Hezbollah pager explosions kill several people in Lebanon
(reuters.com)1064 points by logicchains 3 days ago
1064 points by logicchains 3 days ago
I suspect that is an intentional side effect against the whole pager network. It is now totally compromised which means they can no longer use passive channels as a communication medium. This effectively shut down their comms structure.
As for aid workers, they mostly use whatever low ball android phones they can get their hands on I know someone who volunteered out there and everyone uses them and Telegram). I don't think that will impact them at all.
Well, now that everyone knows it's feasible to hide a small bomb inside a pager, what's to stop people from checking their pagers for tiny explosives before using them?
Well nothing which is why people are spreading stuff about it being a hack causing the batteries to explode. Which disrupts everything with a network connection and battery. Adds confusion to the situation.
As I said elsewhere this is a one shot attack. They would never be able to pull this off again at this scale.
I'm not sure how many bomb techs they have around, but I'd be pretty afraid to personally open something I suspected to have a bomb in it.
Who uses pagers? Aid workers carry phones. The pagers are deliberate opsec move for Hezbollah.
I've used them for DevOps on-call in the last ten years in the US, as a backup to phone-based alerts. It's far too easy to mess up phone DND settings, forget to charge a phone, be outside cell service, or leave a phone in the wrong room. The pager had a long battery life and I clipped it to my pants waistband. I definitely caught pages via the pager that I would have missed over the phone.
If you're worried about the cell network going down, they serve as a backup comms device as well since they use different infrastructure.
Presumably Lebanese DevOps on-call isn't sharing pagers from a shipment to Hezbollah from Iran.
Nurses and medical staff, at least in the US.
https://www.npr.org/2023/12/15/1219737658/why-do-doctors-sti...
For collateral, I was thinking more along the lines of non-Hezbollah civilians right next to the target, or perhaps a building set on fire
Here's a video of someone standing right next to the target: https://x.com/DrEliDavid/status/1836037485492629605
They are unharmed.
not sure of band allocations around israel, but in the US pagers were long wavelength devices and, as such, could receive signals much further inside buildings than pre-wifi cellular bands could reach. again, band / frequency (wavelength) allocation dependent. but if similar there, pagers might get signals in tunnels whereas cellular bands may not, for one plausible conjecture.
These pagers were used by Hizbullah because, unlike mobile phones, they cannot be tracked. The people who had them were certainly not random aid workers, but people in the Hizbullah chain of command. This is also indicated by the statements of Hizbullah itself (which are themself to be questioned and not taken at face value), according to which so far one non-combatant was reported killed and no other non-combatant were reported injured out of a total of 4,000 exploded explosive devices. The CCTV footage also shows that even in a crowded supermarket, no one was injured apart from the Hizbullah member with the pager.
First: Innocent people can use their phones just fine and have their comms intercepted by the IDF. Only Hezbollah wanted an alternative to hackable phones.
Second: If you distribute to Hezbollah and detonate already months later, it's unlikely many unaffiliated people already have Hezbollah pagers.
The hit rate indicates the targeting was right.
You can't insure it. It is actual terrorism, pure and simple.
"American University of Beirut withdrew the pagers from the medical staff this morning under the pretext of updating the system".
They didn't. Al Jazeera's headline was updated to read "Lebanon’s health minister says 8 killed, 2,750 wounded by exploding pagers."
These are pagers connected to Hizbollah's internal communication network. Why would they be used by the general population?
As I understand it, people are saying that the most likely way that this was carried out was that a shipment of pagers where intercepted and modified. My concern is that part or all of the shipment might not go to Hezbollah. Perhaps the shipment gets rerouted to somewhere else due to supply chain issues. Perhaps only half of the shipment was intended for Hezbollah. Perhaps a postal worker steals a few and sells them on the black market. Perhaps Hezbollah decides they have more than they needs and does something with the rest. Perhaps part or all of the shipment gets delayed and is sitting in a post office when it goes off.
Basically: warfare via mail bomb seems like it might be irresponsible.
These aren't normal retail pagers, like the world uses (or used to use) for pager-duty? And Hezbollah maintains its own network infrastructure?
