Russian authorities used tools from the Israeli company Cellebrite to access the phone of a political prisoner, even though the company had said months earlier that it had canceled its contracts with Russia. This finding comes from an investigation by the University of Toronto’s Citizen Lab research unit.
The case raises questions about how much control Cellebrite really has over its own software, which allows users to easily unlock phones and examine their contents. These tools are sold worldwide and are widely used by police forces in the UK and the US.
Andrei Pivovarov, the director of the organization Open Russia, was arrested in May 2021 and released more than three years later as part of a high-profile prisoner exchange that also involved US journalist Evan Gershkovich.
While he was in prison, Russian authorities used forensic tools to break into his phone. They extracted information about his contacts and his personal and professional life. Pivovarov said this was a “violation of his privacy” that put many of his colleagues at risk.
“They tried to find my messages to other colleagues from my organization and other politicians, and may use these in criminal cases against them. After my arrest, several of my colleagues left Russia immediately,” he said.
This information was used to build a criminal case against Pivovarov. According to documents given to him during his prosecution, authorities gathered extensive details about his contacts, including the content of his messages on apps like WhatsApp and Viber. Some of his contacts were later targeted by Coldriver, a group linked to Russia. Citizen Lab says this connection needs further investigation.
Citizen Lab said a forensic investigation found “with high confidence” that Cellebrite tools were used. This was confirmed by a document prepared by Russian authorities and given to Pivovarov during his criminal case.
Cellebrite claims it is “totally on the good side” and has tried to set itself apart from companies like the NSO Group, whose spyware Pegasus has been allegedly used by foreign governments against dissidents, journalists, diplomats, and clergy. NSO says its clients are required not to misuse its spyware.
Pivovarov’s phone was hacked in May 2021, months after Cellebrite said it would stop selling its solutions and services to customers in Russia and Belarus. That announcement came after media pressure in Israel, when a group of investigators led by human rights lawyer Eitay Mack revealed that Cellebrite’s tools had been used against tens of thousands of people in Russia, including Alexei Navalny.
Mack said that while Cellebrite announced it would stop sales, it never disabled the tools it had already sold to Russia โ even though some of its public documents suggest it has the ability to do so. “In contracts with American authorities, Cellebrite keeps the right to dismantle the equipment. But the fact is that their equipment is everywhere.”
Mack said there were other cases where Cellebrite’s tools appeared to be used even after the company said it had canceled contracts. His investigations showed the software could still be used with an outdated license.
Pivovarov said the use of Cellebrite violated his privacy and allowed authorities to use his personal information against him.
In an open letter to the company, he wrote: “The body of investigations that has been carried out demonstrates that the Russian Federation and other authoritarian states continue to operate your devices long after the formal termination of contracts. I submit that your company ought to end the practice of effectively shielding clients who abuse your technology.”Cellebrite has sold its technology to authoritarian and repressive countries, including Russia, Belarus, China, Jordan, Kenya, Myanmar, and Serbia. It has ended contracts in Serbia, Russia, Belarus, Bangladesh, Hong Kong, and China. However, it has not ended contracts with Kenya or Jordan, even though the Citizen Lab has found evidence that authorities in both countries have used Cellebrite to monitor activists’ phones.
“If Cellebrite truly wants to stop enabling politically motivated prosecutions, the solution is simple: stop selling to autocrats, remotely disable their technology after credible reports of misuse, and end the era of plausible deniability by adding cryptographically signed watermarks to all devices they image,” said John Scott-Railton, a senior researcher at the Citizen Lab.
When asked for comment, Cellebrite sent a mass email to a list of journalists and the Citizen Lab, stating: “It’s impossible to respond to a report about us when we were not given the chance to review it before publication.”
It added: “Cellebrite technology is provided only under license and for legally authorized uses, with no exceptions… Any use of older Cellebrite hardware in Russia after March 2021 is completely unauthorized.”
The company said the hardware it sold before March 2021 would be “incompatible with modern devices and would operate without our technical support.”
Frequently Asked Questions
Here is a list of FAQs based on the report you described written in a natural tone with clear and direct answers
BeginnerLevel Questions
Q What is this report about
A It says that Russia used a hacking tool from an Israeli company to break into someones phone even though Russia had recently said it was cutting ties with that same company
Q Which Israeli company is being talked about
A The report likely refers to the NSO Group which makes the spyware known as Pegasus
Q What does breaking into a phone actually mean
A It means the hacker can secretly access everything on the phonetexts calls photos emails and even the microphone and camerawithout the owner knowing
Q Why is it a big deal that Russia used the tool after cutting ties
A It suggests that Russia publicly ended its relationship with the company to avoid bad press but secretly kept using the tool through a middleman or a different contract
Q Who was the target of this phone hack
A The report doesnt name a specific person but it usually targets journalists activists or government officials that Russia might want to monitor
AdvancedLevel Questions
Q How is it possible for Russia to use a tool from a company it supposedly cut ties with
A Most likely through a reseller or a thirdparty contractor The company sells the license to a partner who then transfers the software to Russia making the original companys role harder to trace
Q What specific tool or spyware was used
A While the report doesnt always name the exact tool its almost certainly Pegasus which is known for its ability to infect phones via a zeroclick exploit
Q What are the technical signs that this specific spyware was used on a phone
A Unusual data usage the phone suddenly running hot strange text messages or apps crashing for no reason However advanced spyware like Pegasus is designed to hide these signs
Q Does this mean the Israeli company knowingly helped Russia
A The company usually claims it only sells to vetted governments and cuts ties if theres misuse The report suggests the company may have lost control of where its tool ended up or it turned a blind eye
