茄子直播

茄子直播's Citizen Lab uncovers Nile Phish, extensive phishing campaign targeting Egyptian NGOs

Last month, Egyptians marked the sixth anniversary of the overthrow of dictator Hosni Mubarak at Tahrir Square (photo by Fayed El-Geziry/NurPhoto via Getty Images)

A new report from the Citizen Lab at 茄子直播's Munk School of Global Affairs uncovers Nile Phish, an ongoing and extensive phishing campaign against Egyptian civil society.

In recent years, Egypt has witnessed what is widely described as on both civil society and dissent. Amidst this backdrop, in late November 2016 Citizen Lab began investigating phishing attempts on staff at the , an Egyptian organization working on research, advocacy and legal engagement to support basic freedoms and rights.

鈥淭he scale of the campaign and its persistence compound the many threats already faced by Egyptian NGOs,鈥 says John Scott-Railton, senior researcher at the Citizen Lab. 

With the collaboration and assistance of EIPR鈥檚 technical team, the investigation expanded to include seven Egyptian NGOs targeted by Nile Phish. These seven organizations work on human rights, political freedoms, gender issues and freedom of speech. Citizen Lab also identified individual targets, including Egyptian lawyers, journalists and independent activists.

With only a handful of exceptions, Nile Phish targets are also implicated in Case 173, a sprawling 5-year-old legal case brought against NGOs by the Egyptian government over issues of foreign funding. The phishing campaign also coincides with renewed pressure on these organizations and their staff by the Egyptian government, in the context of Case 173, including asset freezes, travel bans, forced closures, and arrests.

Citizen Lab is not in a position in this report to conclusively attribute Nile Phish to a particular sponsor. But the sponsor of Nile Phish clearly has a strong interest in the activities of Egyptian NGOs, specifically those charged by the Egyptian government in Case 173. Nile Phish is clearly familiar with targeted NGOs鈥 activities, staff concerns, and is able to quickly phish on the heels of action by the Egyptian government.

鈥淲hen most of us think of state cyber espionage, what likely comes to mind are extraordinary technological capabilities: rare unpatched software vulnerabilities discovered by teams of highly skilled operators, or services purchased for millions from shadowy 鈥榗yber warfare鈥 companies,鈥 says Professor Ron Deibert of the department of political science in the Faculty of Arts & Science, and Citizen Lab鈥檚 director. 鈥淭o be sure, some cyber espionage fits this description, as any perusal through the Snowden disclosures or our recent 鈥楳illion Dollar Dissident鈥 report will show. But not all of them do.  More often than not, cyber espionage can be surprisingly low-tech and inexpensive, and yet no less effective, than the glitzy stereotypes. The Nile Phish campaign is a case in point.鈥 

By exposing the Nile Phish operation, and providing technical indicators, Citizen Lab hopes to help potential targets and other investigators identify and mitigate the campaign.

The Bulletin Brief logo

Subscribe to The Bulletin Brief