and cyber-attacks exploiting people’s fear of COVID-19 were most common in Croatia, Serbia, Hungary, North Macedonia and Romania. The Romanian cybersecurity giant Bitdefender said in March that such attempts at fraud “have risen by 475 per cent in March as compared to the previous month”, and were expected to keep increasing.

Threats, hate speech and discrimination


Infographic: BIRN 

While some countries limited the scope of the freedom of speech during the pandemic, some people used their online freedom to unleash threats, insults, discriminatory posts and hate campaigns.

BIRN’s overview looked at several categories of violations:

  • Hate speech and discrimination
  • Threatening content and the endangerment of security
  • Insults and unfounded accusations
  • Falsehoods and unverified information directed towards the damaging of reputations

In total, more than 15 per cent of all the cases that were monitored included one of these violations. The largest number –

This type of online behaviour was often combined with the use of fake accounts and the paid promotion of false content.

The people most commonly affected by the digital violations that were monitored were journalists, medical professionals and people in quarantine.

Discriminatory posts and acts were directed mostly towards refugees, Chinese and Jewish people, women and the Roma community, with the largest number of such cases occurring in Hungary.

Gender-based discrimination was reported in Serbia, where the victims were predominantly politically-engaged individuals and journalists who criticise the government.

Threats and calls for violence against the police in Serbia and Bosnia and Herzegovina were found on Facebook. In both cases, authorities reacted promptly and perpetrators were identified and detained. In North Macedonia two police officers were fined for having taunted and offended people on social networks.

Violations related to damaging reputation predominantly affected governments’ political opponents, independent media and journalists.

Serbia was the country with the largest number of posts aimed at damaging the reputation of independent journalists. In three of four cases of publishing falsehoods, the journalists who were targeted were women.

Journalists were also targeted in North Macedonia and Hungary.

Pressure and arrests for publishing information


Infographic: BIRN 

Due to the highly controlled media landscape and poor level of media literacy in the countries that were monitored, the public was overwhelmed with contradictory information and had much more difficulty in recognising false and misleading information during the pandemic than usual. At the same time, the public’s need for timely and proper information had never been bigger.

While the flow of information continued to grow immensely, states started to arrest citizens for posts on social media over the accusation they caused panic and unrest. Some countries imposed authoritarian regulations that limited the flow of information.

Members of the public, media representatives and politicians were arrested and fined for their writings on social media, often without any clear criteria. Journalists were arrested in Serbia, Kosovo and Turkey.

Arrests and fines have become one of the main tactics to counter fake news and violations of restrictions imposed by all governments in the states that were monitored. In Hungary, Serbia, Bosnia, Croatia and North Macedonia, top state officials warned the public that they faced immediate sanctions for spreading fake news amid the pandemic.

From conspiracy theories to false measures


Illustration: BIRN 

Out of 163 cases, the largest number, 68, were linked with the misuse or manipulation of information. They mostly concerned different fake news, the use of false identities online, the sharing of conspiracy theories, or posts classified by the authorities as causing panic and disorder.

Some of the topics that were misused in this way included:

  • Medicines that can cure the coronavirus, vaccines and laboratory tests
  • Disinfection procedures
  • Tips and advices on how to cure the coronavirus
  • The number of infected people
  • Information about infected people
  • Information on medical institutions and their work
  • The start of the virus and how it developed
  • State measures and actions that have never been declared nor taken
  • Supermarkets and food shortages
  • 5G
  • Other conspiracy theories
  • Online education and information relevant for students
  • Offensive posts and videos about quarantined citizens and about people who arrived from a foreign country
  • Disturbing announcements about the COVID-19 outbreak

In some countries, such as Serbia and Hungary, levels of media freedom are low, with mainstream media often spreading disinformation, while independent media are called fabricators of lies by the authorities.

Nearly 25 per cent of all cases of the misuse or manipulation of information were resolved in some way. The outcomes included:

  • Website or content removal by the state
  • A request for the removal of the problematic post
  • Detention or arrest of a person
  • Official statement about the incident or a public apology

In Romania, most cases in this category ended in content removal. In Serbia, Hungary and Croatia, arrest was the most common outcome.

Manipulated information, conspiracy theories and unfounded claims emerged en masse on social media platforms and news website when most of the countries introduced emergency measures.

Disinformation was most intensively distributed via YouTube, where content blamed the expansion of 5G technology for the COVID-19 outbreak, or blamed multinational companies or foreign governments for the pandemic. In Croatia, one person even destroyed WiFi equipment, thinking it was 5G infrastructure. Mentions of the alleged influence of 5G networks on the pandemic was noted in Romania and Serbia, both on news websites and on social media.

News websites in Serbia, Romania, Hungary and Croatia often published manipulative content that included false information.

April was the month with the largest number of cases reported in this category. Some  30 out of the total 68 cases of manipulations in the digital environment were registered that month.

Information circulating in April and May, which was manipulated or false, mainly referred to the curfew, the number of COVID-19 patients and tests, students’ exams, people in quarantined, 5G transmitters, enforced microchipping and the funding of religious communities. In almost all cases from this category, members of the public were ones affected.

