Qatar Hack Followup
As we discussed in a previous briefing, a hacking attack was recently blamed for highly damaging items published on Qatar’s QNA News Agency. Developments since the initial briefing have been somewhat explosive. We will therefore dedicate this briefing to new intelligence surrounding the attack as well as taking a look at the return of investment from the perspective of the attackers.
The blame game
In our previous briefing, we outlined three separate explanations for the incident:
- The information was planted by an attacker
- The information was planted by an insider
- The information was published and then hackers were scapegoated when it had to be withdrawn
Several companies and government agencies around the globe have since investigated. While no proof of attacker exists, there appear to be clear traces of an external intrusion into the system. Sources interviewed in the matter (under the cover of anonymity) describe the system security of QNA as critically lacking.
Therefore for the time being we are working on the assumption that the items were indeed posted by an external attacker. What remains unclear however is if the information contained in the hacks was accurate or fabricated.
In light of the incident, the following countries have cut or downgraded their diplomatic relations with Qatar:
• Saudi Arabia
• United Arab Emirates
The list includes many of the region’s powerful players and the downgrade will likely cause both political and economic damage.
While previous incidents had already led to hightened tensions, the hack appears to have tipped the scales or at least given other governments a convenient focus to rally against Qatar.
Return of Investment
While we won’t speculate who was behind the attack (accusations have been made against anyone ranging from private activists, to the NSA, to the Russian Government to ISIS) we can draw somewhat certain conclusions regarding their return of investment.
As far as sources tell, security of the QNA was extremely weak, with known vulnerabilities being exploited to hijack computer systems, servers and the central CMS (content management system). If this information is accurate, the attack would be in the realm of possibility for anyone with even the most basic understanding of information security. Since the vulnerabilities were public, there was no cost or loss associated with exploiting them.
We are thus not looking at a large and well funded organizational attack but rather at a few (or possibly one) individual(s) and a few hours of time. As such, the cost of attack approaches zero.
At the same time, the impact of the attack was the triggering of a region-wide diplomatic incident with far reaching consequences regarding the region’s economy, balance between Sunni and Shia states and global policy. While the exact impact is still unknown, it is already one of the most impactful hacking attacks in history.
Assuming that the impacts work in the attacker’s favor, the return of investment is tremendous. A few hours of time invested by an attacker with the most basic of skillsets has changed the political tension of an entire region.
As we have stated previously, we expect these kinds of politically motivated attacks to become more and more frequent for at least the coming decade. When evaluating the assets of your organization to establish reasonable information security systems, it is therefore critically important to not only consider the financial value of your organization but also the ideological or political value that a successful hack would bring to your enemies.