A BIRN investigation supported by Amnesty International has revealed that Serbia’s domestic security agency has been unlocking activists’ phones using Israeli technology and installing a locally-developed spyware.
“Over the next two weeks … they saw everything. My child bathing, photos we shared with their grandparents – every detail. I was horrified,” the activist recounted.
This is just one of many cases where Serbia’s security agency over the past year illegally accessed activists’ phones, extracting data or installing spyware to track their activities.
BIRN interviewed several activists, including the Krokodil member, whose phones Amnesty International confirmed were compromised by the security services.
The revelations were supported by technical findings of unauthorised data extractions and spyware installations.
Beyond these cases, more than 20 activists said they suspect their devices were infected. BIRN also consulted digital forensics experts and legal professionals, documenting widespread illegal practices involving the collection of personal data and the use of malicious software.
The BIRN investigation has uncovered a pattern of coercion: some activists were summoned for questioning; others were detained by force.
These so-called “informative conversations” were often described as pointless, serving as a pretext to confiscate the phones, buying time to bypass security protections and extract sensitive information.
The confiscated devices behind closed doors were connected to Israeli company Cellebrite’s advanced digital forensic tools, known for unlocking phones. Some were then infected with NoviSpy, a spyware developed in Serbia.
Amnesty International’s forensic team had analysed over 20 devices belonging to Serbian civil society activists, mostly Android phones, by November 2024.
Analysis confirmed four cases of NoviSpy installation between February and November, with evidence of failed installation attempts on other devices. In two instances, Cellebrite tools were used to unlock phones and install NoviSpy.
Technical evidence suggests a broader surveillance operation: in just one month, over 20 unique NoviSpy samples were generated and potentially installed.
Legal experts told BIRN that the BIA had no legal authority for these actions as Serbian law lacks any legal framework permitting spyware use.
“This severely impacts the privacy, freedom of expression and association not just of the targeted individuals but of the broader activist community,” Ana Toskic Cvetinovic, from Partners Serbia, an NGO, said.
“The consequences for democracy are devastating. It gives the impression that there is zero oversight of the police and of BIA operations,” she added.
‘They even know when I go to the gym’
In December 2023, Ivan Bjelic, an environmental activist from the group Svice, became the target of a state operation that he describes as an unsettling violation of his basic human rights.
Detained on the day of the Serbian parliamentary elections, on December 17, Bjelic spent two hours at a police station in the New Belgrade district of the capital while Ministry of Interior officers analysed his phone using Cellebrite UFED – Universal Forensics Extraction Device.
According to Amnesty International, forensic logs show his phone was connected via USB to an external system at around 5:55 p.m. that day.
The authorities gained access to all his personal data.
“They can literally know everything I do – what food I buy for my dog, when I go to the gym, how often I water the plants on my balcony,” Bjelic told BIRN.
His greatest concern, he said, isn’t just the invasion of his own privacy but the message this sends to other activists.
When he was detained, he said plainclothes officers attempted to forcibly seize his phone. At the police station, he was presented with a written court order to search his device. After signing the document, Bjelic was asked to unlock his phone and provide his PIN, which he did, reluctantly. Officers then took the phone and kept it for several hours before returning it.
Bjelic, who has frequently clashed with the authorities over his activism against a planned lithium mine in western Serbia, had noticed irregularities with his phone before, as early as 2021.
“It would turn on and off by itself, vibrate randomly and overheat during conversations with fellow activists so much that I couldn’t hold it. It was clear something was wrong,” he recalled. “In one month, I burned through 50GB of data, with 12 to 13GB unaccounted for.”
Phone taken by police and compromised
He received suspicious calls with untraceable numbers or numbers with too many digits to be legitimate. Amnesty International researchers warned that these could be indicators of spyware infections, potentially deployed remotely, such as Pegasus or Predator.
On the day of his arrest in 2023, the plainclothes officers who detained Bjelic cited an unpaid traffic fine as the reason. However, the interrogation quickly veered into different territory.
“They asked me if I had bombs, if I was planning a terrorist attack, or if I’d searched how to buy guns. Later, I found out that Cellebrite software was used on my phone and they had a copy of everything; it’s terrifying,” Bjelic said.
His lawyer, Nikola Lakic, says such secret surveillance measures are only lawful in cases involving the most serious crimes. “Anything else constitutes a blatant violation of citizens’ rights,” Lakic said.
Bjelic’s story has other disturbing aspects. In July 2024, during German Chancellor Olaf Scholz’s visit to Serbia, Bjelic noticed a black car tailing him throughout Belgrade.
“They knew where I was at every moment until I switched my phone to airplane mode. Then they lost track of me,” he said.
Two days later, the same car stopped him on the street. “They flashed a badge and told me I couldn’t record them. They said they were following orders but I never found out why I was being targeted,” he added.
