As the whole world is now aware, Beirut was thrown into chaos yesterday by 5,000 exploding weaponized pagers, leaving 900 people dead and a further 300 in critical condition. Iran’s ambassador to Lebanon, Mojtaba Amani, sustained injuries to his face and hand.
Lebanon-based Islamist and paramilitary group Hezbollah claims that Israel was responsible. If so, then yesterday afternoon’s event in Beirut will have global repercussions for cyber warfare and targeted cyber-attacks. The idea of weaponizing communications devices is hardly new. Over a decade ago, for example, former US Vice President Dick Cheney disabled a function that allowed the pacemaker regulating his heart to be administered wirelessly. Because he believed terrorists might hack the device to deliver a fatal shock. Israel has also been previously accused of killing Hamas terrorists with booby-trapped cellphones.
But the pagers that exploded in Beirut yesterday, injuring over 2,750 people, represent a far different scale of attack than those aimed at a single targeted device. In the immediate aftermath of the pager explosions, it was believed that a hacker could have overloaded the lithium-ion batteries powering the pagers, causing them to explode. But it is now believed that, at some point during their manufacture, a small amount of actual explosives must have been covertly inserted into the pagers, which were made in Hungary. All the perpetrators would have needed to do was to add a tiny detonator and a small explosive charge to the pagers, which could then be triggered remotely with a coded message sent straight to the weaponized device.
According to news reports, much of southern Beirut was plunged into chaos yesterday by the thousands of explosions going off across the city and the resulting injuries. It is easy to picture how a more widespread weaponization of devices such as smartphones could plunge a city such as London or New York into panic. In the event of cyber warfare, this would likely be used as part of a coordinated cyber strike, simultaneously disabling critical infrastructure such as power and water supplies.
The US government identifies cyberspace as an operational domain in which the military must be able to defend and operate, in the same category as land, sea, air, and outer space. But defending cyberspace is not so simple. One of the chief attractions of remotely orchestrated cyber-attacks for potentially hostile countries such as China Russia, Iran and North Korea is plausible deniability of the attack.
Even when a Western authority is convinced they know who instigated the attack, nation-states such as Russia have become adept at hiding their identities behind a series of smokescreens. Along with using proxy servers to mask the physical origins of a cyber-attack, criminal groups can also be involved in the attack’s execution. This adds an extra layer of obfuscation, making it very difficult for Western powers to accurately point the finger of blame at hostile powers that may wish to remain anonymous.
