Editor’s Note: This article sheds light on the troubling use of surveillance technology in Serbia, where tools designed for law enforcement are being used to target journalists, activists, and members of civil society. Amnesty International’s findings reveal how devices like Cellebrite’s forensic tools and NoviSpy spyware are employed to bypass security, extract private data, and monitor communications, often without any legal justification.

The misuse of these technologies highlights the growing threat to privacy and free expression, not only in Serbia but globally. These tools, marketed as essential for lawful investigations, have become instruments of repression when oversight and accountability are lacking. The report also reveals how Serbian authorities exploited vulnerabilities in widely used Android devices, raising broader concerns about the security of digital infrastructure.

For professionals working in cybersecurity, governance, and human rights, this issue underscores the urgent need to address the unintended consequences of powerful digital tools. It is a reminder of the responsibility governments and technology companies share to ensure their products are not used to undermine individual freedoms. As surveillance practices become more sophisticated, the fight to protect privacy and civil liberties must keep pace. This report calls on the global community to take action to safeguard these rights and hold those responsible for abuses accountable.


Content Assessment: Surveillance Scandal: Israeli Spyware Targets Serbian Journalists

Information - 92%
Insight - 93%
Relevance - 92%
Objectivity - 90%
Authority - 82%

90%

Excellent

A short percentage-based assessment of the qualitative benefit expressed as a percentage of positive reception of the recent article from ComplexDiscovery OÜ titled, "Surveillance Scandal: Israeli Spyware Targets Serbian Journalists."


Industry News – Data Privacy and Protection Beat

Surveillance Scandal: Israeli Spyware Targets Serbian Journalists

ComplexDiscovery Staff

In Serbia, journalists, activists, and civil society organizations are increasingly ensnared in a web of digital surveillance that undermines their freedoms and jeopardizes their safety. According to a new Amnesty International report, “A Digital Prison: Surveillance and the Suppression of Civil Society in Serbia,” state authorities have turned to advanced spyware and mobile forensic tools to conduct covert surveillance, bypassing legal and ethical boundaries.

The report details how Serbian police and intelligence agencies use tools like Cellebrite’s mobile forensic products and a domestic spyware system called NoviSpy to monitor and suppress dissent. Cellebrite, an Israeli company, develops technology capable of unlocking and extracting data from virtually any mobile device. Serbian authorities have paired this capability with NoviSpy, a spyware system that secretly accesses personal data, activates microphones and cameras, and tracks activity on infected devices. Together, these tools enable a sophisticated surveillance regime targeting those who challenge the state’s authority.

Dinushika Dissanayake, Amnesty International’s Deputy Regional Director for Europe, described the findings as evidence of systemic misuse of surveillance technology to stifle civil society. She highlighted the human rights risks posed by these tools when they operate outside of strict legal frameworks, emphasizing how their misuse in Serbia exemplifies the dangers of unregulated digital tools.

The tactics described in Amnesty’s report often begin with Cellebrite. The company’s tools can extract data from locked devices, exploiting vulnerabilities in mobile operating systems. Serbian authorities have used Cellebrite’s capabilities to unlock phones confiscated during detentions or interrogations. Once unlocked, devices are infected with NoviSpy, which allows authorities to monitor communications, capture sensitive data, and even activate hardware like cameras and microphones.

One striking example involves Serbian journalist Slaviša Milanov, who was detained by police under the pretext of a routine traffic stop. During his detention, Slaviša’s phone was confiscated, ostensibly for safekeeping. However, forensic analysis later revealed that Cellebrite’s tools were used to bypass the phone’s security, and NoviSpy spyware was subsequently installed. The spyware provided authorities access to his private communications and other sensitive information.

Another case documented in the report involved an unnamed environmental activist who was detained and subjected to similar surveillance practices. While the name “Nikola Ristić” has been cited in related discussions, Amnesty’s report does not specify this individual’s identity. What remains clear is that the activist’s phone was unlocked and infected during police custody, reflecting a broader pattern of abuse targeting civil society members.

In another chilling incident, a member of the organization Krokodil, which promotes dialogue and reconciliation in the Western Balkans, was targeted during an interview with Serbia’s Security Information Agency. Following the interview, the activist suspected their phone had been tampered with. Forensic analysis confirmed the installation of NoviSpy, which subsequently harvested screenshots, messages, and other private information.

The misuse of these tools has left activists and journalists deeply shaken. Some, like Branko*, an activist targeted by spyware, described the psychological toll as paralyzing. “Anything that you say could be used against you, which is paralyzing both personally and professionally,” he explained. Another activist, Goran*, likened the situation to living in a “digital gulag,” where freedom exists only as an illusion. The pervasive fear of surveillance forces individuals into self-censorship or compels them to speak out despite the risks.

While Cellebrite asserts that its tools are intended for lawful investigations, Amnesty’s report highlights how they are being misused to facilitate unlawful surveillance. In previous communications with Amnesty, Cellebrite stated that its products require lawful use and oversight, but there has been no specific response from the company to the findings in the Serbian context. The company has positioned itself as a provider of lawful investigative tools for law enforcement but has faced criticism globally for the misuse of its technology in various jurisdictions.

The Amnesty report also discusses the broader risks posed by vulnerabilities in mobile devices. Serbian authorities reportedly exploited flaws in Android systems, which have since been patched by manufacturers. Although the report does not explicitly confirm that Google issued alerts to potentially targeted individuals, related research and remediation efforts indicate heightened awareness of these vulnerabilities among tech companies.

This report arrives at a time when state repression in Serbia is escalating. Waves of anti-government protests have been met with arrests, smear campaigns, and judicial harassment, creating a hostile environment for free speech advocates. Surveillance tactics like those documented in Amnesty’s report add another layer to this repression, targeting individuals who challenge government narratives.

The findings underscore the urgent need for accountability. Advocacy groups are calling for stricter regulations to govern surveillance technologies and for companies like Cellebrite to conduct robust due diligence to prevent their tools from being misused. Amnesty is also urging the Serbian government to halt unlawful surveillance practices, provide remedies for victims, and hold perpetrators accountable.

The stories emerging from Serbia are a stark reminder of the fragile state of digital rights and freedoms in the modern age. As activists and journalists face increasing threats, the international community must demand transparency and accountability to protect the fundamental rights of individuals striving for justice and equality.

*Pseudonym

News Sources


Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery OÜ

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, DALL-E2, Grammarly, Midjourney, and Perplexity, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.