The rise of ‘unknown’ attackers


Illustration: BIRN

In comparison to the cases of online violations reported before the COVID-19 outbreak, BIRN’s monitoring noted a significant rise in cases in which the perpetrators cannot be identified. The number of these cases increased tenfold on a monthly basis.

These unknown perpetrators have been creating Facebook pages, using the virus situation to persecute independent journalists and others, send fraudulent messages in order to destroy computer software systems or steal money, and creating fake website accounts to spread conspiracy theories or medical disinformation.

Unknown perpetrators have also been responsible for computer frauds, the destruction and theft of data and for making content unavailable using technical skills. Hungary had the most cases involving unknown perpetrators, mainly related to computer fraud.

Cases have also shown how states can be violators of digital rights and freedoms. The increased number of cases which ended in arrest or detention revealed the tendency of states to use more power than was necessary, particularly to arrest journalists and citizens for posts on social media.

From having double standards when it comes to reactions to fake news to using their authority to silence people, governments often acted against the interests of their own citizens. According to the monitoring findings, in almost 25 per cent of all cases, the state itself or a state official was described as the perpetrator of a violation of certain guaranteed rights or freedoms.

On the other hand, members of the public were the victims of violations in 126 cases.

Media regulations across the region have been tightened under states of emergency and journalists have been arrested on accusation of spreading misinformation about authorities’ responses to the spread of the coronavirus. Some countries, like Serbia, sought to centralise the dissemination of official information and banned certain media from regular briefings.

The first worrying legal initiative was noted in Croatia, where the government proposed a change to the Electronic Communications Act under which, in extraordinary situations, the health minister would ask telecommunications companies to provide data on the locations of users’ terminals. The legislative change is currently pending.

In Hungary, the Bill on Protection Against Coronavirus, giving the government almost total control of the flow of information about the pandemic, was adopted at the end of March. The Hungarian government also decided to limit the application of the EU’s General Data Protection Regulation, GDPR, and to extend the deadline for public institutions to provide data requested via freedom of information regulations from 15 to 45 days.

Romanian civil society organisations also drew attention to a lack of official transparency and the possibility of media freedoms being curbed by state-of-emergency provisions. Provisions enacted as part of the state of emergency to combat the spread of the coronavirus allowed the authorities to shut down websites that publish fake news and exempted the authorities from answering urgent inquiries from journalists. Access to a dozen websites has been blocked since then.

In North Macedonia, the media faced new procedures for the issue of work permits during coronavirus curfews. The government insisted that its pandemic measures would not affect the public’s right to information, but in practice, institutions were less responsive to freedom of information requests.

In general, there was a trend among many countries to suspend freedom of information requests.

Digital rights, and rights to privacy and freedom of expression on the internet have all faced serious limitations and breaches in South-East and Central Europe. In the semi-democracies of the region, dominated by regimes with elements of authoritarianism, there is legitimate concern about disproportionate interference in citizens’ personal data and concern that recently-imposed measures are not properly tailored to achieve their objectives while causing the least possible damage to guaranteed rights.

Many people’s lives during this period have completely shifted to the online world, where harmful behaviour usually remains unnoticed by authorities preoccupied by offline violations.

During BIRN’s monitoring period, the lack of a human rights-based approach towards people in the digital environment led to discrimination, hate speech and threats. Although protection of basic human rights and fundamental freedoms should be guaranteed on the internet in the same way as it is offline, in practice we have seen an increase in the number of cases of online violations. The forms that those violations take have been evolving as well.

A lack of knowledge and understanding of the online space, and the subsequent lack of internet governance have opened a Pandora’s Box, allowing various state institutions to arbitrarily, partially and unequally interpret people’s online behaviour.

The intense nature of the battle for control of the narrative about the coronavirus has made meaningful oversight of online life and practices, and establishing accountability for online actions, harder than ever.

To read the detailed overview of our digital rights monitoring click here. For individual cases, check our regional database, developed together with the SHARE Foundation.

Facebook Takes Axe to Pages Showing ‘Inauthentic Behaviour’

Facebook’s April 2020 Coordinated Inauthentic Behaviour Report, published on May 5, said a total of eight networks of accounts, Pages and Groups were removed in the last month for violating the social media giant’s policy against foreign and domestic interference. 

The report said that these influence operations were “coordinated efforts to manipulate public debate for a strategic goal where fake accounts are central to the operation”.

The media giant said it was working to stop coordinated inauthentic behaviour in the context of domestic and non-state campaigns as well as behaviours acting on behalf of a foreign or government actor.

Two of the removed networks, originating from Russia and Iran, were focused on international issues and were trying to interfere in Bosnia and Herzegovina, Hungary and Serbia, the report said.

As for Russia, Facebook removed 46 Pages, 91 Facebook accounts, 2 Groups, and 1 Instagram account “for violating the policy against​ ​foreign interference​ which is​ ​coordinated inauthentic behaviour​ on behalf of a foreign entity”. 

