The Ministry of Interior (MOI) confirmed that the recent hacking of the Qatar News Agency (QNA) website and its social media accounts was actually from one of the blockading countries. This was according to a preliminary investigation conducted by a team from Qatar, with assistance from its ‘friendly and brotherly’ allies.
The United Arab Emirates (UAE) was named as a perpetrator but this information was not officially confirmed by MOI officials.
A hacking timeline was presented to the media during the press conference hosted by the MOI this Thursday, 20 July. According to the said report, hacking on the QNA website started as early as 19 April. It culminated in the actual attack on 24 May, where ‘fake news’ about the Emir was published and shared online. MOI officials said that the evidence they currently hold is enough to start a legal process against the perpetrators of the hacking incident.
Sequence of hacking of the QNA website:
- On 19 April, hackers used VPN software to infiltrate the QNA network and scan its website.
- 22 April at 3:40 am, hackers installed malware and other malicious programmes, and transferred data at 5:47 am via Skype call from an iPhone with an IP address within the vicinity of the siege countries.
- Days passed and the hackers installed more sophisticated malicious softwares
- At 8 pm of 28 April, the hackers targeted the main QNA network system that stores all employee addresses, passwords and emails. All of the information were shared via another Skype call traced within the range of siege countries
- On 29 April, hackers tried to penetrate again the QNA network traced through an IP address that originated from one of the siege countries.
- 20 May, another attack from one of the siege countries happened as hackers installed more malicious softwares, checked its effectivity in preparation for the major cyberattack.
- Main Attack
On 23 May, from 11:30 pm to 11:45 pm, hackers started to gain access again of the website
At 12:13, they posted the fabricated news on the website and social media accounts
The first view of the article was recorded at 12:15 am, from one of the siege countries. The website received more viewers a few minutes after until it crashed.
- Local IT experts were able to stop the attack and regained access of the website at 3 pm, and of social media accounts at 7 am
- Hackers used advanced means to hide their identity and used a European number to block the trace, but the technical team was able to identify their sources.
The Ministry of Interior – Qatar, along with international organisations, will take necessary actions to prosecute the perpetrators of this crime.