This investigation examines the emergence and use of advanced mobile-surveillance technologies—primarily IMSI catchers—by intelligence and law-enforcement agencies in Serbia and Slovenia, situating these findings within a broader European trend. Leaked internal documents from the Swiss company NeoSoft reveal that Serbia’s Security Intelligence Agency (BIA) explored purchasing a covert IMSI catcher capable of device identification, movement tracking and, under downgraded network conditions, interception of calls and SMS. The material was authenticated through export-control records, technical documentation and expert consultations.
Parallel reporting in Slovenia, supported by extensive FOIA litigation and published by Monitor, uncovered similarly opaque practices. Despite long-standing public debate, institutions such as SOVA and the police refused to confirm whether they deploy IMSI catchers, while FOIA proceedings exposed gaps in oversight and transparency. A binding decision by the Information Commissioner ordering the release of previously denied documents highlighted systemic weaknesses in regulatory control.
Together, these findings demonstrate that the risks posed by intrusive surveillance tools extend beyond one country, reflecting a regional pattern marked by secrecy, inconsistent regulation and significant potential for misuse.
Key findings
Serbia
- Leaked documents show BIA explored purchasing NeoSoft’s NS Backpack IMSI catcher in 2021.
- The device is capable of device identification, location tracking and interception of calls and SMS via forced 2G downgrading.
- Two versions were offered, priced roughly between USD 145,000–150,000, with advanced optional modules costing over USD 70,000.
- The equipment appeared to be pre-configured for Serbian mobile networks.
- Switzerland’s SECO database shows no export licence issued for this equipment in 2021.
- NeoSoft did obtain permission for a short demonstration at BIA headquarters in 2023.
- Separate leaked files confirm that the Serbian firm Ibis Instruments purchased NeoSoft’s BTS Hunter, a tool for detecting IMSI catchers, in 2021.
- Serbia lacks dedicated legislation regulating IMSI catcher use, creating potential for opaque or abusive surveillance practices.
Slovenia
- The Monitor investigation revealed long-standing but non-transparent use of IMSI catchers by Slovenian security institutions.
- Agencies such as SOVA and the police declined to confirm whether they deploy IMSI catchers or detection systems, citing confidentiality.
- IMSI catchers act as fake base stations, compelling phones to reveal identifiers (IMSI/IMEI) and potentially enabling interception—raising serious privacy concerns.
- Existing Slovenian legislation provides limited clarity on the legality and oversight of such tools.
- FOIA requests submitted by Citizen D uncovered inconsistent institutional responses and gaps in export-control transparency.
- After multiple refusals, the Information Commissioner issued a binding order requiring the Ministry of the Economy, Tourism and Sport to release withheld documents or face fines.
- Findings indicate systemic weaknesses in transparency and regulatory oversight similar to those observed in Serbia.
Image by ©Slobodan Đuričić