It said this activity originated not only from Russia but from the Donbass region in eastern Ukraine and the Russian-annexed Crimean Peninsula. The people behind it posted in Russian, English, German, Spanish, French, Hungarian, Serbian, Georgian, Indonesian and Farsi, focusing on a wide range of regions around the world.

“The individuals behind this activity relied on a combination of authentic, duplicate and fake accounts – many of which had been previously detected and disabled by our automated systems. 

“They used fake accounts to post their content and manage Groups and Pages posing as independent news entities in the regions they targeted,” the report said, adding that the networks posted ​about geopolitical and local news including topics such as the military conflict in Ukraine, the Syrian civil war, the annexation of Crimea, NATO, US elections, and more recently the coronavirus pandemic​. ​

Facebook’s investigation linked the activity to people in Russia and Donbass as well as to two media organizations in Crimea, NewsFront and SouthFront. 

Following the report, SouthFront dismissed the claims that it offered misleading coverage concerning the coronavirus pandemic and said it does not operate from Crimea, calling it all “blatant lies”.

A total of $3,150 was spent for ads on Facebook and Instagram and was paid for primarily in US dollars, Russian rubles, and Euros, the report added.

Facebook also removed 118 Pages, 389 Facebook accounts, 27 Groups, and 6 Instagram accounts originating from Iran. 

This activity was focused on a wide range of countries globally, including Algeria, Bangladesh, Bosnia, Egypt, Ghana, Libya, Mauritania, Morocco, Nigeria, Senegal, Sierra Leone, Somalia, Sudan, Tanzania, Tunisia, the United States, Britain and Zimbabwe.

These accounts, the report said, “sometimes repurposed Iranian state media content and posted primarily in Arabic, Bengali, Bosnian, and English about geopolitical and local news relevant to each region including topics like the civil war in Syria, the Arab Spring protests, the tensions between Libya and Turkey, criticism of Saudi involvement in the Middle East and Africa, Al Qaeda’s actions in Africa, the Occupy movement in the US, criticism of US policies in the Middle East and the 2012 US elections.”

As for the people behind the coordinated activity, the Facebook investigation found links to the state Iranian Broadcasting Corporation. 

The remaining six networks of accounts, Pages and Groups​ that were also taken down were based in the US, Georgia, Myanmar and Mauritania, and were targeting domestic audiences in their home countries. 

In total, Facebook removed 732 accounts, 793 Pages, 200 groups and 162 Instagram accounts. The report said they were also sharing misinformation about the COVID-19 pandemic.

“All of the networks we took down … in April were created before the COVID-19 pandemic began, however, we’ve seen people behind these campaigns opportunistically use coronavirus-related posts among many other topics to build an audience and drive people to their Pages or off-platform sites. 

“The majority of the networks we took down this month were still trying to grow their audience, or had a large portion of engagement on their Pages generated by their own accounts,” the report noted.

COVID-19 Worsening Environment for Media Freedom, Report Warns

Journalists across Eastern Europe, the Balkans but, increasingly also in Western Europe, faced a new level of threats, harassment and risk of imprisonment during 2019, according to the Council of Europe Platform to Promote the Protection of Journalism and Safety of Journalists, in a report presented on Wednesday by 14 organisations partnered in the platform.

The report, “Attacks on media in Europe Must Not Become the New Normal”, states that about 140 alerts were filed with the platform during 2019, including 103 from Turkey, 21 from Serbia and 11 from Albania.

A disputed media law in Albania proposed by Prime Minister Edi Rama last year, the closure of the last remaining critical TV shows and the harassment of journalists by pro-government media resulted in Albania getting a separate chapter in the report, meaning also that Albania was added to the list of countries of special concern.

Sarah Clarke, from Article 19, said the report noted SLAPP cases as a major concern. These Strategic Litigations Against Public Participation are lawsuits against journalists or activists in which plaintiffs use their financial power to drag critics into lengthy court processes that then encourage others in the media to practise self-censorship.

“There has been an elevated threat from the political level and juridical harassment against journalists. We included SLAPPS as a concern for the first time,” Clarke said.

Meanwhile, the new coronavirus pandemic has caused a whole new set of concerns, said Scott Griffen, from the International Press Institute. He said there had been a systemic attempt by several governments to control the narrative of the pandemic, referring to Hungary and other states.

“Hungary has criminalized the distribution of ‘distorted facts’”, Griffen said, adding that this could amount to a “criminalization of journalism”. Turkey, Azerbaijan and Serbia have also seen arrests for reports on the spread of the new coronavirus that annoyed the authorities.

Ricardo Gutierrez, General Secretary of European Federation of Journalists, said the collapse of advertising revenues in the media across Europe due to COVID-19 had left thousands of journalists unemployed and left tens of thousands of freelancers without any real income. “COVID-19 is causing a global collapse of press freedom,” Gutierrez warned.

William Horsley, from the Association of European Journalists, said media ownership was another worrying issue. Standards were deteriorating across the continent, he said, urging EU member states to “be particularly strict over its standards”.

“There is an increasing shift of media ownership toward governments and governments partners, the so-called oligarchs,” Horsley noted.

