Press "Enter" to skip to content

Israeli company developed spyware in Skopje, local officials looked the other way

12.04.2023

The Predator spyware marketed to the world by an Israeli software company and used in Greece and Egypt to spy on journalists, dissidents and others, was developed in North Macedonia – a violation of the Balkan country’s law. But local efforts to investigate why the software was built in Skopje appear stalled. The European Parliament also is probing the matter.

Reporting: Saska Cvetkoska, Ivana Nasteska, Bojan Stojanovski, Tasos Telloglou, Eliza Triantafillou; Additional reporting: Miroslava Simonovska

Key points

  • A set of classified intelligence documents from North Macedonia obtained by news organizations Inside Story in Athens and Investigative Reporting Lab in Skopje show that Predator spyware, at the center of an international scandal, was illegally developed by Cytrox, in Skopje, North Macedonia – and government officials of North Macedonia knew about it but did nothing to stop it. Cytrox is owned by Intellexa, an Israeli firm founded by Tal Dilian. Intellexa is mired in an ongoing scandal about several governments’ use of the spyware to target dissidents, journalists and activists. The software has been sold in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia, the Citizen Lab reported.
  • Documents show that the government of North Macedonia was aware as early as 2017 that Cytrox was illegally developing Predator spyware in the country, with the intent to distribute it elsewhere.
  • Documents obtained by Inside Story and Investigative Reporting Lab (IRL) reveal the existence of a complex business structure in Skopje developed by individuals and companies with direct ties to Intellexa. At least 5 companies with links to Intellexa were registered with the official business registry of North Macedonia between 2017 and 2021. Two of them – Cytrox and CyShark – identified themselves as developers and traders of software when they requested licenses for export and production.   There was no indication in their public applications that they were producing spyware, which would not have been allowed under the licenses they sought and obtained. However, the classified documents obtained by IRL and Inside Story show that the North Macedonia government was informed that Cytrox planned to illegally create spyware. Experts say the Government of North Macedonia should have acted to stop the production, but failed to intervene.
  • Documents show that Cytrox and CyShark are part of a group of companies owned by Tal Dilian and his associates. Dilian is a former Israeli defense official who founded Intellexa, now based in Cyprus. Among the owners of Cytrox is Ivo Malinkovski, a member of a family of well-known Macedonian winemakers – and arms dealers.
  • The Government of North Macedonia’s Ministry of Interior told parliamentarians that it is investigating to determine the circumstances in which Predator was created. But there has been no update and few signs that there is any progress.

As scandal is revealed, Parliament asks questions, but gets few answers

On June 19, 2022, a few months after it was revealed that Predator spyware had infected Greek journalist Thanassis Koukakis’s mobile phone a group of parliament members of North Macedonia, arrived in Geneva to participate in an intense training to improve their oversight of the country’s intelligence agencies and to ensure that these agencies respect human rights and democratic standards. Hosted by the Geneva Centre for Security Sector Governance,  also known as DCAF, nine members of North Macedonia’s Parliament Commission for Oversight of the Work of the National Security Agency and Intelligence Agency, together with a dozen representatives from other North Macedonia government institutions, attended a training entitled “Highly invasive means like IMSI catchers, malicious softwares – their purpose and use.”

The welcoming email by DCAF lead cybersecurity expert Matej Kovacки opened the training by sharing information about various governments and private entities using two dangerously sophisticated spying software: Predator and Pegasus. By then, the public and the parliamentarians knew that Predator was sold by Intellexa – Dilian’s company – and had been invented by its Macedonian subsidiary Cytrox. This was first revealed by the interdisciplinary laboratory based at the University of Toronto Citizen Lab which reported in a December 2021 report that Predator, sold to hostile governments across the world, had been developed in Skopje. But the report lacked information about how that had been allowed to happen in North Macedonia in what was a clear violation of its laws.

The trainer asked the participants what they were doing to shine light on this disturbing discovery.

“I remember we all proudly said: ‘Yes, we did ask the Macedonian authorities. They told us they are already working on the problem. The staff from the Ministry of Interior told us investigative measures are underway to determine the circumstances and that the MPs  will know accordingly once they have answers’,” former Minister of Interior and current MP Pavle Trajanov told IRL’s reporters in a face-to-face meeting.

The group would not meet again until five months later on November 14, 2022, this time at the mountain resort of Mavrovo in North Macedonia.  For this  second raining, representatives from the Ministry of Interior of North Macedonia, the Intelligence Agency, the Bureau for Public Security and the Agency for National Security also would  attend. The guest list included some high level representatives including Victor Dimovski, the director of the North Macedonia Agency for National Security..

In the light of the events in neighboring Greece where it was revealed in 2022 that journalists, government ministers and members of the opposition party had been spied on by the Greek government using legal wiretapping procedures and the illegal spyware Predator, the parliamentarians would express new concerns, asking whether the North Macedonia government also possessed sophisticated spying software.

