What we know (and don’t know) about a rash of Middle East mystery hacks

A spat of apparent security breaches is making an already tense situation in the Middle East worsen, and there are very few details on who is responsible for each incident.
Doha, Qatar. Skyline at night / Author: Nuroptics CC2.0

A spate of apparent security breaches has intensified what was already a tense geopolitical situation among the Persian Gulf states.

Over the last two weeks, the following incidents have allegedly occurred: a Qatari government media outlet was supposedly hacked to plant bogus quotes attributed to current Qatari Emir Sheikh Tamim; damaging emails belonging to UAE’s ambassador to the U.S. Yousef Al-Otaiba were leaked, and someone hacked the Twitter account of Bahrain’s Foreign Minister Khalid Al Khalifa to post propaganda associated with a Shiite militant group.

Evidence is lacking for some of those claims, and the degree to which the events are related is not clear, but hackers are taking the blame, and the allegations alone have been enough to amplify tensions.

All three storylines have been prominent in regional press outlets and are now being used as supporting evidence for the breakdown of relations between Qatar and the other Gulf Cooperation Council (GCC) nations. The GCC is composed of the UAE, Bahrain, Saudi Arabia, Oman, Qatar, Kuwait and Yemen.


On Monday, in a series of separate statements, the governments of Saudi Arabia, the UAE, Bahrain, Yemen, Egypt, Libya and the Maldives announced they were severing ties with Qatar, driven largely by the country’s increasingly friendly relationship with Iran. Among other claims, the Saudis have accused Qatar of supporting “Iranian-backed terrorist groups.”

The move comes shortly after President Donald Trump visited Saudi Arabia, pledging a more aggressive approach to the Shiite-led Islamic Republic of Iran. Qatar’s Ministry of Foreign Affairs has responded by stating that there is “no justification” for a severing of ties. Trump appeared to accuse Qatar of supporting terrorism Tuesday in an early morning tweet.

In all three apparent cybersecurity incidents, attribution for the hackers is not yet publicly known. There is also no available technical analysis.

Was the Qatar News Agency hacked?


According to Reuters and the AFP news agency, Qatari officials were granted assistance from the FBI to investigate a possible breach at the Qatar News Agency, in which someone purportedly inserted fake quotes into a news story and also gained unauthorized access to the agency’s Twitter account. The article in question quoted Sheikh Tamim describing Iran as an “Islamic power” during a recent military ceremony and saying that Qatar’s relations with Israel were “good.”

Whomever was behind the hack appears to have also taken control of the TV news station’s live news ticker, where the supposedly falsified statements were similarly displayed. The quotes appeared in three different places belonging to QNA: on the outlet’s news website, social media and via the TV stations’ new ticker.

There is limited evidence of Sheikh Tamim’s actual remarks for that event and as such, CyberScoop could neither confirm nor independently refute the attributed comments. Some security researchers have called on QNA to release digital evidence to effectively back up the hacking claims.

No group has claimed responsibility for the breach.


A Qatari government spokesperson told Reuters that Sheik Tamim had in fact attended the aforementioned military ceremony mentioned in fake reports but did not make “any speech or give any statements.”

News outlets in Saudi Arabia and the UAE picked up the story, however, and aggregated it for their own audiences. Doha-based news network Al-Jazeera remains blocked in several neighboring countries following the fake news dispute.

Though Qatar is accused of harboring financial networks that essentially fund terrorist-related activities and operations, Qatar was previously considered a strategic ally of the U.S. in the region during the Obama administration.

The FBI did not respond to a request for comment prior to this article’s publication.


A stolen Twitter account?

“Hackers allied with Shiite militants in Bahrain” gained unauthorized access to Bahraini Foreign Minister Khalid Al Khalifa’s Twitter account and began publishing related propaganda material on June 3, according to the Associated Press.

For several hours, the foreign minister’s compromised social media account shared images, videos and other content meant to embarrass Bahrain’s royal family and apparently support the Mokhtar Brigade, a local militant group that has taken credit for several recent bombings and other attacks on regional security forces. Content shared by the account during this time frame, spanning less than 24 hours, included pictures of local protesters being killed by the repressive regime.

In a statement, Khalifa later acknowledged the compromise and blamed the breach on “terrorists.” The incident comes after the Bahrain government, which is largely controlled by the Saudi Royal family, instated a widespread crackdown against dissidents.

Again, no individual group took credit for the hack.


Bahrain currently hosts the U.S. Navy’s 5th Fleet and is home to an under-construction British naval base.

UAE ambassador gets the John Podesta treatment

A mysterious group of hackers named “GlobalLeaks” shared private emails stolen from the Hotmail inbox of the UAE’s ambassador to the U.S. Yousef al-Otaiba with several American news outlets, including the Huffington Post, Daily Beast and The Intercept.

GlobalLeaks contacted journalists through an email sent from a free Russian email provider with a short subject line referencing “DC Leaks,” an outfit with known ties to Russian intelligence agencies. The relationship between DC Leaks and GlobalLeaks remains unknown.

A UAE Embassy spokesperson confirmed to The Daily Beast that the Hotmail email address in the leaked emails, which date between 2014 and 2016, matched the ambassador’s known contact address.


The leaked emails showed a number of different conversations between al-Otaiba and representatives of a pro-Israel neoconservative U.S. think tank, the Foundation for Defense of Democracies — an organization funded by billionaire casino magnate Sheldon Adelson. More specifically, the content of those emails revealed several instances in which the FDD and UAE had worked together to develop high-impact communication campaigns to blame Qatar and Kuwait for supporting terrorism.

Some foreign policy analysts believe that the leaked emails may complicate the UAE’s relationship with Saudi Arabia, an important ally. Although al-Otaiba’s communications with the FDD show a willingness to work with an Israel-linked group, the UAE does not officially recognize Israel as a state and the two countries have limited diplomatic or economic relations.

Other leaked emails contained references to meetings between al-Otaiba and former U.S. defense officials, plans to encourage Iranian businesses of leaving the country and a strategy to “recast” Al Jazeera as a propaganda arm of Qatar responsible for inducing regional chaos and instability.

Digital forensic evidence of the hack also remains private. It isn’t clear how al-Otaiba’s email account was originally hacked or what the attacker’s motivation might be.

Latest Podcasts