Amnesty International It has been revealed Phones belonging to Serbian activists and journalists were hacked by Serbian intelligence and police using Israeli spyware and other mobile forensic tools.
Amnesty International said on Monday that the software was being used to “unlawfully target journalists, environmental activists and other individuals in a covert surveillance campaign.”
She added that many of the targeted individuals have not been arrested or charged with any crime.
Serbia’s security intelligence agency, known as the BIA, rejected accusations that the spyware was used illegally.
“The forensic tool is used in the same way by other police forces around the world,” she said in a statement. “Therefore, we cannot even comment on the meaningless claims of (Amnesty International’s) text, just as we do not usually comment on similar content.”
So what happened in Serbia and what does it all mean?
How did the use of spyware come to light?
According to Amnesty International’s 87-page report titled “A Digital Prison: Surveillance and Repression of Civil Society in Serbia,” freelance journalist Slavisa Milanov was taken to a police station after what appeared to be a routine traffic stop in February.
When he retrieved his phone after an interview with police, Milanov noticed that its data and Wi-Fi settings were disabled. Realizing that this was a possible indicator of hacking, Milanov contacted Amnesty International’s security lab and asked to scan his mobile device.
The lab found digital traces of Cellebrite Software Group’s Universal Forensic Extraction Device (UFED) technology, which appears to have been used to unlock Milanov’s Android device.
It also found spyware that Amnesty International said was not previously known to it – a program called NoviSpy – which had been installed on Milanov’s phone.
Milanov said he was never informed that the police intended to search his phone and the police did not provide any legal justification for doing so. He said he did not know what specific data was extracted from his phone.
Amnesty International said that using this type of technology without obtaining a proper license is “illegal”.
“Our investigation reveals how Serbian authorities have deployed surveillance technology and digital repression tactics as tools of wider state control and targeted repression against civil society,” said Dinushika Dissanayake, Amnesty International’s Deputy Regional Director for Europe.
What did Amnesty International’s investigation find?
The investigation conducted by Amnesty International reached two important findings. First, it found “forensic evidence” indicating that Cellebrite technology was used to access the journalist’s device.
Cellebrite, a digital intelligence company based in Israel, produces data mining technology that is widely used legally by law enforcement departments globally, especially in the United States.
In response to Amnesty International’s report, Cellebrite issued a statement saying: “We are investigating the allegations in this report and are prepared to take action consistent with our ethical values and contracts, including terminating Cellebrite’s relationship with any relevant agencies.”
Amnesty International also found the second type of spyware on the journalist’s phone. It is not clear who created NoviSpy or where it comes from.
This technology appears to be able to allow attackers to remotely access and extract confidential information from infected smartphones.
The report found that NoviSpy, which can be used to retrieve data from Android devices, can also grant unauthorized control over a device’s microphone and camera, posing significant privacy and security risks.
“An analysis of multiple samples of NoviSpy spyware recovered from infected devices found that all of them contacted servers hosted in Serbia, to retrieve commands and monitoring data,” Amnesty International’s report said. “It is worth noting that one of these spyware samples was configured to connect directly to a domain. IP addresses directly associated with BIA in Serbia.
NoviSpy works similarly to commercial spyware such as Pegasusa sophisticated spyware developed by the Israeli cyber intelligence company NSO, which was involved in an attack Hacking scandal Most notable in 2020.
According to the report, NoviSpy infiltrates devices, taking a bunch of screenshots showing sensitive information such as contents of email accounts, Signal and WhatsApp chats as well as social media interactions.
In another incident reported by Amnesty International relating to NoviSpy in October, Serbian authorities summoned an activist from the Belgrade-based NGO Crocodile, a non-partisan civil society organization focusing on culture, literature and social activism, to the office BIA.
While the activist was in the interview room, the activist’s Android phone was left unattended outside. A subsequent forensic examination by Amnesty International’s Security Lab revealed that during this time, NoviSpy spyware was secretly installed on the device.
Why are journalists and activists targeted?
Amnesty International and other human rights organizations say spyware attacks are being used to limit media freedom and exert broader control over communications within countries.
“This is an incredibly effective way to completely discourage communication between people. Anything you say can be used against you, crippling you both personally and professionally,” said one activist targeted by the Pegasus spyware who was referred to in the report as “Branko.” Amnesty International has changed some names to protect individuals’ identities.
“We are all in a form of digital prison, or digital labor camps,” said Goran (whose name has also been changed), an activist who was also targeted by the Pegasus spyware. “We have the illusion of freedom, but in reality, we have no freedom at all. This has Two effects: You either choose to self-censor, which profoundly affects your ability to do the work, or you choose to speak up regardless, in which case, you have to be prepared to face the consequences.
