Comment by mmastrac

Comment by mmastrac 3 days ago

131 replies

View on Hacker News

That's an impressive supply-chain hack. Spend years showing how insecure modern telecom devices are and scare your enemy into going old-school, receive-only. Set up a shell company to sell pagers to your enemy's shell company. Give them devices implanted with a small explosive charge pointed inward, knowing they will be worn around the waist most of the time.

Hack the backend server, send a coordinated page to all the pagers at the same time. You've just injured and identified most of your enemies, incapacitated them, completely broken their communication network and effectively given you weeks of disarray to do whatever you want to further disrupt them.

You have to hand it to them -- it's a clever strategy with minimal casualties outside of your enemy. This is a Stuxnet-level hack that we'll probably never fully understand.

captainkrtek 3 days ago

> You have to hand it to them -- it's a clever strategy with minimal casualties outside of your enemy

I agree it’s clever, but there are reports now of thousands wounded. Feels like a lot of collateral risk, if these people who were targeted were out and about (grocery shopping, bank, etc.)

Reply View 84 replies
  • pdabbadabba 3 days ago

    I have no doubt that innocent civilians have been injured. But it's also worth noting that there are thousands of Hezbollah members, so the number alone doesn't necessarily tell us much about the number of civilians injured. (Similar to the casualty figures that come out of Gaza.)

    I hate the idea of any innocent civilian being injured. But it might also be instructive to consider the alternative: if Israel wanted to achieve similar results via a conventional war against Hezbollah, it seems virtually guaranteed that far more innocent people would have been injured and killed—not to mention the Israeli civilians on the other side, whose lives also matter.

    Reply View 37 replies
    • random_upvoter 3 days ago

      > if Israel wanted to achieve similar results via a conventional war against Hezbollah, it seems virtually guaranteed that far more innocent people would have been injured and killed

      "It's OK that Israel causes excessive amounts of civilian casualties, because in the alternative scenario Israel would also cause excessive amounts of civilian casualties"

      Reply View 32 replies
      • pdabbadabba 3 days ago

        I don't find it very persuasive to simply assume that the casualties are "excessive." Whether they are actually excessive is really the whole issue. As of right now, there is no strong evidence that I'm aware of that the injuries from today's attack are "excessive" much less those of a different purely hypothetical attack.

        And even then: to judge whether casualties are excessive requires an understanding of the goal to be achieved, which is almost completely absent from this discussion.

        Reply View 15 replies
      • ineedasername 3 days ago

        Why isn't it better to cause fewer civilian casualties &/or those of lesser severity than a shooting fight or missile attack?[1] Given the situation has already degenerated to its current state where fighting is the status quo and all options lead to innocent casualties then minimizing those is the horrible "OK" option. Not okay in the sense of desirable, not okay in the sense that things should never have degenerate to this level to begin with, only okay as the less horrible option.

        [1] Videos show the explosions highly limited in their ability to cause injuries as bad as a bullet to anyone ever a foot or two away from the explosions, much less than I would expect from anything more conventional.

        Reply View 0 replies
      • energy123 3 days ago

        Israel isn't causing any civilian casualties in South Lebanon. Hezbollah declaring war on Israel by firing rockets onto civilian areas since the 8th of October caused them.

        Reply View 0 replies
      • plutokras 2 days ago

        People keep bringing up the same argument about dropping nukes on Japanese cities, and it seems like the world just accepted it.

        Reply View 0 replies
      • Beefin 2 days ago

        my family was evacuated due to incessant rocket fire in the golan heights, hezzbollah has been firing indiscriminately since 10/8 do you have any alternative?

        Reply View 0 replies
    • cpill 3 days ago

      I guess the real advantage for Israel here is that they attack in a country they are not at war with without starting a war with that country.

      Reply View 1 reply
      • BurningFrog 3 days ago

        Israel is definitely at war with Hezbollah.

        Hezbollah is of course not a country (though they're a proxy for Iran), but they occupy parts of Lebanon, so you can't attack them without attacking Lebanon.

        Reply View 0 replies
    • whoitwas 2 days ago

      Terrorism isn't okay. We should have that standard. Just as violence against in general isn't okay.

