UK surgeon suspects his PC was hacked to target Syrian hospital
Not the only possible theory, say infosec types
A British surgeon whose instructions over the internet helped to guide operations in war-torn Aleppo fears his PC was hacked in order to target a makeshift hospital that was subsequently bombed.
Consultant David Nott gave remote instructions via Skype and WhatsApp that helped doctors in Syria carry out operations. Footage of the process at work was broadcast on the BBC's Newsnight in September 2016.
Mr* Nott reckons his computer was then targeted by hackers seeking to pinpoint the M10 hospital, the Daily Telegraph reports. Less than a month later, the hospital was destroyed by a bunker buster-type bomb allegedly dropped by Russian warplanes.
The strike on 3 October 2016 – which scored a direct hit on the trauma hospital's operating theatre – killed two patients, injured medical workers and resulted in its permanent closure.
Mr Nott said he suspects the precise targeting was made possible after hackers lifted coordinates for the hospital held on his computer. The consultant had carried out many operations in the course of training local physicians while in Syria but only supervised in one operation remotely. After taking advice from those working on the ground he intends to abandon the practice.
Pinpointing the location of a system after hacking one of its components is plausible even though there are other possible explanations for what went down in Aleppo and plenty of doubt over whether the doctor's suspicions are correct.
Computer scientist Professor Alan Woodward, of the University of Surrey in England, told El Reg: "The details are a bit light in how his computer was hacked, but assuming it was then it would be easy to find the IP address and phone number of recipients.
"I'm not sure it necessarily needed to be a hack whilst he was actually communicating – easier to do it once the hackers knew who he was and from there they could collect the data they needed."
The Syrian government would likely have access to technology that could pinpoint the physical locations of phones or computers, Professor Woodward added.
"Frankly it's amazing that any form of comms works in these areas under these conditions but it's difficult not to conclude that the Syrian government can access the metadata needed to pinpoint mobile numbers and IP addresses."
Hospitals in Syria have been targeted, possibly in a cynical attempt to drive out populations from disputed areas by making them close to uninhabitable because of a lack of healthcare. Local doctors might be watched by spies or through other means.
The M10 hospital has been bombed at least 17 times. Mr Nott nonetheless thinks the precise coordinates of the operating theatre were obtained by clandestine computer hacking. If this is what happened, it might well have taken place after the broadcast rather than during the operation itself. Dr Nott has since changed both his computer and mobile phone. ®
* In the UK, because of an anachronistic tradition that dates back to the Middle Ages, surgeons are called Mr, Ms, Miss or Mrs. A surgeon at that time gained their qualifications by being an apprentice like any other tradesperson rather than going to university like a physician. Today British surgeons go from Ms/Mr to Dr and back to Ms/Mr once they achieve trainee consultant status.
Sponsored: Becoming a Pragmatic Security Leader