The Al-Jazeera news network’s SMS alert system came under attack from hackers yesterday, reports Al-Jazeera.net. The compromised system was used by the as-yet unidentified group to send a series of false news alerts, one of which reported the assassination of the Qatari Prime Minister, Sheikh Hamad bin Jassem.
Social networks, including Twitter, quoted Al-Jazeera’s mobile service as saying Sheikh Hamad was targeted in an attack on the palace in Doha and that the wife of the emir, Sheikha Moza bint Nasser, was lightly wounded.
The strike comes a mere four days after exploits were unleashed on some of the news agency’s websites.
“The story claiming that the Prime Minister has been the target of an assassination attempt in the royal palace is completely false and was a result of hacking of the service,” the channel said. It went on to say the claim was among three false alerts sent via its SMS service.
On Wednesday, the network reported the hacking of some of its websites where pro-Syrian regime slogans were posted. Earlier reports had said the websites of the Qatar-owned network appeared with a Syrian flag and the word “Hack” and a message saying the piracy was in “response to the hostile position of the channel towards Syria, its people and government”.
The message also referred to Al-Jazeera’s “spread of false news”. Qatar has repeatedly voiced support for the Syrian opposition against President Bashar al-Assad’s government and has openly called for arming rebels there, drawing strong criticism from Damascus, which accuses the network of pro-rebel bias.
Recent cyber attacks unavoidable, say experts
Technology experts from the fields of decision-making, infrastructure management and information law voiced their thoughts today on the impact of the recent wave of cyber attacks across the GCC.
Speaking at Global Business Events’ CIO Middle East forum at Meydan Hotel, the specialists stressed the importance of planning for the aftermath of such events.
“Our monitoring tools have to be more proactive, we have to monitor trends of data flow between our own infrastructures and the outside world and users need to understand that just because [an attack] has not happened in the past does not mean it will not happen at all,” said Majid Al Mahdioum, Head of Search Security Quality Division, Telecom Regulatory Authority (TRA).
Shams Hasan, Director of IT at Carnegie Mellon University, Qatar, called the attacks “a wake-up call” and said IT security needed to be part of a coherent corporate strategy.
“We need to take a look at the softer side of [IT] security,” he said.
He also noted that the incident at Aramco involved a zero-day attack virus – malware that exploits a previously unknown vulnerability within a system – and was therefore unavoidable. Any preventative measures would only have served to lessen the impact of the incursion.
“To build a patch for [the virus] would have taken eight hours,” said Hasan. “To have put it in place would have taken 48 hours. There would have been a hit. The question is: what happens after that impact?”
David Yates, Department Head, Technology, Media and Telecommunications, Global Business Events, suggested that the recent attacks were the exception rather than the rule and advised against tailoring information security policy towards their prevention.
“These attacks, tied as they are to political motivations, are headline news. I suggest you have more chance of someone [downloading] malware through social media or someone bringing a USB stick [to the workplace] and either taking or infecting data than you are likely to experience an external attack,” he said. “However, if we are only pitching our information security resource allocation at the likelihood of an Aramco, we’re probably not focusing on the right thing.”
Apart from Aramco’s PC infection, other recent hacking exploits in the region include the attack on RasGas and yesterday’s SMS alert hijacking at Al-Jazeera news network.