Hezbollah is essentially a governmental organization, they provide healthcare, education, agricultural infrastructure, social services, etc...
No essentially about it. Hezbollah is part of the government, one of many political parties in Lebanon. Just like most of the other major political parties in Lebanon, they maintain their own militia separate from the Lebanese military.
It would be easy to include a little microcontroller that can check what frequency the pager is set to. This allows you to target specific pager networks (government, military) while leaving pagers that are unlikely to be in use by targets intact for follow-up attacks.
Since when has Israel cared about civilians or aid workers
Pagers could have certain security options that would interest only a military organization. We don't know at which stage these were intercepted. They could just as easily be targeted to Hezbollah from the beginning of the sale. Advertise something that could be catered to them and once they take the bait go ahead and booby trap them all
I'm not sure why it's being assumed that they detonated all of the pagers. They presumably have unique device IDs / phone numbers that can be tied to individual people. For all we know, they may have just detonated the ones known to be in use by Hezbollah operatives.
Per The Lancet, if you account for excess deaths due to things like willfully imposed mass starvation, denial of medical services due to the destruction of hospitals, and living in tents without cooling due to the destruction of housing, 100,000 people have been killed as a consequence of the IDFs actions.
https://www.thelancet.com/journals/lancet/article/PIIS0140-6...
If you aren't targeting occupied residences with the JDAM (like Israel does through the Where's Daddy? program) then feasibly you could end up with less civilian attrition using the JDAMs. Distributed fragmentation explosives with no fire control system are arguably more dangerous than a direct-attack munition targeting a military installation.
If that were the case, Israel wouldn't be intricately planting bombs in Hezbollah pagers.
The pagers do give Israel a certain veneer of plausible deniability that they wouldn’t otherwise have if they had used more traditional bombing methods.
Literally everybody in the entire world believes Israel is responsible for this. An Mk-82 bomb dropped from a bomber would have more deniability. This was a joke about Israel's tactical signature back when James Mickens included it in a Usenix Security throwaway paragraph back in 2014. There is absolutely no deniability here, unless someone very powerful is deliberately trying to frame Israel (which is not what is happening).
And yet they set thousands of them off no matter who was nearby.
Amir Tsarfati on Telegram: The updated numbers:
4000 wounded of which 400 in critical conditions
Al Jazeera from a Lebanese security source:
The pagers were brought to Lebanon 5 months ago. They were boobytrapped in advance. Each device contained an explosive weighing no more than 20 grams.
20 grams of C4 or similar plastic explosive would be more than adequate to produce the effects seen. CL-20 wouldn't be a good choice for this deployment: it's not particularly stable for rough handling even with a good phlegmatizing blend, and tends to decompose at the temps one would expect a pager to be exposed to (hot car, etc).
The word on X is it was Pentaerythritol Tetranitrate (PETN): https://x.com/MattWGraver/status/1836093195240800522 (not me)
First of all, the discussion is purely hypothetical – noone ever put George W Bush in prison for his Iraq invasion. No matter what you, or the world, thinks of it, it's not going to happen.
Second, what Israel and its enemies are doing is far from the land warfare the laws were written for. Do all Hezbollah soldiers wear uniforms indicating their affiliation and rank? Yeah, I thought so.
This is true if you're a sheep and you live in the US or an allied nation and the exact opposite if you live in an unfriendly country.
For example, if you're a sheep in China, China would obviously never commit a war crime.
If you're a sheep in Russia, Russia would obviously never commit a war crime.
If you're a sheep in the US, the US would obviously never commit a war crime.
Etc.
This being a hack is improbable in my opinion. If you see the pictures of the aftermath, the damage is too big to be the result of a lithium battery explosion. Moreover the devices exploded at the same time in different locations (won’t happen if they made the battery overheat till explosion) HA probably bought a bad batch with implanted explosives and they set it off now.
The context clearly explains what OP means. The meaning is that "This is not something that is achieved via simply hacking a normal device remotely. This is something that is achieved via doing something extra to the device first, and maybe then hacking it remotely."
Another thing is that if we begin to use "hack" for every means of attack and unauthorized access, then the word loses its meaning. There is no supply chain hack, but there is a supply chain attack.
