Spyware in the Balkans: Serbia Turning Phones into Tools of Oppression, Amnesty Report

December 17, 2024 | Cybersecurity

By Ashwani Mishra, Editor-Technology, 63SATS

In an era when technology promises empowerment and progress, Serbia’s use of advanced spyware tools against journalists, activists, and environmental advocates paints a chilling picture of state-controlled surveillance.

An Amnesty International investigation reveals how Israeli-made Cellebrite forensic tools and a bespoke Android spyware, NoviSpy, have been deployed by Serbian authorities to dismantle the freedom of civil society, turning personal devices into instruments of oppression.

The findings, detailed in the report “A Digital Prison: Surveillance and the Suppression of Civil Society in Serbia,” draw attention to how technology designed for lawful investigations is being weaponized to suppress dissent, extract private data, and intimidate citizens under the guise of maintaining state security.

A Plot Straight Out of a Spy Thriller

Imagine a scene from a Cold War movie: a journalist is arrested under a dubious pretext, their phone is confiscated during questioning, and without their consent, state agents exploit vulnerabilities to infiltrate their device. But this isn’t fiction; it’s happening in modern Serbia.

Balkan 63 Sats Cybersecurity India

Image: Composite image created by Amnesty International using photos provided by SviĆe and Dragan Gmizic

According to the report, in February 2024, Serbian journalist Slaviša Milanov experienced this firsthand. Detained under the guise of a DUI test, Slaviša surrendered his Android phone to authorities. Upon release, subtle changes to his device aroused suspicion. A forensic analysis by Amnesty International confirmed his fears: Serbian police used Cellebrite’s UFED suite to bypass the phone’s security and covertly install NoviSpy, a previously unknown spyware.

SLAVISA 63 Sats Cybersecurity India

IMAGE: Forensic traces for Cellebrite and NoviSpy use on Slavisa’s phone

Cellebrite and NoviSpy

Cellebrite, an Israeli-founded company, markets itself as a global leader in mobile forensic technology. Its UFED products are widely used by law enforcement to unlock and extract data from mobile devices. However, in Serbia, this technology has enabled a darker purpose: installing NoviSpy spyware on activists’ devices to monitor communications, access private data, and even activate microphones and cameras remotely, as per the report.

The report states that unlike Pegasus, NoviSpy is less advanced but no less invasive. Once installed, it grants Serbian authorities extensive surveillance capabilities, turning smartphones into silent informants.

Amnesty International’s findings show that Serbian authorities often exploit zero-day vulnerabilities—security flaws not yet addressed by developers—on Android devices to bypass protections and install the spyware.

How Digital Surveillance Unfolds

The Amnesty report reveals a systematic strategy by Serbian police and intelligence agencies:

Target Selection: Activists, journalists, and dissenters are often summoned for police interviews or detained under dubious pretenses.

Device Seizure: Phones are confiscated during these encounters.

Exploit Deployment: Cellebrite tools are used to unlock devices, exploiting vulnerabilities to bypass security measures.

Spyware Installation: NoviSpy is covertly installed, allowing authorities to harvest private data and monitor real-time activity.

The implications are staggering. In one case, an environmental activist’s Samsung Galaxy S24+ was infected with NoviSpy during a police interview. The spyware captured screenshots of email accounts, Signal messages, and social media activity, effectively turning the activist’s phone into a surveillance device.

A “Digital Prison” for Serbian Activists

For civil society in Serbia, the impact of such invasive tactics goes far beyond individual privacy violations.

Psychological Toll: Activists report heightened anxiety, paranoia, and isolation.

Self-Censorship: Fear of being monitored discourages open communication, stifling advocacy efforts.

Trust Erosion: The pervasive use of surveillance technology creates an environment where citizens distrust both the state and digital tools.

One activist described it poignantly: “We live in a digital gulag. The illusion of freedom masks the reality that everything we say or do is subject to scrutiny.”

Accountability in the Crosshairs

Cellebrite and the Serbian government deny wrongdoing, but their responses leave more questions than answers. Cellebrite claims its tools are licensed for lawful use, requiring proper legal oversight. Yet Amnesty’s findings highlight glaring gaps in enforcement and oversight, enabling misuse of these powerful tools.

Meanwhile, the Serbian government has yet to respond to the report, raising concerns about its commitment to accountability.

A Global Warning

The misuse of Cellebrite tools and NoviSpy in Serbia is not just a local issue. As digital forensic tools become more sophisticated and widely available, the potential for abuse grows. Without strict legal frameworks and oversight, such technologies risk being weaponized against the very freedoms they are meant to protect.

Echoes of “The Lives of Others”

This story brings to mind Florian Henckel von Donnersmarck’s “The Lives of Others,” a film that chronicles the Stasi’s invasive surveillance tactics in East Germany.

Like the Stasi agents monitoring dissenters’ every word, modern-day surveillance tools like Cellebrite and NoviSpy give authoritarian regimes unprecedented power to infiltrate lives. But while “The Lives of Others” is set in the 1980s, Serbia’s digital surveillance is unfolding today, powered by cutting-edge technology.