Yesterday, CNN suggested that Russian hackers may have been behind the planting of a fake news item on the website of Qatar's government news agency last month. The news item – a fictitious account of a speech purportedly made by Qatar's emir – provided the spark for a barrage of attacks on Qatar by Saudi and Emirati media which has now escalated into a full-blown international crisis.
Quoting unnamed "US officials", CNN said the indication of Russian involvement came from "intelligence gathered by the US security agencies".
Following the attack on the news agency's website, the US sent FBI investigators to help the Qataris discover how it happened. However, it's unclear whether claims of a Russian connection have come from the FBI investigators. CNN's report speaks of "intelligence" rather than actual "evidence" found in the news agency's computer system – which may indicate a non-FBI source.
Needless to say, Russia has denied the claim but, given Russia's reputation for cyber-skulduggery, it's superficially plausible. CNN also suggests a possible Russian motive:
"US officials say the Russian goal appears to be to cause rifts among the US and its allies. In recent months, suspected Russian cyber activities, including the use of fake news stories, have turned up amid elections in France, Germany and other countries.
"It's not yet clear whether the US has tracked the hackers in the Qatar incident to Russian criminal organisations or to the Russian security services blamed for the US election hacks. One official noted that based on past intelligence, 'not much happens in that country without the blessing of the government'."
One benefit of blaming Russia rather than – say – any of the Middle Eastern countries that are known to be hostile towards Qatar is that it's likely to have fewer international consequences. Russia is well accustomed to such accusations and adding Qatar to the list would only enhance its image as the leading electronic manipulator of other countries' politics.
At present there are no details of the "intelligence" that CNN was referring to but, viewed in the context of the hacking (Saudi and Emirati eagerness to discipline Qatar for what they see as its wayward foreign policy), Russia is not the most obvious suspect.
Another element in this affair was the leaking, last weekend, of embarrassing emails from an account belonging to the Emirati ambassador in Washington.
One obvious question this raises is whether it was a Qatari reprisal for the hacking of the Qatari website. If so, targeting of an Emirati ambassador could imply that the Qataris were blaming Emiratis for the hacking.
So far, though, there is no published evidence as to who was responsible for the hacking or the subsequent email leak. It's perhaps worth mentioning that the leaked emails were circulated by a group calling itself "GlobalLeaks" and using a free email account from a Russian provider. While the use of a Russian email address for circulating the leaked documents points to Russia as the source, that could have been a deliberate smokescreen.
Yesterday, Qatar's interior ministry announced what it described as "preliminary results of ongoing investigations into the crime of piracy on the website of the Qatar News Agency (QNA) and its accounts on social networking websites".
Without providing any detail, the ministry said investigators had "confirmed that the piracy process had used high techniques and innovative methods by exploiting an electronic gap on the website of the Qatar News Agency. The investigation team was able to identify the sources through which the crime of piracy was committed ..."
The statement added that the FBI and Britain's National Crime Agency (NCA) had been working with Qatari investigators in accordance with "cooperation agreements signed between the State of Qatar and the United States of America and the United Kingdom". The NCA deals with organised crime, especially cross-border crimes such as smuggling, human trafficking and cyber crime.
Qatar says the interior ministry will hold a press conference to present "all the results" of the investigation once it is completed.
One potentially significant snippetofinformation in yesterday's statement was that the Qatari computer system had been compromised for more than three weeks before the fake story was posted on the website:
"The team confirmed that the hacked file was installed last April, which was later exploited in the publication of the fabricated news on 24/5/2017, at 12:13 am."
This seems to indicate that whoever hacked the website had been well prepared and was waiting for a suitable moment to strike.
Suspicious activity on social media
Yesterday, details emerged of other suspicious internet activity around the time of the hacking. Writing for the Washington Post's Monkey Cage section, Marc Owen Jones, a research fellow Exeter University's Institute of Arab and Islamic Studies, reported that just four days before the hacking incident an Arabic hashtag which translates as "Qatar is the treasury of terrorism" had been trending on Twitter. Further research showed that many of the accounts using this hashtag were bots – automated non-human accounts.
Following the leaking of the UAE ambassador's emails there was a further resurgence of activity by bots. Jones added:
"My analysis shows the presence of propaganda bots on numerous hashtags. One of these Twitter trends was #AlJazeeraInsultsKingSalman, and my analysis shows 20 percent of the Twitter accounts were anti-Qatar-bots. Many of them were posting well-produced images condemning Qatar’s relations with Hamas, Iran and the Muslim Brotherhood.
"Other images shared in the Twitter campaign singled out Qatar’s media channels as sources of misinformation. Almost all of the bot accounts tweeted support toward King Salman and Saudi’s new relationship with Trump. During the Riyadh summit [in May], these same bots posted thousands of tweets welcoming Trump to Saudi Arabia."
The technical data on which Jones's conclusions are based can be found on the Bahrain Watch website.
In his Washington Post article, Jones commented:
"What these bot armies represent is not an organic outpouring of genuine public anger at Qatar or Thani, but rather an orchestrated and organised campaign designed to raise the prominence of a particular idea. In the case of these bots, the intent appears to be legitimising the discourse that Qatar is a supporter of terrorism by creating the misleading impression of a popular groundswell of opinion.
"The fact that these bot armies existed before Qatar’s claims that they were hacked – and were in place quickly following the alleged hacks – indicate that an institution or organisation with substantial resources has a vested interest in popularising their criticism of Qatar. The purpose of this cyber propaganda may also be to shape the online discourse in favor of pressuring Qatar to abandon any thought of rapprochement with certain organizations or countries.
"Who is behind these hacks is unclear, but given that much of the bot propaganda appears to be the sewing of animosity between the Arab states and Iran, there is danger to regional stability if left unchecked. Twitter – once seen as an important resource for disseminating news across the GCC – may become a wasteland in terms of finding useful information from non-verified sources, undermining its usefulness as a tool for generating legitimate discussions.
"All the Gulf states have stringent freedom of expression laws that carefully control the Internet and the media – and monitor the behavior of their own citizens. Yet what’s interesting about the recent public display is that it highlights the use of cyber tools as forms of intra-GCC diplomatic warfare, tactics previously directed at countries like Iran, and not usually neighbouring Gulf states."
Jones has been monitoring the use of bots in the Gulf over the past year and his findings have been discussed in several previous blog posts:
22 June 2016
The automation of hate speech
29 June 2016
How Twitter robots spam critics of Saudi Arabia
28 July 2016