Pretty much, yeah. The hack was used only to activate it remotely, and in pager systems, it should not be a hard task. But I highly doubt it was only due to battery overheating. I have seen scooter batteries exploding before, and they don’t burst as quickly as this one.
It must be a combination of hardware (put a bomb in it) and software (trigger an explosion when a particular command is received) hack. Triggering an explosion of all devices is needed because if people started hearing about exploding pagers, they'd place their own far away from anything precious to them.
Geez, I thought this kind of hack is the stuff of (bad) action movies.
I wonder if there's a pager that was powered off during the attack and if somebody will dissect how they did it.
Edit: then again maybe the code is as simple as
if (currentTime() >= KABOOM_TIME) { goKaboom(); }Warning, under the International Traffic in Arms Regulations in the US civil fines of up to $500k per violation apply to software exports classified as related to munitions or military applications. You may want to consult an attorney before sharing such algorithms on a public forum.
The detonation signal could also have been completely out of band, like with Yahya Ayyash (as far as I know) which seems like the Occam's Razor answer. https://en.wikipedia.org/wiki/Yahya_Ayyash#Assassination
It's probably much easier these days to source lithium batteries than NiMH ones.
Most pagers also aren’t designed incinerate/explode when they receive a signal, so I don’t know if we can make assumptions based on what typical pagers do. Seems a lot easier to short a LiPo battery than conceal a tiny explosive. An explosive can be found, but they’re unlikely to find out that the BMS is bugged to short the battery to ground
A LiPo will burn, aggressively and hot, but they don't explode.
To get a LiPo to explode you'd need to both puncture/rupture it and somehow contain the escaping gasses long enough to build up pressure.
No, I'm as convinced as I can be that this was a supply-chain attack, and used a purpose-built "addition" the pagers in the form of an explosively formed penetrator.
Given that an EFP is usually concave, I'll even go so far as to say I bet it was disguised as part of the speaker assembly.
LiPos used today burn because they have vent slits. Remove the vents and it’s far more likely to explode. In any case, we’ll probably find out in a couple weeks.
I saw some videos of explosions, the pagers received some sort of signal or message that made the holder look at the pager.
Most of the injuries were to the hands or eyes. It was a very very weak explosion - even people right next to the person were not harmed, just the person holding the pager.
There are now over two thousand injuries and at least one nine year old girl dead. This was a reckless attack, a war crime, and a blatant disregard of international law.
You’re not targeting pacemakers embedded only in the chest cavities of known Hezbollah militants but devices often left around family and children. Hezbollah is a massive political entity with probably more non-combatants than combatants. The pagers are used by accountants, doctors, civil salarymen, it workers, and others that are not legal targets under IHL.
EDIT:
Source: https://www.theguardian.com/world/live/2024/sep/17/middle-ea...
> Among those killed is an eight-year-old girl from Bekka Valley, Abiad said, according to Al Jazeera.
> At least 2,800 people have been wounded, he added, and more than 200 are in critical condition.
If the pagers all belong to military targets is this a war crime? It means basically that all war is a crime. Which from an idealistic point of view I agree, but that's not how the world works.
Rockets are fired to the Israeli north for a year now, about a 200k civilians are evacuated for a year now because the rockets are mostly randomly targeted.
a 3 yo Israeli baby is still held hostage by hamas, never meeting the red cross.
Are these war crimes?
Yes, hence the "there are now" part. I updated my comment with a source.
I mixed up "nine fatalities" with "eight year old girl" to get "nine year old girl". Mea culpa.
If it was not a terrorist attack and a war crime but a targeted operation against the militants, why wouldn't Israel claim responsibility for the successful operation?
Israel has had a “no comment” policy for many years. Why? I can think of a few reasons. One is that some operations, if acknowledged by Israel, would trigger a proportionate response by the target, but if not acknowledged would allow the target to save face by downplaying what happened, if neither side actually wants war.
That probably doesn’t apply to this case, but has occurred in the past. And no-comment policies are more effective when applied unconditionally.
If a car bomb went off next to an IDF post killing a bunch of IDF soldiers and one 10-year-old kid, it would be declared a terrorist attack immediately.
