Has Serbia hacked the phones of activists, journalists? Why? , spy news
Amnesty International has revealed that Serbian intelligence and police have hacked the phones of Serbian activists and journalists using Israeli spyware and other mobile device forensic tools.
Amnesty said on Monday that the software was being used “to unlawfully target journalists, environmental activists and other individuals in covert surveillance campaigns”.
It said many of those targeted were not arrested or charged with a crime.
The Serbian security intelligence agency, known as the BIA, rejected allegations that the spyware was used illegally.
“The forensic tool is used in a similar manner by other police forces around the world,” it said in a statement. “Therefore, we are not even able to comment on the nonsensical allegations from their (Amnesty’s) text, just as we do not normally comment on similar content.”
So what has happened in Serbia and what does it mean?
How did the use of spyware come to light?
According to Amnesty’s 87-page report titled A Digital Prison: Surveillance and the Suppression of Civil Society in Serbia, freelance journalist Slaviša Milanov was taken to a police station following a routine traffic stop in February.
When Milanov got his phone back after the police interview, he noticed that both the data and Wi-Fi settings had been disabled. Recognizing this as a possible sign of hacking, Milanov contacted Amnesty International’s security lab and requested an examination of his mobile device.
The lab found digital traces of software group Cellebrite’s Universal Forensic Extraction Device (UFED) technology, which appears to have been used to unlock Milanov’s Android device.
It also found spyware that Amnesty said was previously unknown – a program called NoviSpy – which was installed on Milanov’s phone.
Milanov said he was never advised that police wanted to search his phone and that police did not provide any legal justification for doing so. He said he did not know what specific data was extracted from his phone.
Amnesty said the use of this type of technology without proper authorization is “illegal”.
“Our investigation reveals how the Serbian authorities have deployed surveillance technology and digital repression tactics as a means of widespread state control and repression against civil society,” said Dinusika Dissanayake, Amnesty International’s deputy regional director for Europe. Said.
What did Amnesty’s investigation find?
Amnesty International’s investigation produced two important findings. First, she found “forensic evidence” indicating the use of Cellebrite technology to access the journalist’s device.
Cellebrite, an Israel-based digital intelligence company, produces legitimate data extraction technology widely used by law enforcement departments globally, particularly in the United States.
In response to Amnesty’s report, Cellebrite issued a statement saying: “We are investigating the claims made in this report and stand ready to take measures in line with our ethical values and contracts, including with any relevant agencies. “This also includes ending celebrity relationships.”
Amnesty also found another type of spyware on the journalist’s phone. It is not clear who created NoviSpy or where it came from.
It appears that this technology is capable of allowing attackers to remotely access infected smartphones and extract confidential information.
The report found that NoviSpy, which can be used to recover data from Android devices, can also provide unauthorized control over the device’s microphone and camera, posing significant privacy and security risks.
The Amnesty report said: “Analysis of multiple NoviSpy spyware app samples recovered from infected devices showed that all communicated with servers hosted in Serbia to receive commands and surveil data. Specifically, one of these spyware samples was configured to connect directly to an IP address range directly associated with Serbia’s BIA.
NoviSpy works similarly to commercial spyware like Pegasus, a sophisticated spyware developed by Israeli cyberintelligence firm NSO, which was involved in a hacking scandal exposed in 2020.
According to the report, the NoviSpy program infiltrates devices, capturing a series of screenshots showing sensitive information such as the contents of email accounts, Signal and WhatsApp conversations, as well as social media interactions.
In another incident reported by Amnesty International in October related to Novispy software, Serbian authorities arrested a worker for the Belgrade-based NGO Krokodil, a non-partisan civil society organization that focuses on culture, literature and social activism. Called the BIA office.
While the worker was in the interview room, the worker’s Android phone was left unattended outside. Subsequent forensic investigation by Amnesty International’s Security Lab revealed that NoviSpy spyware had been secretly installed on the device during this period.
Why are journalists and activists being targeted?
Amnesty International and other human rights organizations say that spyware attacks are used to curb news media independence and impose blanket controls on communications within countries.
“This is an incredibly effective way to completely discourage communication between people. Anything you say can be used against you, which is crippling on both a personal and professional level,” said an activist targeted by the Pegasus spyware and who was referred to as “Branco” in the report. Amnesty said it had changed some names to protect the identities of the individuals.
