Prominent human rights activists in Egypt targeted by sophisticated hacking attacks
Sharif Abdel Kouddoust,
HUMAN RIGHTS GROUPS and individual activists in Egypt have been targeted by a large and sophisticated phishing campaign, according to a joint investigation by the Egyptian Initiative for Personal Rights and Citizen Lab.
The campaign, which the reports call Nile Phish, coincides with an unprecedented crackdown on civil society in Egypt over the past few years, with non-governmental organizations and their staff being subjected to interrogations, arrests, travel bans, asset freezes, forced closures and a long-running trial over accusations of receiving foreign funding to destabilize the country.
The targets of the phishing attacks include seven of Egypt’s most prominent human rights groups (including EIPR), all of which are also defendants in the foreign funding case. The groups include Cairo Institute for Human Rights Studies, Egyptian Commission for Rights and Freedoms, and Nazra for Feminist Studies. The campaign also targeted a small number of individuals, including lawyers, journalists and political activists, EIPR and Citizen Lab stated.
The nature and complexity of the attacks, which occurred over the past few months, suggest the campaign is being directly coordinated by an Egyptian intelligence agency, EIPR researchers say. Although the investigation turned up no conclusive proof that the government was behind the campaign, EIPR says a combination of the sophisticated timing of the attacks, the choice of NGOs targeted, prior evidence of electronic surveillance by the state, and the wider context of the crackdown on civil society strongly point to involvement by one of the country’s intelligence agencies.
“I have no doubt that this is either a state agency or a stage agency-sanctioned campaign,” said Gasser Abdel Razek, the executive director of EIPR. “Who else would be interested and willing to invest the time and effort into this kind of coordinated social engineering except the state?”
The researchers from Citizen Lab did not reach the same conclusion, as their analysis was limited only to what they could demonstrate from a technical perspective.