In one of the largest state-sponsored computer hacks ever detected, Qatar’s proxies cyberattacked more than 1,400 high-status and ordinary citizens who were exercising their free-speech rights in democracies across North America, the Middle East, Asia and Europe, according to U.S. court filings, computer-forensic reports and expert testimony provided in pre-trial motions.
The targets included current and former U.S. government officials, ambassadors and United Nations officials, as well as actors, international soccer players, activists, executives, fundraisers, diplomats, generals, dissidents, scholars, journalists, rabbis and imams from around the world. Even members of royal families and heads of state — e.g. Bahrain’s Crown Prince Salman bin Hamad al-Khalifa and United Arab Emirates’ (UAE’s) Her Highness Sheikha Hind Bint Maktoum Bin Juma al Maktoum (wife of Dubai’s ruler and niece of HH Sheikh Mohammed bin Rashid al Maktoum) — were among those affected.
The list of prominent Middle Eastern, European and North American targets also included: Sami Hafez Anan, Egypt’s former Chief of the General Staff of the Armed Forces; Secretary-General of the Arab League and former Egyptian foreign minister Ahmed Abdul Gheit; Assistant Secretary-General of the Arab League and former Egyptian ambassador Hossam Zaki; UAE official and diplomat Sheikh Maktoum Bin Bhutti al Maktoum; Saudi Arabian Minister of State for African Affairs and former Egyptian ambassador Ahmed Abdul Aziz Kattan; Egyptian Cabinet Member and Minister of State for Foreign Affairs Mohammed Gargash; Wolfgang Pusztai, security and policy analyst, and former Austrian defense attaché; James Lamond, managing director and senior policy adviser at the Center for American Progress, and former director at Glover Park Group; American Rabbi Shmuley Boteach; and Kristin Wood, former senior analytics adviser at the Open Source Center, Central Intelligence Agency, who led the Terrorism Analysis team examining al-Qaeda’s ties to Middle Eastern countries at the Counterterrorism Center (CTC).
At a time when the U.S. media has been consumed by speculation about Russian interference in its 2016 presidential elections, and Hollywood is still reeling from North Korea’s computer attacks on Sony Pictures, the depth of Qatar’s digital strikes has gone largely unrecognized. Here the details of the hack are revealed in full for the first time.
Qatar’s Cyber War: The Background
Qatar’s computer warfare is unprecedented in its duration (stretching over a four-year period from 2014–2018), geographic reach (including attacks on victims in three continents — Asia, Europe and North America), and scope (afflicting more than 1,400 people).
And although they are united in the effects of these attacks, the victims have no other personal or professional ties to each other, apart from remarks some have made that were publicly critical of Qatar.
These critics of the Qatari regime were engaging their constitutionally protected rights to speech rights within the Western democracies or countries they hail from when their offending remarks were made. They cited Qatar’s open, traceable and public financial support for the Muslim Brotherhood and Hamas — designated as a terrorist group by the U.S., the EU, Canada and Israel — and the Qatari government’s use of its Al Jazeera broadcasts to normalize terrorist viewpoints.
They also mentioned Qatar’s harboring of Hamas and other terrorist leaders inside luxury hotel complexes within the Qatari capital, Doha. In other words, the country’s critics and the targets of its hacking operations only cited information that is publicly available and undisputed.
Yet the accuracy of the criticism is not in doubt. Qatar has officially acknowledged its financial support for Hamas and its support for the Muslim Brotherhood. Any review of Al Jazeera’s Arabic-language broadcasts will reveal that Yusuf al Qaradawi, the Brotherhood’s spiritual guide, had a weekly show called “Sharia and Life” for years, which was watched by millions of viewers and on which he still appears as a guest. During one of his controversial appearances as a studio guest, he was asked by the anchor if he supported suicide bombings in Syria. An impassioned Qaradawi shamelessly responded that jihadists should not blow themselves up unless the operation is endorsed by the Brotherhood.
The Middle East Research Institute (MEMRI), a non-profit group that monitors Arabic-language media and translates its output, has presented m
any examples of Al Jazeera presenting pro-terrorist viewpoints. Alberto Fernandez, vice president of MEMRI, offered this balanced assessment: “My personal views on Al Jazeera are complicated, even though it is obvious that much of its content is deeply disturbing.
“The truth of Al Jazeera is rather more than those who want to shut it down and those who defend it. It is BOTH a legitimate, historically important news operation, and an open and constant exercise in Islamist agitprop. [Islamic scholar] Fouad Ajami perfectly captured the tone and nuance of the station in 2011 when he noted that, ‘day in and day out, Al Jazeera deliberately fans the flames of Muslim outrage.’ ”
Living as they did in free, democratic countries, Qatar’s critics had every reason to expect that their nations’ laws and traditions would safeguard their rights to speak freely. Now Qatar’s hacks have changed those expectations.
“If true, and the story seems to be strongly corroborated, it would constitute a dangerous and direct attack by a foreign government against American citizens for exercising their First Amendment rights,” American Rabbi Shmuley Boteach said in a statement to Breitbart. “It would constitute an assault against a Rabbi and his wife, a mother of nine, for speaking out against the Jewish lobbyists who took millions of dollars to help cleanse Qatar of its terror-funding record.”
“If true, this would constitute a dangerous and direct attack by a foreign government against American citizens for exercising their First Amendment rights”
— Rabbi Shmuley Boteach
Still, Qatar’s leaders appeared to be alarmed that critics might shift U.S. or EU policy against the gas-rich peninsula. These fears also have a strong basis in fact. Indeed, some American critics who were hacked, such as American Rabbi Shmuley Boteach, had called for changes to U.S. policy, including shuttering the U.S. military base in Qatar and taking a harder line against the country. So, Qatar apparently authorized a wide-ranging hack and attack on its international critics, as court documents show.
