Introduction
The Serbian government has been implicated in the unlawful surveillance of journalists, environmental activists [2] [4] [10], and civil society members through the use of advanced mobile forensics tools and spyware. This has raised significant human rights concerns and prompted calls for investigations and accountability.
Description
The Serbian government is employing advanced mobile forensics tools from the Israeli firm Cellebrite alongside a unique Android spyware system known as NoviSpy to conduct unlawful surveillance on journalists, environmental activists [2] [4] [10], and civil society members [3] [4] [9]. Reports indicate that Serbian police and intelligence services have utilized these technologies to covertly infect the devices of targeted individuals and extract data during detentions or police interviews. This invasive process has raised significant human rights concerns [9], particularly as authorities have detained civil society members under various pretenses [9], allowing them to exploit additional procedures that prolong detention and extend access to the individuals’ devices [9].
Notable targets of this surveillance include independent investigative journalist Slaviša Milanov and environmental activist Nikola Ristić [10], both of whom experienced breaches of their mobile devices. Forensic analysis confirmed that traces of the Cellebrite-NoviSpy combination were found on Milanov’s phone, indicating unauthorized access during his detention. Evidence suggests that the spyware was installed while the police had possession of Milanov’s phone [1], and similar incidents occurred with Ristić’s device during an interview with officials from the Security Information Agency (BIA). Testimonies from activists and journalists indicate that their phones were hacked during police detentions or questioning [8], marking the first documented instances of spyware infections facilitated by Cellebrite tools [3]. Additionally, an unnamed activist from the organization Krokodil had their phone infected with NoviSpy during a police interview.
Cellebrite’s UFED suite enables law enforcement to extract data from various mobile devices [2], including recent Android and iPhone models [2] [10], often without requiring access to device passcodes [10]. Although NoviSpy is less sophisticated than commercial spyware like Pegasus [4], it possesses significant surveillance capabilities [4], including the ability to capture sensitive data [2], take screenshots [5] [7] [8], copy contacts [7], and remotely activate a phone’s microphone or camera [2] [6]. Investigations have revealed that Serbian authorities exploited a zero-day vulnerability in Qualcomm chipsets, specifically CVE-2024-43047 [1], to facilitate the installation of NoviSpy [2] [4], bypassing security measures [2]. This vulnerability was later patched by Qualcomm in October 2024.
The spyware communicates with servers in Serbia [1], some linked to the BIA, and has been connected to a specific BIA employee involved in procuring Android spyware from the now-defunct vendor Hacking Team [1]. The spyware’s code included incrementing user IDs [3], indicating that over 20 individuals may have been infected within a short timeframe [3]. A version of NoviSpy dating back to 2018 was also found on VirusTotal [3], suggesting its development has been ongoing for several years [3]. Google has since removed the spyware from affected devices and notified the targets of the government-backed attack [1]. The impact of such surveillance tactics has left Serbian activists feeling traumatized [2], leading to widespread self-censorship within civil society [2]. Many have expressed feelings of anxiety and isolation due to the invasive nature of the surveillance [2], creating a chilling effect on free speech [4].
In response to the allegations [2], Cellebrite has stated that its products are intended for lawful use and require warrants for investigations [2]. However, the potential for misuse of Cellebrite’s technology to enable spyware deployment and extensive data collection outside of legitimate criminal investigations has been highlighted by human rights organizations. Amnesty International has called for the Serbian government to halt these invasive practices and for digital forensic companies like Cellebrite to ensure their technologies are not misused in ways that contribute to human rights abuses. The Belgrade Center for Security Policy has condemned the misuse of digital surveillance technologies and called for an independent investigation into these practices [5]. The United Nations Office for Project Services (UNOPS) is also conducting an investigation into the procurement of Cellebrite technology for Serbia’s Ministry of Interior [1], funded by the Norwegian Ministry of Foreign Affairs [1] [6].
Concerns about the misuse of these devices were raised by the Norwegian Embassy in Belgrade [7], leading to a temporary halt in their delivery in 2018 [7]. Norway’s deputy foreign minister expressed alarm over the allegations and called for an investigation into the matter [7]. The Serbian government has not responded to these findings [4], raising concerns about the use of digital surveillance tools to suppress civil liberties and intimidate human rights advocates [4]. The situation has escalated amid growing anti-government protests [5], with demands for accountability regarding corruption linked to a recent tragic incident [5]. The Serbian police and BIA have denied the allegations, asserting that their practices comply with national laws [5]. Additionally, the Serbian government has established close ties with Russian and Chinese intelligence agencies [5], framing their collaboration as a response to perceived threats from foreign influences [5].
Conclusion
The use of advanced surveillance tools by the Serbian government has sparked significant human rights concerns and led to calls for accountability and reform. The potential misuse of such technologies underscores the need for stringent oversight and regulation to prevent abuses. As investigations continue, the international community remains vigilant, emphasizing the importance of protecting civil liberties and ensuring that digital surveillance tools are not used to infringe upon human rights.
References
[1] https://www.helpnetsecurity.com/2024/12/16/serbian-government-used-cellebrite-to-unlock-phones-install-spyware/
[2] https://thegeopost.com/en/news/serbia-authorities-using-spyware-and-cellebrite-forensic-extraction-tools-to-hack-journalists-and-activists/
[3] https://techcrunch.com/2024/12/15/serbian-police-used-cellebrite-to-unlock-then-plant-spyware-on-a-journalists-phone/
[4] https://cybersecuritynews.com/authorities-use-novispy-spyware/
[5] https://apnews.com/article/serbia-amnesty-spying-protests-d35744f1fb9282aed8618934748dc93b
[6] https://cyberscoop.com/amnesty-international-exposes-serbian-polices-use-of-spyware-on-journalists-activists/
[7] https://www.bworldonline.com/world/2024/12/16/641792/serbia-used-israeli-firms-tech-to-enable-spy-campaign-amnesty-says/
[8] https://www.euronews.com/my-europe/2024/12/16/serbia-used-spyware-to-hack-phones-of-journalists-and-activists-amnesty-says
[9] https://www.theverge.com/2024/12/16/24322640/serbian-police-novispy-android-spyware-amnesty-international-cellebrite
[10] https://www.infosecurity-magazine.com/news/amnesty-accuses-serbia-spyware/