      Reply View 0 replies
  • fshbbdssbbgdd 3 days ago

    I wonder if people are unaware that Hezbollah and Israel have been shooting rockets at each other for months. There are roughly 1000 deaths in the conflict and hundreds of thousands of civilians evacuated. If we’re talking about harms to civilians, this incident is probably small compared to the war overall.

    Reply View 0 replies
  • raxxorraxor 2 days ago

    These are Hezbollah pagers and Hezbollah only exists to terrorize Israel and it is their sole purpose. Of course there is still a danger of collateral risk, but I don't think it can get much more targeted.

    Reply View 3 replies
    • sa-mao 2 days ago

      "Hezbollah only exists to terrorise Israel and it is their sole purpose." This is a very curious take, what makes you think a group of hundreds of thousands of people, investing so much time, efforts and resources, exposing themselves and their loved ones to fatal risks just to terrorise Israel?

      Reply View 2 replies
      • raxxorraxor 2 days ago

        Eh, the history isn't a secret and the reason is that they are religious fundamentalists:

        https://en.wikipedia.org/wiki/Hezbollah

        > According to Hezbollah's Deputy-General, Naim Qassem, the struggle against Israel is a core belief of Hezbollah and the central rationale of Hezbollah's existence.

        I tend to believe their own statement on this matter. Where do you see wiggle room for another argument? Or even to find the argument "curious"? What is curious about it?

        Reply View 0 replies
      • paulcole 2 days ago

        Only on HN, “This is curious. Why would people do an irrational thing similar to the irrational things that people have done for the entirety of human existence?”

        A mystery indeed.

        Reply View 0 replies
  • ignoramous 3 days ago

    Looks like Lebanese civilians have indeed been injured/maimed; but it appears cool to some since it is an "impressive supply-chain hack", so let's leave it at that and not call it terrorism.

    Reply View 40 replies
    • csmpltn 3 days ago

      You could've labeled it terrorism had Lebanon and Israel weren't at war with each other over the past 12 months, and had the people carrying those devices were random uninvolved civilians.

      If you were to consider the fact that Hezbollah has been shelling Israeli cities and civilians on a daily basis for the past 12 months (killing many, also children, and driving hundreds of thousands of people out of their homes), with the UN peacekeeping force failing to keep Hezbollah north of the Litani river - then perhaps you would understand that this is likely as close as you can get to a "precision strike" on an enemy you're at war with.

      This may in-fact be the most precise military strike on an enemy paramilitary group in the history of modern warfare.

      You either have a very unrealistic idea of what a war actually looks like (0% civilians casualties or injuries), or an agenda.

      Reply View 34 replies
      • captainkrtek 3 days ago

        The unfortunate thing is that regardless of politics, this will be seen as further escalation that ratchets up the risk of greater regional conflict. All wars eventually end, its just a question of how long, and how much death (both militarily and civilian) will be endured by everyone in the region. I hope there are diplomatic possibilities to de-escalate, but it seems those windows are closing.

        Reply View 1 reply
        • coding123 3 days ago

          I don't know - it would seem that the wars there don't end, it's just continuous with intermittent slow downs.

          Reply View 0 replies
      • ignoramous 3 days ago

        Let's just say, I don't believe war is a cover for terrorism against any peoples, be it in the West or East, Arab or Caucasian.

        Reply View 8 replies
      • shihab 3 days ago

        do you realize that nurses in hospital, civil servants workers are among people carrying this device? That not all, not even majority of Hizbollah personnel have no military responsibility whatsoever?

        Reply View 16 replies
      • jajko 3 days ago

        Terrorism definition is independent of whether there is ongoing war or not, lets not divert the subject with simple whataboutism.

        We all know what happened, on both sides, including deaths of tens of thousands of civilians including thousands of palestinian children who did fuck nothing to anybody, just were born at bad place at bad time.

        What would be enough kill ratio israeli : palestinian civilian, or even better israeli civilian : palestinian kid/baby that would satiate Israeli government to stop the war? Very conservative estimates put deaths of direct US invasions of Afghanistan and Iraq to around 500k, meaning its 500:3 ratio and factual defeat of US army to withdraw and cut losses. So thats the threshold of civilized western world? Israel already surpassed that long time ago.

        They can't and won't win with Hamas and they know it, its exactly same situation as Taliban, ISIS etc. Regroup, strike back, stronger, smarter, better equipped, more motivated. Spiral of death can go on and on till there is nobody standing on neither side.

