The Hack that Caused a Crisis in the Middle East Was Easy
How hackers compromised “the entire“ network of TV station Qatar News Agency.
The brazen hack that appears to have sparked an unprecedented diplomatic crisis in the Middle East was extremely easy to carry out, given that the TV station affected had terrible security in place, Motherboard has learned.
On May 23, Qatar's state-owned TV station, as well as its Twitter account, started reporting the news that the country's leader, the Sheikh Tamim bin Hamad Al Thani, had made a series of pro-Iran comments during an event that day. Given that Qatar is part of an alliance of countries with, among others, Saudi Arabia and the United Arab Emirates—whose policies and interests are opposed to those of Iran—these remarks were highly controversial.
Except his words weren't real.
A group of unknown hackers had planted them inside a broadcast and a series of tweets in a sophisticated disinformation campaign that seemed to be aimed at stirring the pot in the Persian Gulf, where tensions between Saudi Arabia and Qatar had been running high for months. Two weeks later, those fake quotes spread through Qatar News Agency (QNA) seemed to have sparked what many consider the most dangerous diplomatic crisis in the region in decades.
"[The QNA] could've been owned by random script kiddies forever."
As it turns out, this crisis was sparked by a hack that anyone could've done, according to sources close to the investigation.
"[The QNA] could've been owned by random script kiddies forever," said a source familiar with the hack, who requested anonymity to discuss the details of what's a still ongoing inquiry. "Security at the organization was so bad that anyone and everyone could have been in there."
The source said that the operation was interesting in terms of how the hackers leveraged their access to then spread fake news but as a technical attack it was nothing special. In other words, it wasn't sophisticated because it didn't need to be.
Read more: The Mystery of the Creepiest Television Hack
Not only it was relatively easy, the hackers compromised "the entire QNA," according to another source who works in the cybersecurity industry in the region, who also requested to remain anonymous.
The first source confirmed that the hackers took complete control of the QNA's web server, Content Management System (CMS) server and all online social media accounts.
After the attack, the Qatari government reportedly called in the FBI, as well as the UK's National Crime Agency for help investigating it. The NCA said in an email that the agency does not "confirm or deny investigations," while the FBI declined to comment.
The Qatari government also didn't immediately respond to a request for comment via email. On Wednesday, the country's Ministry of Interior released a statement on the investigation. The statement said the attack "used high techniques and innovative methods by exploiting an electronic gap on the website of the Qatar News Agency," and that "the hacked file was installed last April."
At this point, however, it's still unclear who is really behind the hack. On Tuesday, CNN reported that US investigators believe "Russian hackers" to be the likely culprits. CBS News, however reported that they are only "among the suspects."
The hackers compromised "the entire QNA."
Russian hackers working for the Kremlin government have already compromised a TV station in the past. In April of 2015, hackers took complete control of TV5Monde, a French television network. Initially, the attack appeared to have been launched by pro-ISIS hackers, who also took over the TV network's social media accounts, where they posted their claim of responsibility, identifying themselves as a group called CyberCaliphate. It was only months later that it was revealed the CyberCaliphate was simply a front for APT28, or Fancy Bear, the hacking group that works for Russia's military intelligence unit, the GRU.
But another source with knowledge of the investigation said that APT28 is usually "much more subtle than this," and that at this point "no conclusions have been made" in regards to who hacked QNA.
Joseph Cox contributed reporting for this story.
Subscribe to Science Solved It , Motherboard's new show about the greatest mysteries that were solved by science.