Clearly, intelligence officials say, the West is entering a new era of asymmetric warfare. Nations that cannot hope to challenge the U.S. or NATO on any traditional battlefield are using the Internet — an information superhighway originally built by the U.S. military itself — to wage war on the superpower. “On September 11th, terrorists used our own civilian airplanes against us,” said a former U.S. Navy Seal and CIA contractor, who sought anonymity given his past field work. “Now they are using our own Internet against us.”
Qatar’s shocking hack deserves a closer look because it reveals the blueprint that rogue nations can use to target ordinary citizens, topple politicians and subvert political movements in the open societies they oppose. Democracy’s silent enemy now lurks on every citizen’s smartphone, tablet and laptop.
“Qatar’s shocking hack reveals the blueprint rogue nations can use to target ordinary citizens, topple politicians and subvert political movements in the open societies they oppose. Democracy’s silent enemy now lurks on every citizen’s smartphone, tablet and laptop”
How Oil and Gas Gave Rise to Qatar’s Power
Qatar is a small arm of land, roughly the size of the state of Connecticut, which reaches out some 160km (100 miles) into the Arabian Gulf. It has been ruled by the Al Thani dynasty since 1825, with various degrees of autonomy under Ottoman Turkish and British imperial rules.
Technically independent after World War I, in practice Qatar became a British Trucial State in 1916 following the Allied victory in “the war to end all wars.” When British explorers found high-quality oil and gas there in 1940, the Qatar Petroleum Company was formed, resulting in the emirate’s slow transformation from a colonial waystation largely populated by fishermen, herders and traders with a way of life little changed since the peninsula’s Neolithic origins into a modern superpower offering a strategic energy source.
By 1949, Qatar was exporting its petroleum products to Europe. To this day, energy sales remain the emirate’s largest source of income. As the British retreated from the Middle East, yielding modern-day Bahrain and other Gulf emirates in the 1960s and 1970s, Qatar secured full independence from the crown in 1971. The Al Thani clan continued to rule.
Since gaining full independence, Qatar has discouraged opposition political parties and has dealt firmly, even with peaceful dissidents. Its people have little say in setting the country’s policies or in writing its laws. Qatar’s constitutional rights are shared as sparingly as in apartheid-era South Africa or Ian Smith’s Rhodesia. Only Qatari citizens — roughly one-sixth of its legal population — can purchase land or participate in government decision-making. The courts are controlled by the ruling family; the final legal appeal is to the emir, personally. Open criticism of the emir, or his family or his ministers, is a crime according to its constitution.
Yet, for years, Qatar largely escaped criticism from human-rights activists, and the Western media portrayed it as a typical Gulf state: increasingly prosperous, politically quiet and aligned with the West. Both the ruling class and Western intellectuals essentially asked the same question: With all its modern infrastructure, free schooling and free medical care, why do Qatar’s people need elections and government accountability? To be sure, Qatar’s neighbours have similarly poor human-rights records and lack independent courts, and its non-citizens do not enjoy the same legal rights as in Western democracies. (By contrast, Arab Israelis can buy land, vote in elections, run for office and enjoy identical legal protections to their fellow Jewish countrymen.)
Then, suddenly, an underwater discovery set Qatar aside from its equally wealthy, unfree neighbors. The 1990 discovery of the vast offshore Pars gas field — an underwater territory larger than the land mass of Qatar itself, and the world’s largest gas field — transformed Qatar and the politics of the Middle East. The sea-covered field is now divided into two major parts, the North Dome and the South Pars fields. This discovery made Qatar much richer than any of the other Gulf states (except for its largest neighbor, Saudi Arabia), and enabled it to play a much larger role on the global stage. It did not wait long to seize its moment.
Buying its Way as a World Influencer
Qatar soon used its vast new wealth to buy influence across the Arab world. Once hundreds of miles of undersea pipelines were completed in 1995, the petrodollars began flooding in and Qatar’s regional influence rose with the tide.
The Al Jazeera media empire, owned and controlled by the Al Thani family foundation, was launched that same year. The timing is no coincidence. The ruling family used its newfound money to broker agreements across the Muslim world, and began to fund its television channel to influence Muslim opinion, first in Arabic and then in English (the language of many of South Asia’s Muslims, as well as immigrant populations in Western Europe and North America — in fact, only 313,000 [2017 figures] of Qatar’s 2.69 million residents are actually citizens; the remainder are expatriates and immigrants who hail from India, Pakistan, Iran, Europe, Southeast Asia and other Arab lands).
Today, Qatar is the world’s largest exporter of liquified natural gas (a.k.a. LNG), making it one of the wealthiest nations on Earth on a per-capita basis (earning an $125,000 income, the highest in the world). Together, Qatar’s money and its Al Jazeera broadcasts (the name means “the peninsula” in Arabic) gave the tiny emirate enormous influence. It became, as one retired CIA official told me, the “mouse that could roar.” Its leonine rumble was soon heard in nearly every conflict in the Muslim world, even disputes centered thousands of miles from its shores.
For example, as Moroccan officials in Rabat told me in 2018, Qatar’s rulers bought a huge estate on Africa’s Atlantic coast that was once owned by relatives of Morocco’s King Mohammed VI. They then gifted it back to the royal family, alleging overpayment by some $500 million to reward other royal family members who were bickering over the money the estate would fetch. This in turn helped secure Morocco’s support. To Mauritania in the south, Qatar also lavished money on imams and funded the expansion of a Muslim Brotherhood chapter.
In Sudan, Qatar’s diplomats mediated the conflagration in the Darfur region, paying the major tribes not to war with each other — thus ending a genocide while buying tremendous influence with Sudan’s president, Omar al-Bashir. Even as his soldiers fought Qatari proxies in Yemen, Bashir told me in an interview in Khartoum in 2017 that he would not abandon his friends in Qatar. Meanwhile, Qatar is funding the Houthi rebels in Yemen, who are fighting its internationally recognised government.