        If I had to choose where the next nuclear detonation happens it would be for me 50:50 Ukraine : Israel, and this is how you get there.

        Reply View 1 reply
    • ericmcer 3 days ago

      Violence has been probably the biggest driver of innovation for us as a species. I would categorize thousands of weapons as "cool" viewed dispassionately. Aircraft carriers, Fighter Jets, Cruise missiles. They are all definitely cool when viewed from afar.

      Reply View 0 replies
    • ridiculous_leke 3 days ago

      By that reasoning even Churchill is a terrorist.

      Reply View 2 replies
      • cassepipe 3 days ago

        Which they would probably agree to. Purists do not care for practical matters such arbitrating what would be the best course of action in order to have the less casualties because for them the only acceptable number of casualties is zero because any war and casualty is immoral.

        I have sympathy for this kind of reasoning because it's been mine for a long time. There is something important for the preservation of the self in refusing all kinds of wrong in the world. The problem is that by refusing to engage with the world, they can affect nothing (and probably accept that, everybody should just stop being immoral, that's easy in their mind)

        Reply View 0 replies
      • Arubis 3 days ago

        If you include his treatment of subjects of the British Raj, there’s plenty of folks that will agree with that labeling.

        Reply View 0 replies
koolba 3 days ago

> Hack the backend server, send a coordinated page to all the pagers at the same time.

You likely don’t even need to hack anything if you coordinate based on time. A built in clock would eliminate the need for any external signal and work in a, no pun intended, dead zone.

If the pager itself is hacked, the software could also pretend to receive a page a moment before detonation to maximize the chance the device is held with the receiver in the open.

Reply View 15 replies
  • bilinguliar 3 days ago

    It most likely just received a code message that triggered the device.

    Reply View 0 replies
  • make3 3 days ago

    if you physically control the pager I don't even think it's called hacking anymore. you can change the hardware and software willy nilly. put an extra SIM that you control in there, and call it. put a radio receiver. a timer. heck, a dog whistle audio detector, you blow it and they blow up. infinite possibilities.

    Reply View 2 replies
    • blantonl 3 days ago

      Pagers don't have SIMs, they are simply programmed with a "Cap Code" which is basically the address of the pager.

      Pagers can be programmed with multiple cap codes, and can function differently based on which cap code address receives a message. For instance, a single cap code could be programmed to just vibrate the pager, vs an audible alert.

      Pagers are sent out via very high power distributed transmitters as one way transmissions simulcasted transmissions.

      The format is typically:

      [CAP CODE] - Message

      That's literally it.

      Reply View 0 replies
    • CydeWeys 3 days ago

      I mean they probably did hack to some degree the default software/hardware in the pager to get it to do something nonstandard. I doubt they have access to the full source code and build stack of the OG pager, so even just modifying the software running on it to do something different is indeed a hack.

      Reply View 0 replies
  • ars 3 days ago

    It wasn't time based. Videos show the pager making some kind of signal or message that caused the person holding it to look at it.

    Reply View 8 replies
    • anigbrowl 3 days ago

      That doesn't follow. You could have a timer that causes the pager to vibrate as if it had received a message or an alarm had rung. That would make the attack simpler, in that one wouldn't also have to compromise (or risk leaving traces in) the phone system to activate thousands of pagers.

      Reply View 5 replies
      • blantonl 3 days ago

        Pagers just simply have an address (called a Cap Code) to receive messages. It's like a mailbox number. A pager can be programmed with usually up to 4 Cap Codes at a time.

        If I was speculating on what happened, I would bet that the pager had 3 Cap Code addresses programmed, the mailbox cap code the owner of the pager expected to have for receiving messages, a cap code that was the same programmed in all the pagers to that functioned normally to received messages, and then the 3rd cap code programmed in all the pagers that when receiving a specific message triggered the explosive.

        The folks responsible simply sent a message to the 2nd cap code to get all the pagers to go off, presumably to get the targets to get the pagers out and look at them, and then immediately the trigger message next to the 3rd cap code to detonate the explosive.

        Reply View 0 replies
      • rocqua 3 days ago

        I'd imagine a backup timer, with the ability to trigger early if required for strategic or tactical purposes.

