The Telegraph writes:
A British surgeon who helped carry out operations in Aleppo fears that the hacking of his computer led to a hospital being bombed by suspected Russian warplanes.
In a world first, renowned consultant David Nott gave remote instructions via Skype and WhatsApp which allowed doctors to carry out surgery in an underground hospital.
But, after footage was broadcast by the BBC, Mr Nott believes his computer was targeted, allowing hackers to gain the coordinates of the M10 hospital.
An edition of the BBC‘s flagship “Newsnight” programme included footage of Mr Nott advising doctors in Syria how to carry out a complicated operation remotely via WhatsApp and Skype. And, as recently as yesterday, the footage was still available for anyone to view on YouTube.
Why has it now been removed? Well, my guess is because the footage includes another clue about how the makeshift hospital could potentially have been targeted.
“Newsnight” included in its report footage of Mr Nott’s desktop monitor, which showed prominently the full phone number (complete with Syrian country code) of the surgeons he was communicating with.
Unlike “Newsnight”, I’ve obscured the number in my screengrab below.
Clearly that phone number should not have been broadcast. Although it’s quite likely that the hospital’s bombing had nothing to do with the “Newsnight” report, and that Mr Nott’s computer and Skype account were not hacked, it’s not entirely implausible that a determined intelligence agency might have used a different route to determine the operating theatre’s location.
For instance, if I wanted to know precisely where the Syrian surgeons were I might be tempted to infect the smartphone which has that number, rather than the British consultant. I think that would be a good deal more straightforward, and could result in much more reliable information about someone’s location than an IP address.
My feeling is that the jury is out whether any hack occurred. Mr Nott seems to think his Skype or computer may have been targeted. The alternative scenario I give above is possible, although perhaps also not as likely as something rather more conventional.
For its part, the BBC is downplaying the speculation:
“The bombing of the M10 hospital in Aleppo was a tragedy, but we haven’t seen any evidence to suggest that the attack was linked to the Newsnight report or the many other media stories about the work of David Nott and the doctors in the hospital.
“The hospital had already been targeted many times before our report, and the suggestion of such a link remains purely speculative.”
Perhaps it’s best not to jump to conclusions that something has to have a computer security angle, unless there’s some reason to believe that’s true.
And, I would argue, it would be sensible for news teams to be very careful not to broadcast sensitive information (such as mobile phone numbers), particularly when it involves people working in war-torn Aleppo.
The BBC has now removed the “Newsnight” footage from YouTube.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.