Professor Riley - Security

Incident 1: QNB

What did attackers break into?

Turkish hackers compromised 1.5 gigabytes of dump from Qatar National Bank which consisted of customer information.

How did the attackers break into it?

No method was disclosed, however it is widely believed there was a vulnerability in the web application.

Who was impacted?

Among the info of normal customers, details for Al-Jazeera and the royal family were all leaked.

How was it investigated?

Initially, the breach was detected. Following this, they attempted to contain the incident by shutting down various systems. In order to trace who the perpetrators were, digital forensics would be carried out and almost a reverse-engineered process.

SecurityAffairs

TrendMicro

Meed

Incident 2: Qatar News Agency

What did attackers break into?

The attackers hacked the website and published false statements relating to the royal family of many Gulf countries.

How did the attackers break into it?

There was believed to be a SQL injection, or potential for cross-site scripting or remote file inclusion. The method was not disclosed, but the above are possible methods to carry out the attack.

Who was impacted?

Articles were written about the Emir of Qatar.

How was it investigated?

International cybersecurity experts were called to investigate the breach. It was thought to be a state-sponsored attack. They conducted an investigation to determine the source. Following this, they improved the design of government websites to prevent future breaches.

AlJazeera

BBC

Doha News