Comment by sbeam

Comment by sbeam 3 days ago

622 replies | 2 pages

View on Hacker News

If we try to do what we are best at here at HN, let’s focus the discussion on the technical aspects of it.

It immediately reminded me of Stuxnet, which also from a technical perspective was quite interesting.

I already wonder if this was anything that was planted in the devices perviously, or if the ones responsible had similar devices, and managed reverse engineer them and craft a payload to them, that could be sent over existing cellular protocols/networks and then, similar to Stuxnet, make the device exagerte some existing functionality to a point where it caused a malfunction? Thoughts on this?

edm0nd 3 days ago

These pagers were 100% a supply chain attack. Intercepted and modified with small explosives embedded in them or swapped the entire shipment out with ones with a small explosives in them.

There is no possibility these explosions are from battery overloads via an exploit or firmware hack.

Reply View 31 replies
  • spidersenses 3 days ago

    >or firmware hack.

    There's still the question of how the explosive capsule would have been triggered. It couldn't just explode at the first incoming call. There must be more to that.

    Reply View 16 replies
    • ajsnigrutin 3 days ago

      The microcontrollers inside the pagers probably have a spare GPIO pin, so they'd just have to modify the software and attach the detonating electronics to that gpio pin.

      Since i'm supposedly "posting too fast", to answer the post below:

      > Just curious, is it possible to program the pins so that it triggers by wireless or satellite command? With that scale I don't think wireless is possible though.

      Technically it is, but requires additional electronics and antennas. It's much easier to just use the existing pager network and trigger when some specific message (or pager code) is detected. Paging networks are simple to implement.

      Reply View 6 replies
      • tptacek 3 days ago

        It seems pretty plausible that the actual supply chain attack here would have been Israel subbing out whole shipping crates of pagers for sabotaged devices Israel manufactured itself, which would allow for arbitrary complex designs.

        Reply View 1 reply
        • markus_zhang 3 days ago

          Maybe they bought a large quantity of pagers from the same supplier and modified beforehand? I think a few grams of high explosives is good enough.

          Reply View 0 replies
      • markus_zhang 3 days ago

        Just curious, is it possible to program the pins so that it triggers by wireless or satellite command? With that scale I don't think wireless is possible though.

        Reply View 2 replies
      • markus_zhang 3 days ago

        Thanks, I wonder how does one do that. I'll probably need to read how pagers work.

        Reply View 0 replies
    • svnt 3 days ago

      My best guess is explosively formed penetrator in the display.

      I don’t think wholesale replacement of the pagers was likely to work for a number of reasons.

      They had to go one step up the supply chain.

      The EFP display could be set to trigger on a certain message, or even the clearing of a certain message, which in devices without said display would do nothing.

      The display is most likely to be pointed at the user’s face, or opposed to their waistline (EFPs sort of fire both ways but in one axis.

      The battery, if it were a cylinder as would be likely, would fire tangentially, likely not hitting much.

      A prismatic battery would make a good place for an EFP but difficult to interface with and likely requires a second compromised component.

      Reply View 7 replies
      • hinkley 3 days ago

        Theory: A prismatic battery with an explosive core and an electronic fuse swapped to trigger the explosive instead of disconnect the battery. Firmware change to short the battery. No visible signs of tampering even in iFixit like conditions.

        Reply View 6 replies
    • emiliobumachar 3 days ago

      Might be a hardcoded date and time. Does the legit pager messaging network give the time? If not, continually powered digital clocks drift slowly.

      Reply View 0 replies
  • barbazoo 3 days ago

    > These pagers were 100% a supply chain attack.

    What did you base that on though, 100% is pretty confident

    Reply View 7 replies
    • rdtsc 3 days ago

      Batteries are not magic unknown technology. People who understand their chemistry can confidently say things like that.

      Reply View 3 replies
      • barbazoo 3 days ago

        Dunning-Kruger effect comes to mind again.

        Reply View 2 replies
    • edm0nd 3 days ago

      Simple logic and science. Batteries do not cause forceful explosions like we've seen today. These pagers were intercepted and implanted with explosives (or entire load swapped with pre-made malicious ones) and then allowed to continue on to their destination. Thus I can say with 100% confidence that this was a supply chain attack.

      Reply View 0 replies
  • sroussey 3 days ago

    Likely, there are many many more of them out there, just did not fall into the dragnet of phone numbers that were set to activate.

    Reply View 4 replies
    • s1artibartfast 3 days ago

      How do you judge that likely? It seems just as possible if not more that it was a single lot purchased by Hezbollah for Hezbollah.

      Reply View 0 replies
    • meaydinli 3 days ago

      I'd guess anybody with a pager in that part of the world dumped theirs as soon as they heard what happened.

      Reply View 0 replies
    • londons_explore 3 days ago

      I bet lots of people with that model of pager are now ripping them open to check for explosives. If we don't see pictures of unexploded ones, then I'd guess they were all triggered, and the only ones we might see are devices that were turned off at the time.

      Reply View 1 reply
      • sroussey 3 days ago

        Agreed. Will be interesting if there is a teardown or not.

        Reply View 0 replies
  • [removed] 3 days ago
    [deleted]
    Reply View 0 replies
pragma_x 3 days ago

> make the device exagerte some existing functionality to a point where it caused a malfunction? Thoughts on this?

I'm actually astounded by the things that must have been in place to make this attack even plausible, let alone viable. At the same time, the ramifications are sobering. Here's where my head is:

- Hezbollah failed to inspect electronics that, if tampered with, could have lead to some kind of intel breach. That or the explosive modifications were indistinguishable from the real thing.

