Cyber ​​war in Serbia?


Anonymous threatening emails have terrified citizens in Belgrade. Schools and other institutions are affected. Is there a connection with the Ukraine war?

“Who is waging the cyberwar in Serbia?” asks the Serbian news channel N1

The Belgrade high school student Aleksa Plemic was about to set off for school when the terrible news came via the messenger service Viber: The school was informed in an anonymous email that a bomb in the building. “Of course it was a huge shock,” says Gordana, the student's mother, “we had no idea how to react in such a situation”.

Monday morning (May 16, 2022) began for several million other families in Serbia – because according to the Serbian police, such bomb threats had reached at least 200 primary and secondary schools in the country, especially in the capital Belgrade. Older students who were already in school were immediately sent home; younger ones were taken to safety by their teachers and waited there until their parents picked them up.

Belgrade, May 16, 2022: Pupils flee their school after a bomb threat

 “The whole thing upset us parents more than the children,” Gordana Plemic told DW. She is chairwoman of the “Parents” association, which campaigns for the interests of students. “The parents report that the schools reacted quickly,” she says appreciatively. “Nevertheless, in the days to come, it will not be easy for any of them to send their children to school, because we do not know how this will develop nor what these threats mean. We do not know how safe our children are,  whether there will be a real alarm one day or if something happens without prior warning.”

Flood of threatening emails

Serbia has been a regular target of anonymous bomb threats since March 2022. Initially, they were directed against flights from Belgrade to Russia. In the meantime, their sheer number has grown to such an extent that even the police no longer know exactly how many threats actually came from where. A statement from the Interior Ministry said hundreds of threatening messages had been received at 48 locations and institutions. In addition to schools, bridges, shopping malls, restaurants, train stations, power plants, water pipes and hospitals were affected, as well as the private home of President Aleksandar Vucic and the Russian embassy.

There were bomb threats all over Belgrade: screenshot of TV channel N1

“The threatening messages were sent from email addresses at Google, Proton, Eunet, Yandex, as well as anonymous phone calls,” the Serbian Interior Ministry said. So far, the regional origin of a total of 19 of these addresses in Serbia and abroad has been identified. Eight threatening emails came from Poland, four from Gambia, two each from Iran and Nigeria and one each from Ukraine, Slovenia and Russia.

Difficult investigations

“With emails from servers whose operators rely on data protection as a business model, it is very difficult to get information about the sender,” Belgrade-based cyber security expert Adel Abusara told DW. “With the Swiss provider Proton-Mail, for example, the Ministry of the Interior of the country concerned has to go through Europol, which then contacts the Swiss police, who in turn contact the local judiciary,” Abusara continues.

The news channel N1 published one of the threatening emails – here is a screenshot

If the competent court agrees, the company in question is asked to find the owner of the email address – which, for example, the email provider Proton refuses in most cases. “There is almost always a legal dispute,” reports Adel Abusara, “and it can take a long time, because email providers who value the protection of their users' data have entire teams of lawyers. They defend against every request made by demands that they disclose user data.”

Aim: Pressure on Serbia?

For the time being, only representatives of the Serbian government are publicly speculating about the reasons for the mass bomb threats in Serbia. “We are the only country in Europe that has not imposed sanctions on Russia,” said Prime Minister Ana Brnabic, “and the pressure on us is incredible.”

Serbian Prime Minister Ana Brnabic at a press conference in February 2021

Interior Minister Aleksandar Vulin said the bomb threats were intended to force Serbia to abandon its “independent foreign policy”. “These attacks were not initiated or carried out by individuals. They are mass, organized and very expensive hacking attacks conducted from various hybrid warfare centers,” said the minister.

No cyberterrorism


Cyber ​​experts, on the other hand, believe that it is currently difficult to interpret the motives behind the bomb threats – but that one cannot speak of terrorist attacks or even cyberterrorism. “The fact that a threatening email comes from a Russian or Swiss server does not mean that you are being attacked from Switzerland or Russia, but that someone used servers in these countries,” explains security expert Adel Abusara.

Moreover, there are repeated bomb threats not only in Serbia, but also in the neighboring countries of Croatia, Bosnia and Herzegovina, Montenegro and Romania. “Three years ago, a teenager sent threatening emails to thousands of schools and kindergartens, which led to the evacuation of these institutions,” reports Abusara, adding: “Things like this happen. The question is how quickly you can legally react to them.”< /p>