Britain is under attack! The biggest cyber attack we’ve ever seen, and it’s bringing down telecommunications, banks and even the government itself.
Thankfully, it’s all only fictional – despite some people being taken in by a trailer – as we’re talking about Channel 4’s newest prestige TV series: The Undeclared War, featuring Mark Rylance, Simon Pegg and Adrian Lester. In the Peter Kosminsky-created drama, a young intern, Saara (Hannah Khalique-Brown) trawls through a load of code and uncovers the attack designed to take out the UK, right before a general election. So far, so terrifying.
But how true to life is the series, and could this ever happen in reality? We asked Jake Moore, a global cyber-security advisor with 20 years in the game, how based in reality the show is, if we need to start panicking about a digital downfall, and why you definitely need to change your password if it’s still Password123.
What did you think about the War Of The Worlds-inspired trailer that had people in a bit of a panic last week?
I saw there was a bit of a backlash last week about the trailer but I’m a big fan of that as I work in simulation attacks on businesses. The public tend to forget about it, either think it won’t ever happen to them or don’t really understand, so the trailer was excellent to highlight it in that way.
What did you make of the show itself?
It worked brilliantly, I thought it was made very well. It’s a really good depiction of what it’s like to go through code in that way. It did take me a while to get it – I thought Saara was dreaming at the start. Later on when she’s walking down the office cupboard aisle and finds that pile of junk, I thought this is the greatest depiction I’ve ever seen of showing what happens in malware hunting, because it’s usually so damn boring! So to see a good visualisation of that, I was clapping for that.
Can you decode some of the lingo for us: what’s a stress test, malware and a sandbox?
A stress test is to see if the code falls apart if you apply pressure to it. Does it highlight that it’s a virus? Or does it highlight that it can knock over a computer? It’s looking at the code to see what it does, and what malware is trying to hide from being caught. Malware is a piece of software that is designed to do something malicious (malicious software, that’s where the term comes from). Anyone can write a piece of malware and the antidote is anti-malware software which is designed to look for anomalies which will stop that code exploiting the device. A sandbox is an environment, a “box” that you put unknown code into, so if it turns out to be a virus, it will not be able to get outside of that vault and infect the rest of the network.
In the series, BT is taken out in the first attack – would this be possible?
I thought it was interesting they targeted BT, because BT would have its own internal group, as they’re part of the political infrastructure of the UK; they would have special lines with GCHQ. I think they said in the episode that 55 percent of the country had gone down. That’s not a bad shout; I would say they’ve got their stats bang on for that, because if half the UK uses BT and BT’s gone down, the potential is that the country would come to a standstill – and that’s what they’re trying to say – so they would have extra protection in place.
What about Saara the intern – would she really end up cracking some code and then in a COBRA meeting with the PM within the same first day?
They’re making her own to be like a bit of a Rain Man; she scans the code and goes “that’s odd” , but that is technically possible. I just don’t know if a work experience would do that. You’d also have to be security cleared to the hilt. They mentioned DV [Developed Vetting] clearance in the show and that’s your financial background; who lives in your house. The financial check is to see if you have debts as you’re at risk of being blackmailed into giving away information. GCHQ are always looking for the next generation of employees, but it does seem a bit of a jump to go from school to a COBRA meeting, but I couldn’t work out the time scale of that, so with a bit of artistic licence you could suggest that would be a time span of six months.
Could hackers really take out the entire internet?
I think the attack is absolutely possible, but the government does have extra protection in place for specific critical lines that, without such security, could potentially cause widespread havoc. For example, our national infrastructure; our power grids and internet are heavily guarded with the most robust protection. It’s very expensive, the highest grade protection. It’s not impenetrable, but it would take a lot of work to go through it. What strikes me is they talk about this malware, but it would not be just one piece of malware that would take it out, it would be a multi, multi layered attack and very difficult to do. You’d need people on the inside, you’d need someone in BT and extremely persistent attacks that don’t stop (and there’s a huge expense attached to that) but this is how it would pan out. Ostensibly, we’re seeing how an attack plays out but in reality it’s unlikely to occur on such a widespread scale or speed with the government because of that extra protection they have. Also, the government simulates threats like this – multi-agencies get together and simulate attacks, like a drill, to work out what they would do. They work on the weak points a few times a year and they highlight good procedures for vulnerabilities and work out contingency.
What about the banks going down – should we be stashing our hard-earned pounds under our bedroom pillows now?
I didn’t like that line because I thought that was a bit too dramatic. A blanket line that all the banks are down…They have procedures in place so they wouldn’t go all down at the same time. Also, all our data isn’t in one place, it’s in several places around the world, and this is part of the resilience for the worst case scenario – it’s that backup.
In the show, the attack is thought to be from the Russians – how likely is this and does this happen in reality? Who are the people behind these cyber hackings?
You have to work out the attribution. There are groups called Advanced Persistent Threat groups (APT) which there are hundreds, if not thousands of, in the world. Such as The Fancy Bear group – if it has a bear at the end of it, it’s Russian. These APTs tend to have a way of writing their code and it gets analysed, which tends to give them away. If there’s Russian written around the code it could be Russians, but then it could be North Koreans writing in Russian code. They might make simple mistakes that Russians would never make, and that’s what singles them out. Then there are nation state actors, where a government could outsource this activity to other groups – they might go to forums on the dark webs and get those parties interested to do what they want.
And how do you think a real government would likely retaliate?
We haven’t seen this widespread cyber attack before, so it’s interesting to think how they would do it. Would they leave it up to more “ethical” hackers – like the Jolly Rodger in the show who turns Putin’s lights on and off? That would definitely happen, it’s very likely. If you research the group Anonymous, they target whoever they believe is immoral or unethical – they targeted the Russian government as soon as the war on Ukraine started. We can’t say governments are attacking them, but there are hackers and groups who are doing this type of work for them. These groups, APTs, are not always financially motivated, it might be political or any other sort of motivation to cause disruption.
What are the biggest other cyber threats to society, like in the show when it’s targeted around the general election?
Where the internet is a much more powerful weapon is not on the day of the election, you’d have to go back months to sow disinformation, and then this is by far the most powerful weapon that has been used. Such as with Cambridge Analytica. This is an incredible story about how they were able to manipulate people’s minds; potentially from Russia, potentially they did it to only 10 percent of the world, but that 10 percent were able to manipulate a potential swing in elections. You find that in cyber crime, it’s not just digital, but it’s a social element, effectively socially engineering people and seeing how powerful that can really be. Potentially it’s what we’ll see more of in the future, you can’t underestimate it, but GCHQ are on it.
How many attacks like this do you think GCHQ cover?
GCHQ uncover and stop hundreds if not thousands of cyber crimes from ever reaching our news outlets. The country could go into complete mayhem just knowing that an attack was stopped – it can cause fear and panic, and if then you get a change in behaviour, the attackers have still succeeded. So if you keep it away from people’s eyes, you keep them safe. So this is why they can’t talk about what they’re doing. They are the silent force.
What do you think people will make of the series?
I think it’s a really good way of showing the public what could happen and I think the outcome is people will become more vigilant and part of my job is to teach people to err on the side of caution, as that’s usually one of your biggest defences: question anything and everything.
The Undeclared War continues on Channel 4 on Thursdays at 9pm.
This content is created and maintained by a third party, and imported onto this page to help users provide their email addresses. You may be able to find more information about this and similar content at piano.io