![](https://thegeopost.com/wp-content/uploads/2024/12/An-IMSI-catcher-acts-as-a-middleman-between-a-legitimate-base-station-and-the-victims-phone-allowing-it-to-monitor-communication-Source-BIRN-Serbia-Slobodan-Duricic-e1733935261747-1024x576.jpg)
Over the past decade, Serbia has imported more than 20 IMSI catchers, capable of indiscriminately harvesting communications from all mobile phones within a certain area. Experts say their use is not regulated in law.
It was January 2014, and protests in Kyiv’s central square over the then pro-Russian president’s refusal to sign an integration deal with the European Union were at their peak.
Braving sub-zero temperatures and heavily armed police, the demonstrators had occupied the square and were refusing to leave.
Suddenly, according to media reports, at midnight they each received the same text message to their phones: “Dear subscriber,” it read, “you are registered as a participant in mass unrest”.
The message was delivered using a device called an International Mobile Subscriber Identity-Catcher, or ‘IMSI catcher’ for short.
Highly controversial, IMSI catchers impersonate cellphone towers, identify and geolocate users and indiscriminately harvest communications from all mobile phones within a range of several hundred metres.
According to the findings of a BIRN investigation, Serbia has imported more than 20 of them over the past decade, but, experts say, in that time it has failed to update legislation that would regulate their use.
Over the past year alone, according to data obtained from their foreign ministries, Switzerland and Finland have issued 16 licences for the export of IMSI catchers to Serbia. A single device purchased by Serbia’s Ministry of Interior from a Swiss company cost nearly two million Swiss francs, or just over two million euros.
Public records show that the suppliers sold similar technology to a number of countries with questionable human rights records, such as Namibia, Morocco, the United Arab Emirates and Colombia.
Often portable and small enough to fit into a backpack, IMSI catchers are invisible to their targets, making it almost impossible to protect against their most intrusive functions.
Normally, police surveillance of mobile communications requires a court order and the mobile operator as intermediary. But Jelena Pejic Nikic, a researcher at the Belgrade Centre for Security Policy, said IMSI catchers in Serbia risk being used outside of normal procedures. This is a particular worry in the context of ongoing protests against the ruling Progressive Party.
“There is no public regulation governing the application of this specific technology,” Pejic Nikic told BIRN. “There are more general legal provisions under which it might, but even then it enters a grey area, primarily due to potentially disproportionate surveillance and a lack of oversight.”
“The police,” she added, “must not use this technology preventively, such as identifying participants in anti-government demonstrations”.
IMSI Catchers: A tool for intelligence or a threat to privacy?
IMSI catchers are used for intelligence gathering, in criminal investigations and search operations. But they also offer indiscriminate surveillance of large groups of people in specific areas, a practice that civil society organisations and digital rights advocates have long warned about.
“These devices have no limitations; they can be deployed in any location or situation, continuously monitoring large numbers of users simultaneously,” said an IT expert, speaking on condition of anonymity.
“Variations include stationary high-capacity units, mobile backpack versions, suitcase-sized models, and even drones in recent years. They are most commonly used in urban areas densely covered by base stations.”
Matej Kovacic, a cybersecurity researcher and lecturer at the University of Nova Gorica in Slovenia, told BIRN: “When deployed in crowded areas like shopping malls or urban centres, IMSI catchers collect data not only from targeted individuals but also from everyone within a radius of several hundred metres.”
Stressing that wiretapping without a court order is a criminal offence, Pejic Nikic questioned how the operator of an IMSI catcher could isolate only those devices contained in such an order.
“If it is technically possible, the question arises about oversight – ensuring against excessive or abusive use,” Pejic Nikic told BIRN.
“Software capable of automatically logging all actions and the identities of authorised users must be in place, and this record should be tamper-proof. Prosecutors and judges should then verify this log against police reports and take appropriate measures.”
Pejic Nikic stressed there is “no legal basis” for using such technology in the context of the kind of anti-government protests that have sprung up repeatedly in Serbia over the past several years.
“Such use would be neither legitimate nor proportional, seriously jeopardising not only the right to personal data protection but also the freedom of expression and assembly.”
Pejic Nikic warned that the use of IMSI catchers “clearly bypasses the operators, who are otherwise obligated to verify that all requests they receive are based on court orders and to reject those that are incomplete”.
Kovacic said that IMSI catcher logs can be deleted and said one potential solution could be the creation of an independent third party to oversee their use by police and intelligence services.
Serbia’s Regulatory Agency for Electronic Communications, RATEL, told BIRN that in the past decade it has not detected any IMSI catchers in the country, nor have security agencies informed RATEL of their intended use.
High price for Swiss surveillance technology
An IMSI catcher does not come cheap.
In October 2023, Zurich-based NeoSoft delivered two devices – one to Serbia’s Ministry of Interior, the other to the intelligence agency BIA. The ministry paid 1.95 million Swiss francs, or just over two million euros.
The second device was imported for trial purposes and BIA did not keep hold of it for long, the Swiss State Secretariat for Economic Affairs, SECO, told BIRN.
NeoSoft had already delivered an IMSI catcher to the Ministry of Interior in late 2016, but at a significantly lower price of 147,000 Swiss francs, or 158,000 euros.
Kovacic said the prices of such devices vary according to functionality and the sophistication of the interface.
“These devices also face little competition, which explains their high price,” he said.
NeoSoft product catalogues from 2010 show the company has spent years developing mobile communication surveillance technologies capable of intercepting calls, SMS messages, and geolocations, selectively jamming signals, decrypting communication, identifying voices and remotely activating microphones.
Advanced IMSI catchers include features such as ‘silent call’, which mimics a phone call to a target device and activates its microphone.