Amnesty International’s forensic analysis confirmed that Cellebrite UFED had been used to retrieve his messages, photos, contacts and other private information.
Despite the intimidation, Bjelic said the experience has only strengthened the resolve of many activists.
“Some people were scared but most of us became even more determined in our fight,” he told BIRN. “Now, when we discuss sensitive information, we only do so in person, without phones or computers.”
Cellebrite ‘can clone everything on a phone’
Cellebrite’s digital forensic equipment is designed to penetrate deep into a device’s architecture. This advanced technology provides access to deleted data, cloud accounts and even some encrypted applications.
Leaked specification and official Cellebrite documentation reveal that it can recover deleted messages, hidden files, location history from cell towers, Bluetooth connections, Wi-Fi networks and more.
Serbia’s security agencies reportedly also possess Cellebrite’s analytical modules. These enable data filtering, visualisation, mapping and processing using artificial intelligence, including facial recognition capabilities.
According to Amnesty International, Cellebrite’s tools have enabled Serbian security services to unlock phones, paving the way for the installation of spyware for surveillance purposes.
Cellebrite has denied knowledge of these activities. “If this is indeed the case, Serbia has breached its contract, and we will reevaluate whether it remains a country we will work with,” Cellebrite stated on December 12 in its response to BIRN’s inquiries.
The company provided a similar response to Amnesty International. In its letter to BIRN, Cellebrite also noted that its equipment is licensed solely for use with a court order by police investigating criminal acts.
Hadzib Salkic, a forensic IT expert who uses Cellebrite tools, told BIRN that this technology can automatically unlock almost all phones except some of the latest iPhone models.
“If you have the latest Cellebrite license, phones unlock automatically. There’s no protection against it. Once a phone is unlocked, Cellebrite is no longer necessary unless the goal is to speed up data extraction – like contact lists or social media communications. Essentially, the tool can clone everything on a phone,” Salkic explained.
He added that Cellebrite extracts data from various services through partnerships with service providers, phone manufacturers, operating system developers and app creators.
Igor Franc, a digital forensics expert and professor at Belgrade’s Metropolitan University, told BIRN that the process of breaking encryption and extracting data depends on the amount of information stored on the device. It can take anything from a few hours to over 10 hours.
Itay Mack, an Israeli human rights lawyer, said repeated examples of misuse of its tools could make it more difficult for Cellebrite to claim ignorance. “In such cases, the company could be held legally responsible for enabling abuse,” Mack said.
BIA ‘uses Cellebrite to install NoviSpy’
According to Amnesty International, Serbia’s BIA has developed its own spyware to track activists, a sophisticated surveillance tool called NoviSpy.
Unlike globally recognised spyware such as Pegasus and Predator, which operate remotely, NoviSpy requires physical access to an unlocked phone.
Amnesty International’s findings reveal that BIA operatives have used Cellebrite to unlock phones before installing the spyware that remains invisible to the user.
Once installed, NoviSpy enables access to call logs, contacts and SMS messages. It tracks the phone’s location, captures screenshots and activates the device’s microphone and camera.
Software similar to NoviSpy was reportedly used to gather evidence against former police general Slobodan Malesic who was arrested in 2022 and charged with abuse of office.
As BIRN reported, hundreds of screenshots from Malesic’s phone were included in the indictment against him. These captured details ranging from his text messages to the music he listened to. The spyware reportedly photographed the phone’s screen up to 20 times per minute, generating more than 70,000 screenshots over time.
The development of NoviSpy dates back to 2018. Amnesty International’s analysis of IP addresses linked to the spyware found that it communicates with and stores data on a server housed within the BIA.
The same server previously hosted the German surveillance software FinSpy. Registered under the name of a BIA operative, identified only as D.P., the server also played a role in negotiations to procure spyware from the Italian company Hacking Team.
The overlap between NoviSpy’s infrastructure and Telekom Srbija, the state-owned telecommunications provider, raises additional concerns. Previous reports have implicated Telekom Srbija in acquiring surveillance technologies such as FinSpy and Italian spyware proposed for military security agencies.
Google, alerted by Amnesty International, confirmed NoviSpy as malicious software and removed it from compromised devices. The tech giant also notified affected users of the spyware campaign targeting their phones.
“This discovery sheds light on the extensive digital surveillance in Serbia,” Amnesty International stated in its report. “The use of technology to target citizens echoes authoritarian practices that directly threaten fundamental freedoms.”
The BIA did not respond to BIRN’s request for comment. However, it did respond to Amnesty International’s report, dismissing it as “trivial sensationalism”.
“The Security Information Agency operates exclusively in accordance with the laws of the Republic of Serbia and therefore we are not even able to comment on the meaningless statements in [Amnesty International’s] text,” it said in a statement.
