Serbia used Israeli firm's tech to enable spy campaign, Amnesty says
World
Serbia used Israeli firm’s tech to enable spy campaign, Amnesty says
BELGRADE/LONDON (Reuters) - Serbian officials installed homegrown spyware on the phones of dozens of journalists and activists, Amnesty International said in a report released on Monday, citing digital forensic evidence and testimony from activists who said they were hacked in recent months.
In two cases, software provided by Israeli company Cellebrite DI was used to unlock phones prior to infection, the report said.
The Serbian spyware, dubbed “NoviSpy” by Amnesty, then took covert screenshots of mobile devices, copied contacts, and uploaded them to a government-controlled server, the report said.
“In multiple cases, activists and a journalist reported signs of suspicious activity on their mobile phones directly following interviews with Serbian police and security authorities,” Amnesty said.
The Serbian intelligence agency BIA published a statement on its website Monday which said it operates within local laws and accused the Amnesty report of containing "nonsensical statements." Serbia’s interior ministry and foreign ministry did not respond to requests for comment.
Cellebrite products are widely used by law enforcement, including the FBI, to unlock smartphones and scour them for evidence. Cellebrite said it appreciated Amnesty's work and Chief Marketing Officer David Gee said the company was investigating the allegations.
“Should those accusations be accurate, that could potentially be in violation of our end user license agreement,” Gee told Reuters. If that were the case, Gee said, Cellebrite could suspend the use of its technology by Serbian authorities.
Putting surveillance software on devices “is absolutely not what we do”, Gee said. He added that Cellebrite had begun contacting Serbian officials but declined to provide further details.
FORENSIC EXPERTS
One of the activists featured by Amnesty in the report said they had noticed the contacts on their phone had been exported immediately after a meeting with the BIA.
The activist told Reuters they showed their phone to digital forensic experts, who discovered the NoviSpy spyware had exported their contacts and sent private photos from their device to a BIA-controlled server.
