Threat Intelligence Blog

By Emilio Iasiello, LookingGlass Cyber Threat Intelligence Group

In late May 2017, Qatar’s state-run news agency Qatar News Agency (QNA) posted remarks that were believed to have come from Sheikh Tamim bin Hamad Al Thani in which the emir praised Iran, Hamas, Hezbollah, and Israel and belittled U.S. President Trump.[1] Despite the Qatar government’s emphatic denial of these comments, attributing them to “fake news,” Middle Eastern news outlets Sky News Arabia and Al Arabiya continued to run the discredited story. As a result, several Arab nations severed diplomatic ties with Qatar.[2]

According to a recent news source, U.S. officials believe that Russian hackers planted a fake news story in Qatar’s state news agency, contributing to tensions among key U.S. allies in the Gulf.[3] Russian hackers were also suspected of being responsible for the cyber intrusion into Qatar’s government networks two weeks earlier. The Kremlin has categorically denied any involvement in hacking QNA.[4]

Russian state-sponsored hackers have been attributed to trying to influence the 2016 Presidential election, a charge that Russia continues to refute despite a U.S. Intelligence Community assessment to the contrary.[5] Russian president Vladimir Putin even cited patriotic nationalistic hackers of taking up arms to defend Russia and Russian interests in cyberspace.[6]

Whether state-sponsored or the efforts of these patriotic cyber citizens, the Qatar incident demonstrates that hostile activities in cyberspace extend well beyond the deployment of destructive malware, network exploitation designed to steal information, or various criminal operations. The 2016 U.S. elections revealed how an online information campaign could be leveraged to try to influence a target audience towards a certain course of action favorable to the perpetrator of the campaign. This latest event builds on information as a soft power weapon whose greatest strength is not the destruction or exploitation of a network or information system, but as an influencing agent targeting – and disrupting – diplomatic relations to achieve a specific result.

Some believe the motive behind the Qatar misinformation campaign was to incite division among the United States and its allies.[7] Up until recently, the United States and Qatar have enjoyed a strong relationship based on extensive economic links as well as regional security interests. The United States has one of its largest air base operations in the desert outside Doha, which is home to close to 11,000 U.S. military personnel. Undermining this relationship could impact U.S. operations in the region, particularly against the Islamic State, as well as other conflict areas such as Syria. Both of these have been a subject of difference for the United States and Russia.

While it remains to be seen what will come out of this diplomatic fiasco, when it comes to cyberspace, cyber weapons is a nomenclature that cannot be reserved for sophisticated tools such as those that have been exposed in the Shadow Brokers releases of alleged National Security Agency exploits. In both the U.S. elections and the Qatar incident, information is proving to be an equally competent equalizer when leveraged for potentially bringing about specific desired results. In fact, this is the very platform on which Russia and China have stood when it comes to securing cyberspace. Both governments have long maintained that information – and not just the 1s and 0s of malware – is the bigger threat, always including that aspect as part of larger security talks, and underscoring its potential effect on social, cultural, and psychological aspects of a targeted audience. Both of their nation state code of conduct in cyberspace proposals to the United Nations emphasize this point.[8]

Cyberspace and the activities that transpire within its digital sphere are a fusion of the technical and the cognitive.  The nation-state that will ultimately gain advantage will be the one that acknowledges that both malware and information can potentially cause severe impacts depending on how it wants to deploy these tools to achieve a desired result. Only by understanding that interconnectivity is inclusive of both the network infrastructure and the information traversing through it, will states be best positioned to evolve with how cyberspace can be used as weapon.


[1] http://www.aljazeera.com/news/2017/05/cyberattack-qatar-puts-fake-news-focus-170525190113354.html
[2] http://thehill.com/policy/cybersecurity/336638-us-suspects-russia-planted-fake-news-in-qatar-report
[3] http://www.cnn.com/2017/06/06/politics/russian-hackers-planted-fake-news-qatar-crisis/index.html
[4] http://abcnews.go.com/Technology/wireStory/russia-denies-reports-hacking-qatars-state-news-agency-47882704
[5] https://www.dni.gov/files/documents/ICA_2017_01.pdf
[6] https://www.scmagazineuk.com/putin-talks-fondly-of-free-spirited-hackers-denies-interference/article/665921/
[7] http://thehill.com/policy/cybersecurity/336638-us-suspects-russia-planted-fake-news-in-qatar-report
[8] https://ccdcoe.org/sites/default/files/documents/UN-110912-CodeOfConduct_0.pdf

Additional Posts

Weekly Phishing Report: June 19, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

LookingGlass Named Gold Winner for Best Enterprise IT Products and Services

LookingGlass™ Cyber Solutions, a leader in threat intelligence-driven security, announced today ...