A report provides a detailed overview of the use or procurement of highly invasive spyware by the Serbian authorities over the past decade. The testimonies are supported by detailed forensic analysis of the mobile devices of twenty activists and journalists conducted by Amnesty International’s Security Lab.

Amnesty International has just published a report titled “Digital Prison: Surveillance and Repression of Civil Society in Serbia” which reveals how the Serbian authorities, through the Security Information Agency (BIA) and the police, have illegally spied on the mobile phones of activists who organized protests, members of non-governmental organizations, and independent journalists, Radar learns. The report was submitted to the Government of Serbia before publication but, as the report states, it did not provide any comment.

The findings reveal the widespread and routine use of invasive spyware, including the NSO Group’s Pegasus spyware, along with a new domestic spyware system, NoviSpy for Android devices, which was first discovered in this report. They also note the widespread misuse of the Cellebrite UFED mobile forensic tool against environmental activists and protest leaders in Serbia.

The BIA and the Serbian police, they say, have used NoviSpy and Cellebrite’s mobile forensic tools to target independent activists from think-tank organizations, peaceful demonstrators, and independent journalists. “The authorities in Serbia use these tools systematically against peaceful demonstrators who are already too often subjected to unjustified criminalization for their activism. This illegal practice of digital surveillance and data collection directed against civil society violates the human right to privacy and the protection of personal data, and has a profound impact on other rights and freedoms, including the right to freedom of expression, association, and peaceful assembly.”

Secretly installed on the mobile devices of three activists The findings in the report are based on detailed interviews conducted with 13 people who were directly targeted by spyware or mobile device data extraction products, as well as 28 representatives of civil society from across Serbia. They add that “their testimonies are supported by detailed forensic analysis of the mobile devices of twenty activists and journalists conducted by Amnesty International’s Security Lab.”

The report provides, as they say, a detailed overview of the history of the use or procurement of highly invasive spyware by the Serbian authorities over the past decade, including systems from companies Finfisher, NSO Group, and Intellexa. The infection occurred while the phones were temporarily taken from their owners and allegedly placed in lockers at police stations. Technical evidence suggests that over the past few years, dozens, if not hundreds, of unique devices have been targeted by NoviSpy spyware.

Specific examples and expert opinions are given. The research shows that the NoviSpy spyware was secretly installed on the mobile devices of three activists and one independent journalist during interviews with the Serbian police or BIA. The infection occurred while the phones were temporarily taken from their owners and allegedly placed in lockers at police stations. Technical evidence suggests that over the past few years, dozens, if not hundreds, of unique devices have been targeted by NoviSpy spyware.

It describes how, in February 2024, Slaviša Milanov, an independent journalist from Dimitrovgrad in Serbia who covers local issues, was taken to a police station after a seemingly routine traffic stop. It is added that he immediately noticed something was wrong with his phone and contacted Amnesty’s Security Lab. “Forensic analysis revealed that a Cellebrite product was used to unlock the device… Amnesty International discovered traces of previously unknown spyware, called NoviSpy, which enables the collection of sensitive personal data after the target phone is infected, as well as remote activation of the microphone or camera. Forensic evidence suggests that the spyware was installed using Cellebrite’s device unlocking technology while the Serbian police were in possession of Slaviša’s device. The combination of these two highly invasive technologies was used to target the device of an independent journalist, leaving almost his entire digital life accessible to the Serbian authorities.”

It then describes how, in October 2024, an activist from the Belgrade NGO Krokodil was invited to the BIA office to provide information about an attack on this organization, and it is added: “During the conversation, her phone was left unattended outside the interrogation room. Subsequent forensic analysis conducted in Amnesty’s Security Lab found evidence that NoviSpy spyware for Android devices was installed at that very moment.”

The Norwegian Ministry of Foreign Affairs states that it considers it “a worrying possibility that digital forensic tools procured through a project funded by Norway have been misused to target representatives of civil society in Serbia.”

It is then stated that the analysis of several samples of the NoviSpy spyware found on infected devices showed that they all communicated with servers in Serbia to receive commands and track data. “Interestingly, one of these spyware samples was configured to connect directly to an IP address that is linked to the Security Information Agency of Serbia. The research also showed that the configuration data embedded in the spyware sample leads to an employee of the BIA who was previously involved in Serbia’s efforts to procure Android spyware from the now defunct company Hacking Team.”

Under the surveillance of non-governmental organizations, activists, and independent journalists Amnesty International interviewed, as stated in the report, nine activists who were detained or interrogated between July and November 2024, and whose phones and computers were temporarily seized by the police and subjected to detailed searches. “Activists suspect that these intrusive investigative measures, which appear legitimate under Serbian law, were more of an excuse for the police and intelligence services to learn more about their social networks and future plans, rather than an intention to pursue criminal prosecution.” It is also stated that the report “is being published at a time when state repression is intensifying and the state of freedom of expression and open dialogue in the country is increasingly unfavorable.”

