A police officer examines a damaged car after thousands of pagers exploded simultaneously across Lebanon on Sept. 17, 2024. AP Photo/Hussein Malla
THE CONVERSATION
Published: September 18, 2024
Electronic pagers across Lebanon exploded simultaneously on Sept. 17, 2024, killing 12 and wounding more than 2,700. The following day, another wave of explosions in the country came from detonating walkie-talkies. The attacks appeared to target members of the militant group Hezbollah.
The pagers attack involved explosives planted in the communications devices by Israeli operatives, according to U.S. officials cited by The New York Times. Hezbollah had recently ordered a shipment of pagers, according to the report.
Secretly attacking the supply chain is not a new technique in intelligence and military operations. For example, the U.S. National Security Agency intercepted computer hardware bound for overseas customers, inserted malware or other surveillance tools and then repackaged them for delivery to certain foreign buyers, a 2010 NSA internal document showed. This differs from accessing a specific person’s device, such as when Israel’s Shin Bet secretly inserted explosives into a cellphone to remotely kill a Hamas bombmaker in 1996.
Hezbollah, a longtime adversary of Israel, had increased its use of pagers in the wake of the Hamas attack on Israel on Oct. 7, 2023. By shifting to relatively low-tech communication devices, including pagers and walkie-talkies, Hezbollah apparently sought an advantage against Israel’s well-known sophistication in tracking targets through their phones.
Published: September 18, 2024
Electronic pagers across Lebanon exploded simultaneously on Sept. 17, 2024, killing 12 and wounding more than 2,700. The following day, another wave of explosions in the country came from detonating walkie-talkies. The attacks appeared to target members of the militant group Hezbollah.
The pagers attack involved explosives planted in the communications devices by Israeli operatives, according to U.S. officials cited by The New York Times. Hezbollah had recently ordered a shipment of pagers, according to the report.
Secretly attacking the supply chain is not a new technique in intelligence and military operations. For example, the U.S. National Security Agency intercepted computer hardware bound for overseas customers, inserted malware or other surveillance tools and then repackaged them for delivery to certain foreign buyers, a 2010 NSA internal document showed. This differs from accessing a specific person’s device, such as when Israel’s Shin Bet secretly inserted explosives into a cellphone to remotely kill a Hamas bombmaker in 1996.
Hezbollah, a longtime adversary of Israel, had increased its use of pagers in the wake of the Hamas attack on Israel on Oct. 7, 2023. By shifting to relatively low-tech communication devices, including pagers and walkie-talkies, Hezbollah apparently sought an advantage against Israel’s well-known sophistication in tracking targets through their phones.
The second wave of explosions in Lebanon involved walkie-talkies. AP Photo
Cellphones: The ultimate tracker
As a former cybersecurity professional and current security researcher, I view cellular devices as the ultimate tracking tool for both government and commercial entities – in addition to users, criminals and the mobile phone provider itself. As a result, mobile phone tracking has contributed to the fight against terrorism, located missing people and helped solve crimes.
Conversely, mobile phone tracking makes it easy for anyone to record a person’s most intimate movements. This can be done for legitimate purposes such as parents tracking children’s movements, helping you find your car in a parking lot, and commercial advertising, or nefarious ends such as remotely spying on a lover suspected of cheating or tracking political activists and journalists. Even the U.S. military remains concerned with how its soldiers might be tracked by their phones.
Mobile device tracking is conducted in several ways. First, there is the network location data generated by the phone as it moves past local cell towers or Stingray devices, which law enforcement agencies use to mimic cell towers. Then there are the features built into the phone’s operating system or enabled by downloaded apps that may lead to highly detailed user tracking, which users unwittingly agree to by ignoring the software’s privacy policy or terms of service.
This collected data is sometimes sold to governments or other companies for additional data mining and user profiling. And modern smartphones also have built-in Bluetooth, Wi-Fi and GPS capabilities that can help with locating and tracking user movements around the world, both from the ground and via satellites.
As a former cybersecurity professional and current security researcher, I view cellular devices as the ultimate tracking tool for both government and commercial entities – in addition to users, criminals and the mobile phone provider itself. As a result, mobile phone tracking has contributed to the fight against terrorism, located missing people and helped solve crimes.