“Director Viktor Dimovski, after some nagging with us, said ‘yes, but claimed that so far they have never used it,” Trajanov told IRL. But the Parliamentary group asking the questions received few details, details they are still seeking.

Recent history shows that it is not particularly surprising that spy softwares are being developed in North Macedonia, or recently in Bulgaria, both countries with weak regulations and even weaker oversight.

A tech savvy city with a sketchy tech history becomes a spyware hotspot

In 2015 the Macedonian secret police and high level government officials were implicated in illegal telephone surveillance on a massive scale – more than 20,000 individuals were wiretapped between 2008 and 2015 while the Nikola Gruevski government was in power.

The then- director of the Administration for Security and Counterintelligence Saso Mijalkov was alleged to have illegally intercepted the conversations from 5,827 phone numbers for more than 20,000 individuals.The targets included civil society activists, politicians from all parties, journalists, diplomats, businessmen. In a related matter, Mijalkov was also investigated in 2016 by the Special Public Prosecutors in North Macedonia for running covert internet surveillance using sophisticated spy software known as Finfisher. Goran Grujevski and Nikola Boskovski, two of Mijalkov’s closest confidantes among intelligence officers, were cited for destroying the equipment in an attempt to sabotage the prosecutors’ investigations.

In October 2017, Grujevski and Boshkovski were arrested in Greece where they had requested political asylum. A court  in Thessaloniki ruled they both should be extradited because they did not meet the conditions for political asylum. This decision, however, was overturned by Greece’s Supreme Court. The high court ruled that because they had been pardoned by then- President of North Macedonia Gjorge Ivanov, part of the government that had succeeded Gruevski, they did not need to be extradited. They had been awaiting trial on charges of destroying the spying equipment in the wiretapping scandal, and could have faced 15 years in prison. President Ivanov’s pardon was widely criticized as a clear effort to protect a small circle of former ruling party members and their associates from criminal charges. In 2016 Ivanov revoked the pardon after a huge public outcry. But the two men then received asylum and are living in Greece.

That wiretap scandal in North Macedonia might have put an end to an authoritarian regime of the nationalist party led by Nikola Gruevski, but it did not end the connections between the weak democracy and worldwide spyware traders. At almost the same time that the wiretap scandal was winding down, North Macedonia was already becoming a host country for the development of what would become one of the most notorious spying software: Predator.

From wine and weapons to developing spyware 

In early 2017, then-26-year-old Macedonian entrepreneur Ivo Malinkovski left his position as head of Chateau Kamnik, his family’s wine producing company, and founded and operated several tech startups in Skopje. His business became the development and production of the Predator.

Ivo Malinkovski, former CEO of Cytrox; credits: Man Magazin 2020

In the early months of their existence, on October 6, 2017, two of the companies that Malinkovski ran – Cytrox and Cyshark, would ask the Ministry of Interior of North Macedonian for authorization for manufacturing, sale and resale, and export of several software products that could be used to protect personal data – and to invade personal data. This was spelled out in classified documents obtained by IRL and Inside Story. The companies would be selling this equipment to governments and certified government agencies such as secret services, police, border agents, and marine police, the classified documents said. The Government of North Macedonia’s Ministry of Interior said it never authorized the production of the spyware and said it was unaware that it was being produced. But the documents tell a different story: the government was alerted to the plans to produce spyware, a violation of the law of North Macedonia.

The application said: We note that our activity is the subject of work exclusively for the creation and production of software that we would offer as a final product on the domestic and foreign market only for government uses, as well as for special needs and purposes that fall under the authority of state authorities authorized by law and institutions.

Signed by Malinkovski, the application said that the products the companies sought to create are regulated under the Law for Interception of Communication. Accordingly, the Ministry of Interior should have reviewed their full application, but there is no evidence or documentation to show that such a review occurred.

The manufacture, offer for sale, resale, import, export, re-export or possession of means of monitoring communications may not be carried out without an authorization issued by the Ministry of Interior. The approval from paragraph 1 of this article is issued on the basis of a submitted written request, in addition to which a technical specification of the type and characteristics of the means intended for monitoring communications must be submitted”, article 3 of the Macedonian law on interception of communication says.

The applications sent on behalf of Cytrox and Cyshark were not complete. Malinkovski had neglected to attach the specifications of the equipment that the law required. The Government of North Macedonia’s Ministry of Interior gave the companies extra time to deliver the required documents, allowing them an additional month.  The government unit tasked to review and authorize such products is the Counterintelligence Unit in the Ministry of Interior, better known to residents of North Macedonia as the Secret Police.

On November 7 2017, Malinkovski filed a new document with specifications that the original application had lacked. According to classified documents obtained by IRL and Inside Story, and reviewed by tech experts at IRL’s request,  the software product in question is what would later be known as Predator, the linchpin of the global scandal. It features a sophisticated weapon to target civil society activists, journalists and other high value targets. Some of those, it later was revealed, were in neighboring Greece. It also was soon revealed that the smartphone surveillance system – the Predator spyware –  was used by authoritarian hostile governments and paramilitary organizations  around the world such as the infamous Rapid Support Forces militia in Sudan and the government of Myanmar.

