Recap: News agency hack blamed for diplomatic meltdown in Qatar

State-run news agency allegedly hacked, fake news item praised Iran and Israel

Qatar skyline
Jaseem Hamza (Creative Commons BY or BY-SA)

Early Monday morning in Bahrain, the country's Foreign Affairs Ministry said the nation has severed diplomatic ties with Qatar.

Within minutes of Bahrain's announcement, the United Arab Emirates (UAE), Saudi Arabia, and Egypt followed suit. The diplomatic break between four of the Gulf Cooperation Council (GCC) states is being partially blamed on a security incident at Qatar News Agency (QNA). The alleged hack resulted in a fake news article that inflamed leaders in the region.

On May 24, the QNA website and social media channels published remarks attributed to Sheikh Tamim bin Hamad Al Thani, the eighth emir of Qatar, and allegedly made by him during a military ceremony.

Qatar's Communications Office, in a statement, denied the story and announced that QNA had been hacked. However, local media reports painted a different picture - the damage was already done.

The article quoted Sheikh Tamim as stating relations with Israel were good, relations with Iran were strong, a suggestion that Donald Trump wouldn't remain in power for long, and that Iran was "a regional Islamic power that cannot be ignored…"

A newscast later in the day contained ticker text at the bottom of the screen attributed to the Sheikh Tamim calling Hamas "the legitimate representative of the Palestinian people."

On Twitter, the alleged hack also included random messages attributed to Qatar's Foreign Minister, Mohammed bin Abdulrahman al-Thani. Those posts, which were later deleted, accused other Gulf nations of plotting against Qatar, and as a result of such plots, diplomatic missions were going to be suspended.

The story behind the turmoil and social media posts didn't last for more than a day. Shortly after announcing the alleged hack, Qatar asked for and received assistance from the FBI in order to investigate the incident.

However, tensions between GCC members an Qatar continued to mount in the aftermath.

At around 07:00 a.m. local time on Monday, Bahrain’s Foreign Affairs Ministry said that its diplomatic mission would be withdrawn within 48-hours, and that Qatari citizens had two weeks to leave Bahrain. The announcement also said air and sea traffic between Qatar and Bahrain will be suspended.

In what appears to be a coordinated message with Bahrain, the UAE, Egypt, and Saudi Arabia also cut their diplomatic ties to Qatar, issuing formal announcements within minutes of each other.

In their statement, the UAE said they supported the other three nations and singled out "Qatar’s continued support, funding and hosting of terror groups" as one of the main causes for instability in the region.

While Qatar and the United States have always had strong bilateral relations, there have been a few diplomatic issues over the years, including one instance that came to light after the hacked John Podesta emails were published by Wikileaks.

"…we need to use our diplomatic and more traditional intelligence assets to bring pressure on the governments of Qatar and Saudi Arabia, which are providing clandestine financial and logistic support to ISIL and other radical Sunni groups in the region," an email to Podesta from former Secretary of State Hillary Clinton, said in part.

Qatar, in addition to hosting a major air base (al-Udeid), is also home to the world's third largest oil and natural gas reserves. It isn't clear how Monday's diplomatic meltdown will impact operations for the U.S. Central Command, which operates out of the air base.

Etihad Airlines, a major carrier in the UAE said that flights to Qatar would be suspended until further notice. Qatar Airways, at the time this post was written, hasn't made any official statements.

The Ministry of Foreign Affairs in Qatar said the diplomatic break and the statements made by the others were "unjustified and are based on baseless  and unfounded allegations."

Another hack that caused drama in the region recently happened on Twitter.

On June 3, someone supporting Shiite militants hacked the Twitter account of Bahrain's Foreign Minister, Khalid Al Khalifa. They used the account takeover to post propaganda before the control was recovered.

And yet another incident concerns the UAE’s ambassador to the United States, Yousef Al-Otaiba. The ambassador had his email account compromised, and the person responsible leaked messages to the press.

In one of the messages, Qatar is discussed in connection to terror financing - a charge all four nations made when announcing the end to diplomatic relations on Monday. The leaked emails outline a connection between the UAE and the Foundation for Defense of Democracies (FDD), and a mutual goal of getting other nations to halt their investments in Iran.

Afterthoughts:

To my knowledge, this is the first time a security incident at a news agency has led to diplomatic problems. One has to wonder if the threat model (assuming they had one) developed by QNA included such potential.

The coming weeks will be interesting to say the least. The fake news debate will resurface for sure, but I'm willing to bet there will be attribution FUD too.

This isn't the first time Qatar has had diplomatic problems. In 2014, Bahrain, the UAE, and Saudi Arabia recalled ambassadors because Qatar backed Mohammed Morsi, who was Egyptian President at the time. Things cooled off about eight months later.

If your organization is hacked, could it trigger an international incident or diplomatic repercussions?

If so, and you can talk about it, I'd love to hear how you went about developing a threat model, and how your IR plan accounts for such situations. Because honestly, I don't think such a process would be easy. Developing threat models and response plans is hard enough without the pressure of the state relations weighing down on things.

New! Download the State of Cybercrime 2017 report