Creating new perspectives since 2009

Egypt using cyber attacks to target NGOs

February 2, 2017 at 9:04 pm

Egyptian human rights groups are being targeted by a wide scale phishing campaign which is thought to be headed by the Egyptian intelligence agency, according to a joint investigation by the Egyptian Initiative for Personal Rights (EIPR) and Citizen Lab.

    Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Almost all of those targeted by the campaign are implicated in Case 173, a legal case brought by the Egyptian government against NGOs and issues of foreign funding, the groups said.

The report, entitled “Nile Phish”, said the attacks occurred over the past few months and even as recently as 31 January.

“I have no doubt that this is either a state agency or a stage agency-sanctioned campaign,” said Gasser Abdel Razek, the executive director of EIPR. “Who else would be interested and willing to invest the time and effort into this kind of coordinated social engineering except the state?”

Though Citizen Lab did not come to the same conclusion, because its investigation was based on technical aspects only, one of its contributors said: “The sophistication was in the deception rather than in the technology.”

John Scott-Railton continued: “What differentiates this campaign was the extent to which it was tied to things that were going on on a day-to-day, hour-to-hour basis in Egypt.”

A prime example took place on 7 December when Azza Soliman, a prominent lawyer and women’s rights advocate, was unexpectedly arrested at her home. Just a few hours after she was taken into custody, staff at several NGOs received an email disguised as being from Dropbox with a PDF file purporting to be the police report on Soliman’s arrest. To view the file, the target would have to enter their Dropbox password into a form that was actually controlled by the operator of the attack.

“The timing points to strong government coordination,” said Ramy Raoof, the senior research technologist at EIPR who worked on the investigation. “No one would have been able to deploy this kind of attack using Azza Soliman’s arrest warrant that quickly unless they knew ahead of time that the arrest was going to happen.”

Since the ouster of the first democratically elected President, Mohamed Morsi, in a military coup, Egypt has witnessed what is widely described as an “unprecedented crackdown” on both civil society and dissent. Tens of thousands of activists are now lingering in jails because of their opposition to the coup and the government of the military leader Abdel Fattah Al-Sisi.