The Citizen Lab – a laboratory at the University of Toronto that focused on digital espionage – –   in 2021 revealed that the phones of at least two Egyptian nationals had been hacked with ‘Predator’ spyware developed  by a developer in North Macedonia called Cytrox. Public records in Skopje show that the CEO is Ivo Malinkovski. Rumors were spreading that the father, not the son, is actually behind the company , but Ilija Malinkoski denied the allegations in an interview with Balkan Insight.

“Cytrox was reported to be part of Intellexa, the so-called “Star Alliance of spyware,” which was formed to compete with NSO Group, and which describes itself as “EU-based and regulated, with six sites and R&D labs throughout Europe,” the Citizen Lab Report said.  

But the software developed in Skopje for Intellexa was never granted the required authorization by the Ministry of Interior.

IRL reporters talked with an officer in the Ministry of Interior tasked to handle the application. The first to respond had refused to make a recommendation. “I was not qualified to understand what the software is, so I gave it to another officer,” this person said. At least three sources in the Counterintelligence unit confirmed for IRL that no one wanted to deal with this request. The Ministry of Interior then said in an email to IRL that they did not approve the Cytrox and Cyshark requests.

The reasons for this reluctance may well be rooted in the wiretap scandal, which was revealed in 2015.

”The Ministry of Interior has not authorized such software for the companies in question, nor has the Ministry of Interior purchased such software,” spokesperson Toni Angelovski said in an email dated Dec. 15, 2022. “

 

Wiretap scandal may have foreshadowed the North Macedonian connection  

North Macedonia once made global headlines stemming from another Citizens Lab report that revealed in 2015 the Gruevski government’s massive wiretapping scandal. And the tiny Balkan nation was again in the headlines on December 16th 2021 when NGO Citizen Lab in cooperation with Meta published two new reports. This time the focus was on the Predator software produced by tIntellexa’s  company Cytrox, based in Skopje. On the same day,  the prime minister of North Macedonia Zoran Zaev, who was on his way out of office, hosted a party in the exclusive winery Chateau Kamnik. The winery is owned by the Malinkovski family who are not only vintners, but also arms traders for almost three decades, and now,  and a recent entrant into the cyber software business. But, while the revelers sipped on wine, very few knew that the family whose winery hosted the party was at that moment deeply involved in one of the world’s hottest spying affair linked to the use of Predator.

 

Prime minister of North Macedonia Zoran Zaev, Serbian president Aleksandar Vucic and Ilija Malinkovski photographed together in the family winery on 14 of February 2021. The winery has a private exclusive area where regional politicians, businessman and diplomats often meet.

The arms business operates under the brand Mikei International, but the Malinkosvki family keeps their affairs away from the public spotlight. There is only one record of a press interview but no TV appearances, no hint of any scandals. When Mikei  was sanctioned by the US government  in 2009 for trading weapons with hostile regimes, no media reports were made. Unless you are a politician or a journalist, you would not know of their international weapons trade business. It is mostly under the public radar. For ordinary Macedonians, the Malinkovski family is known as winemakers of Chateau Kamnik, a very popular brand

The family’s weapons business and other enterprises stayed under the public’s radar until 2017, when Ivo Malinkovski, began to frequently appear in the media as a rising star in the global tech world.

“Young and successful, a hedonist, adrenalin sport junkie and owner of the IT company Cytrox”, this is how Ivo Malinkovski is described in the intro of an interview in the local lifestyle magazine Espresso. In several other media interviews Ivo Malinkovski gave in 2018,  he was described as an owner of Cytrox, although the actual products and services the company were offering were murky. None of it suggested what would soon be nicknamed The Greek Watergate. Shortly after the Citizen Lab published its findings, Ivo Malinkovski deleted all of his social media accounts.

According to official documents reviewed by IRL in the North Macedonia Business State Registry, there is ampl evidence of Dilian’s footprint in North Macedonia. The Skopje-based company Cytrox was founded in March 2017 as a joint stock company by six foreign businessmen – five from Israel (Dror Harpaz, Sharon Adler, Avraham Rubinstein, Eyal Avraham Oren, Alon Arabov) and one from Hungary (Rotem Farkash). Ivo Malinkovski was listed as their CEO. According to the separate registry of true owners, the beneficiary owner of Cytrox was Meir Shamir, a former air force veteran from Israel. All have ties to Tal Dilian, according to various public documents on file in several countries. Dilian is the head of Intellexa.

The filings also show that Dilian was broadening his holdings in North Macedonia. Four other companies were registered at the same address in Skopje- each of them with connections to Tal Dilian’s associates: Cyshark, Cygnet, Cintellexa and Cyberlab. All of them were registered between 2017 and 2020. Avraham Rubinstein appears among beneficiary owners in Cytrox and Cyberlab together with Rotem Farkash while Rotem Farkash’s father, Moshe, is co-owner of Cyshark together with Ivo Malinkovski. All have business connections to Dilian.