Conversely, mobile phone tracking makes it easy for anyone to record a person’s most intimate movements. This can be done for legitimate purposes such as parents tracking children’s movements, helping you find your car in a parking lot, and commercial advertising, or nefarious ends such as remotely spying on a lover suspected of cheating or tracking political activists and journalists. Even the U.S. military remains concerned with how its soldiers might be tracked by their phones.
Mobile device tracking is conducted in several ways. First, there is the network location data generated by the phone as it moves past local cell towers or Stingray devices, which law enforcement agencies use to mimic cell towers. Then there are the features built into the phone’s operating system or enabled by downloaded apps that may lead to highly detailed user tracking, which users unwittingly agree to by ignoring the software’s privacy policy or terms of service.
This collected data is sometimes sold to governments or other companies for additional data mining and user profiling. And modern smartphones also have built-in Bluetooth, Wi-Fi and GPS capabilities that can help with locating and tracking user movements around the world, both from the ground and via satellites.
Your phone contains many sensors that make it useful – and easy to track.
Mobile devices can be tracked in real time or close to it. Common technical methods include traditional radio direction-finding techniques, using intelligence satellites or drones, deploying “man in the middle” tools like Stingrays to impersonate cellular towers to intercept and isolate device traffic, or installing malware such as Pegasus, made by Israeli cyberarms company NSO to report a device’s location.
Nontechnical and slower techniques of user tracking include potentially identifying general user locations from their internet activity. This can be done from website logs or the metadata contained in content posted to social media, or contracting with data brokers to receive any collected location data from the apps that a user might install on their device.
Indeed, because of these vulnerabilities, the leader of Hezbollah earlier this year advised his members to avoid using cellular phones in their activities, noting that Israel’s “surveillance devices are in your pockets. If you are looking for the Israeli agent, look at the phone in your hands and those of your wives and children.”
Researchers have shown how these features, often intended for the user’s convenience, can be used by governments, companies and criminals to track people in their daily lives and even predict movements. Many people still aren’t aware of how much their mobile devices disclose about them.
Pagers, however, unlike mobile phones, can be harder to track depending on whether they support two-way communication.
Why go low-tech
A pager that only receives messages does not provide a signal that can facilitate tracking its owner. Therefore, Hezbollah’s use of pagers likely made it more challenging to track their operatives – thus motivating Israeli intelligence services’ purported attack on the supply chain of Hezbollah’s pagers.
Using low-tech tactics and personal couriers while avoiding the use of mobile phones and digital tools also made it difficult for the technologically superior Western intelligence agencies to locate Osama bin Laden for years after the 9/11 attacks.
In general, I believe the adversary in an asymmetric conflict using low-tech techniques, tactics and technology will almost always be able to operate successfully against a more powerful and well-funded opponent.
A well-documented demonstration of this asymmetry in action was the U.S. military’s Millennium Challenge war game in 2002. Among other things, the insurgent Red forces, led by Marine General Paul van Riper, used low-tech tactics including motorcycle couriers instead of cellphones to evade the Blue forces’ high-tech surveillance. In the initial run of the exercise, the Red team won the contest in 24 hours, forcing exercise planners to controversially reset and update the scenario to ensure a Blue team victory.
Lessons for everyone
The preference for terrorist organizations like Hezbollah and al-Qaida to avoid using smartphones is a reminder for everyone that you can be, and likely are being tracked in various ways and for various purposes.
Israel’s purported response to Hezbollah’s actions also holds a lesson for everyone. From a cybersecurity perspective, it shows that any device in your life can be tampered with by an adversary at points along the supply chain – long before you even receive it.
Author
Richard Forno
Principal Lecturer in Computer Science and Electrical Engineering, University of Maryland, Baltimore County
Disclosure statement
Richard Forno has received research funding related to cybersecurity from the National Science Foundation (NSF), the Department of Defense (DOD), and the US Army during his academic career.
Principal Lecturer in Computer Science and Electrical Engineering, University of Maryland, Baltimore County
Disclosure statement
Richard Forno has received research funding related to cybersecurity from the National Science Foundation (NSF), the Department of Defense (DOD), and the US Army during his academic career.
