Hezbollah’s exploding pagers: What does it mean for offensive cyber operations?

The sabotaging of Hezbollah’s communication devices and the targeting of civilians has carried the consequences of cyber warfare to the physical realm

On 17 September 2024, in an unprecedented development, thousands of pagers reportedly belonging to the members of the Hezbollah cadres exploded across Lebanon. The explosions, which appeared to be large-scale, coordinated attacks, killed more than 40 people and injured thousands. A day later, in the apparent second wave of attacks, walkie-talkies exploded in Hezbollah strongholds in eastern and southern parts of the Lebanese capital, Beirut. Both Hezbollah and Lebanon blamed Israel. These attacks mark a new phase of hostilities in the latest round of conflict in West Asia. However, it also opens a new chapter in electronic sabotage and offensive cyber operations.

Initial reports suggested that Israeli intelligence agencies may have rigged the pagers at the production level by planting a small amount of explosive material in the device model that Hezbollah ordered from a Taiwanese company, Gold Apollo. Other reports suggested that the devices were produced by a Hungarian firm, BAC, through a licensing deal with Gold Apollo. The explosives were then reportedly activated through a code or an error message.

In the apparent second wave of attacks, walkie-talkies exploded in Hezbollah strongholds in eastern and southern parts of the Lebanese capital, Beirut.

In warfare, states have eternally looked for new ways to surprise their adversaries with spectacular tactics on and off the battlefield. Even then, the hacking and rigging of Hezbollah’s communication devices shows once again the deep reach of Israeli security and intelligence agencies. The symbolic message is that despite the intelligence failure of the October 7 Hamas raid last year, Israel retains its capability to target its adversaries the way it wants and at the time that it chooses to.

Israel’s use of cyber and other advanced tech

In the preceding decades, Israel has often upped the ante against its adversaries by engaging in unconventional tactics and advanced technology.

First, in 2010, Israel and the US deployed Stuxnet malware against Iran’s nuclear programme. The virus caused such damage that, according to the International Atomic Energy Agency, between 2009 and early 2010, Iran was forced to replace approximately 1,000 centrifuges at Natanz due to damage caused by Stuxnet, dealing a severe blow to its nuclear ambitions. This showed the acute physical impact of cyber weapons for the first time. Then came the Israel Defense Forces’ bombing of the Hamas’ technology division in the Gaza Strip in May 2019 to thwart a potential cyberattack. The Israeli response set a precedent by being the first instance of a military countering a cyberattack in real time amidst a conflict situation.

In addition, Israel has been blamed for running a decades-long covert campaign to target Iran’s scientists spearheading the nation’s quest for atomic weapons and ballistic missiles. In one of the most prominent targeted killings, Israeli intelligence agencies reportedly used an AI-enabled, remotely operated sniper machine gun to kill top nuclear scientist Mohsen Fakhrizadeh in Absard, Iran, in 2021. This was the first documented long-range use of such a device.

Israel has been blamed for running a decades-long covert campaign to target Iran’s scientists spearheading the nation’s quest for atomic weapons and ballistic missiles.

However, Israel’s reported targeting of Hezbollah’s communication devices potentially begins a new phase in pursuing geopolitical rivalries in cyberspace. 

Lowering the threshold for cyberattacks  

Disruptive attacks on critical national infrastructure, including Distributed Denial of Service, malware and ransomware attacks, by adversarial state and non-state actors have now been a regular occurrence in cyberspace. Israel and its adversaries—Iran, Hezbollah, and Hamas—have frequently launched cyberattacks against each other’s critical infrastructure. However, sabotaging and targeting communication devices will likely lower the threshold for cyberattacks, opening a new chapter in offensive cyber operations. This is also the first time we have seen such extensive physical damage and human casualties being caused by electronic sabotage and cyber tactics. Non-state actors, including terrorist organisations, may find these tactics alluring to fulfil their intentions of committing large-scale, mass-casualty terrorist attacks.

Disruptive attacks on critical national infrastructure, including Distributed Denial of Service, malware and ransomware attacks, by adversarial state and non-state actors have now been a regular occurrence in cyberspace.

More importantly, these attacks raise complex questions about the distinction between targeting combatants and civilians. This critical distinction has guided states and their militaries for centuries but has also progressively weakened with the use of advanced tech in modern warfare. Regarding cyberspace, International Humanitarian Law (IHL) explicitly mentions that “cyberattacks must not be directed against civilians or civilian objects.” Admittedly, the targeting in this case was specific: only the pagers and walkie-talkies used by Hezbollah cadres. Yet, as ground reports suggested, their impact was not limited to the cadres. A panel of United Nations human rights experts has already termed the rigging of pagers as “malicious manipulation” and “terrifying violations of international law.”

Supply chain vulnerabilities

States have constantly attempted to sabotage and disrupt their adversaries’ critical infrastructure, including communication networks. The US, for instance, has long alleged that the Chinese government planted backdoor vulnerabilities in Huawei telecom equipment. However, the purported tampering of Hezbollah’s pagers is the first known instance of hardware tampering at the production level. This exposes how supply chain vulnerabilities can be weaponised with catastrophic outcomes. The opaqueness of supply chains spread far and wide and sometimes concentrated in a handful of countries aggravates this concern.

The strategic benefits of exploiting such a vulnerability are up for debate. However, given its potential for disruption and destruction, at least in the short term, more actors may be tempted to leverage it to target their adversaries. Moreover, while it may be difficult for non-state actors to get such deep physical access at the equipment manufacturing stage, determined state actors can have their way with the right resources.

The opaqueness of supply chains spread far and wide and sometimes concentrated in a handful of countries aggravates this concern.

Mitigating this possibility will be a major cybersecurity challenge with the advent of the Internet of Things (IoT) and the proliferation of smart electronic and communication devices. By 2023, it was estimated that the world would have 43 billion IoT-connected devices. Often designed with limited computational power and inadequate encryption capabilities, these devices are more susceptible to cyberattacks.

Conclusion

The sabotaging of Hezbollah’s communication devices and the targeting of civilians has carried the consequences of cyber warfare to the physical realm. This has broader implications for cyberspace stability if other actors decide to emulate it. It also has a psychological impact by aggravating the vulnerability inherent in relying on modern electronic devices. Mitigating this risk will, therefore, require further strengthening of anti-sabotage measures for electronics, securing supply chains, establishing stricter export control measures for the transfer of sensitive technology and enforcing accountability for responsible state behaviour in cyberspace.

Sameer Patil is the Director, Centre for Security, Strategy and Technology at the Observer Research Foundation.