In June 2020, at least 13 websites affiliated with the Ethiopian government were hacked and defaced. The targets were diverse, from seemingly innocuous sites such as Ethiopia’s Educational Evolution Office, the Statistics Centre, and the National Lottery Administration, to more sensitive targets like the Police Commission and Ethiopia’s Official Government Gazette. The “Cyber Horus Group,” as the hackers called themselves, left nationalistic messages with pharaonic-themed inscriptions and music. The group wrote on the hacked pages: “If the river’s level drop, let all the Pharaoh’s soldiers hurry and return only after the liberation of the Nile.” They warned, “engaging with Egypt in a war may cost you more than the lives of an Ethiopian people,” and ended with the hashtags “#God_Bless_Egypt” and “#God_Bless_Egyptian_president.”
The attack on these 13 Ethiopian government websites during a time of escalating tension between Ethiopia and Egypt demonstrates an emerging flirtation with offensive cyber tools as instruments of foreign policy—as well as Egypt’s cyber limitations. As Egypt’s crises with its immediate neighbors have mounted significantly in recent years, so too has the country’s willingness to use subversive cyber elements for statecraft.
The defacements themselves were low-tech; the hacking and defacing of websites is a common and unsophisticated form of cyberattack. Government websites can be particularly vulnerable as they are oftentimes outdated and not well-maintained. However despite the simplicity, low-tech operations can have serious consequences. In 2017, the relatively unsophisticated hack of state-owned TV station Qatar News Agency eventually contributed to a regional diplomatic rift. While many other developments established a strong prior willingness to excommunicate Qatar, the incident demonstrates the far-reaching repercussions of basic security vulnerabilities in the digital era.
There is no evidence that directly links the hack and defacement of the Ethiopian government websites with the Egyptian state. Indeed, plausible deniability is an inherent feature of cyberwarfare technologies; the anonymity intrinsic to the internet is an important strategic advantage in the cyber domain. States conducting operations are less vulnerable to retaliation as cyberattacks are often low-cost and low-risk. The Cyber Horus Group may be associated with Egyptian security authorities, but it might also be an independent group of nationalist Egyptians, angry at Ethiopia’s perceived bullying on an issue of such immense national importance—the Grand Ethiopian Renaissance Dam. The cyber domain’s attribution dilemma has been a source of significant debate. Israel and Iran—the most sophisticated cyber players in the region—have long exchanged cyber-jabs under comfortable cloaks of deniability; only recently have they demonstrated more willingness to claim their own attacks.
Mounting evidence suggests that Egypt will put more cyber tools to use in the foreign policy arena. Cyber tactics have heretofore been the near-exclusive reserve of domestic control and repression, but as relations with Egypt’s immediate neighbors have become increasingly complex—whether it be existential water insecurity brought on by Ethiopia’s Dam or ongoing instability in Libya—the country has sought to utilize low-cost, low-risk cyber operations. This is perhaps an effort to exert influence without assuming the higher costs of more overt and traditional foreign policy and security action.
Within the past year and prior, Silicon Valley heavyweights have accused Egypt of conducting a number of state-backed digital information operations targeting neighboring states. In April 2020, Twitter removed 2,541 accounts connected with an Egyptian newspaper, El Fagr. The El Fagr network, which Twitter believes was taking direction from the Egyptian government, amplified messaging critical of Iran, Qatar, and Turkey. Facebook also dismantled an Egyptian network, although the company stopped short of directly implicating the government. In addition to attacks on Iran, Qatar, and Turkey, there has been substantial evidence of Egyptian information operations targeting Libya. These operations demonstrated enthusiastic support for Field Marshal Khalifa Haftar, who has long been strongly backed by Egypt. Three digital marketing firms associated with regional governments suggest a significant level of coordination and resource-sharing among allied states.
Economically, Egypt has also sought to project cyber power through the strategic development of undersea internet cables and data centers. Egypt has long reaped the benefits of its strategic location as a bridge between European and Asian waterways and the fortune of Egypt’s geography also has positive impacts for the cyber domain. There are 17 undersea internet cables running through Egypt—the United States is the only country with more—which account for 17 percent of the world’s internet traffic. While Egypt could do more to develop this industry, the country’s strategic geographic advantage has also helped the country market and develop itself into a database hub. Due to the unique density of undersea cables, data centers can easily be connected to multiple countries around the world. This sector is an important source of growth for Egypt’s economy and there is potential for Egypt to develop into a global data center hub.
Despite some evidence of Egypt’s growing cyber power, the country is also beset by limitations. Recently, Google announced plans to develop a fiber-optic network that would connect through Saudi Arabia and Israel, bypassing Egypt for the first time. The company hopes that the new route will reduce reliance and congestion through Egypt’s network. As relations between Israel and its Gulf neighbors continue to warm, Egypt may see itself side-stepped more often in similar ways.
Egypt’s 2017–21 Cybersecurity Strategy also emphasizes the improvement of infrastructure to aid in the development of e-government services. While this is an important and necessary goal, increased digitization of government services simultaneously increases the government’s vulnerability to attack. Moreover, it is unclear if adequate investments in basic cybersecurity and cyber defense have been made, as much of Egypt’s basic national IT infrastructure is outdated. In comparison to cyber leaders in the region—such as Iran and Israel—Egypt lags woefully behind. Given the clandestine nature of the field, it is impossible to determine the level of sophistication of the cyber weapons in Egypt’s arsenal. However, the existence of sophisticated cyber weapons seems highly unlikely, as there is little evidence to suggest Egypt has the capacity or resources necessary to develop these capabilities in-house.
In the National Cyber Power Index (NCPI) that was released last summer by Harvard’s Belfer Center, Egypt scored the lowest in comparison to the other 30 states surveyed. The NCPI, which scores both cyber intent and capability, found that Egypt has both a low capability and low intent to project cyber power. An important caveat, however, is that Egypt may simply not publish enough information about its cyber capabilities in order to be appropriately measured.
Egypt’s cyber limitations could be due, in part, to a lack of human capital and necessary access to technical expertise and skilled employees. The institutional constraints of a rigid authoritarianism potentially hamper the necessary creativity and innovation zeal for progress in these domains. Additionally, unlike Iran, Egypt has enjoyed comfortable, long-term strategic alliances with global cyber powers like the United States that have helped to insulate the country and deter damaging state-backed cyber-attacks. Without a decades of relative diplomatic and multilateral isolation, Egypt did not experience similar existential and external incentives to develop its own domestic arsenal.
Most importantly, however, is that much of the country’s cyber weapons and resources have been dedicated to repressing its own population. Egypt has been documented purchasing a range of sophisticated censorship and surveillance tools to control and suppress domestic political dissent, from deep-packet inspection censorship tech purchased from the Canadian-founded company Sandvine, notorious German-made FinSpy spyware produced by FinFisher, to the Italian manufactured Hacking Team surveillance tech—the most infamously disturbing technologies used for domestic repression have been procured by Egypt. When the state perceives its own population as a primary danger to national and digital security, few resources will be dedicated to combatting external threats.