Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 6 MINUTES AGO.
You are here: Home / Data Security / Cyberspies Target American Writer
Cyberspies Target American-Egyptian Writer
Cyberspies Target American-Egyptian Writer
By Raphael Satter Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
15
2017

American-Egyptian author Mona Eltahawy is one of many activists and human rights advocates targeted in a sweeping cyberespionage campaign blamed on Egypt's government, The Associated Press has found.

A booby-trapped email sent to Eltahawy and examined by the AP shows that she was targeted by the same password-stealing technique used to try to compromise staff at more than half a dozen Egyptian human rights organizations. Digital clues such as matching email addresses employed to send the malicious messages and the use of the same credential-harvesting website proved the same actor was involved.

Eltahawy, a fierce critic of Egypt's government who has frequently complained about state surveillance, said she felt violated but not surprised.

"I'm used to this from the Egyptian regime," she said in a series of telephone conversations with the AP. "I'm not trying to belittle what they've done, but I'm used to this."

Officials in Cairo have yet to speak publicly about the barrage of malicious messages, also known as phishing emails, sent to civil society figures in recent months. The campaign, exposed by internet watchdog group Citizen Lab earlier this month, prompted Eltahawy to tweet that she was among its targets. Eltahawy's partner later forwarded copies of the emails to the AP.

The message itself was closely tailored to Eltahawy's concerns. An outspoken commentator on feminism, the Arab world and Egypt, Eltahawy was a constant media presence during the country's 2011 uprising. She also has a sizeable following on Twitter, where she regularly shares news about activists caught up in Egypt' grinding crackdown on dissent. Ever since Egypt's 2013 military takeover, local rights groups have had their assets frozen, their staff detained and their leaders banned from traveling abroad.

On Dec. 7, women's rights attorney Azza Soliman was arrested. In the following week, Eltahawy fielded social media messages about the lawyer's upcoming court date. So when she received an email labeled "an important document about Azza Soliman," she opened it right away.

"I usually never go and click on documents that are sent to me by people I don't know," she said. "But because this was Azza and I was very upset about what had happened to her, I immediately went and clicked."

Eltahawy said she realized she had been fooled, especially after she received additional suspicious emails the next day and realized there was activity on her account she didn't recognize.

"Someone logged onto my computer from another neighbourhood in Cairo!" she wrote to her partner via WhatsApp at the time. "Those (expletive) bastards!"

Eltahawy and other activists blame the government for the break-in. An Egyptian Interior Ministry official insisted to AP ��" on condition of anonymity ��" that officials weren't involved. Circumstantial evidence such as bits of Arabic slang in the malicious sites' code isn't conclusive. The AP sent a message seeking comment to the email address used by Eltahawy's hacker earlier this month, but the message went unanswered. Hours later, the email account was deleted.

Eltahawy's experience demonstrates the power of phishing, which consists of deploying bogus emails to entice people to give up their passwords. It's the Swiss Army knife of electronic espionage ��" ubiquitous, cheap and, done well, it can break in almost anywhere. Eltahawy's hackers even appear to have bypassed an additional security measure known as two-factor authentication by sending out a second round of malicious messages.

Eltahawy paid them a grudging compliment.

"This is a testament to how good they are with these phishing things," Eltahawy said. "They know how to get you."

© 2017 Associated Press under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.