Israel

14-dead-as-hezbollah-walkie-talkies-explode-in-second,-deadlier-attack

14 dead as Hezbollah walkie-talkies explode in second, deadlier attack

bombs, hezbollah, Israel, Security, walkie-talkies / /

Day 2 —

People aren’t sure what devices will detonate next.

14 dead as Hezbollah walkie-talkies explode in second, deadlier attack

Aurich Lawson | Getty Images

Wireless communication devices have exploded again today across Lebanon in a second attack even deadlier than yesterday’s explosion of thousands of Hezbollah pagers. According to Lebanon’s Ministry of Health, the new attack has killed at least 14 more people and injured more than 450.

Today’s attack targeted two-way radios (“walkie-talkies”) issued to Hezbollah members. The radios exploded in the middle of the day, with at least one going off during a funeral for people killed in yesterday’s pager attacks. A New York Times report on that funeral described the moment:

When the blast went off, a brief, eerie stillness descended on the crowd. Mourners looked at one another in disbelief. The religious chants being broadcast over a loudspeaker abruptly stopped.

Then panic set in. People started scrambling in the streets, hiding in the lobbies of nearby buildings, and shouting at one another, “Turn off your phone! Take out the battery!” Soon a voice on the loudspeaker at the funeral urged everyone to do the same…

One woman, Um Ibrahim, stopped a reporter in the middle of the confusion and begged to use the reporter’s cellphone to call her children. The woman dialed a number with her hands shaking, then screamed into the phone, “Turn off your phones now!”

The story appears to capture the current mood in Lebanon, where no one seems quite sure what will explode next. While today’s attack against walkie-talkies is well-attested, various unconfirmed reports suggest that people fear an explosion from just about anything with a battery.

At the time of publication, The Associated Press was currently leading its coverage of the attack with the line, “Walkie-talkies and solar equipment exploded in Beirut and multiple parts of Lebanon on Wednesday.” It later added that “a girl was hurt in the south when a solar energy system blew up, the state news agency reported.” Whether this actually happened, or if it was in any way connected with the attacks, remains unclear.

The Jerusalem Post rounded up a slew of rumors making the rounds in the region, some far less plausible than others:

Unofficial reports claimed that iPhones, video cameras, IC-V82 radios, and other devices also detonated.

According to unconfirmed reports, Hezbollah has told its operatives to distance itself from communication devices.

Unofficial reports also claimed that Hezbollah told its members to dispose of devices containing a lithium battery or that are connected to the internet.

Additional unconfirmed reports claimed that lithium batteries for solar energy storage had detonated and that some houses were on fire.

Yesterday, multiple news outlets reported that the pager attacks had been caused by explosives built into the devices, likely as part of an Israeli supply chain attack.

Today, similar reporting suggests the same kind of attack was used against the two-way radios. Axios cited two of its own sources who confirmed that the “walkie-talkies were booby-trapped in advance by Israeli intelligence services and then delivered to Hezbollah as part of the militia’s emergency communications system,” adding that “the decision to conduct the second attack was also driven by the assessment that Hezbollah’s investigation into the pager explosions would likely expose the security breach in the walkie-talkies.”

14 dead as Hezbollah walkie-talkies explode in second, deadlier attack Read More »

8-dead,-2,700-injured-after-simultaneous-pager-explosions-in-lebanon

8 dead, 2,700 injured after simultaneous pager explosions in Lebanon

hezbollah, Israel, lithium-ion batteries, pagers, Security / /

Pagers —

Lithium-ion batteries or supply chain attack may be to blame.

Ambulance in Lebanon

Enlarge / An ambulance arrives at the site after wireless communication devices known as pagers exploded in Sidon, Lebanon, on September 17, 2024.

A massive wave of pager explosions across Lebanon and Syria around 3: 30 pm local time today has killed at least eight people and injured more than 2,700, according to local officials. Many of the injured appear to be Hezbollah members, although a young girl is said to be among the dead.