- Operatives knew what pager numbers were in use by Hezbollah, perhaps exclusively to the rest of the population.

From there I have three possible explanations for how this may have been executed:

1. Many shipments of such pagers bound for Hezbollah in Lebanon and other places in the region, were identified, intercepted, modified, and sent on their way with minimal delay. You probably don't get many opportunities like this (how often do you replace a pager?), so this is really quite a hat-trick.

2. Or: there are many more pagers out there with a very dangerous vulnerability on board, with only a special pager sequence that stands between the user and sudden death. This suggests simply infiltrating the manufacturer instead. This also has much more favorable lead times and can leverage the manufacturer's resources to that end.

3. Or: There's a pager manufacturer out there with gob-smackingly bad engineering and software on completely stock units, which operatives simply exploited to (sub)lethal effect.

Reply View 6 replies
  • fmobus 3 days ago

    You don't have to intercept a shipment and tamper at large scale with incredible speed if you're posing as the supplier.

    That's what I believe happened. Specially likely if you consider that terrorist orgs are not exactly putting RFPs or doing large orders at legit vendors. That gives you the chance to pose as a helpful supplier that operates on the down low and accepts cash on delivery, etc.

    Reply View 0 replies
  • wut42 3 days ago

    > what pager numbers

    This is where it gets confusing. We all remember the pagers running on cellular/2G networks but it seems that nowadays most pagers are HF devices and mostly broadcast receivers. Quite unclear which one are involved.

    Reply View 4 replies
    • pragma_x 3 days ago

      Good point. I'm kind of a dumb-dumb when it comes to present-day pager tech. I haven't even seen one in decades.

      Let me rephrase the question then: if any measure was made to target just the pagers that were in the hands of Hezbollah, how was that accomplished?

      Reply View 1 reply
      • wut42 3 days ago

        So far all I've seen is speculation that a specific shipment was targeted.

        I'm pretty sure they weren't cellular pagers as they don't seem to be the norm nowadays.

        Reply View 0 replies
    • andrewshadura 3 days ago

      > We all remember the pagers running on cellular/2G networks

      Who does? I'm not aware of pagers running on the GSM network. Maybe they existed, but I don't think they were ever widespread.

      Reply View 1 reply
      • wut42 3 days ago

        You're right. It existed and had a short span of life/fame in some countries but that is all. Most pagers were on their own protocol/frequency. the protocol seems to be mostly the same theses days: POCSAG

        Many commenters here also assumed like I did it was some cellular/SIM devices but it wasn't that much widespread.

        Reply View 0 replies
tw04 3 days ago

>I already wonder if this was anything that was planted in the devices perviously

That seems to be the case with almost complete certainty. They said it was a new batch of pagers that the targets/victims/whatever you choose to call them received in the last few months.

>The pagers that detonated were the latest model brought in by Hezbollah in recent months, three security sources said.

https://www.reuters.com/world/middle-east/dozens-hezbollah-m...

Reply View 0 replies
doubleorseven 3 days ago

> If we try to do what we are best at here at HN, let’s focus the discussion on the technical aspects of it.

Technical? Yes it's interesting but you are missing the biggest part here: how do you convince such a huge organization to switch so many devices? This human engineering is the really interesting part here.

Reply View 14 replies
  • BillSaysThis 3 days ago

    Hezbollah has said some time ago they were switching to pagers because Israel can get inside their cell phones.

    Reply View 13 replies
    • cachvico 3 days ago

      With a statement like that one wonders if Hezbollah leadership itself has been infiltrated.

      Reply View 9 replies
      • kspacewalk2 3 days ago

        Israel has an intelligence agency that's generally recognized to be quite competent. I'm sure it would have taken them approximately 5 minutes to learn from their many spies that a new form of communications is being used.

        Reply View 4 replies
      • tptacek 3 days ago

        The IRGC itself has clearly and spectacularly infiltrated; read the details of the Haniyeh attack. So, yeah, at this point I don't think anyone in the IRGC network can trust anybody else. The messaging here is pretty intense.

        Reply View 0 replies
      • grotorea 3 days ago

        Theoretically, pagers are simpler devices, meaning it would be much easier in principle to analyse both hardware and software to check for issues, unlike a mainstream phone OS which has a bigger software attack area and can have at least some zero day attacks known to a state level actor like Israel.

        Although, if it really was explosive inside the pagers it seems Hezbollah didn't do this.

        Reply View 0 replies
      • axlee 3 days ago

        I mean Israel is behind Pegasus, so it's not exactly a secret that they can get into any cellphone. Israel didn't need to infiltrate Hezbollah, they just needed publicity.

        Reply View 1 reply
        • londons_explore 3 days ago

          You can also find out what your target is using, find some exploits in it and publicize them, then offer a super good deal on an upgraded model.

          Reply View 0 replies
    • jameshart 3 days ago

      If you’ve figured out how to get explosives into pagers, the next question is how do you get your enemy to buy a bunch of new pagers from you.

      They have to want new pagers in a hurry.

      So you just need to convince them that their phones are all already compromised.

      Note that this does not require that their phones actually be compromised.

      Reply View 2 replies
      • doubleorseven 3 days ago

        Exactly. But this buyer is not a regular buyer, he is not getting a tracking number and refreshing some random website to see where it's shipment is. The buyer must have been with the goods from a point before it reached its destinated country. There are so many plays that had to play here in order to orcestrate this. Should make a really good heist movie, just with a different prize at the end.

        Reply View 0 replies
      • detourdog 3 days ago

        You find where the pagers are coming from. They probably had a supply chain going to cycle through pagers. 2,700 pagers being replaced regularly is an easy target.

