Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Alexa Von Tobel has high expectations for “Fintech 3.0”

June 15, 2025

How to delete 23andMe data

June 14, 2025

New AI-generated tags in the App Store are in beta

June 14, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    New AI-generated tags in the App Store are in beta

    June 14, 2025

    Google Tests the Audio Summary for Search Queries

    June 13, 2025

    Beyond Bluesky: These are the apps building social experiences on the AT Protocol

    June 13, 2025

    Bluesky Backlash misses points

    June 12, 2025

    Google Cloud Outages bring a lot of internet

    June 12, 2025
  • Crypto

    xNotify Polymarket as partner in the official forecast market

    June 6, 2025

    Circle IPOs are giving hope to more startups waiting to be published to more startups

    June 5, 2025

    GameStop bought $500 million in Bitcoin

    May 28, 2025

    Vote for the session you want to watch in 2025

    May 26, 2025

    Save $900 + 90% from 2 tickets to destroy 2025 in the last 24 hours

    May 25, 2025
  • Security

    How to delete 23andMe data

    June 14, 2025

    Anne Wojcicki's nonprofit reaches a deal to win 23andMe

    June 14, 2025

    Apple fixes new iPhone Zero Day bugs used in Paragon Spyware Hacks

    June 12, 2025

    Researchers confirm that two journalists have been hacked with Paragon Spyware

    June 12, 2025

    US government vaccine websites have been tainted with content generated by AI

    June 11, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    Alexa Von Tobel has high expectations for “Fintech 3.0”

    June 15, 2025

    Investor Experience with TechCrunch All Stages: 1 Floor, Endless Trading Flow

    June 14, 2025

    New details appear on the scale of Meta's $14.3 billion contract

    June 13, 2025

    Founder Experience at TechCrunch All Stage: Building for those who build the following

    June 13, 2025

    11 startups from YC demo day that investors talk about

    June 13, 2025
TechBrunchTechBrunch

Serbian police used Cellebrite to unlock journalist's phone and plant spyware on it

TechBrunchBy TechBrunchDecember 16, 20248 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


Earlier this year, a Serbian journalist and activist had his cellphone hacked by local authorities using a cellphone unlocking device made by forensic tools manufacturer Celebrite. According to a new Amnesty International report, authorities aim not only to unlock phones and access personal data, as Celebrite allows, but also to use spyware to enable further surveillance. It was also possible to install .

Amnesty International said in its report that it believed these were “the first forensically documented spyware infections” made possible through the use of the Cellebrite tool.

This crude but effective technique is one of many ways governments use spyware to spy on their citizens. Over the past decade, organizations such as Amnesty International and digital rights group Citizen Lab have documented dozens of cases in which governments used sophisticated spyware from Western surveillance technology vendors such as NSO Group, Intellexa, and defunct spyware pioneer Hacking Team. Case studies have been documented. , remotely hacking dissidents, journalists, and political opponents.

Now, advances in security have driven up the price of zero-day and remotely launched spyware, forcing authorities to resort to less sophisticated methods such as physically touching the phone being hacked. You may be forced to do so.

Although many incidents of spyware abuse have occurred around the world, there is no guarantee that it will or will not occur in the United States. In November, Forbes magazine reported that the Department of Homeland Security's Immigration and Customs Enforcement (ICE) spent $20 million acquiring phone hacking and surveillance tools, including Cellebrite. As reported by Forbes, given the mass deportation campaign promised by President-elect Donald Trump, experts are concerned that ICE will step up its spying efforts when a new administration takes over the White House. I am doing it.

A brief history of early spyware

History tends to repeat itself. Even if something new (or undocumented) appears for the first time, it may actually be a repetition of something that has already happened.

Twenty years ago, when government spyware already existed but was largely unknown to the antivirus industry tasked with defending against it, law enforcement could physically plant spyware on a target's computer. It was a way to access that communication. Authorities had to physically access the target's device, sometimes entering their home or office, and manually install the spyware.

Contact Us Want more information about government spyware and its manufacturers? From non-work devices, you can contact Lorenzo Franceschi-Bicchierai securely on Signal (+1 917 257 1382) or on Telegram and Keybase @lorenzofb or by email. Masu. You can also contact TechCrunch via SecureDrop.

For example, this is why early versions of Hacking Team's spyware from the mid-2000s were designed to boot from a USB key or CD. Earlier, in 2001, the FBI had broken into the office of gangster Nicodemus Scarfo and asked him to monitor what he typed on his keyboard in order to steal the keys that Scarfo used to encrypt his emails. installed spyware designed to

These techniques are returning to popularity, if not inevitable.

In early 2024, Citizen Lab allegedly installed spyware on the mobile phone of Russian national Kirill Parvets, an opposition activist who had lived in Ukraine since 2022, while the Russian intelligence agency FSB was in custody. The incident was documented. Russian authorities had forced Mr. Palabuts to give up his cellphone passcode before planting spyware that could access his personal data.

stop and search

In a recent incident in Serbia, Amnesty International discovered new spyware on the mobile phones of journalist Slaviša Milanov and youth activist Nikola Ristic.

