HUMAN RIGHTS GROUPS and individual activists in Egypt have been targeted by a large and sophisticated phishing campaign, according to a joint investigation by the Egyptian Initiative for Personal Rights and Citizen Lab.
The campaign, which the reports call Nile Phish, coincides with an unprecedented crackdown on civil society in Egypt over the past few years, with non-governmental organizations and their staff being subjected to interrogations, arrests, travel bans, asset freezes, forced closures and a long-running trial over accusations of receiving foreign funding to destabilize the country.
The targets of the phishing attacks include seven of Egypt’s most prominent human rights groups (including EIPR), all of which are also defendants in the foreign funding case. The groups include Cairo Institute for Human Rights Studies, Egyptian Commission for Rights and Freedoms, and Nazra for Feminist Studies. The campaign also targeted a small number of individuals, including lawyers, journalists and political activists, EIPR and Citizen Lab stated.
The nature and complexity of the attacks, which occurred over the past few months, suggest the campaign is being directly coordinated by an Egyptian intelligence agency, EIPR researchers say. Although the investigation turned up no conclusive proof that the government was behind the campaign, EIPR says a combination of the sophisticated timing of the attacks, the choice of NGOs targeted, prior evidence of electronic surveillance by the state, and the wider context of the crackdown on civil society strongly point to involvement by one of the country’s intelligence agencies.
“I have no doubt that this is either a state agency or a stage agency-sanctioned campaign,” said Gasser Abdel Razek, the executive director of EIPR. “Who else would be interested and willing to invest the time and effort into this kind of coordinated social engineering except the state?”
The researchers from Citizen Lab did not reach the same conclusion, as their analysis was limited only to what they could demonstrate from a technical perspective.
In its simplest form, phishing is an attempt to trick a target into providing personal information, such as an account password, by sending a deceptive email. The investigation identified over 90 such attacks between November 24, 2016 and January 31, 2017.
In the first phase of the campaign, NGO workers received emails crafted as document shares from legitimate providers, such as Google or Dropbox, containing timely and sensitive information related to the ongoing government crackdown.
“The sophistication was in the deception rather than in the technology,” said John Scott-Railton, one of the authors of the report from Citizen Lab, which goes by the full name of The Citizen Lab at the Munk School of Global Affairs at the University of Toronto. “What differentiates this campaign was the extent to which it was tied to things that were going on on a day-to-day, hour-to-hour basis in Egypt.”
A prime example took place on December 7th, when Azza Soliman, a prominent lawyer and women’s rights advocate, was unexpectedly arrested at her home. Just a few hours after she was taken into custody, staff at several NGOs received an email disguised as being from Dropbox with a PDF file purporting to be the police report on Soliman’s arrest. To view the file, the target would have to enter their Dropbox password into a form that was actually controlled by the operator of the attack.
“The timing points to strong government coordination,” said Ramy Raoof, the senior research technologist at EIPR who worked on the investigation. “No one would have been able to deploy this kind of attack using Azza Soliman’s arrest warrant that quickly unless they knew ahead of time that the arrest was going to happen.”
The second phase of the phishing campaign deployed more generic messages that appeared to be personalized emails from Gmail, for example, about account security, such as warnings about suspicious login attempts and prompting the user for their login information.
Google eventually sent several NGO staff members a warning that they “may have detected government-backed attackers trying to steal your password.”
The phishing campaign gels with an ongoing effort by the Egyptian government to boost its electronic surveillance capabilities. State intelligence agencies have purchased powerful surveillance technologies from European companies in recent years, including Remote Control System software built by the Italian spyware manufacturer Hacking Team. Egyptian authorities are also continually trying to block access to the encrypted messaging app Signal while Open Whisper Systems, the company behind the app, develops ways to circumvent the censorship.
