Egypt: major new phishing attack against human rights activists
Government critics hit by wave of digital attacks coinciding with political events such as Macron’s visit
‘These digital attacks appear to be part of a sustained campaign to intimidate and silence critics of the Egyptian government’ - Ramy Raoof
A new investigation by Amnesty International has revealed that dozens of Egyptian human rights defenders have been targeted by phishing attacks since the beginning of this year, putting them in grave danger amid the government’s intensifying crackdown in the country.
Since January, Amnesty Tech has analysed dozens of suspicious emails sent to Egyptian human rights defenders, journalists and NGOs.
Amnesty found that the emails used a technique known as OAuth Phishing (see below) to gain access to private accounts, and that the attacks - which occurred between 18 January and 13 February - coincided with a number of important events in Egypt,
In the run-up to the eighth anniversary of Egypt’s 25 January uprising, Amnesty recorded 11 phishing attacks against NGOs and media outlets. There was another burst of attacks during French President Emmanuel Macron’s visit to Cairo to meet President al-Sisi on 28 and 29 January. The attacks peaked on 29 January, the day that President Macron met human rights defenders from four prominent Egyptian NGOs. Meanwhile, in the first week of February, several media organisations were targeted, many of whom were reporting on the recently-begun process of amending the Egyptian Constitution.
The selective targeting of human rights defenders and the timing in relation to specific political events suggests the wave of attacks is politically - rather than financially - motivated. The list of individuals and organisations targeted has significant overlaps with those targeted in an older phishing attack wave known as Nile Phish, disclosed in 2017 by Citizen Lab and the Egyptian Initiative for Personal Rights. Almost all the targets of Nile Phish were being investigated by the Egyptian authorities in relation to “foreign funding”.
Ramy Raoof, Tactical Technologist at Amnesty Tech, said:
“These digital attacks appear to be part of a sustained campaign to intimidate and silence critics of the Egyptian government.
“Over the past year Egyptian human rights defenders have faced an unprecedented assault from the authorities, risking arrest and imprisonment whenever they speak out, and these chilling attempts to target them online pose yet another threat to their vital work.
“There are strong indications that the Egyptian authorities are behind these attacks. We are calling on them to stop their relentless attack on human rights defenders and respect the rights to privacy, freedom of expression and association.
“We are urging Egyptian human rights defenders to be vigilant and to contact Amnesty Tech if they receive any suspicious emails.”
OAuth Phishing attacks
OAuth Phishing is a technique which abuses a legitimate feature of many online service providers that allows third-party applications to gain access to an account. For example, an external calendar application might request access to a user’s email account to add upcoming events or travel times. With OAuth Phishing, attackers craft malicious third-party applications that trick targets into giving them access to their accounts.
Amnesty has released a detailed analysis of these attacks as well as information on how to protect against this kind of phishing.
Harassment of civil society
In recent years the Egyptian authorities have ramped up their harassment of civil society through a repressive law imposing harsh restrictions on NGOs, and have launched criminal investigations against dozens of human rights defenders and NGO staff for “receiving foreign funding”. Investigative judges have also ordered a travel ban against at least 31 NGO staff, and asset freezes against ten individuals and seven organisations. Meanwhile, dozens of human rights defenders are being held in lengthy pre-trial detention on absurd charges.
As part of a campaign called Brave, Amnesty is calling on the UK Government to step up its protection of human rights defenders in its foreign policy work.