The Undeclared War: How Accurate Are the Threats?

Jamie Akhtar, CEO and co-founder of CyberSmart, explores how accurate the cybersecurity threats are in Channel 4’s recent television series “The Undeclared War.” 

Hacking in popular media has been historically misrepresented. We’ve all seen a torrent of unintelligible code racing across a computer screen, an intense European techno, a tech geek in a grubby hoodie declaring: “I’m in.” NCIS, Jurassic Park, and Independence Day immediately spring to mind. 

This perhaps explains the excitement surrounding Channel 4’s new series, “The Undeclared War”. As cybersecurity knocks on the door of the mainstream, industry pros were understandably hoping for a more accurate representation of their world. For the most part, Peter Kominsky’s thriller delivers.

But before we dive into what the series gets right and wrong, it’s worth setting the scene a little. Set in 2024, the narrative revolves around Saara, a second-year university student embarking on an internship at GCHQ. On her very first day, disaster strikes as the country is hit by a cyberattack from an “as-yet unidentified source,” crippling 55% of internet provisions. The drama reaches a fever pitch as Saara finds a second, hidden virus inside the first, waiting to take down the remaining 45% and bring the UK to its knees. 

With that out of the way, let’s look at how accurate “The Undeclared War” is, from a cybersecurity perspective at least. 

See More: Stopping the Next Wave of Cyberattacks with Collective Defense

What the Show Gets Right

“The Undeclared War” gets a lot of things right. In fact, the premise of the series, an attack on UK infrastructure, is not only plausible but actually happens on a regular basis. Obviously, GCHQ tries to keep cyberattacks of this nature quiet, but it’s an open secret that they are thwarted fairly often. 

However, some of these attempts do make a real impact, trickling through to our newsfeeds. Perhaps the most famous example of this was the “Fancy Bear”Opens a new window attacks launched on the BBC during its coverage of the 2015 parliamentary election. In this case, the Kremlin-backed attack was thwarted by GCHQ, but other countries weren’t so fortunate. Russian hackers posing as ISIS succeeded in crashing 11 French TV stations and plastering their websites with jihadist propaganda. 

Another prominent example is the “GameOver Zeus”Opens a new window attacks on UK banking machines. According to the NCA, up to 15,000 computers in the UK had been infected with the virus, intending to steal personal and financial data. Again, this attempt was foiled by GCHQ. 

It’s also worth mentioning Russia’s (albeit underwhelming) cyber warfare campaign against Ukraine. On April 12th, Zhora, ESET, and Ukraine’s computer emergency response revealed in a series of statementsOpens a new window that Sandworm, an elite Russian hacking group, had unleashed an attack on Ukrainian infrastructure in an attempt to cause a blackout. The somewhat unimaginatively named “Industroyer2” was a new variant of the “Industroyer” malware that had greatly affected Ukraine’s power grid in 2016Opens a new window . 

So, we’ve established that the premise, at least, is realistic. But what about the techniques? What about the strategies?

In the show, GCHQ deploys reverse engineering techniques against the attack in an attempt to isolate the threat. This is a very real and useful weapon for mitigating the damage caused by cybercriminals. There’s no need to get into the nitty-gritty of the practice here, but reverse engineering essentially involves deconstructing an object, in this case, malware, to find out how it works. 

Remember earlier, when Saara found a second virus inside the first? This is an example of obfuscation. Hiding further nasties in junk is a sophisticated but common technique amongst cybercriminals. Obfuscation is done by changing the overall signature of malicious code to hide malware, even if it’s already a known threat. 

Trapdoor encryption is another real technique featured in the series. In episode two, it’s revealed that the hackers have deployed it in an attempt to thwart GCHQ’s countermeasures. Trapdoor encryption, also known as the trapdoor function, is regularly used in both attack and defense scenarios. This method is effective because it’s easily computed in one direction but difficult in the opposite direction without access to special information, known as the “trapdoor.” This makes decryption incredibly difficult. 

Going beyond attack and defense techniques, the impacts depicted in the show are, although as yet unrealized, realistic. In the wake of the attack, trains are canceled, flights grounded, and banks disrupted, all of which are legitimate potential consequences of a successful attack of this nature. An overwhelming majority of the UK’s infrastructure is controlled or administered digitally, meaning a cyberattack would bring the country to a grinding halt. 

What the Show Gets Wrong

Overall, “The Undeclared War” offers a commendable representation of hacking, cybercrime, and cybersecurity. The premise, techniques and impacts are all wholly accurate. However, a few things are a bit off the mark. 

The first inaccuracy comes in the pilot when Russian bots claim responsibility for the attack. In the real world, Russia is not usually in the business of holding its hand up and admitting its crimes. In fact, Russia is notorious for persistent denials and obfuscation before eventually claiming responsibility decades later. The list of Russia-linked cyber attacks is endless, from NotPetya in 2018Opens a new window to SolarWinds in 2020Opens a new window , to the attacks on UkraineOpens a new window just this year. The Russian state vehemently denies all accusations and rarely takes the blame voluntarily.  

Unfortunately, the character arc of our hero, Saara, is a touch far-fetched. However brilliant they may be, it’s unlikely that an intern would be sent to meet a Russian hacker, even if she did see through their obfuscation attempts. It does, however, make for a compelling story. 

These inaccuracies are, compared to the accuracies at least, a touch nit-picky. This is, after all, a TV show. Its primary aim is to entertain, not inform. The series would be worse off if the Russian bots didn’t claim responsibility for the attack and Saara never got to meet the hacker. 

From Reel to Reality

As far as we know, there are no techniques or strategies featured in “The Undeclared War” that aren’t accurate or used in real life. The premise itself is a genuine threat, and happens in cyberspace twenty-four hours a day, seven days a week. Viewers should take from this series a warning on the perils of escalation. The “cold war” currently being waged could very easily grow hot. 

What are your thoughts on The Undeclared War? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . 

Image Source: Shutterstock

MORE ON CYBERSECURITY THREATS 

• A Guide to Stopping Global Cyber Crime at the Local Level
• Why OT Environments Are Getting Attacked And What Organizations Can Do About It
• Four Essential Cybersecurity Services Every SMB Should Know
• Ransomware as a Service: Unravelling this Ecosystem