An investigation by Amnesty International has revealed that dozens of Egyptian human rights defenders have been targeted by phishing attacks since the beginning of this year, putting them in grave danger amid Abdelfattah al-Sisi’s government’s intensifying crackdown on dissent.
Since January 2019 Amnesty Tech has analyzed dozens of suspicious emails sent to Egyptian human rights defenders, journalists and NGOs. The organization found that the emails used a technique known as OAuth Phishing to gain access to private accounts, and that attacks spiked during key political moments such as the anniversary of Egypt’s uprising on 25 January.
These digital attacks appear to be part of a sustained campaign to intimidate and silence critics of the Egyptian government
Ramy Raoof, Tactical Technologist at Amnesty Tech.
“These digital attacks appear to be part of a sustained campaign to intimidate and silence critics of the Egyptian government. Over the past year Egyptian human rights defenders have faced an unprecedented assault from the authorities, risking arrest and imprisonment whenever they speak out, and these chilling attempts to target them online pose yet another threat to their vital work,” said Ramy Raoof, Tactical Technologist at Amnesty Tech.
“President al-Sisi’s government’s crackdown on freedom of expression is growing worse by the day, and it is more important than ever that human rights defenders can communicate online without fear of reprisal. There are strong indications that the Egyptian authorities are behind these attacks. We are calling on them to stop their relentless attack on human rights defenders and respect the rights to privacy, freedom of expression and association.”
The digital attacks documented by Amnesty International occurred between 18 January and 13 February 2019. OAuth Phishing is a technique which abuses a legitimate feature of many online service providers that allows third-party applications to gain access to an account. For example, an external calendar application might request access to a user’s email account to add upcoming events or flight times. With OAuth Phishing, attackers craft malicious third-party applications that trick targets into giving them access to their accounts.
Amnesty International has released a detailed analysis of these attacks as well as information on how to protect against this kind of phishing.
Attacks coinciding with political events
The attacks documented by Amnesty International coincided with a number of important events that took place in Egypt at the start of this year. In the run-up to the eighth anniversary of Egypt’s 25 January uprising, Amnesty International recorded 11 phishing attacks against NGOs and media outlets. There was another burst of attacks during French President Emmanuel Macron’s visit to Cairo to meet with President al-Sisi on 28 and 29 January. The attacks peaked on 29 January, the day that President Macron met with human rights defenders from four prominent Egyptian NGOs. Later, in the first week of February, several media organizations were targeted, many of whom were reporting on the process of amending the Egyptian Constitution that had just started.
We are urging Egyptian human rights defenders to be vigilant and to contact Amnesty Tech if they receive any suspicious emails
Ramy Raoof
In recent years the Egyptian authorities have ramped up harassment of civil society through a repressive law imposing harsh restrictions on NGOs, and have launched criminal investigations against dozens of human rights defenders and NGO staff for “receiving foreign funding”. Investigative judges have also ordered a travel ban against at least 31 NGO staff, and asset freezes of 10 individuals and seven organizations. Dozens of human rights defenders are being held in lengthy pre-trial detention on absurd charges.
The selective targeting of human rights defenders and the timing in relation to specific political events suggests this wave of attacks is politically, rather than financially, motivated. The list of individuals and organizations targeted in this campaign of phishing attacks has significant overlaps with those targeted in an older phishing attack wave, known as Nile Phish, disclosed in 2017 by Citizen Lab and the Egyptian Initiative for Personal Rights (EIPR). Almost all the targets of Nile Phish were being investigated by the Egyptian authorities in relation to “foreign funding”.
“We are urging Egyptian human rights defenders to be vigilant and to contact Amnesty Tech if they receive any suspicious emails,” said Ramy Raoof.
“Until the Egyptian government ends its appalling assault on civil society, activists and human rights defenders must ensure they are keeping themselves safe while they carry out their important work.”