“A full accounting of Qatar’s vast diplomatic initiatives would fill pages — its money and influence show up in every conflict across North Africa, the Middle East and South Asia”
In Syria, Qatar has funded elements of the al-Nusra Front, which is affiliated with al-Qaeda. Qatar also paid Iran-backed Syrian extremists a ransom the New York Times estimates ranges between $770 million and $1 billion, delivered in numerous black nylon duffel bags, for the return of 17 Al Thani family members who were kidnapped while on a week-long falcon hunt in the Iraqi desert. Such a ransom could fund a terror army for decades.
Qatar also shares its largest gas field with Iran, and its financial ties with the Islamic Republic are intricately interwoven. Qatar’s banks make loans to Iran and its merchants sell Iranians a large amount of televisions, computers and other electronic goods; Iranians also factor among Qatar’s mostly expatriate populace (Qataris only comprise 11–12% of the population, with 30,000 Iranians accounting for 1.50%).
A full accounting of Qatar’s vast diplomatic initiatives would fill pages. In short, its money and influence show up in every conflict across North Africa, the Middle East and South Asia. Its strategic investments include top European football (soccer) teams Málaga Club de Futbol (CF), owned by Sheikh Abdullah ben Nasser Al Thani, and Paris Saint Germain (PSG), acquired via the Qatar Sports Initiative (QSi) headed by Qatari government minister Nasser Khelaifi — the “most powerful man in French football”; London’s luxury and commercial buildings (for example, Canary Wharf Group Investment Holdings is majority-owned by Qatari Holdings — making it London’s largest property owner, according to research data firm Datscha.com); and U.S. documentary television channel Al Jazeera America — part of the Al Jazeera media empire — which was subsequently pulled amid claims of sexism and antisemitism while failing to gain sufficient U.S. audience numbers.
Setting the Stage for Non-Neighborly Contention in the Region
Naturally, Qatar’s sudden rise to regional leadership has provoked the ire of larger Arab states, especially that of Saudi Arabia and Egypt, whose heads tend to see themselves as the natural leaders of the Arab world.
Being the Arab world’s richest nation, Saudi Arabia controls Islam’s shrines in Mecca and Medina, while Egypt is home to approximately one-quarter of the world’s Arab population, and its novels and televised novellas are a huge influence driving Arab culture. Qatar’s newfound wealth and its Al Jazeera satellite channel allowed it to compete — financially, diplomatically, militarily and culturally — with the claims to regional leadership of both Saudi Arabia and Egypt, putting it on a direct collision course with them.
Increasingly, Qatar’s diplomatic wins often seemed to come at Saudi and Egyptian expense. Even Qatar’s biggest prize — a U.S. military base at the Al Udeid Air Base — was the result of U.S. base closure in Saudi Arabia. Worse still, from the Saudi and Egyptian perspectives, Qatar often seemed to be working at cross-purposes with Saudi’s absolute monarchy and Egypt’s military dictatorship. Saudi Arabia and Egypt have generally aligned themselves with the U.S. and its diplomatic initiatives since the start of the Iraq War in March 2003.
By contrast, Qatar has tried to simultaneously support both the U.S. and her enemies. So, while Qatar hosts a U.S. air base — home to some 11,000 American servicemen, from which U.S. warplanes strike targets in Afghanistan, Syria and Iraq — it also once housed Khalid Sheikh Mohammed, the mastermind of the September 11 attacks, and currently shelters members of Hamas and other terrorist groups that have killed Americans. It remains one of the largest funders of the Muslim Brotherhood, which was founded in Egypt in 1928 by Islamic scholar Hassan al-Banna, whose vision was to create a universal Islamic system of rule by promoting Islamic laws and moral through social services. This group has since spawned virtually every radical Islamist group in the past half-century, including al-Qaeda, the Egyptian Islamic Jihad and the Islamic State of Iraq and Syria (ISIS).
Qatar fell from the high wire of official neutrality in 2017, when Saudi Arabia, Egypt, Bahrain and the United Arab Emirates announced a blockade, closing their land, sea and air ports to trade with Qatar and withdrawing their ambassadors. Qatar’s Arab neighbors cited a list of reasons, including Qatar’s support for international terrorism and its close relationship with Iran, which the Gulf Arab states regard as a mortal enemy.
While the U.S. and EU have tried to remain strictly neutral in the Qatar–Gulf Arab boycott, Qatar’s rulers feared their neutrality would not last long. They are savvy enough to know that shifts in Western public opinion often produce shifts in government policy. Even before the 2017 boycott began, Qatar heard prominent Americans and Europeans call for a tougher line on the gas-rich peninsula. As a result, Qatar began to compile an “enemies list.” It would not be long before it found a way to strike at its distant perceived foes, utilizing the Internet to allow it to deny all responsibility.
Fear in the Spear: Qatar’s Use of Spear-Phishing
Qatar began to launch its systematic cyber warfare campaign against more than a thousand victims in North America, Europe, the Middle East and India in the past four years.
As the weakness of countermeasures has proved ineffective against these tactics, eyewitnesses have revealed how this new world of cyber warfare and diplomacy poses a risk to democracy itself.
Across its more than 1,400 cyber victims, Qatar has used the same pattern over and over: first, it sends a spear-phishing email to an unsuspecting target. Since this looks like an ordinary email from someone in the quarry’s address book, the target will click on the email, which then launches a virus-like program that will transmit all their private emails to their attacker. Then those emails will be catalogued by topic and recipient, and combed over for embarrassing admissions, financial irregularities or illicit relationships. As any damaging dirt is found, it is then circulated to journalists at New York Times, The Washington Post, the Associated Press and other major news outlets.
