Media Releases

U of T’s Citizen Lab uncovers Nile Phish, extensive phishing campaign targeting Egyptian NGOs

February 2, 2017

Toron­to, ON – A new report from the Cit­i­zen Lab at the Munk School of Glob­al Affairs uncov­ers Nile Phish, an ongo­ing and exten­sive phish­ing cam­paign against Egypt­ian civ­il soci­ety. In recent years, Egypt has wit­nessed what is wide­ly described as an “unprece­dent­ed crack­down,” on both civ­il soci­ety and dis­sent. Amidst this back­drop, in late Novem­ber 2016 Cit­i­zen Lab began inves­ti­gat­ing phish­ing attempts on staff at the Egypt­ian Ini­tia­tive for Per­son­al Rights (EIPR), an Egypt­ian orga­ni­za­tion work­ing on research, advo­ca­cy and legal engage­ment to sup­port basic free­doms and rights.

With the col­lab­o­ra­tion and assis­tance of EIPR’s tech­ni­cal team, the inves­ti­ga­tion expand­ed to include sev­en Egypt­ian NGOs tar­get­ed by Nile Phish. These sev­en orga­ni­za­tions work on human rights, polit­i­cal free­doms, gen­der issues and free­dom of speech.  Cit­i­zen Lab also iden­ti­fied indi­vid­ual tar­gets, includ­ing Egypt­ian lawyers, jour­nal­ists and inde­pen­dent activists.

With only a hand­ful of excep­tions, Nile Phish tar­gets are also impli­cat­ed in Case 173, a sprawl­ing 5‑year-old legal case brought against NGOs by the Egypt­ian gov­ern­ment over issues of for­eign fund­ing. The phish­ing cam­paign also coin­cides with renewed pres­sure on these orga­ni­za­tions and their staff by the Egypt­ian gov­ern­ment, in the con­text of Case 173, includ­ing asset freezes, trav­el bans, forced clo­sures, and arrests.

“The scale of the cam­paign and its per­sis­tence com­pound the many threats already faced by Egypt­ian NGOs,” says John Scott-Rail­ton, senior researcher at the Cit­i­zen Lab. 

Cit­i­zen Lab is not in a posi­tion in this report to con­clu­sive­ly attribute Nile Phish to a par­tic­u­lar spon­sor, but the spon­sor of Nile Phish spon­sor clear­ly has a strong inter­est in the activ­i­ties of Egypt­ian NGOs, specif­i­cal­ly those charged by the Egypt­ian gov­ern­ment in Case 173. Nile Phish is clear­ly famil­iar with tar­get­ed NGOs’ activ­i­ties, staff con­cerns, and is able to quick­ly phish on the heels of action by the Egypt­ian gov­ern­ment.

“When most of us think of state cyber espi­onage, what like­ly comes to mind are extra­or­di­nary tech­no­log­i­cal capa­bil­i­ties: rare unpatched soft­ware vul­ner­a­bil­i­ties dis­cov­ered by teams of high­ly skilled oper­a­tors, or ser­vices pur­chased for mil­lions from shad­owy “cyber war­fare” com­pa­nies.  To be sure, some cyber espi­onage fits this descrip­tion, as any perusal through the Snow­den dis­clo­sures or our recent “Mil­lion Dol­lar Dis­si­dent” report will show. But not all of them do.  More often than not, cyber espi­onage can be sur­pris­ing­ly low-tech and inex­pen­sive, and yet no less effec­tive, than the glitzy stereo­types.  The Nile Phish cam­paign is a case in point,” says Ron Deib­ert, Cit­i­zen Lab’s direc­tor. 

By expos­ing the Nile Phish oper­a­tion, and pro­vid­ing tech­ni­cal indi­ca­tors, Cit­i­zen Lab hopes to help poten­tial tar­gets and oth­er inves­ti­ga­tors iden­ti­fy and mit­i­gate the cam­paign.

Guide on Cit­ing in Media

Nile Phish: Large-Scale Phish­ing Cam­paign Tar­get­ing Egypt­ian Civ­il Soci­ety
Pub­lished By: The Cit­i­zen Lab, Munk School of Glob­al Affairs, Uni­ver­si­ty of Toron­to
Pub­li­ca­tion Date: Feb­ru­ary 2, 2017
Report URL:


For more infor­ma­tion:

Media Rela­tions