Phone taken at police station and compromised
Nikola Ristic, one of the organisers of high-profile protests following the collapse of the outdoor roof canopy at Novi Sad railway station in November, which killed 15 people, had planned a simple but symbolic demonstration – painting Belgrade’s central Republic Square red, to highlight the government’s alleged responsibility.
But plainclothes officers were waiting for him when he arrived. “We announced the gathering for 12pm but anyone familiar with our work knows we always arrive two hours early. The moment we stepped onto the square, I saw at least ten plainclothes officers, some of whom had arrested me before. While I was looking around to spot our people, I put the paint on a bench. That’s when a group of unfamiliar men approached, flashing badges briefly,” Ristic recalled.
“They said: ‘We’re inspectors, you need to come with us.’ I asked: ‘Where and why?’ One of them said: ‘Let’s check this paint of yours – what’s it for?’ I replied: ‘I’m repainting my apartment.’ He smirked: ‘We’ll discuss your apartment renovation at the station.’”
At that point, his partner, Darija, started filming. Ristic was placed in a car and taken to a police station in Belgrade’s Savski Venac district. On arrival, officers asked him to place all his belongings on the hood of a car. They collected the items in a bag, including his phone, which they later returned to him, asking him to call Darija and request the removal of her video of his detention.
Ristic locked his phone and handed it over. The phone was taken out of the room and his data was compromised during this time.
The interrogation lasted two hours and 50 minutes. “It felt more like a persuasive attempt to get me to stop being an activist,” Ristic explained. When released, he was handed back all his belongings, including his phone.
However, according to Amnesty International’s report, during his detention, the authorities used Cellebrite to bypass the PIN code, access his phone and install NoviSpy spyware, granting them complete control over the device.
The spyware enabled access to messages, contacts, and location data, and remote activation of the phone’s camera and microphone.
Ristic’s experience illustrates how activists in Serbia not only face physical intimidation but also invasive digital surveillance, raising questions about privacy, accountability and the misuse of advanced technology by the authorities.
‘Whole point of the meeting was to access my phone’
When Ivan “Buki” Milosavljevic, leader of an environmental campaign group called the Rangers of Eastern Serbia, entered the BIA office in the town of Pozarevac on August 22, 2024, he didn’t anticipate becoming the target of invasive surveillance technology.
Summoned for an “informative interview” with the region’s new BIA operative, Milosavljevicquickly realised the true purpose of the meeting.
The three-hour interview, which Milosavljevic described as pointless and unnecessarily long, felt more like an awkward coffee chat than a formal interrogation.
“They asked vague and unrelated questions. Phones were ringing constantly and the agent kept leaving the room,” Milosavljevic told BIRN. Early on, the agent asked him to leave his phone in a locker.
The pivotal moment came when the agent asked to see a video of a local water utility worker in the town of Zagubica attacking members of Rangers of Eastern Serbia.
Although Milosavljevicsaid the video was publicly available online, the agent insisted he show it on his phone, which Milosavljevic retrieved and unlocked, playing the video for the agent.
“I gave him the locker key; he brought me the phone. I unlocked it and played the video, but he seemed uninterested,” he recalled.
“He was scrolling through my phone while watching it, and then his desk phone rang. He left the room, with my phone in hand. About five minutes later, he came back with the locker key, claiming the phone was back in the locker. That’s when I realised the whole point of this meeting was to access my phone.”
The next day, Milosavljevic noticed unusual activity on his digital accounts. Concerned, he asked Amnesty International to conduct a forensic analysis of his phone. It found that the phone had been connected to a computer via a USB cable and the authorities had attempted to install NoviSpy.
Fortunately, the attempt failed due to Google Play Protect’s enhanced security measures. These require additional authentication through biometrics or a PIN code, which the agents didn’t have. But, during the three-hour interview, at least two unsuccessful installation attempts were recorded.
Milosavljevic believes the BIA’s actions were tied to his group’s ongoing activism against the controversial proposed Rio Tinto lithium mine. “They likely wanted access to our communications to see how connected we are, how we operate, and what we’re planning,” he suggested.
Other activists reported similar tactics to BIRN. Many refused to hand over unlocked phones, prompting the agents to use manipulative techniques to gain access. These incidents highlight a pattern of state surveillance aimed at silencing dissent and monitoring activists.
Activists ‘interviewed’ despite lack of court warrants
None of the activists summoned for “informative interviews” during which the BIA extracted phone data or installed spyware was presented with a court warrant justifying these actions, according to the BIRN investigation.
“I was never given any warrant, and they deny that anything even happened,” said Ljubo Stefanovic of SlavijaInfo, an independent news website, who believes he was targeted with spyware.
Milosavljevic from Rangers of Eastern Serbia described his interview as “completely informal”.