New York Times reporters captured the chaos of the striking scene in two anecdotes:

Ahmad Ayoud, a butcher from the Basta neighborhood in Beirut, said he was in his shop when he heard explosions. Then he saw a man in his 20s fall off a motorbike. He appeared to be bleeding. “We all thought he got wounded from random shooting,” Ayoud said. “Then a few minutes later we started hearing of other cases. All were carrying pagers.”

Residents of Beirut’s southern suburbs, where many of the explosions took place, reported seeing smoke coming from people’s pockets followed by a blast like a firework. Mohammed Awada, 52, was driving alongside one of the victims. “My son went crazy and started to scream when he saw the man’s hand flying away from him,” he said.

Video from the region already shows a device exploding in a supermarket checkout line, and pictures show numerous young men lying on the ground with large, bloody wounds on their upper legs and thighs.

The shocking—and novel—attack appears to have relied on a wave of recently imported Hezbollah pagers, according to reporting in The Wall Street Journal. (The group has already warned its members to avoid using cell phones due to both tracking and assassination concerns.)

According to the WSJ, a Hezbollah official speculated that “malware may have caused the devices to explode. The official said some people felt the pagers heat up and disposed of them before they burst.”

The pagers in question allegedly have lithium-ion batteries, which sometimes explode after generating significant heat. The coordinated nature of the attack suggests that some kind of firmware hack or supply chain attack may have given an adversary the ability to trigger a pager explosion at the time of its choosing.

Hezbollah officials are already privately blaming Israel, which has not taken responsibility, but it has been able to perform surprising electronic strikes on its enemies, including the Stuxnet malware that damaged Iran’s nuclear program.

The Associated Press noted that even Iran’s ambassador to Lebanon was injured in the widespread attack.

Update, 12: 55pm ET: The Times adds a small detail: “The devices were programmed to beep for several seconds before exploding, according to the officials, who spoke on the condition of anonymity because of the sensitivity of the matter.”

Several of the explosions were captured on video, and in them, the devices appear to “explode” more in the manner of a small grenade (a bang and a puff of smoke) than a lithium ion battery (which may explode but is often followed by continuing smoke and fire), despite some of the early speculation by Hezbollah officials. This is a breaking story, and the cause of the explosions still remains unclear.

Update, 1: 05pm ET: The WSJ quotes regional security analyst Michael Horowitz as suggesting the attack was likely caused by either 1) malware triggering the batteries to overheat/explode or 2) an actual explosive charge inserted in the devices at some point in the supply chain and then detonated remotely.

“Either way, this is a very sophisticated attack,” Horowitz told the WSJ. “Particularly if this is a physical breach, as this would mean Israel has access to the producer of those devices. This may be part of the message being sent here.”

Update, 1: 20pm ET: Reuters notes that Israel has claimed to foil a Hezbollah assassination plot that would have used remotely detonated explosives.

Earlier on Tuesday, Israel’s domestic security agency said it had foiled a plot by Lebanese militant group Hezbollah to assassinate a former senior defence official in the coming days.

The Shin Bet agency, which did not name the official, said in a statement it had seized an explosive device attached to a remote detonation system, using a mobile phone and a camera that Hezbollah had planned to operate from Lebanon.

Update, 2: 00pm ET: In today’s US State Department briefing, which you can watch here, spokesperson Matthew Miller was asked about the pager attacks. “The US was not involved in it,” he said. “The US was not aware of this incident in advance.” He said the US government is currently gathering more information on what happened.

Update, 3: 30pm ET: A former British Army expert speculates about the cause of the explosions, telling the BBC that “the devices would have likely been packed with between 10 to 20 grams each of military-grade high explosive, hidden inside a fake electronic component. This, said the expert, would have been armed by a signal, something called an alphanumeric text message. Once armed, the next person to use the device would have triggered the explosive.”

8 dead, 2,700 injured after simultaneous pager explosions in Lebanon Read More »

whatsapp-finally-forces-pegasus-spyware-maker-to-share-its-secret-code

WhatsApp finally forces Pegasus spyware maker to share its secret code

Israel, malware, Meta, nso group, pegasus, pegasus spyware, Policy, spyware, whatsapp / /

In on the secret —

Israeli spyware maker loses fight to only share information on installation.