If this involved China and Taiwan, North and South Korea, or Russia planting bombs on Ukrainian soldiers, nobody would be debating whether it was a terrorist attack.
It’s certainly a relief when polite society can recognize it that way. So, that ends one discussion but starts another. When foreign intelligence is tasked with, say, breaking laws and moral codes in Lebanon; it lives in the shade because we cannot distinguish it from terrorism or organized crime or a financial scam. It’s been this way for a long time and the debate nowadays is whether or not, on balance, we’re prevailing over evil.
Sometime in the 20th century, hot war killed more combatants than civilians and that’s mostly changed with drastic disproportionality. So, intelligence agencies have been forgiven because they describe themselves as non-combatants killing non-combatants to prevent civilian massacres. This explains a change in ideals mid-century.
countries i think don't comit acts of war randomly without annoucement or claim. This in itself would be borderline criminal, though i'm not sure if it's an actual thing noted in the geneva conventions. Those do state that any act of war should give an opportunity for retaliation. So in essence this is just as criminal as bombing people using armed drones, because these fighters did not have any opportunity to strike back.
It's not random: Hezbollah and Israel have been fighting for a while[0] and Hezbollah's mission is to eliminate the state of Israel[1]. I'm sure no member of Hezbollah is surprised that Israel would attack them.
[0] https://en.wikipedia.org/wiki/Israel%E2%80%93Hezbollah_confl...
You're throwing "criminal" around without, I suspect, understanding the laws of warfare. Blowing enemy operatives isn't criminal (even if some civilians get hurt - within reason; here's the ratio of militants to civilians hurt is virtually unheard of, in a positive way). Bombing militants from above, whether by airplane or drone isn't criminal, and nothing in the laws of warfare claims you need to let the enemy an opportunity to strike back.
It seems to be just some sensible policy, but maybe also to let frivolous accusations, such as yours, hanging for bit.
There was a really dumb but also really entertaining Awkwafina/John Cena movie that I watched recently called Jackpot https://www.imdb.com/title/tt26940324/. At one point in the middle of the movie one of the characters calls a 3 letter agency friend and asks them for a "Phone Strike on his location". There is a mob gathered outside of their room, and within 30 seconds everyone's phone blows up and the protagonists escape. The movie is R rated but obviously it's hollywood so instead of blown off fingers and holes in ribs that we see in Lebanon, its just someone's crotch is aflame, that's about it. But it was the first thing that jumped to me when I heard about it. Go hollywood!
I love those two, thanks for the movie rec.
I have a working theory that real life 3 letter agency plots make it into Hollywood movies because intelligence agents and script writers hang out at the same bars. Likely a mix of intentionally planting tropes so that when someone claims the government is doing it they look like a conspiracy theorist who watched "The Rock" too many times, and retired folks having one too many whiskies and letting their secrets slip knowing that there's no way to prove it anyhow, and those make it into scripts just because they're good stories
Reminds me of two things:
1. Mossad killed the chief bombmaker of Hamas with an exploding phone in 1996: https://en.m.wikipedia.org/wiki/Yahya_Ayyash
2. My grandma used to say not to wear my phone on me, especially close to my heart or my balls, because she thought it was dangerous somehow. Turns out she was right!
Amazingly enough, the concept of hacking personal communications devices to explode was explored recently in the "phone strike" scene in Jackpot!, an Amazon MGM Studios movie released a month ago.
Weren't those surgical implants, though? A bit different, not an innocuous everyday gadget turned deadly. More of a Laputan Machine.
Yeah GP is probably merging two things that happen in the movie. One, the villain (played by Samuel Jackson) implants all of his "inner circle" with exploding implants to guarantee compliance, and late in the movie they are hacked so that the entire group is simultaneously assassinated with a single signal. Two, that same villain gives out free SIM cards to everyone on the planet that can be remotely triggered to throw everyone in range into a homicidal rage. The latter is probably what GP was thinking of, but they misremembered the effect.
This is nothing new. Israel has done attacks like this since the 60s.
They've remotely triggered multiple consumer devices simultaneously?