        Reply View 0 replies
markus_zhang 3 days ago

My hunch is that IL intelligence bought some 3,000 - 4,000 pagers of the same models, fixed them with explosives and trigger systems, and swapped them with the package sent to Hez in the middle of transport or (probably) in the Lebanon distribution center.

So they needed to know: which company manufactured those pagers; which models are sent to Hez; when they were in transport and arrived at the distribution center; which packages went to Hez operatives, and much more information.

BTW rumors says the pagers were manufactured by a Taiwanese company, not confirmed though but some of my friends were able to read from the pictures that show what was left of the pagers.

Reply View 0 replies
bluescrn 3 days ago

If the footage on Twitter is legit, then there was a small detonation, with a bang, not a burning battery with a 'whoosh' and flames. Which indicates that the internals of the pager had been replaced with something rather more explosive than a lithium battery.

Reply View 4 replies
  • burke 3 days ago

    Lithium ion batteries in devices are sandwiched layers enclosed in a kind of 'pouch', right? So what if you manufactured one of these that looked identical to the normal battery, but only had half a battery inside, and the rest of it was plastic explosive. Maybe put a tiny chip in there that, when a particular pattern of current draw happens, fires a detonator. Then, some firmware hack in the device proper that responds to some event and actuates that current draw pattern. It wouldn't even look suspicious if you opened it up.

    Reply View 3 replies
    • bonestamp2 3 days ago

      That's an interesting idea, and it wouldn't even need a firmware hack... a real time clock circuit with a specific date/time to detonate would be simpler and easier to coordinate simultaneous detonation.

      Reply View 0 replies
    • andrewshadura 3 days ago

      Pagers typically ran off regular AA batteries, not Li-Ion stuff.

      Reply View 0 replies
romseb 3 days ago

After seeing some videos of faces and hands that were blown off, it's clear that the tiny batteries could not have caused explosions like this.

Reply View 0 replies
xg15 3 days ago

Haaretz reports that the devices were purchased only recently - and heated up before detonating. [1]

So, that sounds like indicators for both, either a supply-chain attack or malware targeting the battery.

[1] https://www.haaretz.com/israel-news/2024-09-17/ty-article-li...

Reply View 2 replies
  • tptacek 3 days ago

    How much stuff is there to fuck with in a standard, untampered-with pager? Seems unlikely this was pure cyber (and some novel battery hack). And if you need supply chain interception to carry out the attack in the first place, why wouldn't you insert explosives? There's a history of these kinds of attacks.

    Reply View 1 reply
    • xg15 3 days ago

      Yeah, agreed. Also agreeing with the sibling posters that the videos that emerge look nothing like batteries catching fire but rather like actual detonations. Nothing an untampered pager should be able to do.

      Reply View 0 replies
fhub 3 days ago

Shaped charge hidden in the battery casing. Sounds like batteries heated up which is consistent with one method that shaped charges could be detonated. No extra wires needed going into the battery (better concealment).

Reply View 6 replies
  • rendang 3 days ago

    Wouldn't a shaped charge be pointed in a specific direction, and hence could miss depending on the device's position in target's pocket?

    Reply View 4 replies
    • jandrewrogers 3 days ago

      This is unlikely to be a shaped charge, there is not enough space. High explosives are inherently directional depending on the geometry of the explosive and point of detonation. As a practical matter of fitting explosives into a pager, I would expect most of the explosion to be directed perpendicular to the face of the pager in both directions. In almost all cases, carrying or using the pager would put the person directly on the main axis.

      Reply View 0 replies
    • Sakos 3 days ago

      You might prefer a shaped charge to reduce the likelihood of injuring bystanders and to ensure that what little explosive you can fit in there can kill whoever is using it.

      Reply View 0 replies
    • fhub 3 days ago

      Watching the grocery store security video, I think a multi-directional shaped charge is plausible with pressure evident in two directions. But very hard to draw any conclusions.

      Reply View 0 replies
    • meepmorp 3 days ago

      Yeah, everyone talking about shaped charges or (micro-) explosively formed penetrators seems to overlook the fact that, compared to just a regular bomb, they'd be less strictly effective for situations where you can't control the alignment of the charge to the target.

      Don't overthink it - just a bit of RDX and a detonator does wonders.

      Reply View 0 replies
  • mrguyorama 3 days ago

    Most high explosives need a high impact detonation source. You can literally set C4 on fire and it wont explode. It needs high temperature and pressure. And I do not think the 120F that a "hot" battery could get to reliably could trigger a high explosive in a way that wouldn't accidentally trigger beforehand. The middle east is a warm place.

    Reply View 0 replies
wkat4242 3 days ago

Compared to Stuxnet it's also a first where this kind of attack was done at scale. Regardless of the particular target it's of course the question whether this is a desirable practice in cyber warfare. For such a new field there are very few ethical guidelines yet, like we do have for more conventional warfare.

Reply View 58 replies
  • jakeinspace 3 days ago

    Unlike stuxnet, this attack had a lot of non-hezbolah civilian casualties. It’s "targeted" in a sense, but not really much more targeted than a drive-by assassination attempt. Anybody close to these people could have sustained serious injury, and there are reports of children injured and dead. We’ll have to wait for details to emerge.

    Politically, this is the sort of action that invites comparison to conventional terrorism. It also begs the question of why Hezbollah or other actors shouldn’t try a similar attack against civilian targets. It’s almost like a chemical or biological attack, which most countries shy away from because it’s so hard to defend against (a big part of why it’s illegal). No country can perfectly safeguard its supply chain from intentional sabotage.

