Image source: Shutterstock
The attacks resulted from someone physically planting small explosives on pagers destined for Hezbollah members and triggering it with a message.
For those wondering if the deadly pager explosions in Lebanon this week signal a new frontier in cyberattacks, the answer for the moment appears to be a definite “no”.
Cybersecurity experts quoted by multiple media outlets appeared to be of the opinion that the explosions likely resulted from physical tampering with the devices somewhere in the supply chain by someone with a lot of information on where exactly those devices were headed.
Israel’s national intelligence agency Mossad has been tightlipped about the explosions which on Tuesday killed a reported nine people and injured some 2,700 others. The New York Times on Wednesday reported more explosions across Lebanon, including some suburbs of Beirut. Hezbollah itself has blamed Israel for the attacks. It is an assessment that almost everyone appears to agree with given the escalating geo-political tensions in the region and Israel’s record of pulling off similarly highly sophisticated and targeted attacks (think Stuxnet).
The highly targeted and coordinated nature of the attack had some initially wondering if whoever is behind it had found a cyber means to get the pagers to explode on command. However, Hezbollah officials speaking to the New York Times and other media outlets have described the explosions as resulting from Israeli agents planting a small amount of explosives–along with a switch—near the battery of pagers that were later shipped to Hezbollah members. The pagers exploded in coordinated fashion after receiving a message that appeared to come from Hezbollah leadership. Some have reported Hezbollah officials as saying the pagers beeped for several seconds and heated up rapidly before exploding.
The general consensus is that Israeli agents found a way to intercept devices specifically meant for Hezbollah members and implanted the explosive on them somewhere in the supply chain. Several outlets have identified the exploding pagers as devices from Taiwan-based Gold Apollo. But that company itself has said the affected devices appear to have been manufactured under license by another, Europe based manufacturer.
Here’s what cybersecurity experts have said on the incident so far:
“These pagers were likely modified in some way to cause these types of explosions — the size and strength of the explosion indicates it was not just the battery.” Mikko Hypponen, research specialist at WithSecure and a cybercrime adviser to Europol, in the New York Times.
“As information comes in about the exploding beepers in Lebanon, it seems now more likely than not to be implanted explosives, not a hack. Why? Too many consistent, very serious injuries. If it were overheated batteries exploding, you’d expect many more small fires & misfires.” Edward Snowden, former NSA intelligence contractor and whistleblower on X.
“If it were actually possible to hack a device over the air and make its battery explode with the kind of directional force we’re seeing in videos, @defcon #badgelife would have a VERY different appeal.” Jake Williams, cybersecurity researcher, IANS Faculty on X.
“We’ve never seen this tactic being used at this scale, but this does mean that this isn’t an attack that could affect all pagers. If correct, this would suggest a very high penetration of Hezbollah’s supply chain for those devices.” Michael Horowitz, head of intelligence at security and risk management consulting firm Le Beck International on explosions resulting the physical modification of the pagers, rather than a cyber-attack. CNN
“Perhaps one of the most extensive physical supply chain attacks in history,” Dimitri Alperovitch, co-founder, CrowdStrike on X.
“The only logical explanation is that explosives and a side channel for detonation was likely used.” Bogdan Botezatu, director of threat research and reporting, Bitdefender in Bankinfosecurity.com