Why was this flagged? I vouched for it as it would make for an interesting discussion about the security of these devices and how this kind of cyberattack might have happened.
Are smartphones, for example, also vulnerable to it?
I was wondering the same thing.
There might be other explanations than a cyberattack though. The pagers could have been prepared in some way before distribution.
From the videos, it looks like the explosions were quite sudden and remarkably violent for such a small device.
So in addition to people-hunting FPV drones, we now have the equivalent of exploding collars from science fiction movies like Running Man. I don't like where we're heading, but it was probably inevitable that technology would be used this way.
even that is not far fetched. This is a typical supply chain attack.
I've seen laptop and phone batteries explode with significant force on YouTube. It's called thermal runaway.
As much as I'd love to believe this couldn't happen without physical tampering, I see no good reason to.
They usuall burst with fire. You'd have to have hardshell battery with no venting, and likely no protection circuit, and a way to cause sustained load on the battery, without the user noticing the heat first. Eh.
A short on a battery with protection circuit installed basically does absolutely nothing to the battery.
I'm yet to see a video with fire and a lot of smoke at minimum.
> Why was this flagged?
Anything any particularly motivated group dislikes here gets flagged; always been this way. Thanks for vouching.
> Are smartphones, for example, also vulnerable to it?
I also would love an answer to this question. Up until 12 minutes ago, I would never have thought _blowing up_ hundreds of pagers simultaneously was a realistic scenario.
If anyone can make sense of how this actually worked I'd be grateful. If it can be done to pagers, it seems likely that it can be done to other networked lithium devices: phones, tablets, laptops, smart watches, cameras, drones, medical devices, toys, and even electric vehicles.
Lest anyone tries to deny this happened: There's video of two separate cases on the nowinpalestine Instagram page.
"Political" (including geopolitical) posts on here lead to an enormous amount of anger and noise and I fully get why they're verboten. In this case it's actually a fascinating issue that has a lot of crossovers with the domain of this site, but invariably the conversation would get overwhelmed with geopolitical noise instead of just focusing on the technical aspects.
98% sure these were booby trapped with plastic explosives or similar, meaning it’s a supply chain attack more than a cyber attack. LiPos exploding would be more sizzle and less instant boom, you can’t just hack your way through thermal runaway without all the smoke and building temperature first.
I am just out of the gate, but the videos show sharp percussive explosions and no lithium evidence. So C4 or RDX in the devices on a 'mod board' with the explosive disguised as a big capacitor or something. It had to be put into the devices. In order to justify an operation like this the explosions had to be near-simultaneous so the mod board had to have its own clock, which would be as accurate as the crystal in the clock circuit provides, maybe drift of +/- a few seconds since installation.
The broadcast pager network does not offer this level of time precision for a detonation message so as ugly as it sounds, I believe at the moment that 9/17/2024@3:30pm (or whatever) was preloaded into the 'mod boards'.
Perhaps the 'mod board' had the capability for the future time to be set with a broadcast message, but that introduces such complexity! It requires the page system itself to be compromised. The victims' paranoia served them badly in this case, a recent warning about cell devices and a lower tech 'solution' is rolled out and they would only trust one source, so all you'd have to do was get an explody batch into the supply chain with (reasonable) assurance that only Hezbollah members would get them.
In the coming days I'd look for clues in: The simultaneity of the explosions with times to the second // were any duds found and disassembled? // is there a separate radio receiver on the mod board (to set future detonation time) // when did the 'rollout' of the devices begin? // How many pager carrying non-members were injured and what were the circumstances ('medics' being one group) // Will suspicious broadcasts be discovered from logs or logged radio intercepts?
Given the people we are dealing with (I mean both sides) I am thinking that the operation avoided ANY covert channels at all and was a simple date-time bomb.
It got flagged because it is a duplicate. In order to focus discussion into one submission [0].
The subject is unfortunately likely to start a flamewar. I still think this should be on the front page because the technology and scope of this attack is unheard of if true. Israel somehow managed to weaponise hezbolla pagers by sending a message that caused them to explode. (Edit: i see the link i submitted has made it to the front page so it seems the moderators won't kill the story)
Dupes also get flagged, like in this case. This submission got [dupe] added as a prefix to he title.