Next, as some unsuspecting, scoop-hungry and credulous journalists suddenly find this treasure trove in their email inbox, they will contact the prey for comment. Sometimes a demeaning or destructive story is subsequently published, which will quickly metastasize from one news outlet to another, instantly devouring the prey’s good name. At other times, reporters are unable to verify the email contents independently, so no story is published. But the reporter’s phone call, by itself, would send the prey an intimidating message: that it is risky and reckless to oppose Qatar.
Either by shaming or destroying Qatar’s perceived enemies, such spear-phishing has undermined much of the opposition to its policies inside Western democracies. According to DigitalGuardian.com, spear-phishing is the most successful form of acquiring confidential information on the Internet, accounting for 91% of attacks.
Unfortunately, with such a dangerous precedent being set, nothing can stop Iran, North Korea or other rogue nations from adopting the same playbook. Indeed, they may already be doing so… while eluding detection by intelligence services.
Qatar’s Prominent Cyber Victims in North America: The Elliott Broidy Case
Elliott Broidy, a self-made successful entrepreneur and Beverly Hills-based financier, was Deputy Finance Chairman of the Republican National Committee and a close friend of President Trump.
Broidy was also known to be a very outspoken critic of Qatar, citing its human-rights record, financial support for terrorism and closeness to Iran — a theocratic state that is developing nuclear devices and the long-range rockets to carry them. Broidy’s combination of political connections, personal views and indiscretions made him the perfect target for Qatar’s spear-phishing efforts, he said.
Jassim al Thani, a Qatari spokesman and member of the ruling family, calls Broidy’s claims “completely fabricated and without merit.”
In an attempt to hide their locations and the origin of the attack, the hackers used a Virtual Private Network Service providers registered in different countries, including Russia, Cyprus, the United Arab Emirates and the U.K.
However, their plan fell apart when a glitch occurred for several minutes, revealing the central launch point and IP address (18.104.22.168), which was registered under Qatar’s main internet service provider, Ooredoo — a company mostly owned by members of the Al Thani royal family.
Spear-phishing emails first appeared in the inboxes of a longtime friend of Broidy and his wife on Dec. 27, 2017. The emails seemed to be from legitimate sources or contacts in their respective email address books.
Still, these initial attacks failed. One of the emails sent to Broidy’s friend subsequently appeared to be a well-designed email from the BBC news network with the subject line “Saudi Foreign Ministry Leaked Documents.”
Once the target clicked on the “OPEN DRIVE,” he was directed to a Google webpage that asked him to verify his own password. The hackers on the other side were waiting. Once the unsuspecting victim typed in his password, it is over — the cybercrime has been committed and the victim’s credentials have been stolen.
The pace of phony emails accelerated between Dec. 28, 2017 and Jan. 4, 2018 in what Broidy’s friend described as “almost nonstop attempts to spear-phish me, including text messages purportedly from Google tech support.” Eventually, the cyber predators breached Broidy’s e-mail servers for the first time on Jan. 4, 2018. Broidy’s friend fell victim shortly thereafter.
Once the emails were harvested, phony documents were distributed. The Institute for Law and Society, a sham Ukrainian think tank, published a report on Jan. 25, 2018, accusing Broidy of engaging in business that would have put him in violation of U.S. sanctions in Russia. (The fraud was crude. Broidy had never done business in Russia and had no government contacts there. But it was hard to prove a negative, as victims soon learn.) The documents cited in the report were later found to be forged, likely by a foreign intelligence service.
Other journalists also received mysterious emails, too. On Feb. 7, 2018, Ben Wieder of McClatchy — a chain that operates daily newspapers in 29 U.S. markets and boasts an average weekday circulation of nearly two million Americans — published an article accusing Broidy of various misdeeds, based on purported copies of his private emails. Then, on or about Feb. 25, 2018, PDF copies of Broidy’s hacked emails begin appearing in the email inboxes of journalists in New York and Washington, D.C.
Within the next few days, Wieder received forged Russian documents, distributed by ILS. But as soon as Wieder began working on the story, he was scooped by his competition.
Al Jazeera was not far behind. Its reporter phoned Broidy’s executive assistant on March 6, 2018, saying he was seeking comment on the hacked emails. He refused to leave his name, a call-back number or other contact information, making it impossible for Broidy to respond to the allegations. Nevertheless, the mysterious “reporter” left this intimidating message: “Your reputation is about to be further maligned in international media.”
The following day, Al Jazeera ran a story on the forged Russian docs without including an effective denial from Broidy or pointing out that the documents were “provably false” and “complete forgeries.”
A few days later, a negative story by Associated Press reporter Tom LoBianco and his colleague, Bradley Klapper, appeared on the AP website. The Associated Press reaches some two billion people across the world per day, according to its website. Its wire service is used by virtually every major newspaper, broadcast and online news outlet in the United States, Europe, Australia and Asia — therefore, it was strategically vital to the cyberattack. A single biased story had suddenly appeared in countless major news outlets around the globe.
The AP attacks kept coming. On March 26, 2018, LoBianco published another long story on Broidy, based on his stolen emails. Broidy maintained that some or all of the emails were actually forged. He patiently explained the evidence over and over again. Yet nothing could stop the media feeding frenzy.
Next, Washington Post White House reporter Josh Dawsey phoned Broidy’s staff on April 4. He appeared to be the first journalist to receive physical print-outs of hacked emails, rather than PDFs, and indicated he was preparing a major story. Wall Street Journal reporter Bradley Hope then contacted Broidy on April 18, saying he was investigating Broidy based on what he had received of Broidy’s purloined private emails.
