A British surgeon who helped Syrian doctors online has told the Telegraph he fears his computer was hacked, leading to an air strike on a hospital.
David Nott, who has performed surgery in various war zones, helped his Syrian colleagues during an operation, via Skype and WhatsApp, on just one occasion.
The 2016 operation was later broadcast by the BBC’s Newsnight programme.
Weeks after this, the Aleppo hospital was hit by a “bunker buster” bomb.
Dr Nott thinks the hackers were able to discover its location via his computer.
Cyber-security professionals say his theory is plausible, but the BBC has spoken to two experts who think another approach – if hackers were involved at all – would have been more likely.
Cyber-security researcher and blogger Graham Cluley pointed out that at one point in Newsnight’s broadcast, a Syrian telephone number had been visible on David Nott’s computer screen.
Rather than target Dr Nott, he thinks hackers may have tried to infect the smartphone of the Syrian at the hospital who used that number.
“Newsnight should have obscured that number in their report,” he told the BBC.
Additionally, Matthew Hickey, at cyber-security company Hacker House, said that because it appeared to be a mobile phone number, it may have been possible for a nation state to hack into the Syrian carrier network, ping the mobile and receive its location.
That in turn may have given away the coordinates of the part of the hospital where the operating theatre was located.
‘Matter of minutes’
“It sounds more likely as opposed to [Dr Nott’s] laptop being hacked that someone used that,” said Mr Hickey.
“It would have taken a matter of minutes.”
Newsnight journalist John Sweeney tweeted: “Did Russian/Syrian bombs target this hospital in Aleppo because of our @BBCNewsnight film with @NottFoundation? If so, a sickening act of inhumanity.”
In a statement, the BBC said: “The bombing of the M10 hospital in Aleppo was a tragedy, but we haven’t seen any evidence to suggest that the attack was linked to the Newsnight report or the many other media stories about the work of David Nott and the doctors in the hospital.
“The hospital had already been targeted many times before our report, and the suggestion of such a link remains purely speculative.”
The air strike in 2016 caused a direct hit to the M10 hospital’s operating theatre, resulting in the deaths of two patients.
The hospital was subsequently closed permanently.
Dr Nott has said that, following advice from people working in war zones, he will not offer help to surgeons via the internet again.
“It is a crime against humanity that you can’t even help a doctor in another country carry out an operation. It is a travesty,” he told the Telegraph.
The hospital had previously been bombed 17 times, but Dr Nott has said he thinks it was by hacking him that the attackers were able to direct the bomb accurately at the operating theatre.
Mr Hickey pointed out that there were many other ways in which an aggressor could have spied on the hospital.
Without accessing the computer devices used and analysing them forensically, there was no way of knowing what actually happened, he told the BBC.
But technology such as a virtual private network – which uses a third party’s servers for private access to the internet – and secure laptops could in theory be used to allow pioneering surgeries like this to happen again.
Mr Hickey added: “The lesson should be learned, building a more secure solution for doing that kind of work would be advantageous.”