Cyber Warfare goes Kinetic
Amusing memes and poetic justic aside, Hezbollah fighters just became the first fatal casualties in history from a cyber attack.
Exploding Pagers
Tuesday thousands of Hezbollah’s pagers exploded throughout Lebanon:
Various reports as of Tuesday night were claiming eleven or more Hezbollah fighters died from injuries sustained and 4,000 were injured from the remotely detonated devices in what may be the first fatal cyber attack in history.
As if that weren’t enough, reports were coming in Wednesday that walkie-talkies and even land line telephones may have been remotely detonated throughout the country as well, killing nine more and injuring another hundred. Additional reports of other explosions too:
The two phase delayed detonations seem timed to take advantage of an enemy emerging from the chaos of a massive surprise attack, rapidly changing to a perceived safer form of communication, only to have that one be attacked too. Truly masterful execution by the Israelis and extremely demoralizing for Hezbollah no doubt. What will Hezbollah have to fall back to next? Carrier pigeons?
As anyone not sleeping under a rock since October 7th is undoubtedly aware, Hezbollah has been working full time since October 8th to try and bait Israel into opening up a full scale second front in their war to exterminate Hamas. They have launched over 8000 rockets into Northern Israel displacing over 100,000 people from Northern Israel. You reap what you sew.
What is this- 1994? Why the heck is Hezbollah still using pagers?
Back when I was in college ~20 years ago, the joke was that pagers were only for doctors and drug dealers. With this as context, I was a bit surprised when I was issued one for my first job at Raytheon and told that unlike my cell phone, which couldn’t go to my desk, I could and should take my pager with me everywhere. The reason? As a one-way communication device it provided a leash to the outside world and more importantly was untrackable and completely impervious to easedropping by design. Additionally, it included an ability to receive short text messages via MMS messaging service. The simpler protocol and lower frequencies than cell phones (e.g. the AR924 pagers used by Hezbollah operate between 450-470 MHz) also make pagers better able to receive messages underground or in dense or remote environments vs cell phones.
Hezbollah obviously had this in mind when it realized several months into the war that it’s leadership was being targeted based on their cell phones and opted to go to a lower tech - but seemingly more secure- form of communication. From CNN:
“At the start of the year, Hezbollah leader Hassan Nasrallah called on members and their families in southern Lebanon, where fighting with Israeli forces across the border has raged, to dump their cellphones, believing Israel could track the movement of the Iran-backed terror network through those devices.
Shut it off, bury it, put it in an iron chest and lock it up,” he said in February. “The collaborator (with the Israelis) is the cell phone in your hands, and those of your wife and your children. This cell phone is the collaborator and the killer.”
With this in mind, Hezbollah placed a huge order for Taiwanese Gold Apollo AR924 pagers through a Hungarian based distributor, BAC Consulting. Interestingly enough, the pagers themselves were manufactured by BAC under license:
Reports from The Daily Wire indicate that the plot may have been executed prematurely because a couple Hezbollah operatives uncovered the plot and could have exposed it/neutralized it. However, the timing on this seems suspect given that Bibi had vowed revenge after a Hezbollah rocket landed in a soccer field filled with Druze children in late July which left 12 dead. It seems like the operation was executed as soon as it was fully in place and frankly, it was far too effective to have been a quickly executed as a “use it or lose it”.
What actually went down?
Various theories have emerged about how the Israelis were able to weaponize the pagers and turn them into explosives. One report pushed by The War Zone, was that the batteries may have been configured to short circuit upon command - triggering their lithium ion batteries into a runaway. This seems unlikely to me. For one, the original batteries would have to still be in the pagers and since pager batteries have to be swapped out every few weeks, this puts a limited shelf life on the operation.
Second, based in examples of battery overloads I’ve seen from Safire Group, a battery safety company I advise, it takes batteries quite a while to overheat and explode from a short circuit compared to the immediate pop seen in the videos; this method would likely cause a persistent fire which we aren’t seeing in the videos. Here’s some video below on how lithium battery fires work:
Another theory that has been put forward in the Arab media (below) and also The Daily Wire is that the Israelis injected an compound (PETN) into the batteries to make them turn into explosives. This also seems far fetched because PETN is rarely used as a primary explosive and it would lack a detonator required to ignite it.
