Lessons to be learnt by security operators worldwide!
This happened in Lebanon for an hour yesterday evening!
Hundreds of casualties and some fatalities have been reported due to exploding pagers believed to be carried by Hezbollah operatives.
Unlike mobile phones, pagers work on radio waves, the operator sending a message by radio frequency – rather than the internet – unique to the recipient’s device.
It is thought that the basic technology used in pagers as well as their reliance upon physical hardware means they are harder to monitor, making them popular with groups such as Hezbollah where both mobility and security are paramount.
Reports suggest that first, Israeli agencies infiltrated Hezbollah’s network and gained insight into their communication and supply chain infrastructure. Then, they carefully selected each individual target using intelligence reports and marked their pager devices. As the final part of the operation, Israel performed one of the most lethal cyber attacks in recent times.
They hacked these pagers, remotely causing their batteries to explode. This triggering occurred simultaneously, resulting in hundreds of blasts across Lebanon and causing hundreds of casualties within seconds
Another analyst believes that the perpetrators probably waylaid the battery consignment and inserted small explosives in the batteries of the pagers for use by Hezbollah.
Meanwhile, Taiwan’s Gold Apollo has denied responsibility for the pagers used in the deadly explosions in Lebanon, with founder Hsu Ching-Kuang stating they were manufactured by a European company using their brand.
This means the plot was carefully planned months ago, so that the devices could be clandestinely manufactured and infiltered into the supply chain or the batteries laced with explosives that were slipped surreptitiously into the supply chain to reach thousands of consumers by the perpetrators. Then only those monitored pager were made to explode, and that too almost simultaneously, which were with Hezbollah operatives, speaks of a high level ultraslick operation!
This signifies the importance of managing the entire supply chain security, including the operations of third party operators.
This also brings our attention to a much more grave risk – What if it were mobile phones that were exploding? They have bigger lithium-ion batteries than pagers, and they are held to the ear when one talks. The results would be highly fatal! Could this be the next big risk?
While the debate and analysis continue over the cause, an attack like this is a pertinent reminder for every organisation to ask (or re-ask) key questions about the vendors that make up their supply chain, both physical and virtual. And while there’s no doubt this attack had physical ramifications in the real world, it should lead to internal conversations around what matters most to many organisations: software supply chain security.
As more reports on investigations flow in, I am sure there will be lessons to learn for security agencies and operatives all over the world. This incident could well become a watershed moment to redefine the security doctrines globally, just like 9/11.