    I’m afraid that the entire world is a little bit less safe after this move. Maybe Israel is goading Hezbollah into all-out war, who knows, but this affects all of us.

    Reply View 57 replies
    • tptacek 3 days ago

      For a non-infantry massed attack on a military asset, the ratio of military to civilian casualties here is probably going to end up being unprecedented in the history of modern warfare; this will probably end up being an extraordinarily surgical attack by any military standard. Civilians are routinely killed in targeted strikes, because targeted strikes are almost always conducted by air. This attack may end up being distinguished by how few civilians were harmed.

      Neither Israel nor Hezbollah is mobilized for all-out war here. Hezbollah is depleted from its disastrous efforts in Syria; Israel is fully committed to combat operations in Gaza. The north of Israel has been evacuated for months because of indiscriminate rocket attacks from Hezbollah. Hezbollah is an arm of the IRGC, which is more or less at open war with Israel. If either side could have launched an all-out assault (or, I mean, a more conventional all-out assault than this one), they would have done so already.

      Reply View 12 replies
      • dotancohen 3 days ago

          > Hezbollah is depleted from its disastrous efforts in Syria
        From what I understand this is inaccurate. Prior to the events of today, Hezbollah moral is very high and they have plenty of armaments from Iran - everything from small arms and uniforms to long-range rockets and drones. In fact, they even produce a very nice local drone made from foam and duct tape - literally.
        Reply View 1 reply
        • tptacek 3 days ago

          They lost double digit percentages of their fighting forces, with several thousand additional casualties in non-Hezbollah Lebanese military and paramilitary forces. I'm sure they can duct tape drones together or whatnot, but there are reasons Hezbollah has --- quite notably at this point! lots of stories written! --- not escalated in the south even as the conflict between Iran and Israel heats up.

          Reply View 0 replies
      • rurp 3 days ago

        > Hezbollah is depleted from its disastrous efforts in Syria;

        There is an awful lot of reporting stating the opposite of this, and I haven't really seen anything credible questioning the fact that Hezbollah has many thousands of missiles and rockets at the ready, along with a sizable number of competent fighters. In fact, the threat from Hezbollah is widely considered one of the largest deterrents Iran has against a direct attack from Israel.

        Despite their potential to harm Israel, the group would almost certainly lose an all out war against the IDF. Many if not most of the members would be killed in such a conflict and Lebanon would be plunged into a war zone. So it's easy to see why Hezbollah would be hesitant to get into a full scale war, despite their combat potential.

        Since 10/7 a number of top Israeli officials have advocated for a preemptive assault on Hezbollah. So far they have lost the argument but it still could conceivably happen at any time. Eliminating the looming threat and allowing civilians to return to the north are compelling reasons, but the risk of heavy losses and getting bogged down into another quagmire in Lebanon are serious concerns.

        Reply View 1 reply
        • tptacek 3 days ago

          The last time Israel and Hezbollah fought, it was a stalemate.

          Reply View 0 replies
    • dotancohen 3 days ago

        > Unlike stuxnet, this attack had a lot of non-hezbolah civilian casualties. It’s "targeted" in a sense, but not really much more targeted than a drive-by assassination attempt.
      You should know that Hezbollah recently shot a rocket at an Israeli playground, 12 or 13 children were killed. The chance of a few civilians being injured is calculated against preventing the enemy from dropping another rocket on another playground.

      I read the news in Arabic, there are credible reports of an 8 year old girl being killed in this attack. I haven't seen that yet in English language news. That is a horrible price to pay. But it is part of a calculated risk that, as per those same news sources, killed between 10 to 12 Hezbollah operatives and injured 2700 more.

      Reply View 0 replies
    • wkat4242 3 days ago

      Stuxnet didn't have a lot of civilian casualties (if any?) but it did cause a lot of monetary damage to civilian companies.

      However this was of course unintended, the malware was never meant to make it out to the wider world.

      Reply View 2 replies
      • pesfandiar 3 days ago

        It's implausible that any "civilian" company was involved. Pretty much all companies involved in the Iranian infrastructure, especially covert nuclear projects, are directly or indirectly owned by IRGC.

        Reply View 1 reply
        • wkat4242 3 days ago

          Yes but Stuxnet escaped to the internet and infected a lot of Western companies. This is in fact how we even know about it at all.

          That's the damage I'm talking about.

          Reply View 0 replies
    • frabbit 3 days ago

      That's a good summary of the dangers of normalizing the actions that previously were the domain of only terrorists. The world works because most countries and people rejected amoral results-based reasoning and considered such actions in the light of another dimension: morality. It's difficult to define, but there was some sort of consensus. How long those agreements, formal and simply normative, will last remains to be seen. I do not look forward to their further erosion.

      Reply View 22 replies
      • tptacek 3 days ago

        It does not make a whole lot of sense to distinguish the explosives packed into the warhead of an AGM-114 Hellfire missile from those of an explosive vest or a compromised pager. What distinguishes terrorism from military action is target selection, not weapons choice.

        Reply View 8 replies
      • nradov 3 days ago

        Historically there has never been any such moral consensus in the Middle East. It's been a continuous series of wars, massacres, and terrorism going back millennia — since long before Hezbollah or the modern state of Israel even existed.