It is worth noting that every reporter in this chain seemingly had a separate angle, a little “exclusive” drawn from different sections of the private emails. This meant that the victim would have to simultaneously contend with multiple bogus claims. It was like fighting the hydra of ancient Greek mythology, a multi-headed serpent which, as soon as you cut off one head, it immediately grows two more.
Even Broidy, a man with vast personal resources and longtime personal relationships with the president and other key White House personnel, was powerless to stop the largely baseless attacks in the media. He has vowed to hold those accountable for the campaign against him in the court of law, and has relentlessly pursued his attackers. How could a lesser mortal possibly survive such an onslaught?
Other Prominent Hacking Victims’ Stories
Broidy’s story is similar to that of many other hacking victims. But while Broidy’s proximity to President Trump made him a lightning rod for the hackers, some received only a few negative mentions in the press.
And while this appears to be largely a result of their relative obscurity, it does not take away from the impact of the hacking on the victims’ personal lives and freedom — clearly, even relative obscurity cannot serve as an effective shield against cyberattacks.
Consider the case of eight U.S-based Syrian dissidents and other vocal Arab-Americans — Jihad Makdissi, former Syrian Foreign Ministry spokesman; Syria Emergency Task Force Managing Director Mouaz Moustafa; Saudi American Public Relations Affairs Committee Founder and President Salman Al-Ansari; The Syria Campaign (“Americans for a Free Syria”) advocacy manager Kenan Rahmani; Syrian Center for Media and Freedom of Expression executive director and The Syrian Observer editor-in-chief Wael Sawah; Lebanese-born, Washington, D.C.-based political activist Khaled Saffuri, noted for his comments on the Jamal Khashoggi case; People Demand Change Inc. executive director and former Syrian Emergency Task Force director Sasha Ghosh Simonoff; and People Demand Change co-founder and former Syrian diplomat Bassam Barabandi — all of whom have been outspoken in their opposition to Syria’s Assad government (which is backed by Iran and Qatar).
They, too, were targeted and maligned in the media, as reported in the Daily Beast.
For example, Rahmani’s LinkedIn profile was mocked and alleged to contain several bogus claims on a website claiming to be the “The Real Syrian Free Press,” which alleged Rahmani didn’t really attend law school in Washington, D.C. as he is “never there.” Sawah admitted surprise at Qatari attempts to hack his account, affirming that Doha assaults anyone against its ally, the al-Nusra Front.
Siminoff believes he and Barabandi were targeted because of their communication with the Turkish government over the Syrian opposition, specifically trying to comprehend Qatar’s involvement, including its connections to Jabhat al-Nusra and HTS in Syria (as an independent analyst who prefers to remain anonymous explained, “Every time we follow a deal between Iran and pro-Iran militias and Islamic extremists in Syria, we find Qatari money”). In a strange twist of irony, Siminoff says that while he formerly helped train Syrians to avoid cyber traps laid by the [Assad] regime or the Iranians, “I never thought we’d also have to worry about the Qataris.”
Former Cairo-based Al Jazeera English bureau chief Mohamed Fahmy, an award-winning Canadian-Egyptian investigative reporter who was jailed in Egypt in 2014 on alleged terrorism charges and sentenced to seven years’ imprisonment, had a falling out with the Qatari-owned media network and subsequently sued his employer. While behind bars during the 438 days of incarceration, Fahmy overheard eye-opening confessions from members of the Muslim Brotherhood, who told him endless stories of their cooperation with Qatari-owned network Al Jazeera. Fahmy has since decried this unethical and illegal relationship as being far from the fundamentals of journalism that landed him in prison.
The Qataris launched an extremely well-organized plan to steal Fahmy’s emails, assassinate his character and discredit him in a cyber-espionage operation, which Fahmy reported to the Canadian police in 2016.
Fahmy explained, “I deleted many of the spear-phishing emails I received that were clearly very well tailored to my interests as a journalist and human rights advocate, but I must have unknowingly fallen for one of them. I found out about it when journalist David Kirkpatrick from the New York Times contacted me in 2016 to inform me he had received a flash drive from an anonymous source including copies of my stolen emails.
“Once some of the content of my emails surfaced in the story he wrote, the next day Al Jazeera went all out with back-to-back coverage about some of the content of the emails. Interestingly, Al Jazeera disclosed information that was on the flash drive but had not been included in the article published in the New York Times.
“I learned later from my own investigations that this is a trend the Qatari intelligence uses to distance themselves from the cybercrime by handing the goods to other news outlets and sourcing it to them when reporting the news on Al Jazeera — their most cherished foreign policy tool and the dagger they use against the critics of Qatar.”
“I learned later from my own investigations that this is a trend the Qatari intelligence uses to distance themselves from the cybercrime by handing the goods to other news outlets and sourcing it to them when reporting the news on Al Jazeera”
— Mohamed Fahmy
Another prominent hacking target was Mr. Ronald Sandee, a former analyst in the Dutch military intelligence who now serves as co-founder of Amsterdam-based advisory and consultancy firm Blue Water Intelligence. As Sandee explained in an interview with TIJ, he considered suing the Qataris for their cyber-espionage operation on American soil: “It is clear the hack targeted Qatar’s enemies and friends alike. Qatar targeted its own clients in Syria, the Muslim Brotherhood, to keep control of their activities. But targeting U.S. citizens on U.S. soil should not be without repercussions. This massive hacking operation, which might still be ongoing, can only be done by governments.” Sandee confirmed that he continues to research the hack.
As Sandee pointed out, even Bollywood (including its Tamil Nadu equivalent, known as Kollywood, and the Telangu variant, Tollywood), was not immune to Qatar’s cyber wrath. Some 52 Bollywood actors, actresses, directors, film executives and other cinema personnel were targeted by Qatar’s hackers, as confirmed by a list in The American Spectator. This list featured prominent Tamil actor Arun Vijay, Tollywood actors Mahesh Babu and Manjima Mohan, and Trisha Krishnan, all of whom reported hacks of their personal social media accounts.
