Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society
February 2, 2017
source: University of Toronto team https://citizenlab.org/2017/02/nilephish-report/
In 2011, the Egyptian Government embarked on a wide-ranging legal case charging that many civil society organizations receive foreign funding, and may be engaged in prohibited or illegal activities.
As part of Case 173, international organizations have been subjected to a wide range of legal sanctions, including arrests, travel bans, asset freezes and harsh sentencing. In 2013, 43 defendants working for international NGOs were sentenced to prison for their work, many in absentia as they had already left the country.
Initially primarily focused on international NGOs like the National Democratic Institute and the Konrad Adenauer Foundation, the case has grown increasingly focused on domestic Egyptian organizations. The 37 organizations known to be accused in the case include respected civil liberties groups, pro-bono law firms, and organizations working on gender issues.
With only a handful of exceptions, Nile Phish targets are implicated in Case 173, a legal case brought against NGOs by the Egyptian government over issues of foreign funding. The phishing campaign also coincides with renewed pressure on these organizations and their staff by the Egyptian government, in the context of Case 173, including asset freezes, travel bans, forced closures, and arrests.
Our collaborative investigation has documented at least 92 messages sent by Nile Phish, many highly personalized, and sent as recently as January 31st, 2017. The phishing campaign has included at least two phases, each with distinct phishing tactics and domains. Efforts seem to have been made to compartmentalize the infrastructure for each phase, but a technical error allowed us to link the servers and conclude that the two phases were part of a single campaign.
Nile Phish’s sponsor clearly has a strong interest in the activities of Egyptian NGOs, specifically those charged by the Egyptian government in Case 173. The Nile Phish operator shows intimate familiarity with the targeted NGOs activities, the concerns of their staff, and an ability to quickly phish on the heels of action by the Egyptian government. For example, we observed phishing against the colleagues of prominent Egyptian lawyer Azza Soliman, within hours of her arrest in December 2016. The phishing claimed to be a copy of her arrest warrant.
The Nile Phish Campaign
In late 2016, Citizen Lab was contacted by the Egyptian Initiative for Personal Rights (EIPR), whose technical team had observed a growing number of suspicious emails sent to EIPR accounts. The messages had caught the attention of the technical team because multiple messages arrived at the same time, concerned current events, and seemed to play on emotional themes related to Case 173. EIPR’s team helped broaden the investigation to a total of seven targeted Egyptian NGOs.
All of the seven Egyptian organizations are also implicated by Case 173. The targets include reputable and respected organizations working on political and rights issues such as freedom of expression, gender rights, and victims of torture and forced disappearances. Six of the organizations have agreed to be named in this report and one requested to be referenced anonymously
read full report here
Prominent Human Rights Activists in Egypt Targeted by Sophisticated Hacking Attacks
Google eventually sent several NGO staff members a warning that they “may have detected government-backed attackers trying to steal your password.”
Wait a minute, that is a loaded sentence. Google’s warnings are generic, they are not in the business of analyzing who is sponsoring a hack. Which government does Sharif Abdel Kouddous mean here and why does he want you to make these giant leaps?
The phishing campaign gels with an ongoing effort by the Egyptian government to boost its electronic surveillance capabilities. State intelligence agencies have purchased powerful surveillance technologies from European companies in recent years, including Remote Control System software built by the Italian spyware manufacturer Hacking Team. Egyptian authorities are also continually trying to block access to the encrypted messaging app Signal while Open Whisper Systems, the company behind the app, develops ways to circumvent the censorship.
This next paragraph seals my impression of what the writer’s intended message was.
The phishing attacks come as Egyptian president Abdel Fattah al-Sisi appears to be building close ties to President Donald Trump, who has called for heavier surveillance of mosques in the United States.
Egyptian Human Rights Activists Are Being Targeted in ‘Dangerous’ Hacking Campaign
“…hackers have been relentlessly trying to break into the online accounts of dozens of Egyptian human rights and civil liberties activists.”
“The Egyptian security agencies are obviously behind the attack,” Ziad Abdel Tawab, deputy director of the Cairo Institute for Human Rights Studies, told Motherboard in an email.
Here we go again. OBVIOUSLY? I can see dozens of other motivated groups and causes while Mr. Deputy Director, whatever that means, cannot see any trees for the forest.
I should remind you also that Bahey eldin Hassan is an Egyptian who serves as the Director of the Cairo Institute for Human Rights Studies (which he cofounded in 1993) currently lives in self-imposed exile in France.
Besides being the Director of the CIHRS, Hassan is also a member of the boards and advisory committees of several other human rights organizations such as the Euro Mediterranean Foundation of Support to Human Rights Defenders (EMHRF), Human Rights Watch (HRW) Middle East and North Africa Division, International Center for Transitional Justice (ICTJ). He’s also one of the founding members of EMHRF and the Euro Mediterranean Human Rights Network (EMHRN).
The Egyptian embassies in London and Washington, DC did not respond to a request for comment.
shrt lnk: http://wp.me/p5eLCS-nc