        Reply View 12 replies
    • zer8k 3 days ago

      Hezbollah already attacks civilians indiscriminately for one. Second, "won't someone think of the children" is a tired argument. Hate to be that guy - but maybe this will be a lesson on allowing these terrorists to roam your streets. Avoiding civilian death in a warzone is an impossibility. Limiting it is all you can do. Knowing that, this was an absolutely amazing job at target selection. Of all methods of target selection this is probably the most precise you can get with the exception of snipers, AGM-114-R9X, etc. The psychological damage from this attack alone is probably worth more than any other method. Hezbollah will be crippled at least temporarily and likely afraid to use any technology they don't control the supply chain for.

      > which most countries shy away from because it’s so hard to defend against

      This is not why. It's shied away from because it's extremely difficult to target effectively without causing mass unwanted causalities and the associated killing mechanism is considered cruel and unusual. "Being hard to defend against" is exactly something factored in with weapons. Why would I want to use a weapon that is easy to defend against? If that's the case, the US would march with clubs and bows, you know, "to make things fair".

      Reply View 0 replies
    • myth_drannon 3 days ago

      You are assuming they didn't try, which is incorrect. Cyber attacks on water filtration plants attacks were done for example.

      Reply View 0 replies
    • grotorea 3 days ago

      I feel this is just one more step away from "wild" globalized products and towards supply chain safety.

      Reply View 0 replies
    • ars 3 days ago

      I've seen multiple videos of the explosions, even people standing directly next to the target were not hurt.

      Contrary to what you said, this is pretty much the ultimate in targeted attacks.

      Reply View 0 replies
    • saintradon 3 days ago

      Completely disagree. I cannot think of a more successful, large scale, targeted attack in recent memory. The engineering behind this was incredible.

      Reply View 1 reply
      • jakeinspace 3 days ago

        It was successful clearly, not disagreeing with that. So were Hiroshima and Nagasaki. My point was more that this is a truly significant line that has been crossed for the first time by a major military at this scale. People comparing this to isolated assassinations with booby trapped phones, or to wiretapping and other surveillance, are massively downplaying this.

        Reply View 0 replies
    • spidersenses 3 days ago

      [flagged]

      Reply View 9 replies
      • shihab 3 days ago

        Hezbollah is a political org, part of the government. Many hospitals, nurses were carrying those pagers.

        And, the only well-known fake child death scandal was the one fabricated by Israel aka 40 beheaded babies, babies baked in oven etc- scandals used to justify the real mass killing of over 10,000 palestinian children by now. Can you point to any well known, well-distributed "Pallywood" incident involving children?

        Reply View 1 reply
      • shadowgovt 3 days ago

        Based on the video shared by Reuters, I'm not seeing anything that would focus the attack to the pager's carrier. Anyone standing next to the target would also risk severe injury or death.

        ETA: I should perhaps clarify: focus the attack exclusively on the pager's carrier. It does appear to be modestly shaped in some way (in that we're not seeing the pagers go up in a 2-meter-radius fireball), but it's also not contained exclusively to the carrier, has no verification that the carrier is holding the device, etc. Whether one considers that "focused" is left as an exercise for the reader. Certainly more focused than a rocket; a bit less focused than poison.

        Reply View 6 replies
esalman 3 days ago

> If we try to do what we are best at here at HN

People like Einstein and Oppenheimer would disagree. We are humans first and not tech workers, the best we can do is to try prevent humans tragedies unfolding everyday.

Reply View 0 replies
mattmaroon 3 days ago

My other thought is that these probably came from the Iranian military, and it’s quite possible the Iranian military puts explosives in them so they can remotely detonate one that falls into enemy hands. And that Isreal simply found out about this and managed to figure out how to activate that.

Reply View 1 reply
  • XorNot 3 days ago

    This is reaching. How would this mechanism even work? If the enemy has control of a communications device then (1) they've had it and you didn't know for some time and (2) they already know how it works. There's no benefit to putting a self-destruct mechanism into such a thing, since if you know it's compromised then you just stop messaging it.

    The self-destruct is pointless, because you can't even verify that it was successful and you have no actual technology to protect (unlike say, US military drones which self-destruct to protect technological details of their construction - and the US would still prefer to commit a mission to bombing a crash site to be sure if they can).

    Basically you answer your own problem: the most likely outcome of a self-destruct mechanism is that it goes off accidentally against your own forces, or gets exploited - while it would deliver no actual benefit to you.

    Which is to say: when analyzing an adversaries likely actions you don't start by assuming they're stupid or irrational (which is different from whether or not their overall goals might be stupid or irrational).

    Reply View 0 replies
AndrewKemendo 3 days ago

Militaries around the world have robust networks to infiltrate supply chains for sabotage. It’s kind of a basic part of the whole intelligence covert and clandestine operations capabilities expected of a “first world” nation.

Israel is one of the better countries at doing this undetected so, no surprises here.

Reply View 0 replies
flohofwoe 3 days ago

First thing I thought of were the exploding PCs from Die Hard 4. Back then it was such a ridiculous thing, but here we are ;)

Reply View 0 replies
megous 3 days ago

If it's basically a remotely controlled IED via a public communication network, then there's nothing technically interesting about that, really.

But the aspect of some supposedly civilized state staging a mass terror attack via a remotely controlled IEDs, putting suddenly thousands of people, many of them civilians (yes, Hezballah are also civilians, because they're a major political party in Lebanon) into hospital, killing ~10, critically infuring ~200, is way more interesting.

You can generate many questions about that aspect. Like the whole why on both strategic and tactical levels? How does this fit with the international law? Why are people kinda chill about this?

Re the response below: No proof of specific targeting of combatants, yet. No proof of any attempt to not affect bystanders, etc. Yet, there are videos of bombs exploding while people are shopping with children around, etc. Pretty much indiscriminate.