Did Israel work with US to booby-trap Lebanon's pagers, walkie-talkies?
Lebanon opens probe into explosions to determine the cause, officials say, but they blame Israel.
Reuters
The explosives, reportedly weighing between one and two ounces, were discreetly placed next to each device’s battery. / Photo: Reuters
First, pagers. Later, walkie-talkies.
A series of explosions on Tuesday and Wednesday rocked Lebanon, killing at least 26 people and wounding over 3,000, according to security and health officials.
A preliminary investigation into the Tuesday explosions found that hundreds of pagers had been booby-trapped, a security official said. While the probe is still “in its early stages,” a judicial official said, security services continue to investigate the blasts, which they blamed on Israel.
According to The New York Times, Israel conducted a covert operation targeting Hezbollah by concealing explosive material in Taiwanese-made pagers imported into Lebanon.
The operation, revealed by American and other officials familiar with the details, involved tampering with pagers ordered by Hezbollah from Gold Apollo, a Taiwanese company.
Officials, who spoke on the condition of anonymity, told the Times that most of the pagers in the shipment were the AR-924 model, though three other models from Gold Apollo were also included.
The explosives, reportedly weighing between one and two ounces, were discreetly placed next to each device’s battery. A remote trigger mechanism was embedded within the pagers, allowing the explosives to be detonated from a distance.
Likely sabotage
At 1230 GMT in Lebanon, the pagers received a message that appeared to come from Hezbollah’s leadership, but in reality, it activated the embedded explosives, according to two of the officials. The pagers reportedly beeped for several seconds before detonating.
"Data indicates the devices were pre-programmed to detonate and contained explosive materials planted next to the battery," a Lebanese official said.
The official added that the investigation is focusing on identifying the type of explosive materials used in the devices and tracing the shipment’s “country of origin and where they were booby-trapped.”
Some of the devices that exploded were being inspected, the security official said, but "most of them were destroyed and burned."
The official also noted it was unlikely that lithium batteries inside the devices had heated up and exploded. "Exploding lithium batteries cause a fire-like incident... that may cause minor burns, but the blast from these devices resulted from highly explosive materials," he said.
A source close to Hezbollah, speaking on condition of anonymity, said "the pagers that exploded concern a shipment recently imported by Hezbollah", which appeared to have been "sabotaged at the source".
Israel-US link
Israeli media has revealed what it described as "coordination" between Israel and the US on the explosions of wireless communication devices used by Hezbollah and medics in Lebanon, despite earlier denials from Washington.
Explosions of thousands of pager and Icom wireless devices in several areas of Lebanon on Tuesday and Wednesday resulted in the deaths of at least 26 people and injuries to more than 3,250.
According to KAN, the official Israeli broadcasting channel, there was coordination between Israel and the US concerning the explosions that rocked Lebanon.
The broadcaster reported that Israeli Defence Minister Yoav Gallant had two telephone conversations with US Defense Secretary Lloyd Austin in the last 24 hours.
"The first call between Gallant and Austin took place on Tuesday, just minutes before the first wave of pager device explosions in Lebanon," said KAN. "The second call occurred before the second wave of explosions."
The US, however, has denied involvement in the explosions.
State-led espionage
The precise timeline of when the pagers were ordered and when they arrived in Lebanon remains unclear.
While Israel has yet to confirm or deny involvement in the pager explosions, it has a history of cross-border attacks — whether cyber in nature or sabotage.
One of the most prominent examples is Israel’s use of Pegasus spyware, developed by the NSO Group. The Pegasus Project, a collaborative investigation by multiple news organisations, revealed that the spyware has been used globally to hack into the phones of activists, journalists, and political leaders.
Despite the company’s claims that the software was designed for counter-terrorism purposes, investigations showed its use in surveillance across 11 countries, including Saudi Arabia, India, Mexico, and against Palestinians in the occupied West Bank.
Additionally, the Stuxnet worm, a sophisticated malware, sabotaged Iran’s uranium enrichment program, significantly hindering its nuclear ambitions. This attack is often regarded as the first known use of a cyber weapon to cause physical destruction.
