World's first Weaponised Cyber-Attacks?
On September 17, 2024, a series of coordinated explosions linked to pagers used by people purported to be connected to Hezbollah occurred across Lebanon and parts of Syria. This incident, which resulted in at least 12 fatalities and over 3,000 injuries, has been attributed to a cyber attack orchestrated by Israeli intelligence services.
Hezbollah, a Lebanese militant group, had recently transitioned to using pagers following concerns about the security of mobile phone technology and cellular phone networks. This shift was intended to mitigate the risk of Israeli cyber infiltration and surveillance. Pagers have certain privacy advantages compared with cellular phones, since a one-way pager is a passive receiver only (it sends no information back to a base station), its location cannot be tracked. The pagers, identified as Gold Apollo AR-924 models, were imported into Lebanon earlier in the year³.
The Gold Apollo AR924 is an alphanumeric one-way pager in a taco form factor. According to a statement released by Gold Apollo, a Taiwanese firm associated with the brand, the pagers in question were manufactured by BAC Consulting KFT, (a European company located in the Hungarian capital of Budapest), who were authorised by the Taiwan firm to use the Gold Apollo brand on their products in a trade contract signed three years ago.
"Hungarian authorities have established that BAC is a trading-intermediary company, which has no manufacturing or other site of operation in Hungary,” government spokesman Zoltan Kovacs said on Facebook.
24 hours later (September 18th), in a second wave of attacks, two-way personal radios (walkie-talkies) and some other electronic equipment exploded across Lebanon resulting in a death toll of 20 people and over 500 additional wounded.
The walkie-talkies were reported to be Japanese made ICOM hand-held radios (model IC-V82) acquired by Hezbollah as emergency backup communication systems purchased at the same time as the pagers to be used in the event of war with Israel.
It is reported that over 5000 pagers were deliverd to Hezbollah and possibly as many two-way radios a few months ago. It remains to be seen what other devices have been booby-trapped and await some trigger signal to detonate over the coming days.
These small device cyber-attacks were planned and executed through a multi-stage process that included:
- Intelligence gathering, infiltration, planning: Knowledge of secret strategic decisions, buying patterns, supply chain networks of targets, points to infiltration, covert intelligence gathering and transmission, reactive planning, resourcing of bad-actor engineering teams, manufacturing and logistics; indicative of well-funded long term planning and resources normally associated with state sponsored actors.
- Insertion/Interception, Tampering or Reengineering: Shipments of electronic communications devices destined for targets could have been intercepted, somewhere in established logistics , supply chain, or temporary trading organisations established to deliver oportunistic order demands into the supply chain. Nonetheless, the devices delivered to targets in Lebanon included explosive components. This required careful engineering to ensure the replaced or manufactured replacement additional components were integrated without altering the external appearance or basic functionality of the pagers⁴.
- Remote Activation: By their nature pagers are designed to accommodate remote activation mechanisms, i.e test alerts, broadcast alerts for emergencies etc. This mechanism likely making use of secure communication channels, possibly utilising satellite in combination with existing radio frequency networks. The synchronization of the explosions across multiple locations indicates a high level of coordination and real-time control⁵.
- Cyber Exploitation: To ensure the success of the attack, cyber operatives would have needed to exploit vulnerabilities in the devices firmware, method of use or communication protocols. This could involve reverse engineering the device's hardware and software to understand its operation and identify points of vulnerability, re-engineering and deployment⁶.
Executing such an attack would have posed several technical challenges:
- Miniaturization of Explosives: Integrating explosive components into the compact form factor of a device requires detailed engineering knowledge of both electronics and explosive components. The explosive and triggering components had to be small enough to fit within the device form factor and of a nature to cause significant potential harm. In the case of handheld devices targeting individuals, where the device is kept on the body or in hand, allows for small amounts of explosive to case great harm.
- Secure Communication: The attackers needed to identify a reliable and secure method to remotely trigger the mechanism to cause detonation. This could have leveraged normal operational modes in conjunction with compromised firmware as well as enhanced message transmission via sattelite or other comm channels to increase the reach and lessen the potential of detection and interception.
- Synchronization: Coordinating the simultaneous detonation of thousands of pagers required precise timing mechanisms. This could have been achieved through a centralized control system capable of sending activation signals to all modified devices at the exact same moment. Simulcast systems often use satellite to distribute identical information to multiple transmitters and GPS at each transmitter to precisely time its modulation relative to other transmitters. The coverage overlap, combined with use of satellite communications, can make paging system alerts very precise and reliable.
The success of these cyber attacks highlights several critical implications for modern society and our general communications infrastrucutre and systems:
- Cyber-Physical Convergence: The attack demonstrates the increasing convergence of cyber and physical domains. Cyber attacks are no longer limited to data breaches, data-encryption or network disruptions; they can now encompas physical harm.
- Security of IoT Devices: The incident underscores the vulnerability of Internet of Things (IoT) devices, including seemingly innocuous items like pagers. As more devices become interconnected, the potential attack surface for cyber operatives expands.
- Asymmetric Warfare: This attack exemplifies the use of asymmetric tactics in modern conflicts. By leveraging cyber capabilities, state actors can achieve significant strategic advantages without engaging in traditional military confrontations.
The weaponising of pagers and other electronic devices represents a landmark event in the realm of cyber attack potential. The technical sophistication and strategic execution of the attacks underscore the evolving nature of potential vectors in the digital age. As cyber capabilities and new methods of modern conflicts continue to advance, the integration of cyber with physical tactics will likely become more prevalent, necessitating enhanced security measures and international cooperation to mitigate such threats across society in general.
Some References
(1) Hezbollah vows retaliation against Israel for deadly pager explosions across Lebanon. https://edition.cnn.com/world/live-news/lebanon-pagers-explode-hezbollah-israel-09-18-24-intl-hnk/index.html.
(2) What we know about the Hezbollah pager explosions. https://www.bbc.co.uk/news/articles/cz04m913m49o?at_link_type=web_link&at_ptr_name=facebook_page&at_link_origin=BBC_Radio_5_live&at_bbc_team=editorial&at_medium=social&at_link_id=B3D480E0-759B-11EF-B638-FCEEAF88DD1F&at_campaign=Social_Flow&at_format=link&at_campaign_type=owned.
(3) Two children among 12 killed by exploding pagers, as reports say Israel was behind attack. https://www.bbc.com/news/live/cwyl9048gx8t?page=4.
(4) Hezbollah vows retaliation against Israel for deadly pager explosions .... https://www.cnn.com/world/live-news/lebanon-pagers-attack-hezbollah/index.html.
(5) 2024 Lebanon pager explosions - Wikipedia. https://en.wikipedia.org/wiki/2024_Lebanon_pager_explosions.
(6) EXPLAINED | Cyber Attack on Hezbollah: Pagers Explode, Killing 9 in .... https://frontline.thehindu.com/news/lebanon-hezbollah-cyber-attack-pager-explosions-warfare-israel-gaza/article68654302.ece.
(7) https://www.timesofisrael.com/liveblog_entry/exploding-hezbollah-walkie-talkies-appear-to-have-been-made-in-japan/
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Forum SPONSORS
Invitations for Annual Sponsorship of IISF has now reopened.
(your logo & profile link here)
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more