Egypt: Activists, government critics hit by wave of digital attacks

An investigation by Amnesty International has revealed that dozens of Egyptian human rights defenders have been targeted by phishing attacks since the beginning of this year, putting them in grave danger amid Abdelfattah al-Sisi’s government’s intensifying crackdown on dissent.

Since January 2019 Amnesty Tech has analyzed dozens of suspicious emails sent to Egyptian human rights defenders, journalists and NGOs. The organization found that the emails used a technique known as OAuth Phishing to gain access to private accounts, and that attacks spiked during key political moments such as the anniversary of Egypt’s uprising on 25 January. 

These digital attacks appear to be part of a sustained campaign to intimidate and silence critics of the Egyptian government 

Ramy Raoof, Tactical Technologist at Amnesty International.

“These digital attacks appear to be part of a sustained campaign to intimidate and silence critics of the Egyptian government. Over the past year Egyptian human rights defenders have faced an unprecedented assault from the authorities, risking arrest and imprisonment whenever they speak out, and these chilling attempts to target them online pose yet another threat to their vital work,” said Ramy Raoof, Tactical Technologist at Amnesty Tech.

“President al-Sisi’s government’s crackdown on freedom of expression is growing worse by the day, and it is more important than ever that human rights defenders can communicate online without fear of reprisal. There are strong indications that the Egyptian authorities are behind these attacks. We are calling on them to stop their relentless attack on human rights defenders and respect the rights to privacy, freedom of expression and association.”

The digital attacks documented by Amnesty International occurred between 18 January and 13 February 2019. OAuth Phishing is a technique which abuses a legitimate feature of many online service providers that allows third-party applications to gain access to an account. For example, an external calendar application might request access to a user’s email account to add upcoming events or flight times. With OAuth Phishing, attackers craft malicious third-party applications that trick targets into giving them access to their accounts. 

Amnesty International has released a detailed analysis of these attacks as well as information on how to protect against this kind of phishing.

Attacks coinciding with political events

The attacks documented by Amnesty International coincided with a number of important events that took place in Egypt at the start of this year. In the run-up to the eighth anniversary of Egypt’s 25 January uprising, Amnesty International recorded 11 phishing attacks against NGOs and media outlets. There was another burst of attacks during French President Emmanuel Macron’s visit to Cairo to meet with President al-Sisi on 28 and 29 January. The attacks peaked on 29 January, the day that President Macron met with human rights defenders from four prominent Egyptian NGOs. Later, in the first week of February, several media organizations were targeted, many of whom were reporting on the process of amending the Egyptian Constitution that had just started.