“It was one company basically, we all worked in the same offices and we were all working on the same tasks. Many of the employees had no idea how many companies were registered, we just know we worked for Intellexa. The pay was better than excellent, so no one cared“, an employee who wished to remain anonymous told IRL.

The former employee, who is also a software engineer, confirmed that what was being produced was Predator, although they did not know where or how it was being sold. “My suspicions are that the exports were made through companies in Cyprus. Whether it’s legal or not, I wouldn’t know, my job involved other responsibilities. We also trained the employees in Greece. Everything was controlled from here because the main product of all Intelexa operations was in Skopje. Why, I wouldn’t know, maybe the lower production costs, the fact that we are off the EU radar, there are many factors”.

The Skopje office was frequently visited by various Israelis, according to sources and data from border police. The employee could not say who they all exactly were, but he was familiar with one man– Shahak Shallev. “He was the main guy, he was sent here from the start by the Israeli to oversee the operations of production”

One of the companies registered in Skopje was  CyberLab. It  was run by the R&D director of Intellexa, Shahak Shalev, former top cybersecurity intelligence officer in the Israeli Military. IRL can confirm that Shalev resided in North Macedonia  from 2017 until the end of September 2022 at the height  wiretapping  in Greece, which led to several government investigations and the resignation of the Greek director of the Intelligence Services (EYP) and the Priminister’s left hand and nephew Grigoris Dimitriadis . CyberLab, according to the official documents, was managed by Ivo Malinkovski, but the true owner was a Dutch company called Inpedio, owned by Avraham Rubenstein and Rotem Farkash. Shahak Shalev, based on his bio on his Linkedin profile, remains the Vice president  of Technology at Inpedio. Both cyber companies, Cytrox and Inpedio, received initial funding back in 2017 by the state-owned israel Aerospace Industry.

Skopje as a haven for former Intellexa Greek employees

At least two former Intellexa employees working in Athens were tracked down by reporters frequently visiting Skopje, even after they stopped working for the Greek company.  According to travel and other data collected by reporters, their visits to  North Macedonia  most likely started in the second half of 2022, right after the revelation of phone tapping of another prominent Greek politician, Nikos Androulakis,  the leader of Greece’s socialist opposition party PASOK.

“We were tasked to recruit and hire, for example, personnel in Athens”, said the former employee.

At the moment, the offices of Cytrox in Skopje appear closed, as reporters witnessed. Public business registry records in North Macedonia show that there were changes in the ownership structure for Cyshark, one of the companies owned by Moshe Izrael Farkash. Now, at least on paper filed with the business registry,  it is owned and run by the retired grandmother of Ivo Malinkovski on his mother’s side, Kalja Angelova.

European affair followed by silence in North Macedonia as scandal gathers steam

In the meantime, Cytrox from North Macedonia is recently getting more attention from the European Parliament.

A special committee of the European Parliament is currently investigating how  Predator was used,after realizing that in most European countries, as well as in repressive African regimes several prominent politicians, journalists and civic activists were illegally targeted and surveilled after their telephones were infected with this or other similar software (Pegasus/NSO etc).

A Dutch member of the European Parliament and rapporteur of the PEGA Committee , Sophie in ‘t Veld in  a press conference presented the findings of the committee’s draft report developed within a seven-month period and said that all member-states of the European Union have such software available, even if they do not admit it. On page 36,  a chapter is devoted to the Macedonian connections. The MP wrote to Tal Dilian asking for details.

“The company Cytrox, hosted by Intellexa, began as a start-up in North Macedonia, but according to Forbes you saved it from bankruptcy with five million Dollars. It seems that the corporate structure is widely spread, with corporate presence in Hungary, Israel and share transfer in a corporate entity on the British Virgin Islands. Could you please provide us with information on your current and previous role in Cytrox as well as the link between Cytrox and Intellexa. Can Intellexa comment on why it is present on the British Virgin Islands? Can Intellexa clarify whether Cytrox transferred part of its shares on the British Virgin Islands?“ states the letter to Dilian which has not been answered.

In a reply to the reporters lawyers of Intellexa, as well as Dillian and Harpaz lawyers Andros Pelecanos instead of answers, responded with attacks.

“Unfortunately, the upcoming Greek elections cause the media to recycle legends and fairy tales concerning our activities. We have no intention participating in this witch hunt as we are not part of the election campaign. We are fully regulated under EU regulation, act in compliance with the law and continue cooperating with the relevant competent authorities“, Intellexa answered.

According to the Dutch MP, however, the problem was that the software was abused which constitutes an enormous threat for democracy on the whole continent.

