Amnesty International alleges that Serbian authorities have hacked the phones of journalists and activists using police spyware, raising serious privacy concerns.
According to the rights group, Serbian police and intelligence services used Israeli spyware and other digital tools to secretly access the mobile phones of journalists, environmental campaigners, and other civil society members.
Amnesty said these surveillance tactics were part of a covert campaign aimed at silencing dissent, even though many targeted individuals had not been arrested or charged.
Serbia’s Security Intelligence Agency (BIA) denied any wrongdoing, stating that similar forensic tools are commonly used by police agencies worldwide and dismissed Amnesty’s accusations as baseless.
So what exactly has taken place in Serbia, and what are the implications?
How was this surveillance operation discovered?
Amnesty detailed the findings in its report titled A Digital Prison: Surveillance and the Suppression of Civil Society in Serbia.
The report recounts how independent journalist Slavisa Milanov was stopped by police in February in what appeared to be a routine traffic stop.
After a police interview, Milanov noticed that his phone’s Wi-Fi and mobile data were disabled. Suspicious of a possible hack, he contacted Amnesty International’s Security Lab, which investigated the device.
Their analysis found traces of Cellebrite’s Universal Forensic Extraction Device (UFED), a tool used to unlock Android phones.
Additionally, the lab discovered a previously unknown spyware called NoviSpy had been installed on the phone. Milanov said police never told him they would search his phone and offered no legal explanation.
Amnesty labelled the covert data access unlawful, stating that these digital tools were being used for state surveillance and control of civil society.
What did Amnesty uncover in its investigation?
Amnesty’s investigation led to two major revelations. First, forensic proof of Cellebrite’s UFED software being used to break into the journalist’s phone.
Cellebrite, an Israeli firm known for its digital forensic tools, is commonly used by police forces worldwide.
In response to the claims, Cellebrite announced that it was reviewing Amnesty’s report and may cut ties with any agency found misusing its tools.
Second, the investigation found NoviSpy spyware on Milanov’s device. While its origins are unclear, this software enables hackers to extract sensitive data and remotely control the phone’s camera and microphone.
Amnesty discovered that NoviSpy communicated with servers located in Serbia, some linked directly to the Serbian intelligence agency BIA.
The software is similar to Pegasus, the well-known Israeli spyware exposed in global surveillance scandals.
Amnesty’s report explains that NoviSpy captured screenshots of personal data, emails, and conversations on encrypted apps like Signal and WhatsApp.
Another case in October involved a civil society activist from Krokodil, a Belgrade-based organisation promoting culture and social justice.
While being interviewed by the BIA, the activist’s unattended phone was left outside. Amnesty’s forensics later confirmed NoviSpy had been secretly installed during that time.
