Why hackers have been targeting Qatar lately

Despite reports from government officials that the number of local security breaches is declining, several of Qatar’s largest businesses and institutions have been hacked in recent months, causing them to lose control of their websites, social media accounts and other networks.

That’s in part because the country’s Qatar’s strategic natural gas reserves; growing involvement in international business and politics; and its role as an international media hub are making it an increasingly attractive target for cyberattackers, according to a local security expert.

Understanding why some perpetrators target this particular country is part of the research underway at the Qatar Computing Research Institute (QCRI), said chief scientist Richard De Millo.

While another security expert noted that Qatar is not uniquely susceptible to cyberattacks, both say educating residents about network security would go a long way in addressing vulnerabilities.

RECENT ATTACKSOctober 2013:
The Syrian Electronic Army took control of Qatar’s .QA domain name and shut down
numerous high-profile websites.

April 2013:
The Syrian Electronic Army hacked the Twitter accounts of FIFA and its president, Sepp Blatter, and published messages saying the world football organization accepting bribes in exchange for awarded the 2022 World Cup to Qatar.

March 2013:
The Syrian Electronic Army hacked Twitter and Facebook accounts belonging to the Qatar Foundation.

September 2012:
The Syrian Electronic Army sent out false breaking news alerts to Al Jazeera’s SMS subscribers and Twitter followers. That followed the hijacking of the network’s homepage by pro-Syrian government group calling itself Al Rashedon a few days earlier.

August 2012:
The corporate computer systems and website of RasGas, one of the world’s largest liquefied natural gas suppliers, were taken offline by a virus attack. The incident came several days after a group calling itself “Cutting Sword of Justice” incapacitated the internal computer networks Saudi oil giant Aramco with a similar virus.

“The biggest threat in all of this is always people,” Peter Cochrane, a consultant and member of QCRI’s scientific advisory committee who also presented this week at Qatar Foundation’s Annual Research Conference, told Doha News.

QCRI is under the auspices of QF, and De Millo spoke to Doha News by phone during a break today after moderating a panel discussion on emerging cybersecurity threats.

“The overriding concern is that we are a highly connected society. Our businesses participate in global commerce. We’re naturally going to (be) in the sights of people who want to do harm (to the) global economy,” he said.

While De Millo said it would be premature to make any definitive statements about specific threats to Qatar or why this country in particular would be subject to an attack, he noted that regional tensions are one obvious source.

“The neighborhood we live in makes us a target.”

Syrian Electronic Army

That appeared to be the case with the Syrian Electronic Army, which temporarily took down many high-profile Qatari websites last month. The SEA, which also hacked QF earlier this year, previously cited the Gulf nation’s support of rebels inside Syria as a reason for making it a target.

Other attackers may be less interested in specifically harming Qatar, but could see an opportunity to inflict widespread financial harm by disrupting this country’s resource sector.

For example, De Millo said, Qatar’s natural gas industry – which was hit by a virus last year – is highly visible and has grown to be an important part of the international energy market.

“If that were to be shut down for any period of time, it would have global consequences,” he said.

Another reason for hackers to target Qatar is this country’s role as an “information amplifier” through organizations such as Al Jazeera, which has also been previously attacked, De Millo said. Being able to disrupt and hijack such a large communications platform is appealing to cyberattackers, he added.

While hackers may find multiple reasons to target Qatar, there is nothing that makes the country uniquely vulnerable, according to Cochrane, the former chief technology officer of British Telecom.

While the security expert concedes that the country’s modernization efforts could make it a target of extremists, he said the local authorities he’s spoken to are fully aware of that threat.

However, he said there are cultural differences that have implications for digital security. In Arab societies, for example, there is a general unwillingness to discuss events that could be perceived as failures, for fear of losing face.

This may prevent security experts from rapidly identifying attacks, sharing solutions and securing vulnerabilities, which Cochrane said is a key part of any response:

“The bad boys all talk and share their tools. The good guys don’t talk enough. We should identify the form of the attack and then broadcast it … The response time of the enemy is in seconds, while we react in days and weeks.”

Future threats

De Millo said the most significant digital dangers to Qatar are posed by what his industry terms “advanced persistent threats,” which are large, sustained attacks typically backed by states or sizable organizations.

Along with the Syrian Electronic Army, this includes organized crime groups and activist organizations such as Anonymous.

“The bad guys are well-funded and innovating technologically very fast. Countries that want to respond need to have an innovation engine that builds up their technology and public awareness base to protect its critical infrastructure,” De Millo said.

This has also increasingly come to include mobile devices, given the surge in attacks on smartphones around the world, he said.

Regardless of how fast authorities can respond to such attacks and deploy protective measures, De Millo said ongoing public awareness is a critical component of preventing future attacks.

This is as simple as not opening email attachments from unknown senders to choosing suitably difficult passwords, he said.

“Use common sense, the same way we teach drivers to use common sense when learning how to operate a car.”

Protection

Cochrane said there are many technical solutions to better protect networks, such as setting up “honeypot” servers and other traps designed to lure the attention of attackers away from important systems.

However, he added that he also sees great opportunities with lower-cost solutions, such as human verification tools that ask users to, for example, identify a photo of their child as an infant before being granted access to a network.

Users also develop predictable habits of logging in at similar times each day and accessing common amounts of data. Automated monitoring tools can learn these routines and quickly notice something unusual, Cochrane said.

Rather than relying on shields surrounding specific pieces of digital infrastructure or access points, Cochrane said he prefers a holistic approach that focuses on “detecting the bad boys and people in trouble.”

Despite the best efforts of an organization’s IT staff, employees will inevitably continue to give out wireless passwords to complete strangers in office corridors and plug memory sticks they find laying around into their computers without performing a protective scan or thinking about the risks, he said.