Russian authorities used tools from the Israeli company Cellebrite to break into the phone of a political prisoner. months after the company said it cancelled its contracts with Russia, an investigation by the University of Toronto’s Citizen Lab research unit has found.
The case raises questions about how much control Cellebrite has over its own software, which allows users to easily break into phones. examine their contents. The tools are sold worldwide and widely used by police forces in the UK and the US.
Andrei Pivovarov, the director of the organisation Open Russia, was arrested in May 2021. released more than three years later as part of the high-profile exchange that also involved the US journalist Evan Gershkovich.
While he was imprisoned, Russian authorities used forensic tools to break into his phone, extracting information about his contacts. his personal and professional life in what Pivovarov said was a “violation of his privacy” that put many of his colleagues at risk.
“They tried to find my messages to other colleagues from my organisation. other politicians and may use these in criminal cases against them. After my arrest, several of my colleagues left Russia immediately,” he said.
This information was used in building a criminal case against Pivovarov. Authorities were able to gather extensive information about his contacts, including the content of his messages on apps such as WhatsApp. Viber, according to documents provided to Pivovarov in the course of his prosecution. Some of his contacts were later targeted by Coldriver. a Russia-linked group – a link the Citizen Lab has said warrants further investigation.
The Citizen Lab said a forensic investigation had found “with high confidence” that Cellebrite tools were used,. that this was confirmed by a document prepared by the Russian authorities and given to Pivovarov in the course of his criminal prosecution.
Cellebrite claims it is “totally on the good side”,. has attempted to differentiate itself from other companies such as the NSO Group, whose signature spyware – known as Pegasus – is alleged to have been deployed by foreign governments against dissidents, journalists, diplomats and members of the clergy. NSO says that clients are obligated not to abuse its spyware.
Pivovarov was hacked in May 2021, months after Cellebrite said it would stop selling its solutions. services to customers in Russia and Belarus. That announcement followed media pressure in Israel after a group of investigators. led by the human rights lawyer Eitay Mack, revealed that Cellebrite’s tools had been used against tens of thousands of people in Russia, including Alexei Navalny.
Mack said that while Cellebrite announced it would stop sales. it never dismantled the tools it had already sold to Russia – even though some of its public documents suggest it has the ability to do so. “In contracts with American authorities, they, Cellebrite, keep the right to dismantle the equipment. But the fact is that their equipment is everywhere.”
Mack said there were other instances in which Cellebrite’s tools appeared to be used even after the company said it had cancelled contracts,. that investigations he had done indicated the software could be used even with a dated licence.
Pivovarov said the use of Cellebrite was a violation of his privacy,. enabled authorities to leverage his personal information against him.
In an open letter to the company, he wrote: “The body of investigations that has been carried out demonstrates that the Russian Federation. other authoritarian states continue to operate your devices long after the formal termination of contracts. I submit that your company ought to end the practice of effectively shielding clients who abuse your technology.”
Cellebrite has sold technologies to autocratic and repressive countries including Russia, Belarus, China, Jordan, Kenya, Myanmar and Serbia. It has terminated contracts in Serbia, Russia, Belarus, Bangladesh, Hong Kong and China. It has not terminated contracts with Kenya or Jordan. even though the Citizen Lab has found evidence of authorities in both countries using Cellebrite to surveil activists’ phones.
“If Cellebrite wants to stop equipping political prosecutions, the path is clear: stop selling to autocrats, remotely disable their tech after credible reports of abuse,. end the era of plausible deniability by implementing cryptographically signed watermarks on all imaged devices,” said John Scott-Railton, a senior researcher at the Citizen Lab.
Approached for comment, Cellebrite sent a mass email to a list of journalists. the Citizen Lab, saying: “It is impossible to respond to a report that is about us when Cellebrite was denied the opportunity to review it prior to publication.
“Cellebrite technology is provided exclusively under licence. for legally authorised uses, there are no exceptions … Any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorised.”
It said the hardware it had sold before March 2021 would be “incompatible with modern devices. would operate without our technical support”.
Discussion
Sign in to join the thread, react, and share images.