FinSpy is a full-fledged surveillance software suite, capable of intercepting communications, accessing private data, and recording audio and video, from the computer or mobile devices it is silently installed on. FinSpy is produced by Munich-based company FinFisher Gmbh and sold to law enforcement and government agencies around the world. According to media reports, when Egyptian protesters broke into the offices of the now dissolved State Security Investigations Service, an intelligence body responsible for investigating security threats and notorious for committing grave human rights violations during Hosni Mubarak’s decades’ long rule, in 2011, they discovered contracts for the sale of FinSpy to Egyptian authorities. Since then, research groups such as Citizen Lab, at the University of Toronto, and Privacy International have discovered FinSpy being used to target HRDs and civil society in many countries, including Bahrain, Turkey and Ethiopia. Because of this, Amnesty International’s Security Lab tracks FinSpy usage and development as part of our continuous monitoring of digital threats to HRDs.

In December 2018, Amnesty International documented widespread targeted phishing attacks against human rights defenders (HRDs) in the Middle-East and North Africa, in the report “When Best Practice Isn’t Good Enough”. That report documented how attackers had specifically developed techniques to target HRDs who had taken extra steps to secure their online accounts, such as by using more secure, privacy-respecting email providers, or enabling two-factor authentication on their online accounts.

An investigation by Amnesty International has revealed that dozens of Egyptian human rights defenders have been targeted by phishing attacks since the beginning of this year, putting them in grave danger amid Abdelfattah al-Sisi’s government’s intensifying crackdown on dissent.

A new Amnesty International investigation has found a wave of digital attacks that likely originated from government-backed bodies starting from early January 2019 and involving multiple attempts to gain access to the email accounts of several prominent Egyptian human rights defenders, media and civil society organizations’ staff. The attacks appear to be part of a wider strategy, occurring amid an unprecedented crackdown on the same groups in what have turned Egypt into an “open-air” prison for critics. Because of the identities of the targets we have identified, the timing of these attacks, their apparent coordination and the notifications of state-sponsored attacks sent from Google, we conclude that these attacks were most likely carried out by, or on behalf of, the Egyptian authorities.