Serbian officials installed homegrown spyware on the phones of dozens of journalists and activists, Amnesty International said in a report released on Monday, citing digital forensic evidence and testimony from activists who said they were hacked in recent months.
In two cases, software provided by Israeli surveillance company Cellebrite DI Ltd CLBT.O was used to unlock phones prior to infection, the report said.
The Serbian spyware, dubbed “NoviSpy” by Amnesty, then took covert screenshots of mobile devices, copied contacts, and uploaded them to a government-controlled server, the report said.
“In multiple cases, activists and a journalist reported signs of suspicious activity on their mobile phones directly following interviews with Serbian police and security authorities,” Amnesty said.
Serbia’s interior ministry, foreign ministry and intelligence agency BIA did not respond to requests for comment made on Dec. 12.
Cellebrite products are widely used by law enforcement, including the FBI, to unlock smartphones and scour them for evidence. Cellebrite Chief Marketing Officer David Gee said it was investigating the Amnesty allegations.
“Should those accusations be accurate, that could potentially be in violation of our end user license agreement,” Gee told Reuters. If that were the case, Gee said, Cellebrite could suspend the use of its technology by Serbian authorities.
Putting surveillance software on devices “is absolutely not what we do”, Gee said. He added that Cellebrite had begun contacting Serbian officials but declined to provide further details.
Forensic experts
One of the activists featured by Amnesty in the report said they had noticed the contacts on their phone had been exported immediately after a meeting with the BIA.
The activist told Reuters they showed their phone to digital forensic experts, who discovered the NoviSpy spyware had exported their contacts and sent private photos from their device to a BIA-controlled server.
According to Amnesty, Serbia received phone-cracking devices from Cellebrite as part of a broader package of assistance designed to help Serbia meet the requirements for integration into the European Union.
That package, which was funded by the Norwegian government and administered by the United Nations Office for Project Services (UNOPS), was provided to the Serbian interior ministry from 2017 to 2021 in order to help Serbia fight organized crime, the report said.
The Norwegian government temporarily ceased delivery of Cellebrite devices to Serbia in 2018, Amnesty said. The Norwegian Embassy in Belgrade also raised concerns about the program, the report added, but UNOPS eventually delivered the devices in June 2019.
“The claims made in the report are alarming and, if correct, unacceptable,” Norway’s deputy foreign minister, Maria Varteressian, told Reuters. “We will meet Serbian authorities as well as UNOPS later this month to get further information on the matter.”
“We expect UNOPS to investigate the allegations,” she added.
UNOPS said in a statement it welcomed Amnesty's report and said the agency had in the years since 2017 "further enhanced mechanisms to assess and mitigate potential adverse effects." The agency did not elaborate on those measures.