“Fully regulated by EU law” is a sales slogan, it is hollow unless Intellexa would explain exactly which rules they refer to and how they are compliant. They have already been fined for not cooperating with the Greek authorities and for breach of the rules in Cyprus. They have apparently exported spyware to Sudan, which seems to be in Breach of EU export rules. Moreover Intellexa has refused to cooperate with the European Parliament. It never responded to any of our letters and invitations, however they did find the time to have their lawyers send angry letters to PEGA. If they are fully compliant, why have they refused to answer any questions? And let’s not forget that their spyware has been used illegitimately. Don’t they have a duty of care (at the very least) to check if their customers are respecting the law?“, Sophie in ‘t Veld said in a comment of Inside Stories.

The North Macedonia Ministry of Internal Affairs claimed in an email to IRL that they never issued approval for the production and sale of this software and that their responsibility ended there. Experts disagree, as does the North Macedonia Parliament committee tasked to follow the work of security agencies.

The Government of North Macedonia’s Ministry of Interior should have filed a criminal complaint, these experts said.

The professor and PHD of security sciences from the Faculty of Security at the University “St. Kliment Ohridski”, Svetlana Nikoloska, said that the institutions of North Macedonia should be very attentive to the problem of illegal monitoring of communications. Moreover, for such illegal activities, the Ministry of the Interior should act automatically in coordination with the public prosecutor, she said.

“Such illegal behaviors are contained in several criminal acts that are prosecuted ex officio,” said Nikoloska.

The Ministry of the Interior had information that the Macedonian company “Cytrox” plans to import and export communications surveillance software. Although the Ministry of Interior officially claims to have never authorized the request for production of this software, the ministry should have done more, Nikoloska said.

She cited Article 286 of the North Macedonia Criminal Code, which stipulates a fine or a sentence of up to three years in prison for anyone who, with the intention of unauthorized production, puts into circulation, imports, exports, or distributes a protected topography of an integrated circuit or software.

“If the software used in Greece for monitoring communications was produced in our country, measures and actions can be taken to discover, shed light and provide evidence only at the request of the Greek police. That cooperation goes on a bilateral level or through INTERPOL, but there should be a specific request, and in that case the department for computer crime and digital forensics can work on the case,” she said.  

But so far, there has been no effort to coordinate. Greek judicial sources said that they have not contacted the Macedonian authorities in Skopje on the matter of production of illegal spyware. Asked in Nicosia, Cyprus  where the main export activity of Dilian’s company is coordinated, Cypriot judicial authorities confirmed that they were not  in contact with their  Macedonian counterparts on the matter.

 

Повеќе од Homepage centerПовеќе теми во Homepage center »
Повеќе од International InvestigationsПовеќе теми во International Investigations »
Sashka Cvetkovska

Sashka Cvetkovska

Еditor-in-chief

Sashka Cvetkovska is an internationally awarded investigative journalist and editor-in-chief of the Investigative Reporting Lab. Cvetkovska has worked on a number of national and cross-border investigations that have uncovered domestic and international crime, corruption, illicit arms trafficking and disinformation wars. The research she has worked on has been published in The Guardian, Buzzfeed, Süddeutsche Zeitung and others. Her current responsibilities are focused on increasing the impact of investigative reporting by creating new narratives of stories through film and campaigns. In that direction, she currently holds the position of producer of the Investigative documentary series Newsroom. For ten years, Cvetkovska has been part of the research team of the International Organized Crime and Corruption Reporting Project, an international media organization associated with IRL. She was a member of the Board of Directors of OCCRP and the Association of Journalists of Macedonia.

Elena Mitrevska Cuckovska

Elena Mitrevska Cuckovska

Editor for Development and Operations

Elena Mitrevska Cuckovska is the co-founder of IRL and together with the editor and his assistant, is responsible for monitoring and designing the implementation process of IRL activities. She is the project director of the documentary series Newsroom. She has been working with journalists for more than 10 years and has also worked on other technological solutions that allow more efficiency when searching public databases used by our reporters in order to make their work faster. She is a software engineer and graphic designer by profession and she is also the first technology expert who is trained and works in the field of media. She is part of the cross-border group of technological experts of OCCRP and contributes in collecting and analyzing information and as a researcher in IRL.

Bojan Stojanovski

Bojan Stojanovski

Editor and journalist

Bojan Stojanovski is a graduated journalist with over ten years of media experience. He worked in several national televisions – TV Alfa, TV 24 Vesti and TV Alsat. From first of November 2021, he is a part of the IRL team. Throughout his career, Stojanovski followed topics in the field of judiciary, crime, corruption. In 2013, he received “Nikola Mladenov” award for investigative journalism, on the topic “Employment in the public administration through the party list”.

Denica Chadikovska

Denica Chadikovska

Assistant managing editor for organization and communications

Denica Chadikovska is a graduated psychologist who started her journalistic career in 2017 as co-author and co-producer of the youth show Krik, funded by the UK Government. Chadikovska becomes part of the IRL team in 2018 as an investigative journalist – intern within the project for training future media leaders. In June 2020, she joins the position of communications officer in charge of implementing the IRL’s communications strategy as part of the communications and products team.

