Is news that Britain’s new Queen Elizabeth aircraft carrier runs outdated computer software in fact a social engineering exercise by the Secret Intelligence Service?
Media sites across the web carried the news yesterday that the £3.5 billion vessel, fresh out of dock for sea trials, apparently relies on Microsoft’s 16-year-old XP operating system.
Measuring 280 metres long and 70 metres wide, the ship can carry 36 state of the art F-35B fighter jets, and hosts modern military technology. Yet reporters from both the Times and the Guardian newspapers who were invited onboard claimed yesterday to have seen a Windows XP machine employed in the ship’s control room.
The Ministry of Defence does not deny this:
27 June 2017
The Ministry of Defence told WIRED that it doesn’t comment on the “specific systems” its ships use but says it has “absolute confidence in the security we have in place” for the HMS Queen Elizabeth. The MoD has, however, previously commented on reports the ship is using XP.
So exactly why did these stories emerge about the Queen Elizabeth running an obsolete computer program?
Here are sketches of my thoughts:
- Making it known that an outdated operating system is in use can only tempt hackers and cyber criminals.
- Windows XP users across the world, whether private citizens or public bodies, are still being targeted by the WannaCry ransomeware attack. WannaCry has proven to be one of the largest and most successful cyber attacks of all time, hitting significant commercial and infrastructure projects as well as government interests in many countries.
- The UK government pledged last November to spend £1.9 billion on cyber defence.
- The Queen Elizabeth story is basic #101 social engineering (deception) initiated by the Secret Intelligence Service. They want it to get out, in as convincing a way as possible, that the nation’s defence has vulnerabilities and that the Queen Elizabeth is a plum target. (The media is playing along nicely!)
- There will be exploitable back doors to the ship’s XP system. They will be designed to be realistic but will be sand-boxed (i.e., appear live and functioning but ultimately remain isolated behind firewalls, unable to cause real harm).
- Most importantly, this honey trap will attract existing and new enemies. The spooks will then try to figure what harm is out there, perhaps identify some of the clumsy ones, and learn from how they choose to operate.
Naturally, the Secret Intelligence Service will not tell me if I’m close to target in my analysis. But I do ask “the Organisation” to offer me a reasonably well-paid intelligence job in the event I’m right.