As Egypt's crackdown on the press extends to social media and other communication platforms, many journalists say phishing attempts, trolling, software to monitor social media posts, and a draft law that would require registration for social media users are making them think twice before covering sensitive issues.
The issue of targeting journalists online was brought into focus by the NilePhish scam that has targeted more than 110 journalists and activists since 2016--many of them implicated in a large-scale legal case Egypt brought against non-governmental organizations--according to a joint report published by the Toronto-based Citizen Lab and the Egyptian Initiative for Personal Rights, a local human rights groups also targeted in the scam.
Through "reverse engineering," which uses information about the victim to predict their behavior, NilePhish attackers used fake Dropbox and Google Documents invitations to trick victims into entering their account information so hackers could access their communications, according to the report.
Ramy Raoof, senior research technologist at the Egyptian Initiative for Personal Rights, told CPJ that the attacks appeared to be state-sponsored. Researchers found that the hackers had left notes for each other in the Egyptian dialect in code snippets, and in some cases phishing emails were sent to lawyers, using the subject line "arrest warrant" and their client's name, shortly after police made arrests.
"It's one of two [probabilities]: the attacks either happened by the authorities themselves, or in coordination with them," Raoof said.
Egypt's Ministry of Communications and Information Technology and its National Telecommunications Regulatory Authority did not immediately respond to CPJ's emailed requests for comment.
Hackers have also targeted tens of journalists and activists through the manipulation of two-step verification since mid-2016, Raoof said. Wael Abbas, a freelance journalist and blogger, told CPJ he received text messages in March 2016 with access codes to his Facebook account that he had not requested. Abbas said that because he has two-factor authentication he thought his account was safe. It wasn't until he received a message saying his account password was "successfully changed" that Abbas said he started to worry.
"It meant someone was able to access the text message that had the code," he posted on Facebook. "Someone other than myself and my telecom company."
Abbas said hackers also tried to access his Twitter, Gmail and Yahoo accounts. He told CPJ that Gmail and Yahoo displayed warning messages in his email inboxes, saying he was a victim of a "state-sponsored" attack. Abbas, who writes for several Arabic language media including al-Manassa, CNN Arabic, and Elbadil, said the hacking attempt came after he reported on the government's crackdown against non-profit organizations.
Abbas, like many of the journalists with whom CPJ spoke, said he uses Facebook to communicate with his sources. Egypt has taken steps to tighten its control of the platform and other social media.
Under the Telecommunication Regulation law, internet service providers must provide all the equipment and software needed for "the Armed Forces and National Security Entities to exercise their power." And in April, Reyad Abdel Sattar, a member of the liberal Free Egyptians Party, proposed a bill that would require users to register via a government-run platform to gain access to social media platforms, according to news reports. Abdel Sattar said the bill would "facilitate state surveillance over social networks."
Egypt already owns several interception products, including Blue Coat, that allow authorities to access communications without seeking permission from telecom service providers, Citizen Lab reported in 2013. While there are no specific laws that govern sales of surveillance products, the U.N. Guiding Principles on Business and Human Rights says that companies should "seek to prevent or mitigate adverse human rights impacts" linked to their products, even if they have not contributed to those impacts.
When CPJ asked Symantec, which acquired Blue Coat in 2016, about reports that its products are used in Egypt and were likely used in manipulation of two-step verification, the company's Middle East and Africa senior public relations manager Jennifer Dufforg said, "Symantec follows due diligence procedures to avoid selling to organizations known to abuse human rights or where the risk of misuse is high." In the emailed statement, Dufforg said, "In the event we determine our products are being misused by third parties contrary to our corporate policies, we reserve the right to take appropriate measures--including termination of support and any further dealings with such third parties."
Egypt also allegedly used deep packet inspection techniques to interfere with platforms including Tor browser, which allows anonymous browsing; the encrypted messaging app Signal; and Secure Shell, a protocol to provide secure communication channels, the Open Observatory of Network Interference, a global network that observes surveillance, reported.
Deep packet inspection allows internet service providers to filter or re-route communication selectively--an ability that could expose the country's 13 million social media users to potential surveillance.
"Surveillance patterns completely changed after 2013," Raoof said. "It's been getting more and more sophisticated, especially since mid-2016."
The possibility that a journalist's communication on Facebook may be monitored poses a threat to reporting, Cairo-based freelance journalist Menna Zaki said. "You can't ask [sources] controversial questions online," she said.
Aside from concerns that the government could access accounts, hackers have used details from private communication to threaten or discredit journalists, Raoof said. CPJ reported in January how blogger Esraa Abdel Fattah has been trolled on social media and pro-government news websites, with hacked emails, taped phone calls, and personal photos being shared in an attempt to publicly shame her. Her experiences led to some journalists saying in interviews that they clear their laptops of any articles that could be critical of the government.
"There is a serious obsession with personal lives," Raoof said. "It's the main way for punishing people and the first excuse for crackdown."
Zaki said that her belief that "everything is monitored" makes her think twice about using words that "the government considers politically incorrect" online. "Apparently there are no rules with surveillance and this is done. It is done in cold blood," Zaki said.
Knowing of activists who were arrested for starting Facebook pages or writing critical Facebook posts leaves journalists feeling vulnerable, she added.
Aya Nader added that being an online journalist in Egypt means she is "in constant fear." Nader, who reports on human rights for outlets including Al-Monitor and Open Democracy, said she also received a message from Gmail two months ago, warning of an attempted "government-sponsored attack."
"I deleted e-mails between me and my editors. Any e-mails that, if seen by the government, could land me in prison," she said.
Nader said that the threat of arrest--Egypt is the world's third worst jailer of journalists, according to CPJ research--makes her think twice before she writes a story or conducts an interview. She added that she has considered writing under a pseudonym and even withholding some stories before they get published to keep herself safe. Yet the threat of "losing credibility," is sometimes a bigger concern for journalists than threats to their physical safety, she said.
"The online electronic armies or trolls have a great role in that," she said. "I have been named and shamed [for writing content that's critical of the government]."
[EDITOR'S NOTE: This blog has been updated to reflect the outlets that Wael Abbas writes for and to reflect the correct spelling and job title for Ramy Raoof.]