Added to the 48 other Bollywood actors identified on the list, Qatar is suspected of attempting to hack — or being in league with Turkey-based cyber groups ProPak and Ayyildiz Tim to hack — the accounts of actors Abishek Bachchan, Karan Johar, Rishi Kapoor, Rakul Preet, Sruti Haasan, Ali Zafar, Boney Kapoor, Anupam Kher, Amitabh Bachchan, Arshad Warsi, Hansika and Shadi Kapoor, and Indian director Mahesh Bhatt.
It is not clear exactly why Qatar would wish to hack these Indian celebs as, unlike its other targets, none have been particularly noted for speaking out against the emirate or publicly querying its political activities. However, as Qatar has strategically invested in some 38 media and sports channels in geographically diverse locations across Europe, Asia and North America — including its 2016 purchase of Hollywood’s Miramax Films — the hacks could be symptomatic of the emirate’s ambitions to rule the global media sphere.
With 43% of the film box-office revenues made in India, Bollywood’s substantial earnings and influence would easily place it on Qatar’s hit list of rivals. As there is also a sizeable Indian immigrant population — approximately 650,000 — living and working in Qatar, the hacks could be part of a larger plan to wield influence on the subcontinent and abroad.
A Not-So-Sporting Player
In addition to the Bollywood hacking assault, over 400 Egyptians were targeted, including eight Egyptian soccer players: Abdallah Said, Ahmed Saed, Ahmed Salama, Ayman Refaat, Islam Saleh, Mahmoud Hamdi al-Wensh, Mohamed Abdel Fattah, and Egypt and Al Ahli goalkeeper Mohamed Al Shenawy, each of whom had their private email correspondences stolen.
As per its Bollywood victims, there does not at first glance appear to be any motive for Qatar in targeting these individuals, apart from its strategic power-playing in the sports arena, both regionally and abroad. As Sandee commented: “The targeting of a group of young football players by this Qatari hacking operation is disturbing. What are the Qataris looking for? Do they try to find dirt so they can blackmail these players when are participating in 2022 World Cup Football? Do they try to find weaknesses so they have leverage when they try these players out for Paris Saint Germain? Or is there even a darker agenda behind these specific hacking targets?”
The “darker agenda” Sandee alluded to shows up in another of the emirate’s sports connections. Qatar has not only established itself as a major player in European soccer through its purchase of PSG and Málaga CF, but also through its BeIn Sports media channels — formerly known as Al Jazeera Sports — which includes local variants such as BeIN Sports France and BeIn Sports Spain.
“There are many reasons for Qatar to penetrate the means of communication for known people, including silencing critics; in this case, maybe to influence the Egyptian players to sabotage the Egyptian team”
— David Reaboi, Institute for Security Studies
After the Doha-based network obtained exclusive rights to broadcast major football leagues such as the FIFA World Cup, the UEFA Europa League and the English Premier League, its Arab power rival, Saudi Arabia, disappointed sports fans by blocking the channel from broadcasting the 2018 World Cup, threatening a 10,000 riyal ($2,700) fine to any hotel that refused to censor the network. The Saudi-initiated Doha blockade was followed by other Gulf states (the UAE, Egypt and Bahrain, among others), escalating in a diplomatic row over Qatar’s financial backing of media channels and its support for Iran and the Muslim Brotherhood.
The Gulf blockade was also publicly backed by Trump, who accused Qatar of supporting terrorism and cited Elliott Broidy as a key influence in his policy. As Qatar was subsequently hit with international sanctions, it appears the emirate may have specifically targeted Broidy as an act of retaliation because of his influence on Trump.
Speculating on the rationale for the attack on the soccer players, David Reaboi, senior vice president at the Security Studies Group in Washington, D.C., said: “These actions are fully in line with Qatar’s subversive policy, in addition to the billions spent by Qatar in organizing the World Cup, and their clear willingness to do all the suspicious things to ensure access to the organization and to use football as an instrument of influence.
“There are many reasons for Qatar to penetrate the means of communication for known people, including silencing critics, and in this case, maybe to influence the Egyptian players to sabotage the Egyptian team.”
As in Qatar’s other cyber warfare strategies, “sabotage” is clearly the name of the game.
“The targeting of a group of young football players is disturbing. What are the Qataris looking for? Do they try to find dirt so they can blackmail these players when they are participating in the 2022 World Cup Football? Or is there an even darker agenda behind these specific hacking targets?”
— Ronald Sandee
Ambassador Lee Wolosky Cracks the Hackers’ Code
Broidy’s story is similar to that of many other hacking victims. But while Broidy’s proximity to President Trump made him a lightning rod for the hackers, some received only a few negative mentions in the press.
As soon as Elliott Broidy realized he was being cyberattacked, he spared no time in fighting back, quickly hiring prominent Boies Schiller Flexner, LLP lawyer and former U.S. Special Envoy to Guantànamo Lee Wolosky, who filed a lawsuit in California in March 2018 against Qatar and their agents in the U.S.
They worked in tandem with Anukura and Adlumin, two of the most prominent cyber intelligence firms in the world — which worked on the DNC hack among other cases — to assist in uncovering how the hackers carried out their misdeeds.
Of the unique lawsuit, which attempted to hold a foreign government accountable in a U.S. court for digital espionage operations, Wolosky said that hacking into a U.S. citizen’s emails is a criminal offense, but it is tantamount to “an act of war when such an attack is orchestrated by a foreign government.”