Maja Jovanovska

Maja Jovanovska

Researcher and journalist

Maja Jovanovska has a degree in journalism and follows topics in the field of corruption, crime and justice. In her long-term career, she worked in numerous media such as A1 television, Channel 5 television, Alsat and the NOVAtv portal before joining the founding board of IRL in 2018. She is the winner of domestic recognitions and awards and has participated in a number of trainings and conferences in the field of investigative journalism. She was a member of the management of the Independent Union of Journalists and Media Workers of Macedonia and the Council of Ethics in the Media in Macedonia, and is currently part of the management of ZNM.

Aleksandra Denkovska Gocevska

Aleksandra Denkovska Gocevska

Researcher and journalist

Aleksandra Denkovska Gocevska is a graduated journalist with ten years of experience. She worked in the daily newspaper Nova Makedonija, the Meta.mk news agency and the NOVATV portal. During her career, she worked on topics from the field of politics, urbanism, judiciary and corruption. She started working with investigative journalism in 2015 when she came to work as a reporter in the investigative newsroom of NOVATV. She is a participant in dozens of conferences and workshops on investigative journalism and is the author of the first undercover investigative story in Macedonia about the lives of the children from the May 25 home.

Aleksandar Janev

Aleksandar Janev

Researcher and journalist

Aleksandar Janev is a graduated economist who began his career as an economic journalist in 2008 at Alfa Television. He developed his professional reporting skills through training sessions with top economic journalists both domestically and abroad, including at Reuters in the United Kingdom. In 2010, he transitioned to the print media at Capital, where he worked until 2022. Concurrently, he contributed regularly to the Balkan Investigative Reporting Network (BIRN), and since 2018, he has been both an author and editor for the TV program “Agenda 35” broadcasted on Macedonian Radio Television. Since 2023, he has been a part of the IRL team focusing on corruption and economic crime.

Ivan Blazhevski

Ivan Blazhevski

Researcher and journalist

Ivan Blazhevski is a journalist specializing in international relations, crime, and corruption. He has been working as a journalist since 1998, and since 2001, he has been an editor and correspondent for the Spanish state news agency EFE covering Macedonia, Albania, and Kosovo. Throughout his extensive career, Blazhevski has contributed to numerous media outlets such as Makpress, Agence France-Presse (AFP), Vecer, Dnevnik, Vreme, and Radio Free Europe, serving as editor for news and documentary programs at TV ALSAT for 18 years. He joined the team at IRL in 2024. Blazhevski has been honored with an investigative journalism award from the Macedonian Institute for Media (MIM) and has produced television programs in multiple countries and regions, including Japan, Greenland, Bolivia, China, Nepal, Bangladesh, East Africa, Cuba, Peru, Denmark, Italy, Germany, among others.

Pelagija Mladenovska Stojančova

Pelagija Mladenovska Stojančova

Researcher and journalist

Pelagija Mladenovska Stojančova is a journalist with over 16 years of experience in the media industry. She began her career at the daily newspaper “Shpic” in 2008 and later worked at the weekly “Sega”. Since 2009, she has been part of the team at Radio Free Europe’s Macedonian language service, reporting on politics, crime, corruption, and economics across various media platforms. Since 2024, she has been employed at IRL as an investigative journalist. She holds a degree from the Faculty of Philosophy and continued her education at the School of Journalism at the Macedonian Institute for Media (MIM). Throughout her career, she has been involved in projects focused on educating and mentoring young journalists.

Luka Blazev

Luka Blazev

Graphic designer

Luka Blazev is a graphic designer at IRL who becomes part of the team in 2019. His career in the field of graphic design and art began in 2017 by working on several projects for various domestic and foreign companies. At IRL, Blazev is in charge of finding graphic solutions for the research and for the design of the promotional content resulting from the research, which follows the communication strategy of IRL.

Trifun Sitnikovski

Trifun Sitnikovski

Director of "Newsroom"

Trifun Sitnikovski has been working in the film industry for more than a decade. He has shot more than a dozen short action films, short documentaries and three TV series on which he worked as screenwriter, director and executive producer. In addition to directing films, he has also worked on numerous projects as a producer, editor, cinematographer, assistant director and script supervisor for short films, TV shows, documentaries, commercials and music videos. His latest project as a director and screenwriter is the documentary series “Newsroom”.

Trajce Antonovski

Trajce Antonovski

Cinematographer

Trajce Antonovski is a cameraman and part of the cinematographers of the documentary series Newsroom. Antonovski has been working for more than 10 years on the visual realization of sports competitions under the auspices of UEFA and EHF. He worked in the newsroom of A1 and the NOVATV portal, and was part of the team for the realization of the political shows “Eurozum”, “Provereno”, as well as numerous entertainment projects such as the popular quiz “Who wants to be a millionaire”, “50-50 ” and other projects. In IRL Macedonia, he is part of the team in charge of filming the stories.

