At least eight people have been killed and more than
2,700 people have been injured in Lebanon by exploding
pagers. Experts say the blasts point toward a supply
chain compromise, not a cyberattack.
...WIRED
SUBSCRIBE
Security
Politics
Gear
The Big Story
Business
Science
Culture
Ideas
Merch
Podcasts
Video
Newsletters
Magazine
Travel
Steven Levy's Plaintext Column
WIRED Classics from the Archive
Events
WIRED Insider
WIRED Consulting
Jobs
Coupons
image alt
Fully Charged?
Get a year of WIRED - only $30 $5
GET DIGITAL ACCESS
Already a member? Sign in
Lily Hay Newman Matt BurgessSecuritySep 17, 2024 2:31
PM
The Mystery of Hezbollah’s Deadly Exploding Pagers
At least eight people have been killed and more than
2,700 people have been injured in Lebanon by exploding
pagers. Experts say the blasts point toward a supply
chain compromise, not a cyberattack.
Ambulances and crowds of people near a hospital
The entrance of the American University of Beirut
Medical Center on September 17, 2024, after hundreds of
people were wounded when Hezbollah members' paging
devices exploded simultaneously across
Lebanon.Photograph: Anwar Amro; Getty
Save
An unprecedented wave of small blasts erupted across
Lebanon on Tuesday, killing at least eight people and
injuring more than 2,700 after the wireless pagers of
Hezbollah members began exploding, according to local
officials.
Pagers started exploding at around 3:30 pm local time,
according to a statement from Hezbollah officials, who
say that “various Hezbollah units and institutions”
were impacted in the incident. The blasts continued for
more than an hour, according to Reuters. A Hezbollah
statement says a “large” number of people were injured
and said they suffered from a wide variety of injuries.
In the immediate aftermath of the explosions, CCTV and
phone footage posted to social media, which has not
been independently verified, appears to show hospitals
flooded with wounded people, as well as apparent
explosions happening around waist height and images of
damaged pagers. People with links to the region say the
explosions caused street-level chaos.
Featured Video
Antony Blinken on National Cybersecurity and an
Evolving State Department
“Hezbollah’s competent agencies are currently
conducting a wide-ranging security and scientific
investigation to determine the causes that led to these
simultaneous explosions,” Hezbollah said in an initial
statement.
Meanwhile, Lebanon’s health minister, Firass Abiad,
says 2,750 people had been wounded with 200 being
critically injured. The country’s internal security
unit made an urgent request for people to keep off the
roads to allow people to be transferred to hospitals.
Iran’s ambassador to Lebanon was injured in the blasts;
separately, the Syrian Observatory for Human Rights
said 14 people in the country had been injured by pager
explosions.
The perpetrator of the attack is widely believed to be
Israel—fighting between Israel and Hezbollah, which is
backed by Iran, has intensified since October 7 last
year when Hamas fighters attacked Israel. In a second
statement issued after the explosions, reported by Al
Jazeera, Hezbollah blames Israel for the “criminal
aggression that targeted civilians too.”
The Israel Defense Forces told WIRED it has “no
comment.” Reuters reported that an unnamed “Hezbollah
official” described the operation as the "biggest
security breach" the group has faced in nearly a year
of fighting with Israel.
It was not immediately clear how the attack was carried
out. Initial reports on social media speculated that
the pager explosions might have been triggered by
digital hacking that caused the pagers’ batteries to
overheat and explode. One report by the Lebanese
Broadcast Corporation described preliminary reporting
about a possible cyberattack. “According to information
obtained by LBCI, initial reports suggest the pager
server was compromised, leading to the installation of
a script that caused an overload. This likely resulted
in the overheating of the lithium battery, which then
exploded.”
Footage posted on social media claiming to show
examples of the explosions from around the country
depict blasts that seemed too large to come from pager
batteries alone. One photo circulating widely appeared
to show a mangled pager with some legible make and
model information that may point to the Gold Apollo AP-
900 alphanumeric pager.
This pager runs on two AAA batteries, which, like any
battery, could be induced to explode, but likely not
with such force and scale as the explosions depicted in
alleged videos of the blasts. Even if this isn’t the
model of the pagers, and those used by Hezbollah run
instead on lithium-ion batteries, which can cause more
dangerous explosions, it’s still unlikely that a
regular pager battery alone could produce blasts that
could injure multiple people.
“Those explosions aren’t just batteries,” says Jake
Williams, vice president of research and development at
Hunter Strategy who formerly worked for the US National
Security Agency. “Based on the reporting, these pagers
were likely interdicted by Israeli authorities and
modified with explosives. This highlights the risks of
supply chain security, especially in places where
technology is harder to ship to.”
Williams points out that such an operation would likely
involve operatives on both the tech distribution side
and the Hezbollah procurement side. “You compromise the
supply chain, but you don't want thousands of explosive
pagers running around Lebanon,” he says. “The mole gets
them to exactly the right people.”
Some reports on Tuesday indicate that Hezbollah
recently expanded its use of pagers in an attempt to
secure communications after other channels had been
infiltrated by Israeli intelligence. The Associated
Press reported that an anonymous “Hezbollah official”
said the group had recently adopted a “new brand” of
pagers that “first heated up, then exploded.”
“It's unlikely that hacking was involved, as it's
likely that explosive material had to be inside the
pagers to cause such an effect,” says Lukasz Olejnik,
an independent consultant and visiting senior research
fellow at King’s College London’s Department of War
Studies. “Reports mention the delivery of new pagers
recently, so perhaps the delivery was compromised.”
Michael Horowitz, head of intelligence at Middle East
and North Africa risk management company Le Beck
International, says if the attack is supply-chain-
based, then it could have taken years to prepare and
involved infiltrating a supplier and placing explosives
inside new pagers.
“This is a major security breach, particularly if we’re
talking about a charge that was placed inside the
devices—which, in my opinion, is the most likely
scenario,” Horowitz says. “This would mean that Israel
has managed to infiltrate Hezbollah providers to the
point of delivering hundreds (if not thousands) of
devices used for secured communication.”
The incident comes amid escalations of fighting between
Israel and Hezbollah in recent months, raising fears of
a full-blown war. In the hours before the explosions on
Tuesday, Israel said its war goals would include
allowing 60,000 people to return to Northern Israel
after they were evacuated following Hezbollah attacks,
and it would not rule out military action.
|
|