        I almost surprised this wasn't coordinated with (or saved for) an incursion into Libanon. That seems to be something Israel wants to do, and this would be a great way to disrupt the defense at the most critical moment.

        Reply View 3 replies
    • koolba 3 days ago

      I’m saying even that could be time based to ensure it does not depend on the signal being received. Just pretend you got a message and add a delay of a couple seconds.

      Reply View 1 reply
      • ars 3 days ago

        It could be, but it would be very risky. These pagers would have been distributed months in advance. How could you possibly know the perfect time to set them off?

        And since pagers are already receiving remote messages, it doesn't make sense to do it any other way.

        Reply View 0 replies
RcouF1uZ4gsC 3 days ago

>You've just injured and identified most of your enemies, incapacitated them, completely broken their communication network and effectively given you weeks of disarray to do whatever you want to further disrupt them.

And affected their recruitment. Because of how pagers are worn, a significant number of injuries are going to be genital injuries.

Given, that your primary recruits are young men, that is important.

In that demographic, the young men may actually fear non-lethal genital injuries more than they actually fear death.

Reply View 0 replies
tootie 3 days ago

> minimal casualties

We'll see about that. Some of the footage indicates the targets were all just out and about in public. I think it's likely there will be collateral damage. I assume it didn't happen since it's not being reported, but what if one of them was on a plane?

Reply View 1 reply
  • anvuong 2 days ago

    I doubt you can receive any signal on the plane. In the airport maybe.

    Reply View 0 replies
superxpro12 3 days ago

FWIW, AP is reporting over 2800 injured, 200 seriously, with only 8 dead.

Reply View 1 reply
  • aksss 3 days ago

    Seeing some video from one of the hospitals, there's a lot of variety to the injuries. It looks like some people were looking at the pager when it exploded (injury to face and hand), some were wearing it on hip, some in pocket, some probably in an across-the-chest fanny pack.

    It would seem this attack has managed to kill some, maim many, tag all, terrorize, and disrupt.

    Reply View 0 replies
bigtoe416 3 days ago

The shell company isn't a strict requirement, and I'd wager less likely. Infiltrating the delivery process would be easier and would instead require knowing about the pager purchase and being able to swap the actual package for an alternative package. Theoretically all of this is possible with some data interception to discover the pager order, a team to construct the exploding pagers, a person to deliver the exploding pagers, and a person to intercept the actual pagers (which could be the same person delivering the exploding pagers).

Reply View 0 replies
jnmandal 3 days ago

> Hack the backend server, send a coordinated page to all the pagers at the same time.

I worked on these before and I don't think you'd need to hack anything at all to send a page. Its just a broadcast. Especially if you had access to the receiver as they seem to have had, I can't imagine they compromised the actual Hezbollah transmission tower.

Reply View 2 replies
  • CydeWeys 3 days ago

    Yeah I mean it's basically just like mass-sending a spam text, no? All they need to know is the phone numbers of the pagers. Or even just the number range from which the pager numbers were assigned, and then spam the entire range. Spammers have simple enough software that can do all this; it doesn't seem like a sticking point for Mossad.

    Reply View 1 reply
    • Crosseye_Jack 2 days ago

      It Depends... Sure you could spam the pager system triggering them one by one, but because how pagers work you could trigger them all at the same time.

      Pagers are basically just a receiver of a One-to-Many network. A pager will receive all pages being broadcast as they are "listen only" devices. As the pagers don't talk back to the service provider the SP doesn't know which transmitter to use, so the SP will broadcast the pages out across their whole network. The circuity/software of the pager will then filter out only the messages intended for that pager out of all the pages it receives. To reach pagers out of range/switched off the SP would just repeat the page for a period of time.

      (note: for message privacy you can add encryption to the message but back in the day that didn't happen, and you could just pull clear text out of the air.)

      This "receiver only" style of device allowed pagers to be low power and would run for a very long time on a single AAA battery (or even on a watch battery, because they built a pager into a watch! The Timex Beepwear... Oh I so wanted one as a kid!). But it has the benefit that because they are one-way/"listen only" you can't track them because they are not communicating back to the mothership! It would be like trying to track an AM/FM radio in a car.

      If you are adding an "add-on board" to the device, you could tap the receiver of the pager and do your own decoding of the pages. So you could have the add-on board trigger on a "certain message for this pager only" but you could also trigger on "a certain message sent to pager serial 1234567890".