In addition to IMSI catchers, NeoSoft offers global geolocation systems utilising the international telecommunication protocol standard known as SS7, enabling precise tracking of electronic devices worldwide. Such a capability has been associated with the Israeli company Circles, which is reported to have supplied similar technology to Serbian security agencies.
NeoSoft has previously faced scrutiny from Swiss authorities over negotiations with Bangladesh’s notorious Rapid Action Battalion, RAB, which operates under the Police and Home Affairs ministry and has been widely accused by rights watchdogs of human rights violations including the murder and kidnapping of rights activists and journalists.
Tender documents obtained by Privacy International and the Swiss newspaper WOZ in 2014 revealed that NeoSoft planned training sessions that year in Switzerland for 10 RAB members. NeoSoft did not respond to the report.
In December 2023, the trial of former senior Serbian interior ministry official Dijana Hrkalovic, charged with influence peddling, and former Novi Sad police chief Milorad Susnjic, charged with abuse of official position, hinted at the police’s use of IMSI catchers when investigator Bozidar Drobnjak testified that Susnjic had insisted on using what he called a ‘catcher’ to monitor convicted organised crime figure Darko Elez, given Elez was known to communicate online and with ‘special’ phones. A verdict in Hrkalovic’s case is due in January.
Drone-mounted IMSI catchers
Documents obtained from Finland’s foreign ministry show that Serbia also bought IMSI catchers and other equipment from EXFO, a company specialising in surveillance and communications equipment based in the Finnish coastal city of Oulu.
Serbia has imported at least 20 IMSI catchers from EXFO over the past decade.
In February last year alone, eight export licences for such devices were issued.
As far back as May 2016, Serbia was buying EXFO’s NetHawk series, designed to intercept and geolocate mobile and Wi-Fi communications, scan radio frequencies, jam signals and detect IMSI catchers.
The devices came with NetHawk F10 software, designed for ‘tactical intelligence gathering’ in GSM, UMTS, and LTE networks and even in areas not covered with base stations.
In 2018, Motherboard – the IT-focused online magazine of VICE Media – reported that EXFO-made invasive equipment had been exported to the likes of Oman, Indonesia, Mexico, Morocco, the UAE and Colombia – all of which have dubious human rights records.
A patent registered by NetHawk at the European Patent Office in 2011 reveals that their IMSI catchers already had the capability to take control of mobile devices in real-time by disrupting the signals of legitimate base stations and redirecting the target’s devices to fake base stations.
A patent registered in February 2020 in the United States showed just how far the technology had advanced. It described an IMSI catcher mounted on a drone, capable of precise horizontal and vertical geolocation, as well as ‘silent calls’.
CellXion: Monitoring from GSM to 5G
Serbia also went shopping for IMSI catchers in Britain between 2015 and 2018. The suppliers included London-based CellXion, which received licences to supply Serbia with tools for wireless communication interception, signal jamming, and subscriber identification.
CellXion describes itself as a specialist in intelligence monitoring of mobile communications across GSM to 5G networks.
Older protocols like GSM and 2G are more vulnerable to IMSI catcher attacks than newer 4G and 5G protocols, but Kovacic told BIRN: “Some IMSI catchers exploit vulnerabilities in 4G and 5G networks by generating interference noise, causing mobile phones without newer network support to ‘drop’ to the older 2G protocol. From there, it becomes straightforward.”
Another British firm, TGL Services Ltd, received a temporary licence in 2016 to export IMSI catchers to Serbia.
Kovacic said there is no effective protection against geolocation or user identification when in proximity to an IMSI catcher, but encrypted applications like Signal or Element “can safeguard communication content”.
“Special encrypted mobile phones can also help,” he said. “However, surveillance has increasingly shifted to spyware.”
Homegrown alternatives
Serbia’s security agencies can now also shop at home for such technology.
Two Serbian companies offer products and services in the field of mobile communication interception: Ibis Instruments and MRG Export-Import.
Ibis Instruments advertises services for IMSI catching, interception of outgoing SMS and dialed numbers, geolocation, and profiling of users based on open sources and device characteristics. The company also claims to block or generate SMS and voice calls for any target from any number.
Ibis Instruments lists several foreign partners on its website that provide solutions for communication interception, decryption of secure mobile and internet communications, electronic warfare, and digital intelligence. Among these partners is the Canadian company Sandvine, known for its internet censorship solutions.
MRG Export-Import, which has been supplying forensic tools for mobile phones to Serbia’s Ministry of Interior for years, markets IMSI catchers from the brand Septier. It also promotes a ‘Cellular Extractor’ capable of geolocating phones, intercepting conversations and messages, and modifying SMS messages. It also sells a mini-IMSI catcher with similar functionalities but a reduced range of up to 100 meters.
Documents from public procurement obtained by BIRN reveal that Serbia’s Military Technical Institute has also developed radio equipment named HERA, designed to intercept communications within the 1.6–30 MHz range for use in electronic warfare.
Better monitoring
The full scale of Serbia’s cyber-surveillance imports is not known. Most countries contacted by BIRN for information on exports to Serbia refused to disclose details, often citing national security concerns.
Mark Bromley, a researcher on dual-use goods and arms transfers at the Stockholm International Peace Research Institute, SIPRI, said that many European Union states keep such export data under wraps; companies also frequently relocate and some invasive technologies exist purely as software.
The onus, he said, is on exporting countries to monitor what is being exported and where.
“Before granting an export license, state licensing bodies require detailed information about the client, the purpose, and the intended use of the technology. This helps mitigate human rights risks,” he said.
“However, there are limitations to these mechanisms after the export occurs. What is needed is a follow-up period to monitor compliance and investigate how the technology is being used in the destination country.”