Professor Riley: Security

Incident 1: QNA Cyberattack

1. What did attackers break into?

On May 24, 2017, Qatar News Agency’s (QNA) website and database was hacked from an unknown source.

2. How did the attackers break into it?

Hackers broke into the system and mainly targeted the QNA network system-gaining access into confidential information regarding employee emails, passwords, and addresses. Upon breaking in, an array of malicious softwares was installed and put into place.

3. Who was impacted?

Media in Qatar was greatly impacted, where several fabricated stories on a range of sensitive issues were published, including articles describing HH Sheikh Tamim bin Hamad Al Thani supporting Iran, Hamas, Hezbollah and Israel. Qatar was then subsequently accused of supporting terrorism and blocked by several countries, including Saudi Arabia and the United Arab Emirates.

4. How was it investigated?

The investigation mainly revolved around identifying the hackers and their potential ties to any nations, where the British National Crime Agency and U.S. The Federal Bureau of Investigation took part in the investigation. While initial intelligence from U.S. Security Agencies identified Russian hackers as the perpetrators of the cyberattack, there was no notion of them being supported by the Russian government. On July 16, U.S. intelligence officers had identified and pinpointed the hack’s origin back to the UAE-although this claim has been denied vehemently by the nation.

Incident 2: QNB Security Breach

1. What did attackers break into?

On April 26, 2016, Qatar National Bank (QNB) suffered a breach, where a large collection of documents were leaked and posted online to the whistleblower site Cryptome.

2. How did the attackers break into it?

A group with Turkish ties known as Bozkurtlar has claimed credit for the hack, threatening to release more personal information from another bank, where they had leaked sensitive financial data and confidential corporate files totalling up to 1.4GB of data.

3. Who was impacted?

Although QNB claimed that "there is no financial impact on our clients or the bank" as a result of the security breach, a breach of any kind is capable of negatively impacting a bank’s reputation regarding safety. Although the authenticity of all documents could not be confirmed, it was noted that several documents regarding Qatari officials appeared to be correct. Despite this, The alleged leak had little impact on QNB’s share prices which dipped initially by about 1 percent but had gone back up the very next day.

4. How was it investigated?

QNB had hired a third-party to review their systems, where they were swift on enacting an investigation. Upon investigation, The presence of sensitive data apart from banking data, such as intelligence dossiers and individual profiles, has led to speculation regarding the possibility of the attackers having other unknown motives beyond simple monetary gain-potentially revolving around tranishing the banks reputation.