- API Penetration Testing

Top-7 Cybersecurity Breaches in Qatar

Learn about the state of cybersecurity in Qatar and the 7 biggest breaches in this country.
Cybersecurity has long become as essential as a physical one. Criminals have moved online and can steal millions without leaving their house and leaving a trace in the system. Individual users, small businesses, governmental structures, and big enterprises have been victims of a cybersecurity attack.

Qatar is not an exception. It faces a lot of politically motivated cyberattacks which lead to bad diplomatic relationships. Consequently, the country has a long-established cybersecurity committee and invests in raising awareness about cybercrimes and protection from them.

We have found 7 cases of cybersecurity breaches in Qatar to discover and learn from.
#1 Qatar National Bank Suffered Massive Breach
Qatar National Bank is a multinational commercial bank. It was established back in 1964 and is now providing its services to 31 countries. Its net income has reached $3,32 billion in 2020. It is the largest lender in the region.

In 2016, the bank suffered from a massive data leak. Around 1,4 GB of information was posted online on the whistleblower website Cryptome. There are almost 15,500 documents with bank corporate files and customer information in clear text. There are passwords, credit card numbers, expiration dates, PINs, credit holder names, account details, credit limits, etc. Numerous sources verified that the data was legitimate. One of the users tried to use leaked information to log into the existing account for research purposes and almost succeeded. The bank luckily has two-factor authentication and did not let the user in. The breach also affected some of the government representatives and media outlets.

Qatar National Bank reacted rather questionably. They stated that they are not going to give a comment about social media speculation. However, they added that there was no financial damage and that they will secure their systems and contact those who were affected by the breach.
#2 Contact-Tracing App Endangered Personal Data of Over a Million Users
Coronavirus contact-tracing apps have become the target of cybercriminals all around the world. Numerous countries had their apps hacked, Qatar included.

Since the app was designed in a rush, cybersecurity concerns were not taken into the account. As a result, the Qatari contact-tracing app was configured poorly and allowed hackers to easily obtain data from millions of users. The cybercriminals could potentially access names, national IDs, health status, and location data. The app was also problematic since it asked for way more data than it needed. Users could not escape the app since the government issued a penalty for not downloading it.

The best way to build such an app is to put privacy first and create a decentralized approach that does not allow interior ministries or health institutions to access the data.
#3 Gas Company RasGas Hit with Virus Attack
RasGas was producing liquified natural gas and was the second-biggest gas company in Qatar. Their producing capacity was 36.3 million tons of gas per year. In 2018, the company merged with Qatargas.

In 2012, they faced a virus attack that shut down their office computers. They had to isolate their computers from the web to stop the damage. Their website and corporate email fell down as well. The attack did not stop crucial processes like gas pumping but it did shut down the company's IT processes for several days.

It is believed to be a part of the big attack on energy companies. In 2012, Saudi, Qatari, and American companies faced the Shamoon virus which supposedly comes from Iran. It wipes out hard drives and makes computers inoperable. RasGas suffered the least from the attack.
#4 Qatar Airways Suffered a Phishing Scam
Qatar Airways is a national Qatari airline that transports its clients to 144 destinations all around the world, to all five continents. It is one of the seven best-ranked airlines in the world.

In 2019, there was a massive phishing attack connected to the airline. It was the holiday season and users were actively searching for traveling opportunities. WhatsApp users have received a message that stated that Qatar Airways gives away free tickets for their anniversary and that users have to follow the link to claim their ticket. They had to complete the survey and send the message to other 15 WhatsApp users. The text message looked like Qatar Airways and the link seemed to be legit as well.

The company had to issue a statement regarding the attacks. They asked users to not follow the link and buy tickets from their websites or travel agencies only. The phishing message was still sent around for more than a month, even after the official statement.
#5 The Website of Qatar State News Agency Got Hacked During the Diplomatic Crisis
Qatar News Agency is a state-run Qatari news agency. It publishes news in English, Arab, Spanish, and Portuguese.

In 2017, the agency was breached and numerous fake offensive stories were published on its website. For example, there was criticism towards the US and fake quotes of Sheikh Tamim Al Thani about Iran as Islamic power. The agency quickly claimed that they were breached but the news was all over the world already.

As a result, Qatar's diplomatic relationships with Saudi Arabia, the United Arab Emirates, Bahrain, and Egypt sharpened significantly and the countries cut off any links with Qatar. It became known as the Qatari diplomatic crisis. The cyberattack was linked to the Russian hackers first but then the US intelligence officials claimed that they found the connection to the UAE. The latter denied any allegations.

It clearly shows how cyberattacks can be used to cause political disruption and create physical damage to the parties involved.
#6 AL Jazeera Media Network Became Target of Series of Cyberattacks
Al Jazeera is the biggest Arab-speaking TV network with some programs in English. Due to its high journalistic standards, it has received numerous awards and permission for translation in numerous countries.

In 2021, the media network experienced four days of severe cyberattacks that ranged from DDoS to account hijacking and malware. The main goal of the attacks was to get into the system, disrupt its regular functioning, and control news outlets. Luckily, AL Jazeera IT service provider managed to control the attacks and hackers did not reach any of their goals.

It is a great example of how important a good IT service provider is and how attention to cybersecurity can avert big crises that could potentially affect numerous countries, media's reputation, and diplomatic relationships.
#7 Qatari Domain Registry Got Compromised by Syrians
In 2013, Qatari Domain Registry was hacked by the Syrian Electronic Army and defaced numerous government profiles and news outlets. The latter is a computer hacker group that appeared back in 2011. They support the Syrian president and attack Syrian rebels and popular Facebook profiles. They also attack media outlets that "falsely" inform about the Syrian government.

The group defaced numerous websites like Google, Facebook, Qatar Ministry of Interior, Qatar Exchange, Qatar Telecom, Qatari armed forces, Amir's palace, and Ministry of Foreign Affairs. They left the photo of the Syrian president and their logo.
There are numerous reasons for cyberattacks. While some of the hackers look for monetary compensation, others have political motives. Qatar is one of the countries that experience mostly politically motivated attacks. Yet, as we can see from the AL Jazeera example, there is nothing that high-quality IT services can not fix.

To prevent security breaches in your organization, you need to constantly monitor and improve the state of your IT infrastructure. Feel free to use Cyberlands' penetration testing services in order to detect potential vulnerabilities and fix them right. Team