Qatar presents evidence to prove cyberattack on QNA site ‘originated from the UAE’

Finally, the country’s patience in the hack of Qatar News Agency was rewarded as solid evidence has emerged about the involvement of the UAE in it.

The hack, which planted false stories with bogus quotes attributed to HH The Emir Sheikh Tamim bin Hamad Al Thani, was a key reason for the ongoing illegal blockade of Qatar.  

The UAE’s part in the crime was first reported in a Washington Post news report, which cited several US investigators into the case.

Yesterday, officials from Qatar’s Ministry of Interior said they had strong evidence showing the cyberattack originated from the United Arab Emirates, according to Al Jazeera.

During a news conference in Doha, officials said the planning for the hacking of QNA began as early as April. Investigators also reportedly traced the IP (internet protocol) address linked to the hacking to the UAE.

Speaking to Al Jazeera, Captain Othman Salem Al Hamoud said that the level and the quality of the hacking was so professional that it had to have ‘state resources’ behind it.

Earlier, Lieutenant-Colonel Ali Mohammed Al Mohannadi, head of the ministry's technology division, said the hacking operation took place in coordination with, and through, ‘one of the blockading states.’

“The hackers had total control of the QNA network, including the related accounts, websites and related social platforms. This was meant to fabricate and post the false reports, which were attributed to His highness, the Emir,” Al Mohannadi said.

The attack began on April 19, when professional hackers began to scan the QNA site using VPN programmes to look for loopholes in the system, reported Gulf Times. 

On April 22, hackers were able to exploit a vulnerability in the system to infiltrate and install malicious software.

“The weakness in the system was shared with another person through Skype at 5.45am from an iphone with an IP address of one of the siege countries. Accordingly, the hackers managed to install sophisticated malicious software on QNA website to gain full access to the site. On April 28, hackers were able to get the passwords and e-mails of all QNA employees which were shared with a person through Skype from a machine with an IP address in one of the blockading countries. Another log on by the hackers from the same IP address took place on May 20 to make the final preparation for the planned attack,” said Al Hamoud.

Al Hamoud said the two users had visited QNA website 45 times just a few minutes before posting the false news and 41 times right after the attack as if they were waiting for their posted fake news to appear and take a screenshot of it, reported Qatar Tribune.

He, however, added that these two users had not visited the website for more than a month prior to the cyber attack.

The cyberattacks reportedly lasted for about three hours, from late at night on May 24 to the early hours of May 25, before the state media's IT experts managed to take back control of the site.

Further investigation involve some difficulties as co-operation of UAE is needed and that is unlikely to happen.