Gorjan Atanasov

Gorjan Atanasov

Video editor and producer

Gorjan Atanasov is a film and TV video editor with more than 8 years of experience in the film and television industry. Atanasov has worked on several features and documentary projects. As an editor, he has signed 6 short feature films, 2 feature-length documentaries, and currently he works in IRL as a video editor for the documentary series “Newsroom” and short video stories and multimedia projects of the organization.

The “Postal Bank” case dates back more than two decades. For just as long, investigators have examined the privatization of the country’s first state bank. The case was reopened in 2018 by the then Special Public Prosecutor’s Office (SPO). After the dissolution of the SPO, however, the case was transferred to the Prosecutor’s Office for the Prosecution of Organized Crime and Corruption.

On June 13, 2024, the Criminal Court in Skopje halted the proceedings, citing the controversial amendments to the Criminal Code adopted by the government of SDSM and DUI. The case had been conducted against businessman Tome Glavchev, current president of the Basketball Federation of Macedonia; Ratko Dimitrovski, former mayor of Kochani from VMRO-DPMNE; and the lawyer Zoran Shuklev.

They were prosecuted on charges of abuse of official position and money laundering. The oversight established that the Criminal Court’s decision did not specify under which article of the Criminal Procedure Code the proceedings had been terminated.

The Prosecutor’s Office for the Prosecution of Organized Crime and Corruption, dissatisfied with the ruling, filed an appeal, arguing that Glavchev, Dimitrovski, and Shuklev should at minimum face accountability for the offense of money laundering.

However, High Public Prosecutor Jovan Cvetanovski waived the right to pursue the appeal before the Court of Appeal. He justified this decision through an official note, yet the oversight concluded that the reasons given for withdrawing the appeal were contradictory and unclear.

“Public Prosecutors Lile Stefanova and Elvin Veli believe that by withdrawing the appeal of the Basic Public Prosecutor’s Office for the Prosecution of Organized Crime and Corruption, the public prosecutor from the Higher Public Prosecutor’s Office Skopje did not act professionally, expertly and legally,” the report states.

Prosecutor Dzelal Bajrami, however, assessed that Cvetanovski had acted within his competencies. With the appeal withdrawn, the Court of Appeal no longer had the opportunity to consider the case. The proceedings were effectively closed.

The second case concerns illegal construction in the village of Zelenikovo involving Dragan Pavlovik-Latas and his two brothers, Zvezdan and Srdzan Pavlovik. On July 4, 2019, the Criminal Court acquitted them of all charges. The same verdict was reached again during the retrial on July 18, 2022.

The Public Prosecutor’s Office in Skopje filed an appeal. On October 10, 2023, the appeal was accepted and a hearing was scheduled before the Skopje Court of Appeal. On November 6, 2023, the case was formally presented at the Public Prosecutor’s Office. Present at the session were the then State Public Prosecutor Ljubomir Joveski, public prosecutors Ferat Elezi and Sonja Simovska, and high public prosecutors Mustafa Hajrullahi and Jovan Cvetanovski.

“The conclusion from the presentation was that the public prosecutor representing the case at the Court of Appeal should propose commissioning an expert examination to determine whether the actions taken in the construction works constituted preparatory acts and to establish the date when construction began. An expert witness should be summoned to the main hearing to clarify the open questions,” the oversight report from the Skopje Higher Public Prosecutor’s Office states.

The very next day, the defense for the Pavlovik brothers submitted a new piece of evidence to the Court of Appeal — an expert report and opinion prepared by a defense-appointed expert witness. Cvetanovski requested that the hearing be postponed so he could cross-examine the expert. However, according to the oversight findings, what followed raised serious concerns.

“The public prosecutor at the hearing did not ask the questions he had previously announced in the record from November 7, 2024, and the questions that were posed did not elicit answers from the expert on the disputed issues raised during the presentation before the Public Prosecutor’s Office of the Republic of North Macedonia,” the report states.

Cvetanovski also failed to follow the instructions issued during the internal prosecutorial meeting at the prosecution office to commission an independent expert examination. Instead, he accepted the expert report submitted by the defense.

“The public prosecutor acted contrary to Article 37 of the Rulebook on Internal Operations of Public Prosecutor’s Offices, according to which the position and opinion adopted after the presentation are binding for the lower public prosecutor’s office,” prosecutors Lile Stefanova and Elvin Veli wrote in the oversight report.

However, the third member of the supervisory commission, Dzelal Bajrami, disagreed. He concluded that Cvetanovski had acted in accordance with the conclusions adopted during the presentation at the internal prosecutorial meeting.

The third case examined during the oversight concerns the “Serta” case, involving public tenders for cleaning government institutions. The case reached the Higher Public Prosecutor’s Office after the Basic Public Prosecutor’s Office filed an appeal against a decision of the Criminal Court.

When reviewing the indictment, the Criminal Court accepted the objections raised by the accused Spaso Gjorgiev and the company “Serta,” who were prosecuted for abuse of procedures in a public procurement call. On January 29, 2024, the Basic Public Prosecutor’s Office appealed that decision.