WhatsApp finally forces Pegasus spyware maker to share its secret code

WhatsApp will soon be granted access to explore the “full functionality” of the NSO Group’s Pegasus spyware—sophisticated malware the Israeli Ministry of Defense has long guarded as a “highly sought” state secret, The Guardian reported.

Since 2019, WhatsApp has pushed for access to the NSO’s spyware code after alleging that Pegasus was used to spy on 1,400 WhatsApp users over a two-week period, gaining unauthorized access to their sensitive data, including encrypted messages. WhatsApp suing the NSO, Ars noted at the time, was “an unprecedented legal action” that took “aim at the unregulated industry that sells sophisticated malware services to governments around the world.”

Initially, the NSO sought to block all discovery in the lawsuit “due to various US and Israeli restrictions,” but that blanket request was denied. Then, last week, the NSO lost another fight to keep WhatsApp away from its secret code.

As the court considered each side’s motions to compel discovery, a US district judge, Phyllis Hamilton, rejected the NSO’s argument that it should only be required to hand over information about Pegasus’ installation layer.

Hamilton sided with WhatsApp, granting the Meta-owned app’s request for “information concerning the full functionality of the relevant spyware,” writing that “information showing the functionality of only the installation layer of the relevant spyware would not allow plaintiffs to understand how the relevant spyware performs the functions of accessing and extracting data.”

WhatsApp has alleged that Pegasus can “intercept communications sent to and from a device, including communications over iMessage, Skype, Telegram, WeChat, Facebook Messenger, WhatsApp, and others” and that it could also be “customized for different purposes, including to intercept communications, capture screenshots, and exfiltrate browser history.”

To prove this, WhatsApp needs access to “all relevant spyware”—specifically “any NSO spyware targeting or directed at WhatsApp servers, or using WhatsApp in any way to access Target Devices”—for “a period of one year before the alleged attack to one year after the alleged attack,” Hamilton concluded.

The NSO has so far not commented on the order, but WhatsApp was pleased with this outcome.

“The recent court ruling is an important milestone in our long running goal of protecting WhatsApp users against unlawful attacks,” WhatsApp’s spokesperson told The Guardian. “Spyware companies and other malicious actors need to understand they can be caught and will not be able to ignore the law.”

But Hamilton did not grant all of WhatsApp’s requests for discovery, sparing the NSO from sharing specific information regarding its server architecture because WhatsApp “would be able to glean the same information from the full functionality of the alleged spyware.”

Perhaps more significantly, the NSO also won’t be compelled to identify its clients. While the NSO does not publicly name the governments that purchase its spyware, reports indicate that Poland, Saudi Arabia, Rwanda, India, Hungary, and the United Arab Emirates have used it to target dissidents, The Guardian reported. In 2021, the US blacklisted the NSO for allegedly spreading “digital tools used for repression.”

In the same order, Hamilton also denied the NSO’s request to compel WhatsApp to share its post-complaint communications with the Citizen Lab, which served as a third-party witness in the case to support WhatsApp’s argument that “Pegasus is misused by NSO’s customers against ‘civil society.’”

It appeared that the NSO sought WhatsApp’s post-complaint communications with Citizen Lab as a way to potentially pressure WhatsApp into dropping Citizen Lab’s statement from the record. Hamilton quoted a court filing from the NSO that curiously noted: “If plaintiffs would agree to withdraw from their case Citizen Lab’s contention that Pegasus was used against members of ‘civil society’ rather than to investigate terrorism and serious crime, there would be much less need for this discovery.”

Ultimately, Hamilton denied the NSO’s request because “the court fails to see the relevance of the requested discovery.”

As discovery in the case proceeds, the court expects to receive expert disclosures from each side on August 30 before the trial, which is expected to start on March 3, 2025.

WhatsApp finally forces Pegasus spyware maker to share its secret code Read More »