These are just a few publicly known examples that demonstrate how Israel’s advanced cyber capabilities have played key roles in state-led espionage, surveillance and sabotage, affecting countries worldwide.
Kill switch: How Israel managed to explode devices in attack on Hezbollah
Experts discuss the possible ways Israeli operatives could have intercepted the devices en route to Lebanon and booby-trapped them for the shock attacks.
Murat Sofuoglu
Experts discuss the possible ways Israeli operatives could have intercepted the devices en route to Lebanon and booby-trapped them for the shock attacks.
Murat Sofuoglu
SOURCE: TRT World
September 18, 2024
People gather outside the American University hospital after the arrival of several men who were wounded by exploded handheld pagers, in Beirut, Lebanon.
An unprecedented strike on Hezbollah that saw hundreds of paging devices used by the Lebanon-based armed group exploding and killing at least 12 people has set the cat among the pigeons over the alleged involvement of Israel in the apparent cyber attack.
At least two of those killed are children, while the number of injured is estimated to be around 2,800, Lebanon's Health Minister Firass Abiad said on Wednesday.
Barely a few hours later, hundreds of walkie-talkies began exploding across Lebanon, killing at least 20 people and injuring 450 more people according to Lebanese authorities.
Though there is no official word from Israel on the two incidents, in line with its policy of total silence on such controversial events, Hezbollah has squarely blamed Tel Aviv for the attack on its cadres.
An Israeli news website claimed that Prime Minister Benjamin Netanyahu approved the kill.
Western media analysts have used words like “incredible”, “extraordinary”, and “never been anything like this” to describe what happened in Lebanon but refrained from discussing Israel’s involvement or the inherent message in the attack, not only to Tel Aviv’s archenemy Hezbollah but also to other opponents.
Experts, however, point to the fact that many top tech companies are run by former employees of Israel’s notorious 8200 cyber unit and feel that the pager attack might be a chilling message that Tel Aviv is breathing down the neck of those with anti-Zionist views.
Israel has a long history of targeting its opponents through remote operations, ranging from intricate cyberattacks to remote-controlled machine guns targeting leaders in drive-by shootings.
Interception theory
Dr Alper Ozbilen, an academic of electronic engineering and the chairman of InterProbe Information Technology, an Ankara-based company specialising in cyber security, has different theories to explain how Israel might have simultaneously launched the attack, which “contains many firsts in its context”.
“Among different possibilities, I believe the most probable theory is that an intelligence unit, which is most likely part of the Israeli state, had received an espionage input on a shipment of pagers routed to Lebanon for Hezbollah members,” Ozbilen tells TRT World.
“Israelis apparently wanted to turn this espionage input into an opportunity to manipulate these devices.”
Onur Aktas, the former head of the Turkish National Cyber Security Center and founder of the cyber security company S4E, concurs.
“This seems to be a supply chain attack,” Aktas tells TRT World, referring to possible Israeli interception of the shipment to Hezbollah.
According to media reports, the compromised pagers were made by Gold Apollo, a Taiwanese company. Taiwan has not been largely recognised as a state across the globe.
Hsu Ching-kuang, chairman of Gold Apollo, talks about the Taiwan company's communication products at the headquarters in New Taipei City, Taiwan Sept. 18, 2024. Photo: Johnson Lai
The company’s founder and chairperson, Hsu Ching-kuang, however, denied that the AR-924 model pagers were made in Taiwan, claiming that they were designed and made by a Budapest-based distributor called BAC Consulting KFT.
If the pagers came from Hungary, they were shipped through numerous ports in different countries along the Mediterranean coast and kept in different depots until reaching their final destination in Lebanon.
Both Ozbilen and Aktas say that Israeli operatives might have intervened in this transportation process to place explosive devices inside the pagers.
According to Ozbilen, Israelis most likely placed a very small amount of RDX and C4 explosives inside these devices.
“Then, possibly, the tasked unit set up a detonating mechanism inside these devices that could explode when triggered by a central system,” he adds.
In some sense, the mode of attack on the pagers is similar to the 1996 explosion of a booby-trapped mobile phone used by Yahya Ayyash, Hamas’s then-chief bombmaker and the leader of the Qassam Brigades’s West Bank branch, according to Ozbilen. Ayyash was killed in Gaza.