Bulgaria was singled out as a country where the media has been captured by oligarchs. “A major share of the country’s newspaper distribution business is under the control of a single conglomerate, owned by a politician. Independent journalists and media outlets are regularly subject to intimidation in person and online,” the report noted. Meanwhile, out of 135 journalists currently jailed or under detention, 91 of these are in Turkey.

A Password Pandemic. How Did a COVID-19 Password End Up Online?

The Covid – 19 Information System is a centralized software for collecting, analyzing and storing data on all persons monitored for the purpose of controlling and suppressing the pandemic in Serbia.

A SHARE Foundation screen shot of instructions on how to enter the database, which includes how employees were told that they can log in their shifts in the COVID-19 infirmary. Password and user names were also made public.

How did we get this data?

Along with the state of emergency, the Government of Serbia introduced numerous measures to tackle the pandemic, which included collecting and processing personal data in the unprecedent circumstances.

The Government also informed citizens about these measures by rendering unclear and undetailed conclusions,  none of which specified who was supposed to process the citizens’ data and how.

In an effort to understand the data flow and implications on citizens’ rights, we explored the new normative framework through publicly available sources. By searching keywords on Google, we accidentally discovered the page containing access information for the COVID-19 Information System. The data was published on the 9th of April.

In addition, we also managed to obtain manuals with instructions for navigating the centralised system webpage.

Which data was at risk?

As per Government’s Conclusion on establishing the Covid-19 Information System, a significant number of health institutions is required to use the mentioned software to keep records on cured, deceased and tested persons (whether positive or negative), as well as on persons currently being treated, in self-isolation or put in temporary hospitals, including their location data. This system also contains data on persons who are possible disease-carriers due to their contact with other infected persons. The institutions are required to provide daily data updates, as it’s the basis of the the diurnal 15 o’clock report read.

While attempting to clarify how our data is being stored, we could not have imagined that we would discover the access password and thus be able to enter the system – just as anyone else who may have found this webpage. It was immediately clear to us that the most sensitive citizens’ data were endangered and that the crucially important integrity of the system cannot be guaranteed in the fight against the pandemic.

We did not log into the system, which would anyway record such an attempt. Instead, we reported the case to competent authorities: the Commissioner for Information of Public Importance and Personal Data Protection, the National CERT and the Ministry of Trade, Tourism and Telecommunications.

Being aware of the risk of misuse arising with the accessibility of citizens’ sensitive data, we have decided to notify the public of the incident only after making sure that the authorities had prevented unauthorized access to the system.

A SHARE Foundation screen shot of an email sent to competent authorities: the Commissioner for Information of Public Importance and Personal Data Protection, Ministry of Trade, Tourism and Telecommunications and National CERT. SHARE urged the authorities to act in accordance with their rules and to appropriately inform them on the action.

How did the competent bodies react?

Less than an hour following our report, we were informed that the initial steps were taken as a response to the incident, making sure that the web page containing the username and the password is no longer publicly available.

Given the scope of the case, we may expect further action from the competent bodies. The Commissioner has the authority to initiate monitoring in line with the Law on Personal Data Protection, the competent ministry is in charge of the inspection monitoring in line with the Law on Information Security, whereas the National CERT has the  obligation to provide advice and recommendations in case of an incident.

Who’s to blame?

Aware of the pressure put on health services at the peak of the pandemic, we agreed that, for now, it would be appropriate not to publish the information on the specific health institution in which the incident took place. On the other hand, there is no doubt that the scale of this incident demands that the responsibility for its occurrence is properly determined.

The national legislative framework provides various mechanisms to prevent these kinds of situations, but the occurrences in practice are often far from the prescribed standards. Although they handle particularly sensitive data, health workers are often unaware of all possible risks present in the digital era. Health institutions are required to appoint a data protection officer, but due to limited resources, persons with insufficient expertise and unrelated primary job concerns are usually appointed to this position. In this specific case, the data protection officer may have been a person who takes care of corona-infected persons on a daily basis.

As today’s data protection demands the involvement of an IT expert, this requirement causes an additional burden to the public health institutions’ budget. Sometimes this means that the same person deals with all technical issues within an institution, while being paid far less than their private sector counterparts and without the opportunity to build further information security expertise.

Covid-19 Information System established by the Government represents a key point in a complex architecture for collecting and processing all defined data. Data collection occurs through different channels, while a single health institution is only a one system entrance point. In such a system, it is rather difficult to implement protection measures at entrance point level, meaning they should be defined at the central level as it would significantly lower the risk of incidents. Based on this case, we have concluded that only one user account was created for each of the health institutions, which does not enable determining individual responsibility for the system misuse.

What should have been done?

Without doubt, this is an ICT system of a special importance within which special categories of personal data are being processed. As such, it implies the necessity to undertake all measures stipulated by the Law on Information Security and the Law on Personal Data Protection in phases of its development and implementation. SHARE Foundation explored these measures to a great detail in its Guidebook on Personal Data Protection and Guidebook on ICT Systems of Special Importance .