Wolosky is a seasoned litigator, crisis manager and counterterrorism official who has served under the past three U.S. presidents in significant national security positions. In 2016 he was accorded the personal rank of Ambassador by then-President Obama, who called on Wolosky to lead U.S. diplomatic efforts to close the U.S. detention facility in Guantànamo Bay, Cuba.
Wolosky explained to TIJ in an interview how this lawsuit unraveled the data about the hundreds of people targeted and who is behind it: “The IP addresses came off the Broidys’ capital management server, which, like many servers, logs off all of the internet protocol addresses that seek access to the server. And what that revealed was a very sophisticated computer-hacking operation that used VPNs all over the world in order to try and disguise the origin of the computer attacks.
“What this means in simple terms is that the attackers bounced their internet traffic of computer servers all over the world. Really, in most continents, we found thousands of computer servers even just within the United States that were used to try and disguise their activities.
“However, in a couple of instances, their obfuscation techniques failed. The VPNs failed, and our technical people were able to see through — directly to the originating internet protocol address. It was sort of like someone operating behind the curtain and then the curtain falls down, and you’re able to see who’s behind the curtain. And in those cases, we saw the use of a single internet protocol address in Doha, Qatar, as standing behind the curtain.”
US-based company Tiny Url, a shortening web service that provides short aliases for redirection of long URLs, was among the companies that had to comply with the court’s order and cooperate with the investigation.
Essentially, the investigation into how the hackers used thousands of “Tiny Urls” led to the revelation that this crime was not only directed against Broidy, but also towards the thousands to whom the corrupt links were sent.
Wolosky, in his legal battle on behalf of Broidy, succeeded in convincing the court to issue 80 subpoenas in his quest to pinpoint the cyber thieves: “We were able to get all of the data used by this group over a one-year period from May 2017 to June 2018 through the U.S. legal practice of subpoena.
“When we got that data and decoded it, we were able to see all the fake emails and all the fake addresses that were used by the group in targeting particular email accounts — real email accounts.
“As a result of obtaining the email accounts and the fake emails, we were able to see exactly who was targeted by their email address, and when they were targeted — we even saw some notes that were indicated next to their targets, and these were the notes of the attackers saying what they wanted to do.
“In some cases, the hackers created fake emails based on the general narrative of the real emails, so you’re talking about an operation that involved probably thousands of people, certainly hundreds of people in order to do all this work.
“And it’s really only states, in our experience, that have the resources to run an operation of this size and this magnitude and sophistication.”
“It’s really only states, in our experience, that have the resources to run an operation of this size and magnitude”
— Ambassador Lee Wolosky
Masterminds of the Hack Named in Broidy’s Lawsuit
During the lawsuit, Broidy asserted that the leader of the hack ring was former high-ranking UN diplomat Jamal Benomar, whom he accused of serving as an undeclared agent of Qatar.
Born in Morocco (but a dual Morocco-UK citizen), Benomar was a student opposition leader who was briefly jailed in the 1970s and 1980s, nevertheless managing to obtain a Bachelor’s and two Master’s degrees from the Sorbonne while imprisoned.
Eventually, after managing to escape Morocco through the interventions of Amnesty International, he charmed his way into the UN’s diplomatic corps. By 2009, the native Arabic speaker was named UN Special Envoy to Yemen, a war-torn nation on the Southeastern edge of the Arabian Peninsula. Sent to mediate between the embattled regime in Sana’a (supported by Saudi Arabia and the UAE) and the rebels (backed by Iran, Qatar and al-Qaeda), Benomar soon befriended the Qataris.
In 2013, Benomar met with the Emir of Qatar. Soon after, Qatar gave $350 million to the Yemen Compensation Fund following the meeting. How this money was spent is of great controversy. Political analyst Ahmed Sinan has accused Qatar of funding the Yemeni off-shoot of the Egyptian Muslim Brotherhood, which has historically been at odds with Saudi Arabia. Said Sinan, “The sizable donation from the Qataris is a way to decrease Saudi influence in Yemen. Benomar became an agent working on behalf of Qatar.”
By some accounts, Benomar accepted bribes from the Qataris equal to $2 million per month. After the illicit arrangement became public in 2014, Benomar was relieved of his UN post for reasons that were not made public (officially, he resigned in April 2015, and was reappointed as UN Special Adviser at the level of Under Secretary-General in November 2015). Soon, Benomar found work directing a cyber-warfare consulting firm in London, according to Broidy’s court filings, which suspected Benomar of developing the global target list of Qatar’s enemies.
(After receipt of Wolosky’s subpoenas, Muzin and Allaham claimed they had ended their work for Qatar, with an embittered-sounding Allaham subsequently telling Politico that “Qatar enjoys portraying itself as a purveyor of peace in the region, but nothing could be further from the truth.”
Yet the Wall Street Journal raised questions as to whether Muzin and Allaham had given up their lobbying contract.)
A civil case against Muzin and Allaham that was filed by Elliott Broidy was eventually dismissed on jurisdictional grounds, but Broidy’s attorneys refiled the case in January, adding as a plaintiff Greg Howard of Mercury Public Affairs (a subsidiary of global communications giant Omnicomm).
The new complaint paints the fullest picture to date of an alleged globe-spanning conspiracy by the government of Qatar to hack the former GOP official’s email.Mercury’s powerful clients include the conglomerate controlled by Russian oligarch Oleg Deripaska, on behalf of which Mercury lobbied the Trump administration to ease U.S. sanctions.
“Qatar enjoys portraying itself as a purveyor of peace in the region, but nothing could be further from the truth” — Joey Allaham
Mercury came under former Federal Bureau of Investigation director Robert Mueller’s scrutiny for lobbying work arranged by Paul Manafort for a front group linked to former Ukrainian President Viktor Yanukovych.
Broidy’s suit cites phone records to back up its charge that Howard coordinated the dissemination of his emails to reporters at outlets including the Associated Press, The New York Times, The Washington Post and The Wall Street Journal.
