*Cyberattack process started as early as April 19
*Evidence corroborates US intelligence report
*Quality of operation proves state involvement


Officials of Qatar's Interior Ministry on Thursday said they have evidence to prove the cyberattack on the country's official media originated from the United Arab Emirates (UAE).
The attack on the website of Qatar News Agency (QNA) started as early as April 19 when professional hackers began to scan the site using VPN programmes to look for loopholes in the system, the technical investigation team of the Ministry of Interior (MoI) has revealed.
The role of the UAE in the hacking has now been widely reported both locally and internationally, and also confirmed by multiple American intelligence agencies. Both the Washington Post and NBC News, quoting US intelligence officials, have said the UAE arranged hacking of Qatari media.
The Post reported on Sunday that information from US intelligence officials showed that senior UAE government officials discussed the planned hacks on May 23, the day before the hacking occurred.
Speaking at a press conference at MoI Headquarters, Captain Othman Salem al-Hammoud, Assistant Director of MoI Information Security Department, said that on April 22 hackers were able to exploit a vulnerability in the system to infiltrate and install malicious software.



"The weakness in the system was shared with another person through Skype at 5.45am from an iphone with an IP address of one of the siege countries. Accordingly, the hackers managed to install sophisticated malicious software on QNA website to gain full access to the site. On April 28, hackers were able to get the passwords and e-mails of all QNA employees which were shared with a person through Skype from a machine with an IP address in one of the blockading countries. Another log on by the hackers from the same IP address took place on May 20 to make the final preparation for the planned attack. 
"On May 23, the QNA website saw an unusual hike in the number of visits, as many as 45 visits in just 15 minutes, during 23:45-00:01. Then at 00:01, the attack started and the fabricated news attributing false statements to His Highness the Emir Sheikh Tamim bin Hamad al-Thani were published. Again for 15 minutes, the website experienced a surge in the number of visits -- 41 visits -- originating from the UAE in particular. The hike in the number of visits showed the hackers' eagerness to make sure that the planted news had been circulated. Besides, all social media platforms of QNA were hacked for the same purpose (posting fake news)." 
Captain al-Hammoud said the hack was contained as early as 3am on the same day, and by 7pm full control of the QNA website and its social media platforms was regained. The cyberattacks lasted for about three hours, from late at night on May 24 to the early hours of May 25.
He stressed it is clear that the quality of the hacking was so professional that it had to have "state resources" behind the operation.
Lieutenant Colonel Ali Mohamed al-Mohannadi, Director of the Technology Affairs Department at the National Command Centre (NCC) and head of the investigation team, said that the identification of the persons who browsed the website was an easy process, which happened at a location in the UAE. 
Investigators also have traced the IP (Internet protocol) address linked to the hacking to the UAE. As well, the technical team could reach a European telephone number that was used for the hacking process.
However, he affirmed that his team was concerned only with the collection of technical evidence and the probe was supported by teams of friendly countries.
"The outcomes of the investigation have been already submitted to the Attorney General and the process of filing a case against the involved has already been started."
He also expressed his view that further investigation involved some difficulties as it needed the co-operation of UAE "which is not likely to happen".
Lt Colonel al-Mohannadi summed up the whole hacking process in three steps: gaining full control of the website, publishing fabricated news, and the beneficiary of the crime monitoring the spread of the planted report. The detractors had already planned the media campaign against Qatar, once the false news had been published. 
It is certain that the process originated from the UAE, which is confirmed through the IP address and the type of the iPhone used and the particular network used at that time, the MoI technical investigation committee said. 
A short documentary was shown at the briefing, which detailed the whole process chronologically according to the findings of the investigation team.

Related Story