The reasons were quoted in the media:
"Hezbollah leader Hassan Nasrallah a few months ago called on his fighters, especially those who are on the front lines along Lebanon’s southern border with Israel, to stop using smartphones because Israel has the technology to infiltrate and penetrate those devices."
https://www.aljazeera.com/news/liveblog/2024/9/17/israels-wa...
> The affected pagers were from a new shipment .. in recent days
> some people felt the pagers heat up and disposed of them
https://www.wsj.com/world/middle-east/hundreds-of-hezbollah-...
The reports right now are that these were ordinary pagers and that some sort of software attack overloaded the batteries and caused them to explode.
But I work lithium batteries. I've overloaded lithium batteries before and let them explode for safety testing. The videos released of these things exploding on people doesn't look anything like what I would expect, especially not from something as small as a pager battery. You would need to seal lithium batteries in a metal tube or something to cause that kind of explosion.
I highly suspect that this was a supply chain attack, and that there's a high explosive charge hidden in these things, with some sort of radio backdoor that allows them to be detonated by whoever controls these things.
Yeah, I'm getting the same energy from that claim as this: https://dtrap-blog.acm.org/2019/09/04/hackers-can-turn-your-...
Seems old pagers were replaced last month at the American University of Beirut. It may or may not have to do with this operation, but the timing seems very suspect. Those devices may have been tampered with explosives at some point before being distributed to the victims.
Looking at pictures of mangled devices, it would seem to confirm that they were Motorola Gold Apollo pagers. In which case they just used standard alkaline batteries which would rule out a malware targeting the battery, and confirm it was a supply chain attack with planted explosives.
Israel has done this in the past by supplying parts to Iran for printers that would explode https://apnews.com/article/iran-israel-ballistic-missile-sab...
I also seem to recall them using modified cell phones to blow up militants or use them to triangulate their location. I can't seem to find the article(s) about this, unfortunately.
It is reasonable to assume a Mossad agent would have pagers as potential way to communicate. Pagers work on separate networks from cell phones and usually do not have the same location tracking.
It is also fair to assume that Mossad would want the ability to remotely destroy an agents pager. If it was captured, etc. So very likely these were already a standard part of their equipment and then distributed to Lebanon.
It is also interesting how fear of cell phone tracking drove them to pagers, which was then exploited in response.
It is different from Stuxnet and a form of terrorism. Same as all the assassinations. They are crossing all of these lines that can be a double edged sword in the long run.
So either this was planned long enough ago to replace a large number of devices over time, or communication about a larger order has been provided to the enemy and fulfilled without suspicion. Either way, that sounds like a crazy infiltration effort.
Also, we can assume that anything sent to those pagers so far has been forwarded to Israel and now that channel is burned, right?
I'm a long way from Lebanon, but carry two pagers for Emergency Services (one per service). One used to be an Apollo Gold but now it isn't. From what I've read these were modified pagers, but I still rang one manager for reassurance. We need a strong statement for all the emergency responders and medical staff that still use these things that it's not going to happen to you.
Israel drone struck Jose Andres' food truck program this year.
Between these acts of war between stupid, angry countries, there needs to be not just guarantees for aid workers, but broad international condemnation of tactics that violate the Geneva Convention and related principles. And those principles are long overdue for high-tech drone strikes, robotics and electronics warfare.
It wouldn't be a first
https://en.m.wikipedia.org/wiki/Yahya_Ayyash
> Shin Bet agents gave him a cell phone and told him it was bugged so they could listen in on his conversations.[17] They did not tell him that it also contained 15 grams of RDX explosive
Replace half the battery with c4, you really don't need much to injure someone in direct contact with a modern explosive
I imagine technological progress has been made in the field of explosives as well. I guess the volume and weight can very very small when you can determine that the phone is being held at the head and the explosion can partially be directed to it. Maybe it's even possible to leverage the energy within the battery?
This seems like it would have the potential for a lot of collateral damage due to the possibility that modified pagers might enter general distribution. That is to say, how do they insure that a given shipment of pagers are only going to Hezbollah as opposed to some of them going to people like aid workers?