' fill='%230E4F97'%3E%3Cg id='Group-5' transform='translate(370.000000, 11.000000)'%3E%3Cg id='avatar' transform='translate(6.000000, 4.000000)'%3E%3Ccircle id='Oval' cx='8' cy='4' r='4'%3E%3C/circle%3E%3Cpath d='M7.12864205,10 L8.87135795,10 C11.558649,10 14.0087196,11.5384024 15.1762205,13.958831 L16,15.6666667 L16,15.6666667 L15.3374858,17.5134983 C15.228016,17.8186575 14.9774027,18.051811 14.6651459,18.1389975 L8,20 L8,20 L1.33485405,18.1389975 C1.02259733,18.051811 0.771984007,17.8186575 0.662514216,17.5134983 L0,15.6666667 L0,15.6666667 L0.823779545,13.958831 C1.99128041,11.5384024 4.44135104,10 7.12864205,10 Z' id='Rectangle'%3E%3C/path%3E%3C/g%3E%3C/g%3E%3C/g%3E%3C/g%3E%3C/svg%3E)
Israeli firm traces cyberattacks on Egyptian activists to Cairo government
Check Point Software Technologies says major hacking campaign targeting opposition figures, journalists and academics run out of Egyptian spy shop
A leading Israeli cybersecurity company found that a series of cyberattacks against Egyptian journalists, academics, opposition politicians and rights activists was likely perpetrated by the Egyptian government.
The perpetrators, who were traced to government offices, installed programs on victims’ phones that allowed them to read their emails, track their movements and keep tabs on their contacts.
Check Point Software Technologies uncovered the link and would reveal the findings in a Thursday report, the New York Times reported.
The main server for the attackers had been registered by the Egyptian Ministry of Communications and Information Technology.
GPS coordinates in one of the applications used by the perpetrators matched Egypt’s General Intelligence Service, its central spy agency, the report said.
The effort started in 2016 and targeted at least 33 leading opposition figures. It used several methods to gain access to people’s devices. An app called Secure Mail tricked the targets into divulging their Gmail passwords; an app called iLoud200% was billed as increasing the volume of phones, but actually revealed the target’s location, even when location services were turned off; IndexY purported to identify incoming calls, but actually saved details of all calls made for the attackers.
IndexY was offered by the Google Play Store until July 15, when Check Point notified Google about it. Google took down the app and banned the developer who placed it there. Its successful placement in the store spoke to its sophistication, Check Point said.
Despite the apps’ complexity, the creators made several mistakes, the New York Times reported, including leaving an IP address and geolocation coordinates embedded in the software, which Check Point said revealed likely ties to the Egyptian government.
The incriminating information could have been part of a false flag operation, but was probably left in the software accidentally. The campaign’s scale, duration, and targets also seemed to point to a government actor, the report said.
At least two of the targets were arrested following anti-government protests last month.
Check Point’s investigation was sparked by a report by the Amnesty International rights group saying that Egyptian rights activists had been targeted in a phishing campaign.
Of the 33 targets, at least some were Egyptians living in the US, Canada and the UK.
