Did hackers lead warplanes to Syrian hospital after targeting British surgeon’s computer?

BBC Newsnight broadcast phone number of surgeons working in war-torn Aleppo.

Did hackers lead warplanes to Syrian hospital after targeting British surgeon's computer?

The Telegraph writes:

A British surgeon who helped carry out operations in Aleppo fears that the hacking of his computer led to a hospital being bombed by suspected Russian warplanes.

In a world first, renowned consultant David Nott gave remote instructions via Skype and WhatsApp which allowed doctors to carry out surgery in an underground hospital.

But, after footage was broadcast by the BBC, Mr Nott believes his computer was targeted, allowing hackers to gain the coordinates of the M10 hospital.

An edition of the BBC’s flagship “Newsnight” programme included footage of Mr Nott advising doctors in Syria how to carry out a complicated operation remotely via WhatsApp and Skype. And, as recently as yesterday, the footage was still available for anyone to view on YouTube.

Why has it now been removed? Well, my guess is because the footage includes another clue about how the makeshift hospital could potentially have been targeted.

Newsnight” included in its report footage of Mr Nott’s desktop monitor, which showed prominently the full phone number (complete with Syrian country code) of the surgeons he was communicating with.

Unlike “Newsnight”, I’ve obscured the number in my screengrab below.

Number obscured

Clearly that phone number should not have been broadcast. Although it’s quite likely that the hospital’s bombing had nothing to do with the “Newsnight” report, and that Mr Nott’s computer and Skype account were not hacked, it’s not entirely implausible that a determined intelligence agency might have used a different route to determine the operating theatre’s location.

For instance, if I wanted to know precisely where the Syrian surgeons were I might be tempted to infect the smartphone which has that number, rather than the British consultant. I think that would be a good deal more straightforward, and could result in much more reliable information about someone’s location than an IP address.

My feeling is that the jury is out whether any hack occurred. Mr Nott seems to think his Skype or computer may have been targeted. The alternative scenario I give above is possible, although perhaps also not as likely as something rather more conventional.

For its part, the BBC is downplaying the speculation:

The bombing of the M10 hospital in Aleppo was a tragedy, but we haven’t seen any evidence to suggest that the attack was linked to the Newsnight report or the many other media stories about the work of David Nott and the doctors in the hospital.

The hospital had already been targeted many times before our report, and the suggestion of such a link remains purely speculative.”

Perhaps it’s best not to jump to conclusions that something has to have a computer security angle, unless there’s some reason to believe that’s true.

And, I would argue, it would be sensible for news teams to be very careful not to broadcast sensitive information (such as mobile phone numbers), particularly when it involves people working in war-torn Aleppo.

The BBC has now removed the “Newsnight” footage from YouTube.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.