By any means, it is necessary to fully implement privacy by design and security by design principles, which entail the following regarding the access to a system:

  • Every system user has their own access account
  • Every system user has the authorisation to process only the data necessary for their line of work
  • Access passwords are not published via an open network
  • A standard on password complexity is put in place
  • The number of incorrect password entries is limited

Our accidental discovery on Google revealed a breach of security and data protection standards within the health system. The state of emergency instituted due to pandemic cannot serve as an excuse for a job poorly done, nor can it serve as an obstacle for conducting an immediate detailed analyses of compliance of Covid-19 Information system with security standards.

Some Balkan States Waging ‘Crusade’ Against Media, Report Warns

Media freedom in Turkey, Bulgaria and Montenegro is the worst in the region, according to the 2020 World Press Freedom Index, published on Tuesday by Reporters Without Borders – but other Balkan countries have largely failed to improve.

“In southern Europe, a crusade by the authorities against the media is very active,” the report warns.

Turkey holds 154th place out of 180 countries worldwide in Reporters Without Borders’ media freedom rankings.

“Turkey is more authoritarian than ever,” the report says, noting an increase in media censorship, particularly of online outlets, despite the release of a number of imprisoned journalists.

Bulgaria is ranked in 111th place, and the report notes that despite international pressure, public radio management suspended experienced journalist Silvia Velikova, a government critic.

This highlighted the lack of independence of Bulgaria’s public broadcasting media and the hold some political leaders have over their editorial policy.

In Montenegro, which is ranked 105th, the report notes no progress, adding that authorities favour pro-government outlets while exercising pressure against other media outlets and journalists.

“In May 2018, investigative journalist Olivera Lakic was shot in the leg. Like in many previous physical attacks on journalists, Lakic’s case is still unsolved,” the report adds. It also mentioned the recent arrests of three journalists on suspicion of causing panic and disorder by publishing fake news.

Serbia is ranked in 93rd place. “After six years under the leadership of Aleksandar Vucic… Serbia has become a country where it is often dangerous to be a journalist and where fake news is gaining in visibility and popularity at an alarming rate,” the report notes.

It says that the number of verbal attacks by politicians on media has risen sharply, and that officials increasingly use inflammatory rhetoric against journalists.

It adds that the assailants who set fire to the house of investigative journalist Milan Jovanovic have yet to be convicted.

North Macedonia is ranked in 92nd place, an improvement on last year, which the report mostly attributes to the attempts for better self-regulation and the publishing of a register of professional online media.

But it also notes that municipal authorities are still able to place advertisements, which remains a tool for financial pressure on media outlets, and that the ruling party, the Social Democrats, have advertised their government’s achievements.

Moldova retains 91st position and the report notes an “extremely polarised” media landscape, with continuing concerns about ownership.

“The media empire built by former billionaire and Democratic Party boss Vladimir Plahotniuc has lost its influence but has been quickly replaced by a media group affiliated to the Democratic Party’s rival, the pro-Russian Party of Socialists,” the report says.

Albania is ranked 84th in the world, down two places from last year, a result of recently-adopted laws against defamation and tightened regulation of online media which could result in censorship and make journalists more vulnerable to government pressures.

Kosovo is ranked 70th by Reporters Without Borders, with the report noting that media in the country remains divided among ethnic lines, and that many outlets are not financially stable.

“Some of the shared concerns are physical and verbal attacks on journalists, cyber-attacks on online media as well as the lack of transparency of media ownership,” the report says.

Greece’s place in the Reporters Without Borders press freedom index, 65th, remains unchanged this year.

Croatia moves up five places and is now ranked 59th, but the report notes that the government is still meddling in the affairs of the national broadcaster, HRT, the defamation is still criminalised and that investigative journalists are often the targets of harassment campaigns.

Bosnia and Herzegovina is ranked 58th, also scoring a five-point rise. The report says the further collapse of public service broadcasters in the country is one of the main weaknesses, along with the polarised political climate, marked by constant verbal attacks and nationalist rhetoric, which “has created a hostile environment for press freedom”.

Romania is ranked 48th in the global index – the best position of all Balkan countries – but the report highlights some continuing shortcomings.

“The attitude towards journalism and free speech that prevails within the state and the political class continues to encourage censorship and self-censorship,” it says.

“The media’s funding mechanisms are opaque or even corrupt, and editorial policies are subordinated to owner interests. The media have gradually been turned into political propaganda tools and are routinely subjected to surveillance by the security services,” it adds.

The report marks Norway, Finland and Denmark as the three best countries in the world for press freedom, while Eritrea, Turkmenistan and North Korea are at the bottom of the list of 180 countries.

Reporters Without Borders says the report shows that the decade ahead will be “decisive for the future of journalism, with the COVID-19 pandemic highlighting and amplifying the many crises that threaten the right to freely reported, independent, diverse and reliable information”.

Prominent Kosovo Serb Journalist Says Intimidation Worsening with COVID-19

Arrested on April 11 while trying to report on the fight against COVID-19, a prominent journalist in the mainly Serb north of Kosovo says local authorities have stepped up pressure on her outlet since the onset of the pandemic.

Tatjana Lazarevic, editor-in-chief of the online news portal KosSev, was detained by police on the road from the ethnically divided town of Mitrovica/Mitrovice to nearby Zvecan, where she planned to go to the local health centre to investigate what she said were “multiple complaints” about its readiness to deal with cases of the novel coronavirus.

