Egypt government used Gmail third-party apps to phish activists
Over the past few years, a series of privacy scandals including the Facebook/Cambridge Analytica scandal have spurred an international push for better privacy laws. In some parts of the world, policymakers have responded to this movement by introducing new data protection bills, such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). However, in countries such as China and Russia, governments have actually stepped up Internet surveillance and censorship efforts. A new investigation by Amnesty International puts Egypt firmly in the later category of anti-privacy regimes.
Amnesty investigators claim that the Egyptian government recently targeted human rights activists, journalists and others in a spear-phishing campaign that aimed to give government officials access to user accounts. The campaign involved “OAuth phishing,” a relatively new technique that takes advantage of Gmail account access privileges enjoyed by third-party apps.