The deadly attack that blew up thousands of Hezbollah operatives’ pagers highlights an inconvenient truth: It is virtually impossible to secure the modern electronics supply chain against a determined and sophisticated adversary.
Experts call Tuesday’s Israeli attack unprecedented in the history of espionage, both in its scale and in the number of deaths and injuries. The risk that other governments will follow suit and tamper with consumer electronics in this way is low, they say. Still. The attack in Lebanon is a reality of a worst-case scenario that has troubled countries for years, including the United States, as electronic devices have become more complex and global supply chains more convoluted.
The case could add momentum to political efforts by the United States and other countries to move production of sensitive technologies to their own countries or to trusted allies. “This event highlights the kind of risk we face, with hardware and software being operated in countries that are considered to be of concern,” said Mark Montgomery, former policy director for the Senate Armed Services Committee.
PHOTO BILAL HUSSEIN, ASSOCIATED PRESS ARCHIVES
On Wednesday, a second wave of deadly explosions, this time targeting walkie-talkies, hit Lebanon, particularly in the suburbs of Beirut.
New deadly explosions rocked Lebanon on Wednesday. This time, a state news agency reported, brand new walkie-talkies were the cause.
Global Markets
Israel has neither claimed nor denied responsibility for the attack, but it provided Washington with precise details after the operation through intelligence services, according to U.S. officials who spoke on condition of anonymity.
The exact origin of Hezbollah’s deadly pagers remained a mystery Wednesday. The devices were branded by Taiwanese manufacturer Gold Apollo Co, but the company told reporters they had been “entirely handled” by a Hungarian firm, BAC Consulting KFT.
On social media, the Hungarian government reported that BAC had no production facilities in the country. Washington Post was unable to contact BAC for comment.
Much of the global electronics supply chain passes through Taiwan, a self-governing island off the coast of China, or other East Asian countries.
However, manufacturing a typical modern gadget involves dozens of countries, with a dizzying number of component suppliers, contractors and subcontractors.
“When you have these global markets, it’s sometimes very difficult to know exactly where something is coming from,” notes Daniel Castro, now vice president of the technology policy think tank Information Technology and Innovation Foundation, who previously audited federal agencies’ computer security.
After decades of globalization, Washington has begun to warn of the security risks of relying on foreign manufacturers, whether for batteries or loading cranes. Former President Donald Trump and current U.S. President Joe Biden have both pushed to move more high-tech manufacturing back to the United States, a rare point of political agreement.
Governments in Europe, China and other parts of the world have launched similar initiatives.
Technology and protection from another age
Hezbollah’s use of pagers, an outdated technology, reflects a growing understanding of how easy it is to hack or modify advanced electronic devices, including smartphones.
“They can’t use cell phones. They can’t use pagers. And now they can’t use radios. [bidirectionnelles] “It’s going to be very difficult for them to exercise effective command and control in the short term,” says Nigel Inkster, former director of operations and intelligence at MI6, the British intelligence agency.
It remains unclear how and where the pagers were manipulated, and the conduct of such operations may be among the governments’ most closely guarded secrets.
One of the most detailed cases known to the public emerged in 2014, thanks to documents leaked by former National Security Agency contractor Edward Snowden. The documents described a secret warehouse where NSA employees intercepted electronic devices shipped by U.S. networking vendor Cisco Systems without the company’s knowledge. Documents and photos revealed that workers carefully opened the boxes, implanted surveillance devices in the products, and shipped them to unsuspecting foreign customers.
Israeli agents may have used a similar process to intercept the pagers after they were shipped from the factory. It is also possible that the pagers were tampered with at the factory, a scenario that could require the involvement and secrecy of a larger number of people. Finally, infiltrating the supply chain required the cooperation of a manufacturer.
“Ten years later, shipping security has never improved,” Snowden wrote on X on Tuesday. The whistleblower also called the “pager bomb” operation a “crime” and a “horrible precedent,” saying that “everyone is less safe because of it.”
Death traps
Andrew Hammond, a historian with the International Spy Museum in Washington, said there is a long history of intelligence agents using everyday objects that conceal deadly secrets to kill targets, from poisoned umbrellas to exploding landline phones. But he added that attacking so many people at once with modified gadgets seems unprecedented.
I certainly can’t think of anything that has happened on this scale. It’s almost mind-boggling.
Andrew Hammond, historian associated with the International Spy Museum
Israel has used compromised electronic devices against its enemies before. In 1996, Yahya Ayyash, a Hamas bomb expert, was killed while answering a call from a booby-trapped cell phone, likely planted by Israeli agents through a relative of one of Ayyash’s friends. In 2000, an activist in Fatah, the Palestinian political party, was killed when the cell phone he was using exploded.
In the late 2000s, Israel, in collaboration with the United States, created a cyberweapon called Stuxnet, which infiltrated the computers running Iran’s uranium enrichment centrifuges. It slowly caused the machines to fail by making it appear as if it was operator error. The worm astounded cybersecurity experts with its sophistication, but it also inadvertently spread to other industrial control computers around the world.
Like Stuxnet, this week’s pager attack in Lebanon will prompt security agencies around the world to reassess the threats they face. Governments may begin to increase inspections of consumer goods shipments coming in and out of their ports, said Michael Watt, a supply chain expert at the corporate risk consulting firm Kroll.
“This is a wake-up call for national governments to look at the gaps in their own customs controls,” Watt said.
Friends and enemies
But the complex web of international trade that underpins the electronics industry relies on most items crossing borders without being subject to extensive scrutiny. “It would further clog supply chains if all goods had to be subject to additional inspection,” Watt added.
In recent years, U.S. officials have increasingly focused on securing American communications systems against intelligence operations or attacks from China. Those efforts have included subsidizing domestic production of cell tower technology and the chips that power communications systems, banning Chinese telecommunications equipment made by companies like Huawei, and restricting the use of Chinese-branded smartphones by government officials.
Taiwan, the world’s leading electronics manufacturer, is generally seen in Washington as a reliable friend and counterweight to China, but the United States has recently sought to reduce its dependence on the democratic island that neighboring China claims as its own territory.
The Biden administration has pushed for the world’s largest chipmaker, Taiwan’s TSMC, to move some of its operations to the United States to ensure the safety of American customers. During his election campaign, Donald Trump accused Taiwan of stealing the U.S. chip market.