“It is very difficult to get official information,” Lazarevic, 50, told BIRN.

She was accused of violating a weekend curfew imposed to slow the spread of the disease, despite the fact that, under rules in Kosovo, journalists are exempt from the movement restrictions. Released after several hours without charge, Lazarevic said she suspects the episode was the latest attempt to intimidate KosSev by those who run northern Kosovo.

“I believe that there is a visible intention to create a profile picture of our media as an enemy of the state, an enemy of the people, that we are an enemy of the government,” Lazarevic told BIRN.

That state is Serbia, which continues to hold sway in northern Kosovo more than 20 years after the majority-Albanian territory broke away in war and 12 years since it declared independence with the backing of the West.

The public health system in northern Kosovo continues to function, de facto at least, as part of the Serbian health system, reflected in the fact that COVID-19 tests in the north are processed in the Serbian capital, Belgrade. Serbia does not recognise Kosovo as independent.

Pandemic brings more pressure

KosSev was formed in 2014 as an online news portal covering primarily northern Kosovo.

According to Lazarevic, who grew up in Mitrovica/Mitrovice, the site aims to provide properly-reported, impartial and objective information, not necessarily exposés. But in Kosovo, particularly the north, that is enough to invite trouble.

In its short life, KosSev and its small staff has faced cyber-attacks, threats and pressure on a regular basis. And it has recently become worse, Lazarevic said.

“This last phase of pressure has intensified since the start of the pandemic,” she told BIRN.

On Saturday, Lazarevic set out on foot for Zvecan, hoping to see “on the spot” the work of the Zvecan health clinic but also to see the extent of police security along the road during the curfew. Other people were also on the road.

A police car passed her three times. The third time, it slowed down and Lazarevic approached, believing the officers wanted to see her ID. But the car moved on.

“When I was completely alone,” she said, “a van of the [police] intervention unit suddenly appeared. Through an open window, they said, ‘Good afternoon, you have violated the medical prohibition on movement’.” Ten minutes later, Lazarevic entered the vehicle and was taken to the police station.

Lazarevic said she tried to explain to the officers that she was out conducting her work as a journalist and to show them her press credentials. She was released after a couple of hours without being given any further information.

The mainly Serb north of Kosovo is controlled by Srpska Lista, which answers to Serbia’s ruling Progressive Party.

While relations with the Kosovo government in Pristina are far from rosy, she said, the threat comes from the north. Lazarevic described them as “friendly visits” – from a torched KosSev car in 2015 to direct threats, hacks and a wall of silence among public institutions.

“Srpska Lista controls all the power or all the political life of Serbs in Kosovo,” she said.

‘Vox Populi’: How Serbian Tabloids and Twitter Bots Joined Forces

Tweets by a more than 8,000-strong ‘troll army’ promoting Serbia’s ruling party and President Aleksandar Vucic regularly found their way into news stories published by Serbian media in the last couple of years before Twitter took them down last month.

Twitter deleted 8,558 accounts engaged in “inauthentic coordinated activity” – some 43 million tweets criticising the Serbian opposition, independent media and individuals critical of Vucic and his Progressive Party rule.

But the bots were not alone.

Analysing just five of the thousands of accounts, BIRN found their tweets were embedded in stories published by the likes of pro-government tabloids InformerKurir and Espreso at least 23 times, suggesting the total number across the network may run into the hundreds.

The tweets were often presented as supporting evidence of the unpopularity of Vucic’s opponents; others were picked up by both Serbian and Russian media as proof of the popularity of Russian President Vladimir Putin at the time of his red-carpet visit to the Serbian capital, Belgrade, in January 2019.

“Weighing in on Twitter disputes and dogpiling onto opposition tweets did not just alter the Twitter landscape in favor of SNS-aligned figures and to the detriment of the opposition,” the Stanford Internet Observatory, a US-based research, teaching and policy program that looks at abuse of information technologies, particularly social media, said in a report in early April.

“In some cases, these tweets would get taken up by web publications as “organic” critical content,” it said, noting that some stories cited tweets from multiple accounts in the network.

In the April 2 report, “Fighting Like a Lion for Serbia”: An Analysis of Government-linked Operations in Serbia, the Observatory said that another important function of the deleted accounts was to “push out links to content on SNS-aligned news websites,” including sns.org.rs and vucic.rs [the official websites of SNS and Vucic, respectively], as well as media outlets such as informer.rs, alo.rs and pink.rs, all staunchly pro-Vucic.

The report, for example, cited a tweet by the editor-in-chief of Informer, Dragan Vucicevic, in which he criticised opposition politician Borko Stefanovic. The tweet was replied to 64 times by the troll accounts.

“This kind of propagation suggests that the network’s influence extended beyond Twitter—although it is impossible to assess the extent of this influence with much precision,” the Observatory wrote.

Snjezana Milivojevic, professor of Public Opinion and Media Studies at Belgrade’s Faculty of Political Sciences, said the Twitter bots and pro-government media were “parts of the same strategy”.