Definitely not battery burnings: https://t.me/hamza20300/293409 these are the scale/type of injuries that this caused. (Two children there just in this single scene in one hospital, so beware.)

Reply View 15 replies
  • baltimore 3 days ago

    No, a mass terror attack would indiscriminately target victims. This is almost entirely opposite -- an organization widely recognized as a terrorist group (1) is narrowly targeted.

    (1) https://en.wikipedia.org/wiki/List_of_designated_terrorist_g...

    Reply View 7 replies
    • ithkuil 3 days ago

      Also because one would have to weigh the alternative.

      Imagine Israel declared an old fashioned war against Lebanon as response to the missile strikes originated from its territory.

      I think the number of civilian casualties of a conventional "legal" war would be much much higher than the collateral damage of this operation.

      Now, does that make it "right"? To me war is horror and is to avoid at all cost. Is a smaller horror a cost one's willing to pay to avoid a bigger horror? Hard to say. But I think it's still important to at least try to see things in a broader context otherwise we may never understand why people on the ground make the choices they do.

      Reply View 0 replies
  • wing-_-nuts 3 days ago

    >Hezballah are also civilians, because they're a major political party in Lebanon

    That's an interesting take. Are you saying hamas are also civilians because they're the major political party in gaza?

    Reply View 6 replies
    • ChocolateGod 3 days ago

      I would argue that Hamas has gone from being an organised terrorist group to being an idea.

      Gaza has a very young population growing up with the current war, some (not all) will be radicalized by what they experienced growing up.

      Reply View 0 replies
    • solarpunk 3 days ago

      hamas is the governing body of gaza, so any government workers would technically be hamas.

      don't confuse post office workers for military personnel just cuz they work for the government.

      Reply View 2 replies
    • fwip 3 days ago

      Many of them, yes.

      Reply View 0 replies
more_corn 3 days ago

I find it extremely unlikely that this was done with the native capabilities and equipment in the devices. It would be extremely interesting if it were. A far simpler explanation would be explosives implanted en-route.

Reply View 1 reply
  • XorNot 3 days ago

    The more interesting question is whether any sort of remote-detonate capability was involved, or this was just timed explosives.

    If you look at something like this [1], then the obvious way to do this is to replace one of the NiMH batteries with a lithium cell providing the full output voltage, and replace the other cell with the explosive payload.

    A basic timer set them off, and installation would be straightforward. You could probably even arrange this to not be distinguishable on X-Ray by playing with the structure of the explosive device so it would look like a battery.

    Getting a little fancier, setting your timer up so the pager "waits for a page" by current draw (from say, the buzzer motor) would be a way to try and ensure the user was holding it near their face before it went off.

    What's missing in the current reporting is whether this was simultaneous, keyed to a page, or what have you.

    [1] https://store.jtech.com/jtech-guestcall-pager-nimh-battery-5...

    Reply View 0 replies
loodish 3 days ago

The implications of weaponising a lithium battery, which seems like what was done, are potentially really significant.

Lithium batteries are everywhere, most of them significantly larger than the one in a small pager. This includes secure environments like military/intelligence facilities and aircraft.

Proof that a lithium battery pack can be weaponised as a bomb, in a way that avoids easy detection, should be a significant concern to anyone who tries to maintain the security of those spaces.

Reply View 0 replies
dyauspitr 3 days ago

I don’t think there’s anything in a standard pager to cause an explosion large enough to injure ~3000 people. This is almost certainly an explosive added to them at some point.

Reply View 0 replies
acyou 3 days ago

For manufactured cells, integrated safety devices would likely preclude such a fault.

People say they have seen cells explode, but don't realize those are probably highly engineered failure modes (the cells are/need to be specifically designed not to explode).

It's why people are burned by consumer product battery fires, and die from fire, but I think death from explosion of consumer products is rarer.

Reply View 0 replies
humansareok1 3 days ago

Having seen some of the aftermath I find it extremely hard to believe this was the result of overloading batteries. It looks like small grenades exploded in their hands. If lithium batteries can indeed explode like this I would suspect no one would ever carry one again after this. They should certainly be illegal to have on planes for example.

Reply View 0 replies
jhaand 2 days ago

Has anyone find the FCC ID or manual on the AR924 Rugged pager? CNN mentions that they sold 220,000 units world wide, including the US. And there's nothing about the thing for both FCC and CE.

Reply View 0 replies
uoaei 3 days ago

There is no way an unaltered pager has enough potential to explode in any way that could be harmful using a software-based exploit. Unless somehow the BMS (even if there was one) allowed you to short the battery with software, which seems really stupid to design into such a system.

Reply View 0 replies
pts_ 3 days ago

It's supply chain attack meets the physical world, and now might be replicated.

Reply View 0 replies
ChrisMarshallNY 3 days ago

I suspect supply-chain attack (probably started some time ago), combined with a pager signal software hack.

I really hope that they didn't figure out a way to make unmodified kit explode, because it would only be a matter of time, before our devices were blowing up everywhere, as folks do it for the lulz.

Reply View 2 replies
  • FrameworkFred 3 days ago

    I agree on both points and it's worth noting the cell phone in everyone's pocket has a lot more battery in it than a pager does.

    IF this was truly done to unmodified pagers, then we ALL probably need to reconsider how we use and carry our phones and what the mAh rating on our batteries implies in the context of a similar attack.

    Reply View 0 replies
  • tamimio 3 days ago

    > they didn't figure out a way to make unmodified kit explode

    I don’t think so no, just observing the aftermath of each shows that it was modified. Also, assuming it was unmodified way, it will go both ways so I doubt it.

    Reply View 0 replies
gslepak 3 days ago

> let’s focus the discussion on the technical aspects of it.