Amnesty International said spyware may also be used to intimidate or deter journalists and activists from reporting information about people in power.
In February, Human Rights Watch (Human Rights Watch) Published results From 2019 to 2023, Pegasus spyware was used to target at least 33 individuals in Jordan, including journalists, activists and politicians. Human Rights Watch relied on a report issued by Access Now, a US-based non-profit organization that focuses on online privacy, freedom of expression, and data protection.
This report, which was based on a collaborative forensic investigation with Citizen Lab, a Canadian academic research centre, revealed evidence of the presence of Pegasus spyware on mobile devices. It has been shown that some devices have been infected multiple times.
However, the investigation was unable to identify the specific organizations or countries responsible for coordinating these attacks.
“Surveillance technologies and cyberweapons, such as NSO Group’s Pegasus spyware, are being used to target human rights defenders and journalists, intimidate and dissuade them from their work, infiltrate their networks, and collect information for use against other targets,” the report states.
“Targeted surveillance of individuals violates their rights to privacy, freedom of expression, association, and peaceful assembly. It also creates a chilling effect, forcing individuals to engage in self-censorship and cease their activism or journalistic work, for fear of retaliation.
Is the use of spyware legal?
It depends on the laws of each country.
Article 41 of the Constitution of Serbia guarantees the confidentiality of individuals’ correspondence and other forms of communication to protect individual privacy. As in other countries, data retrieval from devices is allowed under Serbia’s Code of Criminal Procedure but is subject to restrictions – such as a court order.
“Serbia’s Code of Criminal Procedure does not use the term ‘digital evidence’, but considers computer data that can be used as evidence in criminal proceedings to be a document (“esprava”), the Amnesty International report said.
“Surveillance of communications, including digital data, can be obtained through general evidentiary measures, such as searches and inspections of mobile devices or other equipment that store digital records. These measures are usually not confidential and are conducted with the knowledge and presence of the suspect.”
The Criminal Investigation Bureau and the police also have the right to secretly monitor communications to collect evidence for criminal investigations, but this type of surveillance is also subject to the Code of Criminal Procedure.
Experts said that due to the complexity of different countries’ laws, it may be difficult to prove whether data was extracted illegally.
There is international precedent regarding how spyware is used. Article 17 of the International Covenant on Civil and Political Rights states:
- No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to any unlawful attacks on his honor or reputation.
- Every individual has the right to the protection of the law against such interference or attacks.
As of June, 174 countries, including Serbia, had ratified the Covenant, making it one of the most widely adopted human rights treaties.
Who else has been targeted by spyware in recent years?
- In October 2023Amnesty International’s Security Lab has revealed that two prominent journalists were targeted via their iPhones using Pegasus spyware. The victims are Siddharth Varadarajan, founding editor of The Wire, and Anand Mangnali, South Asia editor of the Organized Crime and Corruption Reporting Project. It is not known who is responsible.
- In 2022Lama Fakih, a senior staff member and director of Human Rights Watch’s Beirut office, was subjected to multiple cyberattacks using Pegasus spyware in 2021, Human Rights Watch reported. Pegasus allegedly hacked into Fakih’s phone on five occasions from April to August of that year. Fakih, who oversees Human Rights Watch’s response to crises in countries including Afghanistan, Ethiopia, Israel, Myanmar, the occupied Palestinian territories, Syria, and the United States, was targeted for unknown reasons by an unknown party.
- In 2020a collaborative investigation by the human rights group Access Now, the Citizen Lab at the University of Toronto, and independent researcher Nikolai Kvantaliani from Georgia found that journalists and activists from Russia, Belarus, Latvia and Israel as well as many living in exile in Europe have been targeted by Pegasus spyware. These attacks began early in 2020 and intensified after Russia’s large-scale invasion of Ukraine in 2022. Citizen Lab also identified a series of attacks on journalists and activists in El Salvador. It is not known who is responsible for the spyware attacks.
- In 2018, Jamal Khashoggia prominent Saudi journalist, Washington Post columnist and outspoken critic of the government of Saudi Arabia, was killed and dismembered inside the Saudi consulate in Istanbul, Türkiye. A subsequent investigation revealed that Pegasus spyware had been deployed to monitor several people close to Khashoggi.
https://www.aljazeera.com/wp-content/uploads/2024/12/shutterstock_2486551561-1734588055.jpg?resize=1920%2C1440
Source link