AP Archive
A Palestinian boy holds up posters of Yahya Ayyash at a memorial rally for the Hamas master bomb-maker January 9. Ayyash, also known as The Engineer and who had been hiding from Israeli forces, was killed when a booby-trapped cellular phone exploded in his Gaza hideout.
Since losing some leading members due to mobile phone tracking and explosions, both Hamas and Hezbollah stopped using smartphones and turned to older technologies like pagers, which do not allow pinpointing their exact location, says Ozbilen.
“But they were still hunted by Israel,” he adds.
Ozbilen does not also rule out the possibility of placing not only a software-activated bomb device with a battery inside the pagers, but also a virtual private server (VPS) and pinpoint location finder.
Aktas also says that “no one really knows what was inside these devices”.
“There could even be cameras inside”, and Israeli operatives might have used these to track Hezbollah fighters.
Such remote attacks usually involve what is known as the ‘kill switch’ – a pre-installed mechanism that allows switching off or remote detonation of multiple devices.
TRT World
Hezbollah had brought in the pagers just months ago. A relatively outdated technology, the pager device is more secure than cellular phones, which can be easily tracked.
Exploding battery theory
Another possible explanation for the beeper attack is a battery explosion theory, according to both Ozbilen and Aktas.
“Israelis might have heated up the batteries of the pagers using a software to trigger the explosions,” Aktas tells TRT World.
“But the batteries of the pagers are too small, which can not really lead to the size of explosions we have seen in different video records,” he adds.
According to a Hezbollah official, some Lebanese users said that their pagers heated up and as a result, they disposed of the devices prior to their explosions.
Both Aktas and Ozbilen are unsure about the feasibility of such a scenario.
“...When I checked the videos of the explosions…I came to the conclusion that the size of these batteries can not produce such big bursts,” says Aktas.
They, however, agree that the attacks are unprecedented in scale, intended to “corner people in a psychological deadlock”, according to Ozliben.
“This is an attack that intimidates not only the people it [Israel] fights on the ground but also its critics and activists who oppose Israel's actions in the international arena.”
Aktas also sees a similar message.
“If Israel can do this to the pagers, people around the world might start wondering what Israel can do to their trains, planes, phones and cars,” he adds.
Murat Sofuoglu is a staff writer at TRT World.
People gather outside the American University hospital after the arrival of several men who were wounded by exploded handheld pagers, in Beirut, Lebanon.
An unprecedented strike on Hezbollah that saw hundreds of paging devices used by the Lebanon-based armed group exploding and killing at least 12 people has set the cat among the pigeons over the alleged involvement of Israel in the apparent cyber attack.
At least two of those killed are children, while the number of injured is estimated to be around 2,800, Lebanon's Health Minister Firass Abiad said on Wednesday.
Barely a few hours later, hundreds of walkie-talkies began exploding across Lebanon, killing at least 20 people and injuring 450 more people according to Lebanese authorities.
Though there is no official word from Israel on the two incidents, in line with its policy of total silence on such controversial events, Hezbollah has squarely blamed Tel Aviv for the attack on its cadres.
An Israeli news website claimed that Prime Minister Benjamin Netanyahu approved the kill.
Western media analysts have used words like “incredible”, “extraordinary”, and “never been anything like this” to describe what happened in Lebanon but refrained from discussing Israel’s involvement or the inherent message in the attack, not only to Tel Aviv’s archenemy Hezbollah but also to other opponents.
Experts, however, point to the fact that many top tech companies are run by former employees of Israel’s notorious 8200 cyber unit and feel that the pager attack might be a chilling message that Tel Aviv is breathing down the neck of those with anti-Zionist views.
Israel has a long history of targeting its opponents through remote operations, ranging from intricate cyberattacks to remote-controlled machine guns targeting leaders in drive-by shootings.
Interception theory
Dr Alper Ozbilen, an academic of electronic engineering and the chairman of InterProbe Information Technology, an Ankara-based company specialising in cyber security, has different theories to explain how Israel might have simultaneously launched the attack, which “contains many firsts in its context”.
