Deadly device explosions in Lebanon could mean supply chain has been breached

Security experts say the detonation of hundreds of electronic devices used by Hezbollah members may be the result of a years-long intelligence operation that likely involved infiltrating the manufacturing supply chain and accessing pagers.

“Tactically and operationally… and also in terms of the level of sophistication, craftsmanship and professionalism – it’s unbelievable,” said Assaf Orion, a retired Israeli brigadier general and defense strategist.

On Tuesday, at least 12 people, including two children, were killed and about 2,800 wounded when hundreds of pagers used by Hezbollah members began detonating wherever they were — in homes, cars, grocery stores and cafes. The next day, in a second wave of attacks, at least 20 people were killed and 450 wounded when walkie-talkies and solar equipment used by Hezbollah exploded in Beirut and many parts of Lebanon.

Although Israel has neither confirmed nor denied its involvement in the attacks, it is widely believed that the country’s intelligence officials were behind them.

SEE | How Could Hezbollah Explode Using Devices?

How did the attackers manage to defeat Hezbollah security systems and transform the devices into bombs?

After a second wave of deadly explosions in Lebanon, experts are now analyzing how attackers managed to infiltrate Hezbollah’s security system and equip thousands of pagers and other devices with explosives.

Explosives hidden in pagers

During the first wave of bombings, it was discovered that small amounts of explosives had been hidden in thousands of pagers used by Hezbollah, which were then detonated remotely, leading security experts to speculate that intelligence officials had been able to breach the supply chain and gain access to the pagers.

In the world of electronics and computers, there are many players involved in the supply chain, according to Oleg Brodt, head of R&D and innovation at the Center for Cybersecurity Research at Ben-Gurion University in Israel. They include hardware manufacturers, software manufacturers and various parts coming from different places.

“The battery comes from one factory, the chipset from another, and the remaining chips and modems from other factories,” Brodt said.

He added that ultimately everything will be assembled at the target factory, which may also produce some of the device’s components.

“We can look at every step in the chain and think about who might be affected.”

Ambulance — An ambulance drives through the streets of Beirut on Wednesday after multiple explosions were heard during the funeral of four Hezbollah fighters who were killed earlier this week when their pagers exploded. (Bilal Hussein/Associated Press)

However, experts say it is difficult to pinpoint exactly where the supply chain breach occurred because there are multiple potential entry points.

“It depends on the actor’s skills,” Brodt said, noting that if he managed to gain access to a battery factory, for example, he could theoretically swap the batteries for ones that contain explosives.

“It really depends on the channels that these actors already have into certain parts of the supply chain.”

But at some point in the chain, he said, intelligence officials would have to break that rule in a way that allowed them to place an explosive and some software inside the device that would act as a trigger.

WATCH | Lebanon shaken by second wave of device explosions:

20 killed, hundreds injured in Lebanon in new wave of explosive devices

Lebanese authorities said at least 20 people were killed and 450 injured in further explosions of walkie-talkies and other electronic devices on Wednesday, including at funerals for three Hezbollah members and a child who was killed in pager explosions on Tuesday.

Software can be pre-programmed

The software could be something pre-programmed before it goes to the user, said Josep Jornet, a professor of electrical and computer engineering at Northeastern University and deputy director of the Wireless Internet of Things Institute.

He added that it could also have been “software that was not programmed for a specific time but to respond to a specific message” sent by those who breached the supply chain and planted the explosives.

Jornet cited media reports that all received the same seemingly random message at about the same time, possibly containing some sort of code or code word to trigger the explosion.

Elijah J. Magnier, a Brussels-based military and political risk analyst, told The Associated Press that he believes the explosions were likely triggered by an error message sent to all devices that caused them to vibrate, forcing the user to click buttons to stop the vibration.

Magnier noted that he has spoken to Hezbollah members and survivors of the attack who suspect the explosives used may have been RDX or PETN, highly explosive substances that can cause significant damage, even at three to five grams.

The operation could have lasted for years

Emily Harding, director of the Intelligence, National Security and Technology Program at the Washington-based Center for Strategic and International Studies, said a key piece of the intelligence is that Hezbollah intends to upgrade all of its communications and plans to switch to pagers.

“And once you understand that, as an intelligence officer, you have the opportunity,” she said.

LISTEN | Military tech journalist on the ‘sophistication’ of exploding devices:

As it happens7:20Hezbollah device explosions ‘extremely sophisticated’ attack, war tech journalist says

Israel has not commented on a wave of attacks this week in Lebanon in which electronic devices belonging to Hezbollah members suddenly exploded, killing dozens and wounding thousands, including children and civilians. David Hambling, a British journalist who covers military technology, says the sophisticated attacks could only have been carried out by a national government that had the time, money and expertise to infiltrate the paramilitary group’s supply chain. He spoke to As It Happens host Nil Köksal.

The next step is to determine where Hezbollah wanted to acquire such devices and whether there was a possibility “of reaching them and pointing them to a specific company or a specific pager that would be easier to manipulate,” she added.

Harding added that the operation could also have involved creating a front company from scratch to be involved in the supply chain process, meaning the whole operation could have taken a significant period of time.

“An organization like Hezbollah, you would think they would do a lot of due diligence on this company, so they have to look real,” she said, adding that the operation was “sophisticated and really traumatic.”

“This is something that takes years to put together.”