In February 2024, local police stopped Milanov for what appeared to be a routine traffic check. Amnesty International said he was then taken to a police station, where officers took his Android phone, a Xiaomi Redmi Note 10S, during interrogation.

When Milanov got it back, he said he found something strange.

“I noticed that my mobile data and Wi-Fi are turned off. The mobile data application on my phone is always on. This means that someone has hacked into my phone. It was the first time I had any suspicions,” Milanov told TechCrunch in a recent interview.

Mr Milanov then used StayFree, a software that tracks how long someone used an app, and found that while the phone was switched off and apparently handed over to police, “many applications were active. He said that he realized that “I was doing something wrong. Require or force you to give up your cell phone passcode.

“We observed that between 11:54 a.m. and 1:08 p.m., the Settings and Security applications were primarily activated, along with File Manager, Google Play Store, Recorder, Gallery, and Contacts. . This coincides with the time when the phone started “not with me,'' Milanov said.

“During that time, they extracted 1.6 GB of data from my phone,” he said.

At that point, Ms Milanov was “uncomfortably surprised and very angry” and had a “bad feeling” that her privacy would be invaded. He contacted Amnesty International to have his phone forensically examined.

Amnesty International's Security Lab Director Donča O Keabair analyzed Milanov's phone and found that it was indeed unlocked using Cellebrite, which Amnesty International said was “new” in Serbian. It turned out that Android spyware called “NoviSpy'', which stands for “NoviSpy,'' was installed.

Spyware may be 'widely' used in civil society

Amnesty International's analysis of the NoviSpy spyware and series of operational security (OPSEC) failures implicates Serbian intelligence services as the developer of the spyware.

Amnesty International's report said the spyware was “used to systematically and covertly infect mobile devices during arrest, detention or, in some cases, intelligence interviews with members of civil society.” “In several cases, arrests and detentions appear to have been orchestrated in order to gain covert access to personal devices to enable data extraction and device infection,” Amnesty said.

Amnesty International believes that NoviSpy was likely developed in Serbia, given that it contains comments and strings in Serbian language in its code, and that it is programmed to communicate with servers in Serbia. are.

A mistake by the Serbian authorities allowed Amnesty researchers to link NoviSpy to the Serbian Security Intelligence Agency, known as Bezbedonosno-informaciona Agentija (BIA), and one of its servers.

During their analysis, Amnesty International researchers discovered that NoviSpy was designed to communicate with a specific IP address, 195.178.51.251.

In 2015, that very same IP address was linked to a Serbian BIA agent. At the time, Citizen Lab discovered that that particular IP address identified itself as “DPRODAN-PC” on Shodan, a search engine that lists servers and computers exposed to the Internet. As it turns out, someone with an email address that included “dprodan” contacted spyware maker Hacking Team about a demo in February 2012. According to leaked emails from Hacking Team, employees of the company staged a demonstration in Belgrade, the capital of Serbia. Around that date, Citizen Lab concluded that “dprodan” was also a Serbian BIA employee.

According to Amnesty International, the same IP address range (195.178.51.xxx) identified by Citizen Lab in 2015 is still associated with BIA, and BIA's public website was recently hosted within that IP range. Amnesty International announced that it was found that

Amnesty International said it conducted a forensic analysis of 20 members of Serbian civil society, most of them Android users, and found those infected with NoviSpy. Amnesty International said several clues within the spyware code suggest it is widely used by the BIA and Serbian police.

The BIA and the Serbian Ministry of Interior, which oversees the Serbian Police, did not respond to TechCrunch's request for comment.

NoviSpy's code contains what Amnesty researchers believe may be an increasing user ID, which in the case of one victim was 621. For another victim who became infected about a month later, that number rose to more than 640, suggesting authorities infected more. 20 or more people within that period. Amnesty International researchers said they found a 2018 version of NoviSpy on online malware scanning repository VirusTotal, suggesting the malware had been in development for several years.

As part of its investigation into spyware used in Serbia, Amnesty International also identified a zero-day exploit in Qualcomm chipsets that was used against the devices of activists in Serbia. This probably uses Cellebrite. Qualcomm announced in October that it had fixed the vulnerability after Amnesty International discovered it.

Asked for comment, Cellebrite spokesperson Victor Cooper said the company's tools cannot be used to install malware and that “a third party would have to do it.”

A Celebrite spokesperson declined to provide further details about the customer, but added that the company would “investigate further.” The company said if Serbia breaches the end-user agreement, it will “re-evaluate whether Serbia is one of the 100 countries we do business with.”



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

How to delete 23andMe data

June 14, 2025

Anne Wojcicki's nonprofit reaches a deal to win 23andMe

June 14, 2025

Apple fixes new iPhone Zero Day bugs used in Paragon Spyware Hacks

June 12, 2025

Researchers confirm that two journalists have been hacked with Paragon Spyware

June 12, 2025

US government vaccine websites have been tainted with content generated by AI

June 11, 2025

How to delete 23andMe data

June 11, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

Alexa Von Tobel has high expectations for “Fintech 3.0”

June 15, 2025

How to delete 23andMe data

June 14, 2025

New AI-generated tags in the App Store are in beta

June 14, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.