“Among different possibilities, I believe the most probable theory is that an intelligence unit, which is most likely part of the Israeli state, had received an espionage input on a shipment of pagers routed to Lebanon for Hezbollah members,” Ozbilen tells TRT World.
“Israelis apparently wanted to turn this espionage input into an opportunity to manipulate these devices.”
Onur Aktas, the former head of the Turkish National Cyber Security Center and founder of the cyber security company S4E, concurs.
“This seems to be a supply chain attack,” Aktas tells TRT World, referring to possible Israeli interception of the shipment to Hezbollah.
According to media reports, the compromised pagers were made by Gold Apollo, a Taiwanese company. Taiwan has not been largely recognised as a state across the globe.
Hsu Ching-kuang, chairman of Gold Apollo, talks about the Taiwan company's communication products at the headquarters in New Taipei City, Taiwan Sept. 18, 2024. Photo: Johnson Lai
The company’s founder and chairperson, Hsu Ching-kuang, however, denied that the AR-924 model pagers were made in Taiwan, claiming that they were designed and made by a Budapest-based distributor called BAC Consulting KFT.
If the pagers came from Hungary, they were shipped through numerous ports in different countries along the Mediterranean coast and kept in different depots until reaching their final destination in Lebanon.
Both Ozbilen and Aktas say that Israeli operatives might have intervened in this transportation process to place explosive devices inside the pagers.
According to Ozbilen, Israelis most likely placed a very small amount of RDX and C4 explosives inside these devices.
“Then, possibly, the tasked unit set up a detonating mechanism inside these devices that could explode when triggered by a central system,” he adds.
In some sense, the mode of attack on the pagers is similar to the 1996 explosion of a booby-trapped mobile phone used by Yahya Ayyash, Hamas’s then-chief bombmaker and the leader of the Qassam Brigades’s West Bank branch, according to Ozbilen. Ayyash was killed in Gaza.
AP Archive
A Palestinian boy holds up posters of Yahya Ayyash at a memorial rally for the Hamas master bomb-maker January 9. Ayyash, also known as The Engineer and who had been hiding from Israeli forces, was killed when a booby-trapped cellular phone exploded in his Gaza hideout.
Since losing some leading members due to mobile phone tracking and explosions, both Hamas and Hezbollah stopped using smartphones and turned to older technologies like pagers, which do not allow pinpointing their exact location, says Ozbilen.
“But they were still hunted by Israel,” he adds.
Ozbilen does not also rule out the possibility of placing not only a software-activated bomb device with a battery inside the pagers, but also a virtual private server (VPS) and pinpoint location finder.
Aktas also says that “no one really knows what was inside these devices”.
“There could even be cameras inside”, and Israeli operatives might have used these to track Hezbollah fighters.
Such remote attacks usually involve what is known as the ‘kill switch’ – a pre-installed mechanism that allows switching off or remote detonation of multiple devices.
TRT World
Hezbollah had brought in the pagers just months ago. A relatively outdated technology, the pager device is more secure than cellular phones, which can be easily tracked.
Exploding battery theory
Another possible explanation for the beeper attack is a battery explosion theory, according to both Ozbilen and Aktas.
“Israelis might have heated up the batteries of the pagers using a software to trigger the explosions,” Aktas tells TRT World.
“But the batteries of the pagers are too small, which can not really lead to the size of explosions we have seen in different video records,” he adds.
According to a Hezbollah official, some Lebanese users said that their pagers heated up and as a result, they disposed of the devices prior to their explosions.
Both Aktas and Ozbilen are unsure about the feasibility of such a scenario.
“...When I checked the videos of the explosions…I came to the conclusion that the size of these batteries can not produce such big bursts,” says Aktas.
They, however, agree that the attacks are unprecedented in scale, intended to “corner people in a psychological deadlock”, according to Ozliben.
“This is an attack that intimidates not only the people it [Israel] fights on the ground but also its critics and activists who oppose Israel's actions in the international arena.”
Aktas also sees a similar message.
“If Israel can do this to the pagers, people around the world might start wondering what Israel can do to their trains, planes, phones and cars,” he adds.
Murat Sofuoglu is a staff writer at TRT World.
No comments:
Post a Comment