FacebookTwitterLinkedIn

Pagers Explode In Lebanon And Syria

In a highly sophisticated remote attack, pagers used by Hezbollah members in both Lebanon and Syria exploded. The detonations happened almost simultaneously, killing at least nine people, including an 8-year-old girl, and wounding thousands more.

Pagers Explode In Lebanon And Syria

Associated Press reports that Israel conducted the operation, and the US was briefed after the attack, which occurred on September 17, 2024. Small amounts of explosives were hidden in pagers used by Hezbollah to communicate with members.

The US official spoke to reporters on the condition of anonymity because they were not authorized to discuss the information publicly.

The Iran-backed militant group blamed Israel for the deadly explosions, which targeted an extraordinary breadth of people and showed signs of being a long-planned operation.

Details on how the attack was executed are largely uncertain at the time of writing. Investigators have not immediately said how the pagers were detonated. The Israeli military has declined to comment to any news agency at the time of writing.

Pagers were targeted, as Hezbollah leader Hassan Nasrallah previously warned the group's members not to carry cellphones and smartphones, saying Israel could use them to track the group's movements. As a result, the organization uses pagers to communicate.

Speaking to the Associated Press, a representative from Hezbollah said the exploded devices were from a new brand the group had not used before. This statement was issued under the condition of anonymity and would not say what the new brand was.

Reuters and the New York Times reported that the group had ordered 5,000 beepers from Gold Apollo. The founder of Gold Apollo, Hsu Ching-Kuang, said the pagers used in the explosion were made by a company in Europe that had the right to use the firm's brand. The company then, in a statement, named BAC as the firm, but Hsu declined to comment on its location.

The very next day, reports began emerging that further explosions were occurring in Lebanon. This time, it was hand-held radios used by the armed group Hezbollah that detonated on September 18, 2024.

Explosions occurred across Lebanon's south on the country's deadliest day since cross-border fighting erupted between the militants and Israel nearly a year ago, stoking tensions after similar explosions of the group's pagers the day before.

Lebanon's health ministry said 20 people were killed and more than 450 injured in relation to the detonating hand-held radios in Beirut's suburbs and the Bekaa Valley, while the death toll, including the pager explosions, rose to 12, including two children, with nearly 3,000 injured.

Images of the exploded walkie-talkies showed labels bearing the name of Japanese radio communications and telephone company ICOM and resembling the company's model IC-V82 device.

ICOM said on Thursday it was investigating news reports two-way radio devices bearing its logo exploded in Lebanon and would release updated information as it becomes available on its website.

The company, which says it manufactures all of its radios in Japan, could not confirm whether it had shipped the device, partly because that model had been discontinued ten years ago.

Well Planned and Executed Sabotage

There are thousands of questions that likely still need answering; one of the most common is how Israel managed to detonate the pagers almost simultaneously.

Several theories are currently making the rounds, but it is certainly possible that tiny explosive devices may have been built into the pagers prior to their delivery to Hezbollah and then all remotely triggered simultaneously, possibly with a radio signal.

This, in turn, could also have been done in regard to the hand-held radios, but how these were done to a discontinued model recently is still up for debate.

A former British Army bomb disposal officer, speaking to the Associated Press, explained that explosive devices consisted of five main components: a container, a battery, a triggering device, a detonator, and an explosive charge.

The former army officer then went on to say,

A pager has three of those already. You would only need to add the detonator and the charge. Looking at the video, the size of the detonation is similar to that caused by an electric detonator alone or one that incorporates an extremely small, high-explosive charge,

The next major question being asked is how long it would take for such an operation to be planned. Several experts have noted that the sophistication of the attack suggests that the culprit has been collecting intelligence for a long time.

An attack of this caliber requires building the relationships needed to gain physical access to the pagers and hand-held radios before they are sold. Further, developing the technology that would be embedded in the devices and developing sources who can confirm that the targets were carrying the compromised devices again takes time and skill.

Amongst the InfoSec community, the debate on whether this is strictly a supply-chain attack or includes a cyber element has begun. As with the Stuxnet scenario, the truth will take some time and hundreds of hours of investigation by security researchers.

It can be argued that the attack is both cyber and supply chain, as surely cyber warfare resources were used in intelligence gathering and knowing how to manipulate the hardware to detonate when triggered.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal