September 18 2024

Analysing the pager explosions in Lebanon: Implications and Hezbollah’s potential response

MDX expert explores the technical aspect of an alleged cyber attack using pagers in the ongoing war between Israel and Hezbollah

At least 12 people, including a child, were killed and nearly 3,000 were injured on Tuesday September 17th when handheld pagers used by members of the armed group Hezbollah exploded across Lebanon, according to the country’s health minister. Hezbollah has accused Israel of being behind the attack, although there have been no official comments on these allegations.

In this blog Dr Mahdi Aiash, an Associate Professor of Computer Science and Cyber Security at Middlesex University, will focus on analysing the technical aspects of the attack while avoiding political discussions. Dr Aiash will explore the role of pagers and the possible technical causes behind the explosions.

Why Use Pagers 

Despite being over 50 years old, pagers remain crucial in various sectors such as healthcare, defence, and security due to their unmatched reliability for secure communication. Pagers operate by receiving radio signals from either on-site or wide-area paging networks, providing superior coverage, especially in environments where thick walls and basements obstruct cellular signals. Modern paging systems have evolved from analogue to digital, utilizing satellite connections and IP protocols to enhance security and efficiency. Hezbollah fighters have used pagers as a low-tech communication method, believing they could evade Israeli location tracking. This choice was reportedly made in response to perceived infiltration of other communication channels by Israel.

What Might Have Happened

The available information suggests that a cyberattack might be behind the incident. Early social media reports speculated that the pager explosions could have been triggered by a digital hack, leading to battery overheating. The Lebanese Broadcast Corporation (LBCI) reported that a cyberattack might have compromised the pager server, installing a script that caused an overload, which likely resulted in the lithium batteries overheating and exploding.

Personal Views

In 2010, the U.S. and Israel developed Stuxnet, a destructive computer worm considered the first known cyber weapon. Stuxnet targeted Iran’s nuclear program, damaging nearly one-fifth of its nuclear centrifuges by infecting programmable logic controllers through a corrupted USB drive. This precedent may explain why some reports speculate that Israel could be behind a malware attack in this case.

Although this incident aligns with Israel’s known cyber warfare tactics, I personally lean toward another explanation: a supply-chain cyberattack. A supply-chain attack targets a trusted third-party vendor providing essential services, software, or hardware, compromising their systems. Recent examples, such as the SolarWinds attack—where hackers infiltrated widely used IT management software, compromising thousands of organizations worldwide—demonstrate the potential damage of such attacks. After reviewing reports and images of the exploded pagers, I believe the incident may involve compromised hardware and possibly even explosive materials. Faulty chipsets could have been deliberately modified to turn these devices into remote-controlled ‘time bombs’ similar to Improvised Explosive Device (IED) attacks. IEDs can range from small pipe bombs to sophisticated devices causing massive damage. Communication devices like mobile phones and pagers are common way to trigger an improvised explosive device (IED) because they can initiate the IED from a distance, making it difficult to locate the trigger person. The triggering mechanisms can include text messages, calls, or control signals that activate the device’s firing circuit.

Whether Israel is involved or not, the lithium-battery theory alone seems inadequate, and the possibility of hardware manipulation should not be dismissed. Supply-chain and IED attacks are becoming an increasing concern for many Western governments, especially given their use in deadly attacks such as the 2005 London bombings and the Madrid train bombings a year earlier.

New Updates

Recent updates confirm that the incident was a result of a supply-chain cyberattack. While initial reports speculated about a potential cyber breach causing the battery explosions, further investigation has revealed that a supply-chain attack targeted the internal components of the pagers. This type of attack involves deliberately compromising hardware or software from a third-party supplier to sabotage systems. In this case, it appears that faulty chipsets were modified to turn the pagers into remote-controlled explosive devices, similar to IEDs. This sophisticated operation involved tampering with hardware at the manufacturing level, highlighting the advanced capabilities behind the attack.

How Hezbollah Might Respond

Hezbollah, leveraging its significant technical resources, is likely to adapt its strategies in response to this incident. The group has a history of advanced cyber operations, such as during the 34-day Israel-Hezbollah War in 2006 when it launched sophisticated cyber-attacks against websites supporting Israel, including those in the US. More recently, in 2015, Hezbollah was linked to the ‘Volatile Cedar’ attack, which targeted Israel’s defence sector, demonstrating its significant cyber capabilities.

Hezbollah’s cyber expertise has been further enhanced by its ties to Iran, which has heavily invested in cybersecurity following the Stuxnet virus attack in 2010. This increased investment has positioned Iran, and by extension Hezbollah, as a significant cyber threat. In response to the supply-chain attack, Hezbollah may shift its communication methods to more secure technologies and potentially escalate its cyber operations. They might target Israeli infrastructure or engage in further cyber warfare, using their advanced capabilities to their advantage. Additionally, Hezbollah may enhance its own supply chain security to prevent future breaches and safeguard its operations.

Photo by Sara Calado on Unsplash showing Beirut, Lebanon.

Share this post

 

Tags: cyber attacks, cyber security, Lebanon, middle east, War in Gaza