The headline chosen here is already biased: "Dozens of _Hezbollah members_ [..]"

Anyone following this closely can see that plenty other title choices could be used. There are headlines that would be credibly neutral, headlines that favor the IDF, and headlines that favor Hezbollah. HN is currently choosing to go with a non-neutral, non-technical headline for this story. Maybe we should make the headline neutral as well before telling the commenters to focus solely on the technicals?

If you don't understand what I'm referring to, look at some of the downvoted and hidden comments here.

Reply View 3 replies
  • TwentyPosts 3 days ago

    Honestly struggling to comprehend how this one isn't neutral.

    As far as we know this was a supply-chain attack specifically on military pagers actively used by Hezbollah, and (right now) it looks like most injured are in fact Hezbollah members (which makes sense, since no one else has any reason to carry such a pager). (With some sad and unfortunate exceptions.)

    Reply View 2 replies
    • gslepak 2 days ago

      After I posted my comment the title was updated to be a little bit more neutral.

      The previous headline was emphasizing a little too strongly the assumption that this attack was against Hezbollah only, and as you mention there are "exceptions", meaning, civilians and non-militants (including children) were killed and injured.

      EDIT: in other words, the headline is/was written with the assumption that whoever was attacked was a member of Hezbollah, but this isn't true.

      Reply View 1 reply
anewguy9000 3 days ago

we could also talk about the technical aspects of the nazi gas chambers, but maybe its only human if first we condemn this for what it is, a war crime. i for one am sick of the normalization of it

Reply View 1 reply
NelsonMinar 3 days ago

I wonder what Israel did to ensure that only legitimate targets were harmed by the sabotaged pagers.

Reply View 24 replies
  • rdtsc 3 days ago

    Would we be surprised if the answer is “nothing”.

    Of course we can read anything we want from the silence, as it’s unlike we’re getting any details about it. Anything in the range of “of course they did, we’re talking about a civilized country” to “of course they didn’t, how could they”.

    Reply View 2 replies
  • yoavm 3 days ago

    The fact that these pagers were to be used by Hezbollah is what they did.

    Reply View 0 replies
  • [removed] 3 days ago
    [deleted]
    Reply View 0 replies
  • swarnie 3 days ago

    [flagged]

    Reply View 1 reply
    • astrange 3 days ago

      Iraq War deaths are actually kind of lower than you'd expect them to be. Low enough if that if you want to score him, GWB is net positive because of PEPFAR. It's so good it saved many more lives than even two pointless wars lost.

      Reply View 0 replies
  • ars 3 days ago

    These pagers were distributed only to Hezbollah members, these were not just standard pagers anyone could buy.

    Reply View 15 replies
    • NelsonMinar 3 days ago

      Do you have a reference for that? And does it explain how Israel's assassins were sure none of the pagers weren't resold, nor given away, nor that someone's kid was playing with it?

      Reply View 0 replies
    • seo-speedwagon 3 days ago

      Hezbollah also has a massive social services wing, operating hospitals, schools, etc. I'd keep that in mind when hitching my wagon to this line of thinking.

      Reply View 4 replies
      • ars 3 days ago

        Those people aren't getting a secure one-way pager giving them secret messages.

        They use a standard phone.

        Reply View 3 replies
    • sureglymop 3 days ago

      Even though I personally doubt this statement, care to explain how that would possibly be enough? If an explosion happens, everyone in range is hit.

      Reply View 6 replies
      • s1artibartfast 3 days ago

        "Enough" to meet what criteria? A couple foot blast on handheld device on a military personnel is brain surgery in comparison to typical rockets with accuracy and blast radii measured in double digit meters

        Reply View 0 replies
      • tptacek 3 days ago

        Hezbollah operates a parallel telecommunications network. They are not a terrorist group so much as the de facto government of Lebanon and a parallel armed forces. It is unlikely that anyone unaffiliated with Hezbollah could have used these pagers.

        Reply View 1 reply
        • jknoepfler 3 days ago

          like I don't know, someone's spouse or child? Someone standing next to the thing when it's sitting on a night stand?

          Reply View 0 replies
      • jandrewrogers 3 days ago

        Small charges (measured in grams) are extremely local and typically highly directional. They have a distinctive signature that is in evidence here. It isn't like a giant bomb going off.

        Reply View 0 replies
      • yoavm 3 days ago

        With the size of these explosions, the "range" seems very small.

        Reply View 0 replies
    • jknoepfler 3 days ago

      you realize they exploded, right? potentially as someone's child was nearby. or playing with it. or in the middle of a grocery story.

      Reply View 0 replies
limit499karma 3 days ago

[flagged]

Reply View 5 replies
  • almogo 3 days ago

    The pagers were carried specifically by Hezbollah operatives. You can't be both an innocent member of the general public and an operative of a paramilitary org at the same time.

    Reply View 4 replies
    • colordrops 3 days ago

      So you are saying that if hezbollah exploded weapons on off-duty military walking around in malls and hospitals in the US it would not be terrorism? Because that's exactly what happened here.

      Reply View 0 replies
    • limit499karma 3 days ago

      [flagged]

      Reply View 2 replies
      • tptacek 3 days ago

        Where are you reading that these devices were on "store shelves"? Why would they be? Hezbollah doesn't buy their pagers retail, do they?

        i edited some certainty out of this

        Reply View 1 reply
curiousgal 3 days ago

[flagged]

Reply View 6 replies
  • shadowgovt 3 days ago

    A bunch of explosives strapped to pagers wouldn't have succeeded in the way this attack did; it'd have been way too obvious. It'll be interesting to find out (if we ever do) how they modified the pagers to hide the payload.