The civil case filed by Elliot Broidy was eventually dismissed. Benomar, who left the U.N. before the alleged hack, submitted documents stating that he is a Moroccan diplomat, posted to the North African nation’s mission to the U.N. The U.S. recognized Benomar’s diplomatic immunity despite the fact he is a permanent resident of the United States, which would normally bar him from a diplomatic immunity claim. Benomar has owned property in Georgia and New York and his wife and children legally reside in the U.S.
Equally mystifying is that Benomar was also named as a Member of the Supervisory Board of Lagardère SCA, a multinational media conglomerate with travel and sports and entertainment subsidiaries headquartered in Paris, in September 2018. Lagardère is a publicly traded company and Qatar is Lagardère’s top investor. However, the fact Benomar is working for a publicly traded company undermines his claim to be working as diplomat for Morocco.
Trump’s Cyber-Terrorism Strategy is Not Enough
While President Trump recently unveiled a new cybersecurity strategy building on his Executive Order “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” signed in May 2017, it leaves out an important component: victims of hacking, such as Broidy and the 1,400+ others. But effective countermeasures to national hacking attacks are hard to come by.
Military actions are essentially off the table, as no nation has yet carried out military strikes based cyberattacks. While sinking ships, hijacking planes or kidnapping citizens has provoked military strikes in U.S. history, non-physical raids have never drawn a military response. It is hard to imagine any elected leader ordering air strikes following a cyberattack.
But what about cyberattacks in response to cyberattacks? While it has a nice parallelism, the U.S. Cyber Command has not announced such a policy, and there is no public evidence that the U.S. has ever used to hackers to strike back at foreign hackers. A recent Wall Street Journal op-ed called for “a cyber second-strike capability” but, for now, that remains a matter of advocacy, not policy.
While sanctions are often proposed to counter digital attacks, they are very rarely, if ever, imposed. Diplomats want hard evidence that a particular nation’s government ordered or condoned the attacks. This kind of evidence is very hard to obtain since rogue nations typically use third-party clandestine operatives (such as Indian or Ukrainian hackers) who use offshore proxy servers located in the Philippines or Malaysia to launch such attacks. Nor do governments ever publicly announce their culpability — and, indeed, usually deny any responsibility or knowledge of those attacks.
Criminal charges against state actors are also difficult, since prosecutors must show “guilt beyond a reasonable doubt.” That evidence is rarely available, and no foreign citizen residing outside the U.S. has ever been successfully prosecuted in American courts. What’s more, U.S. law gives foreigners immunity from U.S. prosecution, if the alleged crimes were committed outside the United States.
Very few victims try to bring lawsuits against foreign malefactors in U.S. courts. Elliot Broidy is one of the few to even attempt to seek justice in the federal courts, and his experience underlines the difficulties in doing so.
Broidy’s first lawsuit in a Los Angeles federal court was dismissed in the spring of 2018. The judge cited the 1976 Foreign Sovereign Immunities Act, which safeguards non-U.S. citizens such as Benomar from facing lawsuits in U.S. courts. The judge went so far as to beg, in writing, for Congress to amend the law to cover cyberattacks as it did in 2016 to permit foreign terrorists to be sued in U.S. courts, but his suit was unsuccessful.
Cyber Diplomacy and its Risk to Democracy
Check HaveIBeenPwned.com and see if you have been hacked. It is highly likely your secret passwords and bank details are already for sale on the “dark web.” More than 700 million accounts are already compromised, according to the Wall Street Journal.
In theory, democracies flourish when competing factions air their best arguments
and majorities form a new consensus based on evidence and argument. In reality, some ideas are hampered by lack of financial support, and are therefore kept from public consideration. Others lack charismatic champions to present contrary ideas in the best possible light. But each of these democratic flaws still contains an element of democracy itself: funders vote by donating money to movements (or not), and powerful personalities agree or disagree to champion unpopular ideas.
Cyber warfare represents a new and unprecedented attack on democracy itself. By
silencing dissenting voices, Qatar — or any other rogue nations — can divert or distort the national conversation by keeping facts or ideas from the public. Like a jury denied exculpatory evidence, voters may render their verdicts on incomplete or even false information. Imagine if Russian President Vladimir Putin’s jailing of journalists or killing of dissidents was kept from the public. Without this knowledge, voters may come to a very different conclusion about the wisdom of sanctions against Russia.
Likewise, imagine if China’s unprecedented build-up of its naval forces were kept out of the newspapers. Voters may come to a different conclusion about the wisdom of enlarging America’s navy. Or, imagine if Syrian dictator Bashar al-Assad’s use of poison gas against women and children was never brought to the West’s attention, or the genocide in Sudan’s Darfur region were never made known… the list goes on.
“If every critic had to face the possibility that his advocacy would be undermined by publicizing his private shortcomings, only saints or fools would challenge dictators. This would leave a world in which many leaders are afraid to ‘speak truth to power’ — and we will all be poorer as a result”
If every critic had to face the possibility that his advocacy would be undermined by publicizing his private shortcomings, only saints or fools would challenge dictators. This would leave a world in which many leaders are afraid to “speak truth to power” — and we will all be poorer as a result. It will also be a world in which autocratic rulers can terrorize not only their own people, but even the free peoples of Western democracies.
This changes the power dynamics, the realpolitik, of the globe by making politicians, journalists, missionaries, dissidents and others, slavishly fearful. It is the cyber equivalent of giving dictators a nuclear bomb. And no arms control treaty can disarm them. If Western democracies do not develop effective countermeasures to what former U.S. president Bill Clinton once called “the politics of personal destruction,” the leadership of the world will slip into the hands of the most ruthless — a scenario where whoever is willing to be the most personally destructive will rule the rest.