A Turkish script that could have been written in Hollywood but wasn’t

By Claude Salhani

It reads like the plot of a James Bond or a “Mission Impossible” movie where the bad guys manage to break into a NATO government’s super-secret sensitive website and are able to hack it and obtain all the classified documents. Except that this is not a made-in-Hollywood script. This is a very real modern-day espionage plot with the Turkish government as the scheming bad guys.

Western intelligence agencies say they have irrefutable proof that Ankara was responsible for the hacking of sweeping cyberattacks that targeted governments and organisations in Europe and the Middle East.

At least 30 entities, among them government ministries, embassies and security services as well as private companies and other groups, were targeted by the hackers, according to British and US intelligence officials.

The attacks included intercepting internet traffic of the targets’ websites, potentially enabling the hackers to obtain illicit access to the websites of government bodies and other organisations. The target of those attacks included the Cypriot and Greek governments’ e-mail services, as well as that of the Iraqi government’s national security adviser.

According to two British officials and one US official who spoke to the media, the activity bears the hallmarks of a state-backed cyber-espionage operation conducted to advance Turkish interests.

A Reuters report said the conclusions regarding Turkish involvement were based on 1) the identities and location of the intended targets, which included governments of countries that are geopolitically significant to Turkey; 2) similarities to previous attacks that they say used infrastructure registered from Turkey; and 3) information contained in confidential intelligence assessments that the official Western sources refused to detail.

The officials said it was not clear which specific individuals or organisations were responsible but that they believed the attacks were linked because they all used the same servers or other infrastructure.

The Turkish Ministry of the Interior declined to comment and a senior government official did not respond directly to questions about the attack campaign, saying only that Turkey was itself frequently a victim of cyberattacks.

Granted, Turkey could very well have been hacked; however, this does not exonerate it from being the prime suspect in the recent attacks on the aforementioned countries. The question now is what can the countries concerned do about it?

In many countries hacking will get you arrested should you be caught going into a computer that is not yours. Yes, targeted countries can complain to the United Nations or present a solid case for Interpol to pursue. However, in this particular case, where the hackers were allegedly acting for a government, there are few risks for hackers.

The governments in both Pyongyang and Tehran encourage and even sponsor cyberattacks against the West. In the event of a major confrontation with the United States, its enemies will try to hack important web servers critical to the functioning of the country. On a small scale, think of the havoc that would ensue if bank accounts were to become inaccessible overnight. You go to the ATM one morning and you are unable to withdraw any funds. You go to the gas station and are unable to pump gas into your car because the computer that connects the gas stations to the banks is no longer operable due to a bug that was planted a short while earlier. Think of the whole country’s electricity grid down and out.

Think of all the things we do on a daily basis that are achieved thanks to the internet and think what would happen should suddenly these services become impossible to access. It does not require much to turn this nightmare scenario into reality, even if hackers were to succeed for a very limited time span.

But not all is gloom and doom. Just as there are bad guys toiling away to destroy our way of life, there are also good guys working to make sure this never happens. In cybercrime, as in conventional terrorism, the terrorist needs only to be lucky once, whereas those fighting to prevent terrorists from achieving their ugly deeds must be lucky every time.

We have learnt too many times in this modern era that “friends” do spy on “friends.”

But Turkey seems to have pushed “friendship” (and spying) a bit too far. State-sponsored hacking is more than just snooping. It is an act of organised assault that no civilised nation should tolerate. It would be disturbing if Ankara, a full-fledged member of NATO, had decided to join the ranks of rogue states such as Iran and North Korea.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s