Despite sharing the same owner, the N1 editorial team was never informed that another firm within United Group could have access to all internal communications and control over all documents stored on the N1 server. However, the newsroom discovered the situation independently and has raised questions regarding the purpose of these actions.
What use does an officially registered consulting firm have for access to the internal emails and documents of independent media? The company United Group RS, which shares the same owner as N1, has begun server monitoring that could establish complete control over sensitive journalistic data.
“They can see everything that is on them or even change things located there. When we say they can see things, it means they can see sent emails, communication with confidential sources, and business correspondence, but they can also see, for example, human resources data,” said digital security trainer Lazar Covs.
The director of the firm that will have access to the data is Vladica Tintor, who took the position this summer. His appointment was shrouded in secrecy; initially, even security personnel did not grant him entry. He eventually took office accompanied by lawyers who, among others, represent Telekom Srbija.
Tintor is no novice to information technology; as the former head of RATEL, he served as the manager of CERT, the regulatory body for electronic communications dealing with the cybersecurity of state-owned enterprises. He claims to N1 that these activities are merely for upgrading system security.
“These activities are carried out on a continuous basis and were further intensified following certain IT outages and data security incidents recorded during the previous year. Measures related to improving data oversight and strengthening security represent common and responsible practice in modern corporate management. They are not connected to any outside person or entity, nor do they relate specifically to the information or media activities of United Group,” Tintor stated.
Tintor declined to answer whether he has recently met with foreign journalists and security officials regarding this work. According to N1’s findings, Tintor engaged a London-based data collection firm, Istok Associates, which has been managed by individuals from Serbia over the years; its director was once a journalist reporting from the Balkans. He confirmed to N1 that he was in Belgrade but offered no further details.
“Istok Associates is an international security and intelligence consultancy based in London, operating worldwide. We do not disclose the identity of our clients to third parties,” said Neil Barnett, director of Istok Associates.
The takeover of data is a highly unusual procedure, says the digital security trainer, because media outlets should, as a rule, be entirely free from the influence of owners.
“I am simply interested in what information and data they want to obtain that they cannot reach in any other way than exactly this way,” Covs added.
The Director of N1 said he has information that the servers of the television station and the Nova portal have already been compromised, and that the operation is led by a man who comes from state structures and has direct links to the authorities in Serbia. He also recalled that Nova and N1 are registered in the European Union, where such manoeuvres are not viewed favourably.
“We suspect that this is a problematic move which could actually violate personal protection data prescribed by the European Union. We believe that the data and communications of journalists could be endangered in this way, meaning the government could have insight into the communication of independent journalists, which we consider unacceptable,” said N1 Director Igor Bozic.
It would not be the first time the authorities have had insight into the communications of N1 journalists, but in the past, such as the case of the Deputy Mayor of Belgrade who later became a minister, they had to find ways to obtain them.
“Today I will publish an email sent to you as journalists by your editor Cosic, where he instructs you on how to report today on 27th March Street, as I have just received that email,” Goran Vesic, then-Deputy Mayor of Belgrade, said in 2019.
The question remains whether the authorities will even have to try to obtain them tomorrow, or if they will be served to them alongside their morning coffee.
Source: N1
