Serbia used Israeli firm’s tech to enable spy campaign, Amnesty says

Share This Post


Serbian officials installed homegrown spyware on the phones of dozens of journalists and activists, Amnesty International said in a report released on Monday (16 December), citing digital forensic evidence and testimony from activists who said they were hacked in recent months.

In two cases, software provided by Israeli surveillance company Cellebrite DI Ltd was used to unlock phones prior to infection, the report said.

The Serbian spyware, dubbed “NoviSpy” by Amnesty, then took covert screenshots of mobile devices, copied contacts, and uploaded them to a government-controlled server, the report said.

“In multiple cases, activists and a journalist reported signs of suspicious activity on their mobile phones directly following interviews with Serbian police and security authorities,” Amnesty said.

Serbia’s interior ministry, foreign ministry and intelligence agency BIA did not respond to requests for comment made on 12 December.

Cellebrite products are widely used by law enforcement, including the FBI, to unlock smartphones and scour them for evidence. Cellebrite Chief Marketing Officer David Gee said it was investigating the Amnesty allegations.

“Should those accusations be accurate, that could potentially be in violation of our end user license agreement,” Gee told Reuters. If that were the case, Gee said, Cellebrite could suspend the use of its technology by Serbian authorities.

Putting surveillance software on devices “is absolutely not what we do”, Gee said. He added that Cellebrite had begun contacting Serbian officials but declined to provide further details.

Forensic experts

One of the activists featured by Amnesty in the report said they had noticed the contacts on their phone had been exported immediately after a meeting with the BIA.

The activist told Reuters they showed their phone to digital forensic experts, who discovered the NoviSpy spyware had exported their contacts and sent private photos from their device to a BIA-controlled server.

According to Amnesty, Serbia received phone-cracking devices from Cellebrite as part of a broader package of assistance designed to help Serbia meet the requirements for integration into the European Union.

That package, which was funded by the Norwegian government and administered by the United Nations Office for Project Services (UNOPS), was provided to the Serbian interior ministry from 2017 to 2021 in order to help Serbia fight organised crime, the report said.

The Norwegian government temporarily ceased delivery of Cellebrite devices to Serbia in 2018, Amnesty said. The Norwegian Embassy in Belgrade also raised concerns about the programme, the report added, but UNOPS eventually delivered the devices in June 2019.

“The claims made in the report are alarming and, if correct, unacceptable,” Norway’s deputy foreign minister, Maria Varteressian, told Reuters. “We will meet Serbian authorities as well as UNOPS later this month to get further information on the matter”.

“We expect UNOPS to investigate the allegations,” she added.

UNOPS said in a statement it welcomed Amnesty’s report and said the agency had in the years since 2017 “further enhanced mechanisms to assess and mitigate potential adverse effects.” The agency did not elaborate on those measures.





Source link

spot_img

Related Posts

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China’s Sophgo to...

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go...

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to...

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove...

North Koreans Stole $1.34bn In Crypto This Year

North Korea-liked hackers have stolen a record $1.34bn...
spot_img