“The Internet is a large free space, so, by directing attention, bots help to prevent the dispersal of the public and help friendly media such as Informer, Pink and Alo to function as a well-run factory of the same fake news,” Milivojevic told BIRN.

Network built to boost retweets and reply counts


Some of the tweets that ended up in mainstream media such as Epreso, Kurir, Informer and other media outlets. “Local government in Cajetina put a mortgage on a parcel where the bones of World War II victims remain. Unbelievable what these people are capable of. Stamatovic, aren’t you ashamed?”Ivan Ilic, wrote on Twitter, later was republished in Informer. Illustration: BIRN

According to the Stanford report, one of the top three bot accounts taken down last month operated under the name ‘Mirjana Kujovic’ [@1kujovic].

The account’s tweets found their way into Serbian and Russian media more than once. Following Putin’s 2019 visit, the Russian website fontanka.ru cited a January 17, 2019 Kujovic tweet as evidence of the warm welcome Putin received.

Months earlier, in October 2018, a negative comment made by the Kujovic account under tweets by Serbian opposition politicians Bojan Pajtic and Vuk Jeremic was then embedded in a story by the tabloid Espreso.

The same month, another tabloid, Srbija Danas, published a Kujovic tweet criticising academic Dusan Teodorovic, a founder of the opposition Movement of Free Citizens, PSG.

Kurir also got involved, quoting another later-deleted bot popular with pro-government tabloids in Serbia – Ivan Ilic [@grofodValjeva]. 

The more than 8,500 accounts deleted by Twitter “worked steadily to legitimate Vucic’s policies and undercut public support for his opponents,” the Standard Internet Observatory wrote.

The accounts tweeted more than 43 million times – 85 per cent retweets.

While some were active in 2009, within months of the Progressive Party’s founding the year before, the network began ramping up its activities in mid-2018, the Stanford report said, right before the start of large, regular anti-government protests under the banner “1 of 5 million’.

The average number of followers attracted by the accounts was just 66, but combined they reached roughly 2.3 million Twitter users. @belilav11 and @1kujovic racked up 12,167 and 10,867 followers and more than 330,000 and 390,000 engagements respectively.

Engagement, however, was not the primary purpose, the report said.

“…they existed primarily to boost retweet and reply counts for other accounts,” it said. “This was consistent with the political aims of this network, which revolved around artificially boosting Vucic and his allies on Twitter.”

The network and its media allies, Milivojevic said, were working to manipulate the Serbian public.

“With 43 million messages [tweets] in which someone is praised or criticised, that manipulation also entails a decline in trust in the media by erasing the boundary between truth and lies,” Milivojevic told BIRN.

And the bots work in concert with genuine, popular Twitter users and pro-government tabloids and broadcasters, she said.

“What is published in tabloids is taken over by influential Twitter users… Then anonymous bots retweet and spread it, and from there on their tweets are going back to informative talk shows, where politicians or analysts bring them in [printed] and show them around,” Milivojevic said, referring to the Pink TV talk show Hit Tvit [Hit Tweet].

‘Like the plague’


Serbian progressive party (SNS) leader Aleksandar Vucic (front- C) addresses the media at a polling station in Belgrade, Serbia. Photo: EPA/ANDREJ CUKIC/ANDREJ CUKIC

Andrej Petrovski, head of tech at the SHARE Foundation, a Belgrade-based digital rights NGO, said Twitter’s deletion of so many accounts should serve as a warning to Serbia’s ruling party.

Creating and managing such a vast network takes a lot of time and people, he said, people he described as members of the SNS “party machinery” each running at least 10 Twitter accounts.

“Twitter made it clear with this move: if you do it all over again, we will do the same, and then you will think whether you want to invest that amount of time, effort and money again knowing it can all disappear overnight,” Petrovski told BIRN.

Some, however, say the bots are back already, promoting the party line amid the COVID-19 pandemic.

“They are like plague now,” said Jovana Gligorijevic, a journalist with the weekly political magazine Vreme and a frequent target of the SNS bots.

“They are all parts of the same machinery,” she told BIRN. “They create a fake vox populi [voice of the people].”

Gligorijevic said that whenever she uses the words ‘Aleksandar Vucic, ‘minister,’ ‘SNS’, ‘the president’ or ‘the prime minister’, she is bombarded by insults and negative comment, to the degree that she once deleted her account. 

“The bots react on those key words,” Gligorijevic said. “This is one network for absolute media control.”

BIRN editor Slobodan Georgiev has also been ensnared.

“First they insult you on Twitter, then that is published in tabloids and then you end up in the ‘analysis’ on tabloid TV stations,” he said.

A bigger problem, however, “is that they make you an ‘enemy’, and that comes directly from the top of SNS, which leads these bot divisions,” he said. And that makes journalism difficult.

“Then you are labelled a danger to the state and people working in the system start avoiding you and stop responding.”

Central and Eastern Europe Freedom of Information Rights ‘Postponed’

Citing the fight against COVID-19, authorities in a number of Central and Eastern European countries have extended the amount of time state bodies have to respond to freedom of information, FOI, requests, part of what media watchdogs say is a worrying crackdown on press freedom since the onset of the pandemic.