    Reply View 0 replies
  • IncreasePosts 3 days ago

    Was this pager attack worse than October 7th?

    Reply View 4 replies
    • lawlessone 3 days ago

      October 7th was obviously far worse. But I don't think people would agree that police should stoop to same levels of criminals.

      It wouldn't be considered a success if police stopped a bank robbery by killing bystanders.

      Reply View 1 reply
      • catlikesshrimp 3 days ago

        What is following October 7th (so far, today included) is far worse. And worst of all, it won't be over anytime soon.

        Reply View 0 replies
    • curiousgal 3 days ago

      No. October 7th made me sympathize with Israel. What followed that made defending Israel impossible.

      Reply View 0 replies
hello_computer 3 days ago

[flagged]

Reply View 4 replies
  • batch12 3 days ago

    Understanding how the attack was carried out is the first step to identifying the vulnerability/risk/threat so it can be prevented. You don't have to be an expert or defer to experts in everything to be allowed to talk about it.

    Reply View 3 replies
    • hello_computer 3 days ago

      It’s not quantum mechanics. They put bombs inside pagers and pressed a button.

      Reply View 2 replies
      • batch12 3 days ago

        I must have missed the comment related to quantum mechanics. If not, you're twisting the conversation. The discussion I've seen so far has been to speculate whether someone put bombs inside pagers or if stock devices were manipulated to make them explode. The comment I replied to implied that only "expert killers" should be having this discussion, whatever that means.

        Edit: The reason the difference is worth discussion is because one is a targeted supply chain attack and the other is a vulnerability that could be exploited to cause even more harm.

        Reply View 1 reply
frabbit 3 days ago

[flagged]

Reply View 15 replies
  • __alexs 3 days ago

    It seems somewhat plausible that Israel somehow managed to sabotage a pallet of pagers they knew were going to be distributed to people involved terrorism. If so the number of bystanders injured might be relatively low and the number of legitimate targets injured or killed could be quite high.

    Having said that it also seems quite plausible that Israel just knew that some particular brand of pagers in some region of Lebanon was used by their targets, and so they just sabotaged thousands of them in the vague hope that they would get a hit.

    I suspect we will never get enough info about how this attack was carried out to know.

    Reply View 0 replies
  • bluescrn 3 days ago

    Seems much more precisely targeted than rocket attacks.

    Reply View 9 replies
  • mschuster91 3 days ago

    > Sure, let's look at processes, outcomes and efficiencies. So far we have 1 dead 10-year old girl and some other civilians.

    Unreliable number of terrorists aside, by more than a few reports the Lebanese ambassador to Iran [1]... not good looks for a government constantly claiming to have no relationship with Hezbollah.

    [1] https://www.yahoo.com/news/irans-ambassador-lebanon-injured-...

    Reply View 0 replies
  • elliekelly 3 days ago

    Maybe future iterations of this attack will include facial recognition to determine user age > ~18?

    Reply View 2 replies
AdmiralAsshat 3 days ago

[flagged]

Reply View 7 replies
  • dredmorbius 3 days ago

    I'm among those who often despairs that HN cannot address trenchant political issues, or aspects of stories. I really wish it could do better.

    That said, if you do want to discuss those issues, the best way is to do so with an extreme awareness of HN's comment guidelines and provide a highly constructive example for others to follow. Complaining about others generally doesn't have that effect. Responding to complaints of others, even constructively, is at best marginally effective as well, of course.

    I'll be the first to admit that the politics of the Middle East is exceedingly complex, most hats are at best grey, and I find myself often critical, occasionally impressed and supportive of, various parties.

    One factor which might help is distinguishing direct beligerants and forces (regular or irregular) and political factions on the one hand from the civilian populations at large on the other (both sides face a high degree of risk, whether as collateral damage or as direct targets).

    I'd also strongly urge all to downvote and flag clear agitation and of course nationalistic flamewars, as dang so very often admonishes: <https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...>.

    Reply View 1 reply
    • dredmorbius 3 days ago

      Also if I can make a late addition: vouch for comments which you believe may have been unfairly flagged or killed. That also happens on Highly Contentious Discussions.

      AFAIU mods see flags and vouches and will occasionally step in. Their bandwidth is limited however.

      (I've emailed dang over this moderation issue, and in the case of this specific story. The mods do what they can.)

      Reply View 0 replies
  • DrSiemer 3 days ago

    Yes, we would have referred them to the proper channels to discuss the morals and ethics of it all. Those subjects inevitably lead to bitter arguments. Keeping politics out is the only way to keep this platform sane.

    Reply View 3 replies
    • tdeck 3 days ago

      When I think of sane people, I don't think of people who ignore the moral and ethical implications of thousands of deaths.

      Reply View 1 reply
      • throw10920 3 days ago

        Nobody is ignoring anything - this is just the wrong place for discussion. The HN guidelines (https://news.ycombinator.com/newsguidelines.html) clearly state that politics and flamewars are off-topic, and that HN is for intellectual curiosity. Moral outrage and ideological warfare are categorically inappropriate for HN.

        As the poster correctly points out, "Keeping politics out is the only way to keep this platform sane." - these guidelines are why HN hasn't degenerated into Reddit.

        If you can't respect the guidelines, you shouldn't comment.

        Reply View 0 replies
    • arp242 3 days ago

      Just deal with the people who completely lose their shit on topics such as these.

      Injecting copious amounts of vitriol is exactly how you can make people shut up about the entire thing.

      Reply View 0 replies
Previous