*

Serbian spyware covertly monitors journalists, activists'

phones, Amnesty says

*

Israel's Cellebrite tools used to unlock phones during

police

detention, report says

*

Norwegian aid linked to purchase of phone-cracking tools

By Aleksandar Vasovic and James Pearson

BELGRADE/LONDON, Dec 16 (Reuters) - Serbian officials

installed homegrown spyware on the phones of dozens of

journalists and activists, Amnesty International said in a

report released on Monday, citing digital forensic evidence and

testimony from activists who said they were hacked in recent

months.

In two cases, software provided by Israeli surveillance

company Cellebrite DI Ltd ( CLBT ) was used to unlock phones

prior to infection, the report said.

The Serbian spyware, dubbed "NoviSpy" by Amnesty, then took

covert screenshots of mobile devices, copied contacts, and

uploaded them to a government-controlled server, the report

said.

"In multiple cases, activists and a journalist reported

signs of suspicious activity on their mobile phones directly

following interviews with Serbian police and security

authorities," Amnesty said.

Serbia's interior ministry, foreign ministry and

intelligence agency BIA did not respond to requests for comment

made on Dec. 12.

Cellebrite products are widely used by law enforcement,

including the FBI, to unlock smartphones and scour them for

evidence. Cellebrite Chief Marketing Officer David Gee said it

was investigating the Amnesty allegations.

"Should those accusations be accurate, that could

potentially be in violation of our end user license agreement,"

Gee told Reuters. If that were the case, Gee said, Cellebrite

could suspend the use of its technology by Serbian authorities.

Putting surveillance software on devices "is absolutely not

what we do", Gee said. He added that Cellebrite had begun

contacting Serbian officials but declined to provide further

details.

FORENSIC EXPERTS

One of the activists featured by Amnesty in the report said

they had noticed the contacts on their phone had been exported

immediately after a meeting with the BIA.

The activist told Reuters they showed their phone to digital

forensic experts, who discovered the NoviSpy spyware had

exported their contacts and sent private photos from their

device to a BIA-controlled server.

According to Amnesty, Serbia received phone-cracking devices

from Cellebrite as part of a broader package of assistance

designed to help Serbia meet the requirements for integration

into the European Union.

That package, which was funded by the Norwegian government

and administered by the United Nations Office for Project

Services (UNOPS), was provided to the Serbian interior ministry

from 2017 to 2021 in order to help Serbia fight organised crime,

the report said.

The Norwegian government temporarily ceased delivery of

Cellebrite devices to Serbia in 2018, Amnesty said. The

Norwegian Embassy in Belgrade also raised concerns about the

programme, the report added, but UNOPS eventually delivered the

devices in June 2019.

"The claims made in the report are alarming and, if correct,

unacceptable," Norway's deputy foreign minister, Maria

Varteressian, told Reuters. "We will meet Serbian authorities as

well as UNOPS later this month to get further information on the

matter".

"We expect UNOPS to investigate the allegations," she added.

UNOPS said in a statement it welcomed Amnesty's report and

said the agency had in the years since 2017 "further enhanced

mechanisms to assess and mitigate potential adverse effects."

The agency did not elaborate on those measures.