The research also showed that the configuration data embedded in the spyware sample leads to an employee of the BIA who was previously involved in Serbia’s efforts to procure Android spyware from the now defunct company Hacking Team.

“Serbia has experienced several large waves of protests against the government since 2021, and each of them has provoked increasingly harsh reactions – from continuous and violent campaigns against critical NGOs, media outlets, and journalists, to legal repression directed against citizens who peacefully organize and participate in political dissatisfaction.”

The chapter entitled “Inadequate Legal and Oversight Framework for Digital Surveillance in Serbia” describes the additional problems faced by NGOs, activists, and independent journalists.

The chilling effect on activists is described, and it is stated that they “told Amnesty International that knowing they had been targeted made them feel violated, vulnerable, and isolated, and forced them to reconsider or change their behavior. Some have become more cautious when it comes to public expression on controversial issues, while others have decided to be less vocal or stop activism altogether.”

The Norwegian Ministry of Foreign Affairs was made aware of the report before its publication, as was the Norwegian Ministry of Foreign Affairs, which donated the Cellebrite UFED technology, and the United Nations Office for Project Services (UNOPS), which was responsible for the procurement for which Norwegian grant funds were used for the needs of the Ministry of the Interior. The Norwegian Ministry responded, and although the report states that “they did not conduct an adequate in-depth analysis to assess and mitigate the potential human rights risks of this technology, nor did they provide safeguards against its misuse or threats to civil society and independent journalists.” Further criticism is leveled: “the Norwegian government and UNOPS had an obligation to exercise oversight and conduct in-depth analysis when procuring highly invasive technology and transferring it to Serbian institutions. By failing to do so, they enabled and contributed to violations of the human rights to privacy, freedom of expression, association, and peaceful assembly through the use of unlawful digital surveillance.”

An activist from the Belgrade NGO Krokodil was invited to the BIA office to provide information about an attack on this organization, and it is added: “During the conversation, her phone was left unattended outside the interrogation room. Subsequent forensic analysis conducted in Amnesty’s Security Lab found evidence that NoviSpy spyware for Android devices was installed at that very moment.”

FOLLOW US ON FACEBOOK:

Then it describes the response: “The Norwegian Ministry of Foreign Affairs states that it considers it a worrying possibility that digital forensic tools procured through a project funded by Norway have been misused to target representatives of civil society in Serbia‚ and adds that, if these allegations were true, [it] would constitute a clear violation of the principles of Norwegian development assistance, as well as the agreed purpose of the support provided to the Serbian authorities at the time. The Ministry added that it expects UNOPS, which was responsible for all project activities, to conduct a thorough investigation into the alleged misuse.”

The conclusion of the report states: “Serbia must commit to immediately cease the use of highly invasive spyware and conduct a prompt, independent, and impartial investigation into all documented and reported cases of unlawful digital surveillance.”

Reaction of the Belgrade Centre for Security Policy (BCSP) The Belgrade Centre for Security Policy (BCSP) in its statement strongly condemned the misuse of digital technologies for surveillance of citizens by the Serbian authorities. “In the midst of civil protests across Serbia, the authorities are not only ignoring the legitimate demands of citizens but are also increasing repression through digital surveillance… This means that technologies that were developed to fight crime and that should be used to improve the security of citizens, the Serbian authorities are using to suppress the voices of citizens and intimidate anyone who dares to speak out. Security institutions have misused the financial assistance provided by Western partners for the use of the most advanced technology in the fight against organized crime. The report points to the misuse of donations coming from abroad, which have enabled the Serbian authorities to access technologies such as Cellebrite without adequate checks and safeguards. This once again raises the question of how and for what purpose EU donations, its member states, and other countries are being spent. This case shows that they are being used by the corrupt and authoritarian authorities in Serbia to suppress the basic rights.

READ MORE:

MAJA RUEGER, PSYCHOTHERAPIST: Why are we surrounded by gold diggers and how do social media affect relationships?

NEW BISHOP SERAFIM OF CHICAGO: If we live by one commandment, nothing in life will be difficult for us. Not even preserving family, children, and friends in difficult times (VIDEO)

SERBIAN CHILDREN IN CHICAGO WILL STUDY IN THE BEST SCHOOL IN THE WORLD! “Nikola Tesla” School opens, with the most innovative methods and no woke culture (VIDEO)

Source: Radar, Photo: Goran Srdanov/Nova.rs

Leave a comment

Your email address will not be published. Required fields are marked *