This is a collection of information released by Ministry of Interior on their twitter account regarding the hacking of the QNA website.
Qatar team investigating the hacking of QNA website and its social media accounts held a press conference today to release the latest developments.
The investigation team uncovered in the press conference the details of hacking as per its chronological order.
The investigation team showed a film that explained how the hacking took place and how it was used by siege countries in media.
Lt Col Ali Mohammed Al-Muhannadi, Director of Technology Affairs at NCC and head of investigation team attended the conference.
Capt Othman Salem Al-Hammoud, asst director of Information Security Department also spoke at the conference.
As the authorities began to collect inferences, the results of the investigation revealed technical evidence confirming hacking.
Technical examination showed that hackers exploited vulnerability in the website to access the QNA system and collect passwords.
Investigators found that on April 19, the hacker infiltrated to QNA network using VPN software and scanned the website completely.
On April 22, the hacker exploited a vulnerability in the website, installed the malicious programs and intruded into the network.
The vulnerability was shared with another person via Skype, who accessed it at 5:47 am from an IP address of one of the siege.
Later, the hacker deployed more sophisticated malicious programs to get full control of the network.
On April 28, the main system of QNA was targeted and addresses, passwords and e-mails of all the employees were collected.
On the April 29, the hacker accessed the vulnerability in QNA website via an IP from one of the siege countries.
On May 20, the hacker carried out a final check of malicious programs, confirmed effectiveness in preparation for an attack.
On May 23, just minutes before the start of the attack, the QNA website witnessed significant increase in number of visitors.
These visits were through IP addresses from one of the siege countries.
At 11:45 pm the actual attack began and 12:13 am, false quotes attributed to the Emir were posted on the QNA website.
Two minutes later, the first access of the article was recorded via IP addresses of one of the siege countries.
Within the next few minutes and with the increase of browsing in an unprecedented manner, the website was out of service.
At 3am, the attack was contained, the control of the website was restored, at 7pm, all QNA social media accounts were recovered.
As well, the technical team could reach to a European telephone number that was used for the hacking process.