Media regulations across the region have been tightened under states of emergency and journalists have been arrested on accusations of spreading misinformation concerning the response of authorities to the spread of the novel coronavirus. 

Some countries have sought to centralise the dissemination of official information and banned certain media from regular briefings. 

FOI requests, a vital tool for journalists, have also fallen victim to the virus response; in Moldova, public officials have been allowed to decide alone whether or not to respond, while in Serbia, officials can refuse to respond to questions that are not related to the pandemic. In some cases, state bodies have been told they can delay responding until after a state of emergency has been lifted.

The measures have come in for criticism from rights organisations and raised suspicion that governments are trying to avoid public scrutiny of their response to the pandemic, which in many countries has been slow, chaotic and hampered by shortages of protective equipment for frontline medical staff.

Governments have an obligation to “ensure that measures to combat disinformation are necessary, proportionate and subject to regular oversight,” Dunja Mijatovic, human rights commissioner at the Council of Europe said on Friday.

Describing access to information as a “collateral victim” of government responses, Mijatovic said: “Despite the fact that timely information is essential for the public to understand the danger and adopt measures at a personal level to protect themselves, the filtering of information and delays in responses to freedom of information requests have been observed in several member states.”

Her statement followed a letter to the CoE from ten rights organisations that promote press freedoms and freedom of speech, among them Reporters Without Borders and the International Federation of Journalists, urging the 47-member body to take urgent measures against countries they accused of exploiting the crisis to curb essential freedoms.

Deadlines extended in Romania and Moldova


Romanian President Klaus Iohannis. Photo: EPA-EFE/ROBERT GHEMENT.

In European Union member Romania, President Klaus Iohannis signed a decree on March 16 declaring a 30-day state of emergency, which included a provision doubling the amount of time state institutions have to answer FOI requests.

Media outlets including Dela0.ro have reported that several local branches Health Ministry departments have cited the fight against COVID-19 in refusing to provide information to journalists or deferred questions to the communications office created by the Interior Ministry to centralise information about the crisis.

Likewise in neighbouring Moldova, authorities on Friday tripled the amount of time public bodies have to respond to FOI requests, from 15 days to 45. Media researcher and Independent Press Association, API, journalist Mariana Jacot told BIRN that when she had asked for public information from the Health Ministry she was told that ministry officials have more important things to deal with.

FOI right postponed in Serbia

In Serbia, the government has also extended the deadlines for state institutions to respond to a range of requests, including FOI requests to which institutions now have 30 days to respond once the state of emergency in the country is lifted.

Last week, for example, the Ministry of Trade, Tourism and Telecommunications told BIRN it would respond to an FOI request submitted by BIRN, “within the legal deadlines upon the termination of the state of emergency.”

Serbia’s Commissioner for Information of Public Importance and Personal Data Protection, Milan Marinovic, welcomed the government’s measure in a statement on March 25. 

Marinovic, who was nominated to the post last year by the ruling Serbian Progressive Party of President Aleksandar Vucic, said the move addressed a “number of concerns regarding the course and the calculation of deadlines during a state of emergency.”

His predecessor, however, questioned the way in which the measure was adopted.

“The government can adopt that regulation only when the parliament cannot meet due to objective reasons,” Rodoljub Sabic told BIRN. “The notion that parliament sessions cannot be held now is completely unsustainable, it is complete legal nonsense.”

The Serbian parliament was dissolved on March 15 after the government banned all gatherings of more than 50 people. 

Referring to the trade ministry’s response to the BIRN FOI request, Sabic said: “Your right has practically been postponed.”

“Of course they can answer you. The regulation does not ban it, it only extends the deadlines. If they want, they can answer you.”

“Unfortunately, the regulation puts them in a position where they don’t have to answer the request. They can postpone your right until the state of emergency is over,” he said. “It all comes down to that body’s goodwill.”

Public debate in Montenegro amid pandemic


Delia Matilde Ferreira Rubio, chair of the board of directors of Transparency International. Photo: EPA-EFE/ALESSANDRO DELLA VALLE.

In Montenegro, rights groups have deplored a decision by the government to press ahead with public consultation on proposed amendments to the country’s law on access to information despite the restrictions imposed on public life amid the pandemic.

On March 31, civil society organisations and journalists called for a postponement, arguing that the lockdown had made participatory debate impossible.

The following day, the chair of Transparency International, Delia Ferreira Rubio, warned that any non-emergency legislative measure that requires public consultation should be postponed until full, active participation can be guaranteed.

Nevertheless, the Ministry of Public Administration called for written comments on the amendments to be submitted via the ministry’s official e-mail address by April 13.

The non-governmental Institute Alternative, which promotes good governance and democracy in Montenegro, urged the ministry to wait until the pandemic had passed.

“There is no reason to rush and have a bad discussion during the pandemic,” Stevo Muk said in a press release on April 3. “Especially since neither the government nor the parliament is functioning in a regular way.”

This article was changed on April 7 to amend the time Moldovan authorities have to respond to FOI requests.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now