One activist targeted by the Pegasus spyware, “Goran” (whose name was also changed), said: “We are all in a digital prison, a digital gulag. We have the illusion of freedom, but in reality we have no freedom. This has two effects: either you choose self-censorship, which deeply impacts your ability to do your job, or you choose to speak out regardless, in which case, you have to suffer the consequences. to be ready will be.
Amnesty said spyware could also be used to intimidate or prevent journalists and activists from providing information about those in power.
In February, Human Rights Watch (HRW) published findings that from 2019 to 2023, Pegasus spyware was used to target at least 33 individuals in Jordan, including journalists, activists, and politicians. HRW focused on a report by Access Now, a US-based non-profit organization focusing on online privacy, freedom of speech and data security.
That report, which was based on a collaborative forensic investigation with Citizen Lab, a Canadian academic research centre, uncovered evidence of Pegasus spyware on mobile devices. Some equipment was found infected multiple times.
However, the investigation was unable to determine which specific organizations or countries were responsible for carrying out these attacks.
“Surveillance technologies and cyber weapons such as NSO Group’s Pegasus spyware are being used to target human rights defenders and journalists, intimidate and discourage them from their work, to infiltrate their networks, and against other targets,” the report said. It is done to gather information.”
“Targeted surveillance of individuals violates their rights to privacy, freedom of expression, association and peaceful assembly. It also creates a chilling effect, forcing individuals to self-censor and discontinue their activism or journalistic work for fear of retribution.
Is the use of spyware legal?
It depends on the laws of each country.
Article 41 of the Constitution of Serbia guarantees the confidentiality of individuals’ correspondence and other forms of communication in order to protect personal privacy. As in other countries, retrieval of data from devices is permitted under Serbia’s Code of Criminal Procedure, but is subject to restrictions – such as being ordered by a court.
Amnesty International reports: “Serbia’s Code of Criminal Procedure does not use the term ‘digital evidence’, but it does consider computer data that can be used as evidence in criminal proceedings as a document (“isprava”). Can be used as.
“Surveillance of communications, including digital data, can be achieved through common evidence measures, such as inspection and search of mobile devices or other devices that store digital records. These measures are usually not covert and are carried out with the knowledge and presence of a suspect.
The BIA and police are also entitled to covertly monitor communications to gather evidence for criminal investigations, but this type of surveillance is also regulated under the Code of Criminal Procedure.
Experts said that due to the complexity of laws in different countries, it may be difficult to definitively prove whether data has been extracted illegally.
There is international precedent regarding how spyware can be used. Article 17 of the International Covenant on Civil and Political Rights states:
- No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation.
- Everyone has the right to the protection of the law against such interference or attacks.
By June, 174 countries, including Serbia, had ratified the treaty, making it one of the most widely adopted human rights treaties.
Who else has been targeted by spyware in recent years?
- In October, 2023Amnesty International’s security lab revealed that two prominent journalists were targeted by Pegasus spyware through their iPhones. The victims were Siddharth Varadarajan, founding editor of The Wire, and Anand Manganale, South Asia editor of the Organized Crime and Corruption Report Project. It is not known who was responsible.
- in 2022HRW reported that Lama Fakih, a senior staff member and director of HRW’s Beirut office, was subjected to multiple cyberattacks in 2021 using the Pegasus spyware. Pegasus had allegedly infiltrated Fakih’s phone on five occasions from April to August that year. Fakih, who oversees HRW’s crisis response in countries including Afghanistan, Ethiopia, Israel, Myanmar, the occupied Palestinian territories, Syria and the US, was targeted by an unknown party for unknown reasons.
- in 2020A collaborative investigation by the human rights group Access Now, the University of Toronto’s Citizen Lab, and independent researcher Nikolai Kvantliani of Georgia found that journalists and activists in Russia, Belarus, Latvia, and Israel, as well as a number of people living in exile in Europe, were targeted. Was created. Pegasus spyware. These attacks began in early 2020 and intensified following Russia’s full-scale invasion of Ukraine in 2022. Citizen Lab also identified a series of attacks on journalists and activists in El Salvador. It is not known who was responsible for the spyware attacks.
- in 2018Jamal Khashoggi, a prominent Saudi journalist, columnist for The Washington Post and outspoken critic of the Saudi Arabian government, was murdered and dismembered inside the Saudi Consulate in Istanbul, Turkey. Subsequent investigation revealed that Pegasus spyware was deployed to conduct surveillance on several people close to Khashoggi.