Given that the manufacturing was done in Hungary through BAC rather than in Taiwan, it’s much more feasible that Israel could have intercepted the devices en route to Lebanon and added an explosive or inserted it into some PCB in the supply chain, which is frankly more impressive.
The simultaneity of the detonations would indicate a pre-installed detonator triggered by the same message broadcast to all pagers at once. The extent of the injuries (blown off fingers, serious flesh damage) are indicative of 1-2 grams of explosive with a directional charge. So it’s likely that a very small explosive device was wired onto one of the PCBs with the detonator ignited by receiving a particularly unique digital signal.
There was a lot more here to pull this off than meets the eye. There was the insertion of an electronic circuit with a detonator and a small amount to explosive somewhere upstream in the manufacturing process onto a specific order of thousands of devices, bypassing visual quality inspection, along with some software that allowed it to be activated when it received a page from a specific number or particular MMS message. This sat dormant for months waiting to go off, unnoticed. Then the next day they did it again with Push to Talk radios which would have been more difficult to detonate via a single unique transmission (unlike pagers) and possibly some other infrastructure as well. Wow. Talk about amazing execution.
Cyber Operations going kinetic
The Israelis are veteran cyber warriors and have been using cyber attacks and so-called information operations against their adversaries for decades now. The cyber operations group within the Israeli Defense Forces (IDF), known as Unit 8200, is considered amongst the best in the world. It’s alumni have gone on to found about $200 billion worth of software and cybersecurity companies, including Wiz, SentinelOne, and Palo Alto Networks.
Perhaps the most famous example of a cyber attack against infrastructure was done in concert with the United States Intelligence Community as part of the Operation Olympic Games back in 2010. In this operation, Israeli operatives inserted the Stuxnet computer worm into supervisory control and data acquisition (SCADA) infrastructure and programmable logic circuits (PLC) associated with gas centrifuges used by Iran for Uranium isotope separation in their Natanz nuclear facility. This was the first recorded instance of a cyber attack causing physical damage in the real world.
During Operation Orchard in 2007, which destroyed a suspected nuclear reactor at Al Kibar in Syria, it’s believed that the IDF used, signal injection into the Syrian Integrated Air Defense Systems (IADS) to track and shoot down enemy planes to electronically confuse or turn them off. The wireless nature of Russian built IADS command and control systems makes them particularly vulnerable to this type of attack, but it carries the disadvantage that you probably only get to use it once before the enemy changes something on you and you have to come up with a new set of signals and software to try it again.
Other examples from the Ukraine war and the Armenia/Azerbaijan conflict are mostly indirect attacks that disabled capabilities rather than caused direct physical damage. For instance, in 2022 on the day of the Russian invasion of Ukraine, thousands of Viasat modems throughout Europe went offline and their KA-SAT network was disabled. This was later attributed to the AcidRain wiper malware. What we are now seeing is direct kinetic attacks triggered by or in concert with cyber or electronic warfare techniques or payloads. Exciting stuff indeed!
Putting this altogether
From Operation Greif that captured Adolf Eichmann in Argentina in the 1960s, to the revenge campaign against Black September after the Munich Olympics massacre, to numerous operations to frustrate Iraqi, Syrian and Iranian nuclear ambitions, the Israelis, in particular Mossad and Shin Bet, have shown themselves to be far more cunning, patient and crazily competent than their adversaries. Don’t Screw with the Jews!
Second, we are in a new era in which software itself has become a deadly weapon and attacks on electronics or activation of devices embedded within supply chains by interception of unique signals can bring fatal and kinetic effects. Welcome to 21st century cyber and electronic warfare.
It doesn’t take much of an imagination to think about what other easter eggs might be lurking within our own supply chains, planted by our adversaries patiently waiting for the right moment to strike. Indeed we already have one example from 2018 where the Chinese successfully implanted spying chips into the servers of 30 US companies which shows just how vulnerable we are.
Observing the failures of others, this attack should give us new urgency in the need to secure our electronics sources and put more resources into efforts like the Trusted Foundry Program or the Blue-UAS program, which seek to ensure critical infrastructure is built with known good parts. The next attack like this may not be against terrorists that had it coming, but directed at us at an inopportune and vulnerable moment in a fight. We should prepare accordingly.
This is your best and most urgent post Sir. well done.