Foto: Predrag Trokicić
Photo: Predrag Trokicić

The regime’s escalating paranoia about a so-called color revolution is taking on alarming proportions, judging by the results of forensic analyses of infected phones belonging to Serbian citizens, conducted by technical forensic experts of the international human rights organization Amnesty International. In a report published on December 16, Amnesty International notes that the authorities in Serbia have been widely abusing advanced technologies for spying on independent journalists, civil society activists and organizers of peaceful protests for years.1

In addition to documented incidents and testimonies of dozens of citizens, the study also features some well-known cases, like the one from last year when traces of “military-grade spyware”, the Israeli Pegasus, were discovered on the phones of two members of civil associations in Serbia.

However, a section of the report with the latest findings, which was simultaneously published by several domestic media outlets (Krik, BIRN, Radar), provides an insight into surveillance practices employed against the critics of the regime in Serbia using digital tools significantly cheaper than the notorious Pegasus spyware. In addition to the already elaborated abuse of authority, Amnesty also highlights the misuse of foreign donations intended to support Serbia’s process of joining the European Union.

In this episode, the main protagonist is the Security Information Agency and its routine detention of activists for “interviews”. During these interviews, detained activists are required to leave their phones at the entrance, in a locker or in another room. When they leave, their devices are returned, now infected with spyware capable of extracting location and communication data, accessing the camera and microphone, recording the screen and capturing messages exchanged with family, friends, and colleagues.

The software used in such cases was most likely developed in Serbia, and was previously unknown to researchers, so Amnesty called it “NoviSpy” in its study. The Israeli newspaper Haaretz spoke volumes about its technical characteristics by dubbing it a “Pegasus for the poor”. Unlike the high-priced Israeli model that is activated remotely, the installation of Serbian spyware requires physical access to the device. Once active, NoviSpy consumes so much of the phone’s resources that it is difficult to remain undetected. There is a rumor in the programming circles that the Serbia’s “service” recruited local freelance coders for the development of this spyware, not exactly top-notch skilled professionals, but those willing to contribute to the history of global digital repression for a price.

As NoviSpy cannot bypass the standard security protections built into modern smartphones, a tool produced by the Israeli company Cellebrite called UFED (Universal Forensic Extraction Device) was employed to breach devices. The Serbian Ministry of Internal Affairs received this technology as a donation from the Norwegian Ministry of Foreign Affairs.

The Norwegian donation came in 2019 through the Belgrade office of the United Nations Project Services (UNOPS), according to Amnesty’s report citing grant documentation obtained from the Norwegian ministry via a request for access to public information. The donation was part of Norway’s multi-year aid to the Serbian police to meet the standards of Chapter 24 in the European Union accession negotiations. These obligations pertain to justice, freedom and security.

According to the memorandum of understanding signed by the Norwegian Embassy in Belgrade, the Ministry of Interior and UNOPS, the Norwegian aid project was supposed to “lead to the establishment of a systemic mechanism to tackle drugs in compliance with the European standards, harmonization with the acquis in the field of fight against terrorism and cybercrime”. Judging by the testimony of the activists and the forensic analyses of their phones, it is clear that technology was instead used in further erosion of law and justice in Serbia.

Amnesty’s analysis of about thirty infected devices in the previous year found that the spyware was configured to transmit data stolen from the phone to a server with an IP address linked to the Security Information Agency (BIA). It turned out that the same IP address was identified in an analysis of the use of German spyware FinFisher in 2014. By coincidence, the computer at that address bore the name of the employee who used it, so a further search uncovered that a person of the same name from BIA had negotiated the purchase of an Italian spyware in 2012. The configuration of the Serbian spyware, likely intended for testing purposes, exposed the phone number of the owner which can be found in the public directory under the same name.

However, Amnesty doesn’t consider this amateurism a mitigating factor and warns of the serious societal consequences of growing state repression. In addition to normalizing grave violations of privacy and stripping security services of any legal oversight, awareness of the scale of surveillance – which includes a journalist from a small border town of 5,000 inhabitants, members of a literary association, environmental and youth activists – profoundly alters society’s perception of its values and possibilities.

Perhaps the best evidence of this is a video circulating on social media amidst the ongoing protests: a woman alleged to be a teacher at the School of Design “Bogdan Šuput” in Novi Sad is seen trying to dissuade students from organizing a school blockade. She threatens to confiscate their phones and warns: “There must be some notes in your phones about who you are in contact with.”

Under current regulations, the use of spyware, which is a type of computer virus that enables unauthorized access to data, constitutes a criminal offense. According to the Belgrade-based SHARE Foundation, which focuses on digital rights and freedoms, the provisions governing secret surveillance within the framework of special evidentiary actions and measures do not include the use of spyware, nor could it ever be justified since it implies access to all data on a device. Personal phones and computers, as digital equivalents of a private home, enjoy a high level of privacy protection, which means that the indiscriminate and intrusive processing of data from these devices is a serious violation of constitutional rights.

As expected, both domestic and international organizations are demanding that Serbia immediately cease these practices and prosecute offenders in accordance with Article 300 of the Criminal Code. A group of members of the European Parliament addressed the authorities with the same request. The Norwegian Ministry of Foreign Affairs and UNOPS have announced their intention to investigate allegations regarding the misuse of donated technology.

For its part, the BIA said it was “unable” to comment on the Amnesty study, dismissing it as being conducted “in the interests of certain agencies and pressure groups”. The Ministry of Interior claims that digital tools are used in compliance with the law.

In the end, the misadventure of the Serbia’s security services did yield some unintended positive outcomes: during the forensic analysis of devices infected with the domestic spy virus, Amnesty was able to identify the way in which the Israeli UFED bypassed Android’s security protections and to patch that hole. That’s not a cheap trade secret in the digital surveillance industry, and the loss will no doubt reflect on Serbia’s future standing within those circles. Google’s security services have been updated, and NoviSpy is now largely out of the picture.

What remains unresolved, however, is the question of political and criminal responsibility for the den of repression that Serbia is rapidly becoming. One thing seems clear: this government will go down in history as a regime that was so fearful for the constitutional order that it destroyed it to its foundations. It will serve as a brief but profound lesson for future students.

Translated by Marijana Simić

Peščanik.net, 26.12.2024.


________________

  1. The report is part of research into the development and deployment of surveillance technologies that Amnesty monitors around the world. The results contribute to its global campaign “Protect the Protest”. Serbia, unfortunately, is not alone in its attempts to digitally imprison its citizens.