“I don’t think it will stop,” said Abdel Razek of EIPR. “Egypt’s been moving very much towards a literal police state over the past three and a half years and in a police state that’s what you do in a time where technology is one of the main mediums people are using to mobilize and to exchange ideas.”
The phishing attacks come as Egyptian president Abdel Fattah al-Sisi appears to be building close ties to President Donald Trump, who has called for heavier surveillance of mosques in the United States. Trump called Sisi a “fantastic guy” after their first meeting in September, and the Egyptian president was the first world leader to congratulate Trump after he won the election in November. Following Trump’s inauguration, Sisi was the second world leader Trump spoke to, after Israeli Prime Minister Benjamin Netanyahu. The two primarily discussed combating “terrorism and extremism,” according to a statement by the Egyptian president’s office, as well as a possible visit by Sisi to Washington.
Top photo: Egyptian protesters chant slogans during a demonstration in Cairo on April 25, 2016, against the handing over of two Red Sea islands to Saudi Arabia.
“How a U.S. team uses Facebook, guerrilla marketing to peel off potential ISIS recruits” on washingtonpost.com.
“I have no doubt that this is either a state agency or a stage agency-sanctioned campaign,” said Gasser Abdel Razek, the executive director of EIPR. “Who else would be interested and willing to invest the time and effort into this kind of coordinated social engineering except the state?”
Looks like this story was buried beneath the fold. Deliberate policy of Intercept editorial staff on foreign policy stories, it looks like. Learned it from the NYTimes ,did they?
Mr. Kouddous
“……….The nature and complexity of the attacks, which occurred over the past few months, suggest the campaign is being directly coordinated by an Egyptian intelligence agency, EIPR researchers say. Although the investigation turned up no conclusive proof that the government was behind the campaign, EIPR says a combination of the sophisticated timing of the attacks, the choice of NGOs targeted, prior evidence of electronic surveillance by the state, and the wider context of the crackdown on civil society strongly point to involvement by one of the country’s intelligence agencies……..”
The most important foreign policy statement by Trump to date is the war on terror. His top priority is Islamic terrorism which falls into line with the near goals of al-Sissi. The Trump administration is considering designating the Muslim Brotherhood a terrorist organization – a designation that would delight al-Sissi (but alienate Turkey). Mohamed Morsi – a leader in the Muslim Brotherhood organization – was elected President of Egypt in a fair vote after Mubarak was ousted, but was in turn removed from power by the powerful Egyptian military when Morsi refused to appease the demands of the millions of protesters against his leadership and policies.
Al-Sissi brutally cracked down on the protests by the MB which followed the “coup” killing hundreds. He designated the MB a terrorist organization alienating much of the Conservative Muslim population in Egypt. Recently, al-Sissi began supporting Assad in Syria – a natural Allie in the war against the MB. Of course, the Muslim Brotherhood is an integral part of the opposition to Assad in Syria – and has opposed the rule of the Assad family for decades. In the early 1980s, the Brotherhood rebelled leading to the Hama massacre in 1982 in which 10,000-20,000 people were killed.
Egyptians for the moment are happy that Egypt has not disintegrated like Syria, but the millions that were responsible for overthrowing Mubarak will not standby forever. Conditions are probably far worse for political freedom and human rights than under Mubarak. Egypt’s “war on terror” makes domestic intelligence a far more important tool for security – and for abusive policies. Human rights organizations serve a vital function in reporting human rights violations by the Egyptian dictator. Of course, they will be harassed as this article indicates.
Finally, Trump will work with al-Sissi to ensure that the Camp David Peace agreement is upheld. Israel is a vital cog in Trump’s ME policies. The agreement broke the unity of Arabs against Israel after the 1967 and 1973 wars, and brought temporary stability to the Middle East. Speculatively, I envision Trump as being more pragmatic on foreign policy supporting the big picture over intervening internally in the affairs of other countries.
Stupid and ridiculous report, get over it Sharif and stop listening to EIPR, Gasser or similar!! We will not accept any biased media!