      If you knew the phone number assigned to the pager with the serial 1234567890 (because you just so happened to have paid for service for that pager by what ever clandestine means you wanted) you could trigger them all with a single phone call from a public phone or a disposable cell phone to a pager not even associated to the target group of devices.

      EDIT: Just a note to say 2 way pagers do exist, this type of pager allows the pager to confirm receipt of a page and even send their own pages to other pagers, but I would suspect that the type of pager being used in this case is the one-way type pager because its reported they were using them because they are harder to track.

      Reply View 0 replies
nashashmi 3 days ago

I dont think you have to hand it to them. I just think that they have to know who the people are. And a code has to be uploaded to the pagers that cause the explosion.

There have been several presentations on this before. It was for old cell phones.

Reply View 0 replies
aqme28 3 days ago

> minimal casualties outside of your enemy.

"Thousands injured." I'm not convinced it was as super-targeted as you claim.

Reply View 3 replies
  • pdabbadabba 3 days ago

    FWIW, Hezbollah has thousands of members.

    From Wikipedia [1]:

    > Hezbollah does not reveal its armed strength. The Dubai-based Gulf Research Centre estimated in 2006 that Hezbollah's armed wing comprises 1,000 full-time Hezbollah members, along with a further 6,000–10,000 volunteers.[200] According to the Iranian Fars News Agency, Hezbollah has up to 65,000 fighters.[201] In October 2023, Al Jazeera cited Hezbollah expert Nicholas Blanford as estimating that Hezbollah has at least 60,000 fighters, including full-time and reservists, and that it had increased its stockpile of missiles from 14,000 in 2006 to about 150,000.

    And this is just the armed portion.

    [1] https://en.wikipedia.org/wiki/Hezbollah

    Reply View 1 reply
    • cryptonector 2 days ago

      Israel probably knows from the number of pagers ordered (and probably from spying on their pages' contents, since if you're going to mount this sophisticated a supply-chain attack to plant bombs in a device, you might as well also plant spyware) just how many active members Hezbollah has [or had, since many of them are now inactive members].

      Reply View 0 replies
  • CydeWeys 3 days ago

    You underestimate how many members Hezbollah has, and also, how unreliable these kinds of initial reports tend to be.

    Reply View 0 replies
whoitwas 2 days ago

Minimal what? They just indiscriminately bombed anyone near anyone with this branded pager. It's really disgusting to see you marveling at mass civilian destruction or terrorism.

Reply View 0 replies
[removed] 3 days ago
[deleted]
Reply View 0 replies
worik 3 days ago

[flagged]

Reply View 5 replies
  • csmpltn 3 days ago

    Call it whatever you like, I don't care - but what do you do when the other side is out to wipe your country completely and has zero regard for any conventions of war?

    Hezbollah has willingly waged a war on Israel 12 months ago. The Lebanese government is complicit in not managing to hold Hezbollah back, and so do the UN peacekeeping forces which have been unable to implement resolution 1701. There have been countless of attempts at diplomacy with Hezbollah and Lebanon during this time, but nothing worked. So what would you do in this case?

    Reply View 3 replies
    • marcusverus 3 days ago

      If my best idea was setting off thousands of explosions in public places, I think maybe I'd keep brainstorming.

      Reply View 1 reply
      • csmpltn 2 days ago

        Well, I'm asking again, what is your best idea then?

        Face it - you'd just sit there and get slaughtered, right? Contemplating your morals and war conventions until every last citizen of your country has been butchered? Waiting for some imaginary court and international peacekeeping forces to come and help you, only to die waiting?

        Those were thousands of targeted explosions, by the way. There are videos of bystanders, standing in close proximity to the explosions themselves and not getting hurt. Why are you being so flippant?

        Reply View 0 replies
    • worik 3 days ago

      > but what do you do when the other side is out to wipe your country completely and has zero regard for any conventions of war?

      Genocide, clearly. Should not. But that is what is happening.

      "You ignore rules so I will too" is the logic of the playground, not civilised people.

      Reply View 0 replies
  • jnmandal 3 days ago

    Less targeted than even a car bomb would be. I can't think of a precedent really.

    Reply View 0 replies