Legal experts assured BIRN that such actions lack any legal foundation. “The BIA cannot independently seize a mobile device, extract its data, or perform forensic analysis without proper authorisation from a prosecutor’s office and a court,” lawyer Nikola Lakic said.
He emphasised that such actions violate human rights and could constitute criminal abuse of office.
In several cases, he said, activists were denied basic rights. “None of the activists detained fall under the BIA’s jurisdiction. Their detention and the confiscation of their phones constitute abuse of authority and several criminal offences,” Lakic asserted.
Lawyer Vladimir Marinkov highlights shortcomings in Serbia’s criminal procedure code, which grants very broad powers to the police and security services in pre-investigation proceedings.
“There is no formalisation of these procedures, allowing individuals to become subjects of criminal processing without them even being aware of it,” he explained.
He said the BIA and the police exploit vague legal definitions to carry out activities that infringe on citizens’ privacy.
“When actions are directed at an individual to uncover a crime, that individual ceases to be just a ‘citizen’ and becomes a suspect, even if they are not formally informed of their status,” Marinkov noted.
The BIA’s mandate grants it police powers in cases of organised crime and terrorism. However, Predrag Petrovic, of the Belgrade Centre for Security Policy, warns that these powers are often abused.
“Such powers can easily be abused for manipulating investigations, threatening legal action against government critics, or disciplining disobedient businesspeople,” Petrovic explained.
Blurred lines between the police and the BIA further complicate the situation. For years, the European Commission has urged Serbia to separate the two security services, to prevent abuses of power.
Unlike the BIA, some cases involving the Interior Ministry show greater adherence to basic standards. When the police detained Ivan Bjelic and others, they at least left written records.
However, legal experts argue that even in these cases, privacy violations during the proceedings were unwarranted.
‘This is a wake-up call’
Surveillance of activists, journalists, and civil society representatives with spyware is not a recent phenomenon in Serbia.
In October 2023, a coalition of international digital rights organisations revealed that members of Serbia’s civil society sector had been targeted by military-grade spyware, including Pegasus and Predator.
One civil society representative agreed to speak with BIRN under the condition of anonymity.
It all began in August 2023, during protests in Belgrade over the May mass shootings in Serbia. The activist received an unusual late-night WhatsApp call from a long, unfamiliar number originating from an African country. “I was asleep and didn’t answer. I had no idea it could be tied to something much bigger,” he recalled.
On October 30, 2023, he received an alert on his iPhone but didn’t understand its significance. “I asked an IT expert for advice and he told me the situation was serious and I should seek help. Around the same time, a colleague mentioned receiving the same message,” he said.
They contacted an international organisation that referred them to a local digital forensics partner, which confirmed that an attempt had been made to install Pegasus or a similar spyware. “I was shocked. The sense of vulnerability and exposure was overwhelming,” he recounted.
Pegasus is a tool officially used by governments to monitor criminals and terrorists. But increasingly, it has been misused to target journalists, activists and government opponents.
It allows total access to the target’s cameras, microphones, messages and calls, without leaving a trace.
“They told me Pegasus is a sophisticated ‘no-click’ spyware. You don’t need to click a link or answer a call; all it needs is a vulnerability in your phone,” the activist said.
The attack on his phone occurred at a time when protests were ongoing in Belgrade over the May 2023 mass shootings, while his organisation was also running a programme to protect political dissidents who had fled Russia. “One of these two reasons must have been why they targeted me,” he suggested.
A Pegasus license reportedly costs between US $20,000 and $30,000 per target, and such attacks are often accompanied by other forms of monitoring, including physical surveillance.
The activist also noticed physical surveillance over the same period. “At meetings with foreign diplomats, people who didn’t seem to be there for themselves would approach us. They would film us and follow us. It happened several times,” he recalled.
Forensic analysis revealed that attempts to plant Pegasus on his phone had failed thanks to the updated software on his iPhone. “But the feeling that someone might try again never leaves me,” he said.
He began warning his colleagues in the civil society sector to check their phones. His organisation has upgraded its digital infrastructure and reinforced physical security.
“This information has unsettled me further. I was convinced I was under observation, and that my close associates might be as well,” he said. “I didn’t want to scare my family. My son doesn’t know what happened, but one day I’ll tell him.”
Amnesty International and Access Now identified Serbia as a country where Pegasus has been active since 2021, with the most recent infection attempt recorded in 2023.
It is not the only tool in the arsenal of digital surveillance used by authoritarian regimes, but its use against civil society members highlights severe shortcomings in Serbia in the protection of fundamental rights.
“Nothing we do is secret. All our activities are public, but it’s clear that this type of spyware is used to gather personal information to publicly discredit individuals,” the activist said.
“I was certain I wasn’t the only one, and I wasn’t. It will take years to determine how many people were infected or targeted with Pegasus,” he warned.
“This is a wake-up call for all of us: caution isn’t just advisable, it’s essential.”