Amnesty says ‘govt phishing’ endangers Egypt activists

Amnesty International warned Wednesday that dozens of rights activists in Egypt have been put in “grave danger” by email phishing attacks that it says appear to be government orchestrated.

“Dozens of Egyptian human rights defenders have been targeted by phishing attacks… this year, putting them in grave danger”, the group said in a statement.

“These digital attacks appear to be part of a sustained campaign to intimidate and silence critics” of President Abdel Fattah al-Sisi’s government, said Ramy Raoof, a tactical technologist at Amnesty.

The London-based rights group said the “chilling” attempted attacks had used a technique known as OAuth phishing and that there were “strong indications” the Egyptian authorities were responsible.

It said the tactic masquerades as an email containing a legitimate application — such as a calendar organizer — to trick activists into downloading spyware.

Amnesty pointed to spikes in OAuth phishing attempts in the run-up to the eight-year anniversary of Egypt’s January 25, 2011 uprising which toppled Hosni Mubarak, and during a two-day visit to Egypt by French President Emmanuel Macron.

It said attacks peaked on January 29, the day Macron met human rights activists from four key Egyptian NGOs.

Sisi’s government is pursuing a military campaign against the Islamic State group in northern Sinai.

As army chief, Sisi led the overthrow of Egypt’s first freely elected president Mohamed Morsi in 2013 after mass street protests against the Islamist leader’s rule.

But alongside his crackdown on Islamist opponents, Amnesty and other rights groups have repeatedly accused Sisi of brooking no dissent from secular, liberal and leftist activists.

Egypt: Activists, government critics hit by wave of digital attacks

Following is the statement issued by Amnesty International in this regard:

An investigation by Amnesty International has revealed that dozens of Egyptian human rights defenders have been targeted by phishing attacks since the beginning of this year, putting them in grave danger amid Abdelfattah al-Sisi’s government’s intensifying crackdown on dissent.

Since January 2019 Amnesty Tech has analyzed dozens of suspicious emails sent to Egyptian human rights defenders, journalists and NGOs. The organization found that the emails used a technique known as OAuth Phishing to gain access to private accounts, and that attacks spiked during key political moments such as the anniversary of Egypt’s uprising on 25 January.

“These digital attacks appear to be part of a sustained campaign to intimidate and silence critics of the Egyptian government. Over the past year Egyptian human rights defenders have faced an unprecedented assault from the authorities, risking arrest and imprisonment whenever they speak out, and these chilling attempts to target them online pose yet another threat to their vital work,” said Ramy Raoof, Tactical Technologist at Amnesty Tech.

“Abdel Fattah al-Sisi’s government’s crackdown on freedom of expression is growing worse by the day, and it is more important than ever that human rights defenders can communicate online without fear of reprisal. There are strong indications that the Egyptian authorities are behind these attacks. We are calling on them to stop their relentless attack on human rights defenders and respect the rights to privacy, freedom of expression and association.”

The digital attacks documented by Amnesty International occurred between 18 January and 13 February 2019. OAuth Phishing is a technique which abuses a legitimate feature of many online service providers that allows third-party applications to gain access to an account. For example, an external calendar application might request access to a user’s email account to add upcoming events or flight times. With OAuth Phishing, attackers craft malicious third-party applications that trick targets into giving them access to their accounts.

Amnesty International has released a detailed analysis of these attacks as well as information on how to protect against this kind of phishing.

Attacks coinciding with political events

The attacks documented by Amnesty International coincided with a number of important events that took place in Egypt at the start of this year. In the run-up to the eighth anniversary of Egypt’s 25 January uprising, Amnesty International recorded 11 phishing attacks against NGOs and media outlets. There was another burst of attacks during French President Emmanuel Macron’s visit to Cairo to meet with President al-Sisi on 28 and 29 January. The attacks peaked on 29 January, the day that President Macron met with human rights defenders from four prominent Egyptian NGOs. Later, in the first week of February, several media organizations were targeted, many of whom were reporting on the process of amending the Egyptian Constitution that had just started.

In recent years the Egyptian authorities have ramped up harassment of civil society through a repressive law imposing harsh restrictions on NGOs, and have launched criminal investigations against dozens of human rights defenders and NGO staff for “receiving foreign funding”. Investigative judges have also ordered a travel ban against at least 31 NGO staff, and asset freezes of 10 individuals and seven organizations. Dozens of human rights defenders are being held in lengthy pre-trial detention on absurd charges.

The selective targeting of human rights defenders and the timing in relation to specific political events suggests this wave of attacks is politically, rather than financially, motivated. The list of individuals and organizations targeted in this campaign of phishing attacks has significant overlaps with those targeted in an older phishing attack wave, known as Nile Phish, disclosed in 2017 by Citizen Lab and the Egyptian Initiative for Personal Rights (EIPR). Almost all the targets of Nile Phish were being investigated by the Egyptian authorities in relation to “foreign funding”.

“We are urging Egyptian human rights defenders to be vigilant and to contact Amnesty Tech if they receive any suspicious emails,” said Ramy Raoof.

“Until the Egyptian government ends its appalling assault on civil society, activists and human rights defenders must ensure they are keeping themselves safe while they carry out their important work.”