It was in connection with this case that a report emerged of pressure being exerted on an official at the Skopje Higher Public Prosecutor’s Office responsible for registration and allocation of cases. According to her testimony, she received instructions from the then head of the Higher Prosecutor’s Office, Mustafa Hajrullahi, indicating which prosecutor should be assigned to the case.

“For the ‘Serta’ case, I was told to register it and assign it to public prosecutor Jovan Cvetanovski,” said Daniella Lape, an employee in the Skopje Higher Public Prosecutor’s Office. Her testimony is included in the oversight report.

At the Court of Appeal hearing on April 9, 2024, high prosecutor Cvetanovski withdrew the appeal.

“An inspection of the official note dated April 9, 2024 shows that the public prosecutor analyzed the evidence attached to the indictment, which is contrary to the provisions of the Criminal Procedure Code, Articles 336 and 337, given the stage of the proceedings in which the case was at the time,” the oversight report states.

This interpretation is consistent with the Supreme Court's legal opinion issued on December 7, 2021, which states that the Council responsible for reviewing an indictment does not analyze the evidence or assess its quality. Its role is limited to determining whether evidence has been obtained unlawfully — an issue that should have been the focus of Cvetanovski’s argument.

“A judgment of the Supreme Court of the Republic of North Macedonia was issued in this case on September 11, 2024. In that ruling, the court established a violation of the law in favor of the defendants. The judgment further states that the violation committed by the Council reviewing the indictment could have been remedied if the high public prosecutor had not withdrawn the appeal,” the oversight document notes.

In their conclusions regarding this case, the public prosecutors Lile Stefanova and Elvin Veli wrote that by withdrawing the appeal, prosecutor Cvetanovski did not act professionally, competently, or in accordance with the law. They further stated that he engaged in an analysis of evidence and the existence of intent to commit a criminal offense — matters that fall within the exclusive authority of the court. Nevertheless, the public prosecutor Dzelal Bajrami again took the position that Jovan Cvetanovski had acted within the scope of his authority.

The fourth case selected for additional scrutiny also involved the prosecutor assigned Roman numeral II — Jovan Cvetanovski. At first glance, it appeared routine: a case concerning the illegal serving of alcoholic beverages to a minor.

The court in Negotino found Gjorgji Lazov, Ilija Vangelov, and the company DPTU “S.O.S. Obezbeduvanje (Security)” DOO Negotino guilty. The defendants challenged the verdict, filing an appeal that moved the case to the Higher Public Prosecutor’s Office in Skopje.

On February 3, 2023, the Skopje Court of Appeal overturned the ruling and returned the case for retrial. Prosecutor Jovan Cvetanovski did not attend the public hearing at the appellate court, despite the fact that the Higher Prosecutor’s Office in Skopje had previously concluded that the defendants’ appeals were unfounded.

On May 8, 2023, the court in Negotino issued a new verdict, again finding the defendants guilty. The defendants once more appealed the decision.

“On August 23, 2023, the public prosecutor at the Higher Public Prosecutor’s Office in Skopje, Jovan Cvetanovski, submitted a written proposal KOŽ.no. 1187/23 to the Skopje Court of Appeal, proposing that the defendants’ appeals be rejected as unfounded,” the oversight report states.

In that submission, Cvetanovski argued that the retrial had been conducted in accordance with the appellate court’s instructions and that the deficiencies identified in the initial proceedings had been fully addressed.

Yet only months later, his position shifted.

“At the hearing on 26 December 2023, the public prosecutor withdrew the indictment. From the review of the Skopje Court of Appeal’s judgment, it is evident that no new evidence was presented during the hearing and nothing altered the factual situation compared to the moment when the written proposal had been submitted,” the oversight report notes.

On the same day — December 26, 2023 — Cvetanovski drafted an official note stating that he had withdrawn the indictment because there was insufficient evidence to support the criminal offense.

The three prosecutors who conducted the oversight — Lile Stefanova, Elvin Veli, and Dzhelal Bajrami — reached a rare point of consensus regarding this decision. In earlier cases examined during the oversight, Bajrami had taken the view that Cvetanovski’s actions fell within his legal authority. In this instance, however, he concluded otherwise.

“Public prosecutors Lile Stefanova, Elvin Veli and Dzhelal Bajrami believe that, taking into account the written proposals in both proceedings and the positions expressed in them, and in a situation where no new evidence was presented at the main hearing, by dropping the indictment the public prosecutor did not act professionally, expertly and legally,” the oversight report states.

Despite this joint assessment, the 20-page oversight report ultimately carried only two signatures — those of Lile Stefanova and Elvin Veli.Dzhelal Bajrami did not sign the document, which was later submitted to then–State Public Prosecutor Ljupco Kocevski.

Attached to the report were Bajrami’s own official note, as well as a separate report from five employees describing how Mustafa Hajrullahi, while serving as head of the office, allegedly pressured them over the registration and allocation of cases within the Higher Public Prosecutor’s Office in Skopje.