GoKawiilThe Russian government reportedly used the Cellebrite digital forensics platform to hack into the phone of a political activist, despite the Israeli company that makes the software previously canceling its contract with its Russian customers.
An investigation by The University of Toronto's Citizen Lab revealed that Russian authorities used Cellebrite to access the devices of Andrey Pivovarov, the human rights defender and former director of non-profit Open Russia, without his consent. Pivovarov said he also hadn't handed over any relevant passwords for his confiscated iPhone 12 or MacBook.
Pivovarov's devices were not returned to his legal representatives until 2023, when he was serving a prison sentence, two years after they were initially seized. He has since been released and had them returned to him, and first contacted the Citizen Lab last year. The researchers said their analysis uncovered "traces of the use of Cellebrite's forensic tools with high confidence" on the iPhone 12 that belonged to Pivovarov. This had occurred on or around June 17, 2021, when the phone was in the possession of the Russian government.
The Citizen Lab said its findings are backed up by official documentation published by the Russian authorities. They say a report titled "Forensic Expert Report No. 1269-17" when translated into English confirms the use of Cellebrite's UFED Physical Analyzer and UFED 4PC toolkit. These tools enable the extraction of data from a broad range of devices and analyze it. WhatsApp, Telegram and Viber were all allegedly accessed to gain information about Pivovarov that could have been used as evidence in his prosecution.
The report claims the authorities used terms such as "Open Russia Civic Movement" and other political topics when searching the devices. They also searched for the names of oppositional figures such as Mikhail Khodorkovsky, the founder of the pro-democracy organization Pivovarov had previously worked for.
The Citizen Lab's report also noted that the Russian government was less successful in their attempts to gain access to Pivovarov's MacBook, primarily due to it being encrypted. They claim to have evidence of a series of failed login attempts on the same day that they successfully hacked the iPhone.
Cellebrite, in its own words, provides "end-to-end digital forensics, investigations and intelligence solutions" to more than 60,000 agencies in 150 countries. It's headquartered in Petah Tivka, Israel (with another major office on US soil) and according to the Citizen Lab has "a well-documented history of selling to governments with track records of persecuting activists, journalists and dissidents." On its official website, Cellebrite says it specializes in "mastering the complexities of legally sanctioned digital investigations" and helps "convict bad actors."
Cellebrite terminated its contract with the Russian Investigative Committee in March 2021, following accusations that it was effectively assisting the government with repressing its opponents through the use of its technology. Despite Cellebritie claiming the Russian authorities immediately stopped receiving updates when the company cut ties, they were seemingly able to gain access to Pivovarov's devices three months later.
The Citizen Lab accuses Cellebrite of "failing to meet its corporate responsibility to respect human rights," and said there is widespread evidence of the company being "comfortable" with selling to governments that may use the technology to commit human rights abuses. In an email sent to the Citizen Lab that was later shared with Forbes, Cellebrite's chief marketing officer, David Gee, said that any use of Cellebrite's platform in Russia after March 2021 was "entirely unauthorized." "The Cellebrite hardware previously sold, prior to March 2021, would now be incompatible with modern devices and would operate without our technical support, our consent or any legal sanction from Cellebrite," he added.