A newly leaked document obtained by Radio Free Europe (RFE/RL) reveals that Serbia’s Security Information Agency (BIA) has been purchasing advanced forensic surveillance tools for at least ten years — far longer than previously known.
The confidential document, marked “Top Secret,” dates back to September 2015 and details an offer sent to the BIA for renewing licenses for the powerful forensic tool UFED (Universal Forensic Extraction Device) made by the Israeli company Cellebrite. This tool is designed to unlock and extract data from smartphones, even if the phone is locked or data has been deleted.
Leaked Documents Found on the Dark Net
The document is just one of many that surfaced after being leaked to the dark net, a part of the internet often used for anonymous communication and file sharing. RFE/RL journalists cross-checked these files through public databases, verifying details such as signatures, stamps, and company records.
While there has been evidence that the BIA has used surveillance tools in recent years, these leaks show that Serbia’s security service has maintained a full suite of forensic technology covering virtually all device types for at least a decade.
What Makes This Controversial?
Analysis of the documents shows that the BIA secretly invited companies to bid for renewing licenses for several forensic tools, including Cellebrite’s UFED, in 2015 and 2019.
A December 2024 report by Amnesty International documented at least seven cases that year where UFED devices were used in Serbia to forcibly unlock phones during police interrogations. The report included detailed forensic evidence showing that journalists’ and activists’ phones were unlocked and their entire contents extracted.
In some cases, an unidentified spyware tool called “NoviSpy” was also installed to monitor photos, messages, and internet searches without the owners’ consent.
Although Cellebrite’s products are used by law enforcement worldwide, the company announced it had revoked certain Serbian licenses in 2024 after the Amnesty revelations. However, it did not specify which institutions were affected. The BIA dismissed the accusations at the time as “trivial sensationalism.” The agency did not respond to RFE/RL’s latest questions about why it purchased this “controversial” software years earlier.
Who Delivered the Tools?
The leaked files show that Serbia’s state-owned IT company Informatika AD sent multiple offers to the BIA to supply and renew forensic software licenses. The documents emerged after hackers breached Informatika’s servers in June 2025 and leaked the files online.
Informatika confirmed the cyberattack to RFE/RL but questioned the authenticity of the documents. They claimed they were targeted by a criminal group demanding a ransom and reported the case to Serbia’s Organized Crime Prosecutor’s Office.
While Informatika AD denies any direct business with Cellebrite, the leaked documents contradict this, showing that in September 2015, Informatika offered two UFED licenses to the BIA worth about €55,000 as part of a larger deal covering various forensic tools.
What Other Tools Did BIA Buy?
Besides Cellebrite’s UFED, the BIA also acquired licenses for the Swedish Micro Systemation’s XRY/XACT, another tool for extracting messages, contacts, and entire memory dumps from mobile devices — including deleted, hidden, or protected data.
In 2019, the BIA sought to renew six UFED licenses along with other forensic software, including:
- AccessData Forensic Toolkit (FTK)
- Forensic Explorer
- Magnet Axiom
- X-Ways Forensics
These tools allow the recovery of deleted data, analysis of browsing history, and the correlation of information from devices and online accounts.
Filip Milošević of the Share Foundation, which monitors digital rights in Serbia, explained that these tools can “cover virtually all digital forensic operations,” including analyzing phones, computers, hard drives, and flash storage.
“Top Secret” Procurements, Zero Transparency
The procurements are labeled “Top Secret.” Serbian law allows the BIA to independently decide how to conduct purchases critical to its operations and security — exempting them from standard public procurement laws.
This means the Serbian public has no access to information about what the BIA buys or how these tools are used.
The leaked documents show that suppliers must agree not to reveal the BIA as the end client and must seek its approval before sharing any information about these transactions.
Experts Warn of a Dangerous Trend
Aljoša Ajanović Andelić from the European Digital Rights Network (EDRi) called the findings alarming:
“This confirms again that powerful surveillance tools are being purchased and used in complete secrecy, without public oversight or accountability — a dangerous global trend.”
Ajanović Andelić said that when tools like Cellebrite’s UFED are used against journalists, activists, or political opponents, they become an instrument of political repression and a clear violation of fundamental human rights.
