There are the dead and the wounded, of course. There is the signal sent. But in the explosion of Hezbollah’s pagers, there is above all the massive destruction of the terrorist organization’s communication system. Because with nearly 3,000 pagers and hundreds of walkie-talkies out of order, the entity now has only high-risk options to talk to its members. And this in a time of crisis, when it needs them more than ever.
The democratization of secure messaging services like Signal or Telegram might lead one to believe that organizations of this type are spoiled for choice when it comes to evading the authorities. This is true – unfortunately – in classic criminal cases. “But in cases related to terrorism, the legal framework is very different,” explains Gérôme Billois, cybersecurity expert at Wavestone and author of Cyberattacks: The inside story of a global threat (Hachette ed., 2022).
Above all, the American, Israeli and European secret services have much greater resources. Resources that allow them to get their hands on what are called “zero-day” vulnerabilities, in other words, breaches unknown to manufacturers and publishers that have therefore not yet been patched. Finding these new vulnerabilities is expensive, very expensive. “Hundreds of thousands of euros, a million for some,” says Gérôme Billois.
But thanks to them, intelligence agencies are able to remotely hack their target’s phones. “Spyware like Pegasus or Predator can be installed completely invisibly, often via links or booby-trapped files sent via message or email, and sometimes even without user intervention. For example, Pegasus can enter via a flaw in a messaging application without the user having to interact,” notes Jean-Philippe Commeignes, geopolitical expert at secure videoconferencing software specialist Tixeo. Once installed, the software takes complete control of the phone, accessing the microphone, camera, encrypted messages, and even makes it possible to recover files. “It also allows the GPS location of the device to be tracked,” the expert explains.
Once the “big ears” have infiltrated a phone, secure messaging services like Signal no longer protect their target: “The services see what is displayed on the user’s screen,” reports Gérôme Billois. Hezbollah leader Hassan Nasrallah understood this well. “The smartphone is a spying device! It hears everything you do, say, send and take pictures of. […] “Throw away your smartphones, bury them, put them in a metal box and move them away,” he recommended to his troops in a televised speech in February 2024.
Hezbollah to audit its supply chain
Pagers and walkie-talkies remain the safest means of communication for Hezbollah. But it will have to review all its security measures. “Since the switch to pagers reduced the risk of espionage, Hezbollah had probably operated less strict controls on this equipment,” confides the partner at Wavestone. It is true that while equipment has occasionally been booby-trapped in the past – such as this phone of a Hezbollah member a few years ago – never before have services set up an operation on the scale of the one on September 17 and 18, 2024.
The authorities also have well-honed techniques for trapping equipment without the target noticing. “You have to reposition the packaging tape very precisely, replace the blisters, not leave fingerprints on the screen, photograph the screws in order to put them back in the right position,” notes Gérôme Billois. The services certainly carried out these delicate manipulations in a controlled environment.
To avoid being trapped, Hezbollah will certainly operate “increased monitoring of the production chain to track storage and delivery conditions,” analyzes Nicolas Arpagian, vice-president of the firm Headmind Partners, specialized in digital risks. This is what major powers have always done with their sensitive equipment. For this expert, Hezbollah will probably also diversify its device models and avoid centralizing orders with a single supplier to limit the risks. “Some of the communications could be done via messenger systems with humans carrying coded instructions on written documents, in order to reduce the risks of digital interception. Or in coded radio messages, a modern version of Radio London,” indicates Nicolas Arpagian.
All Hezbollah equipment will, for sure, be audited much more strictly in the future. “We can assume that it will be difficult to reproduce this type of scenario against them in the future,” concludes Arnaud Pilon, head of incident response activities at French cybersecurity specialist Synacktiv. But these audits will take time. Time that the intelligence services of Israel and its allies will undoubtedly use to recover new details on Hezbollah’s chain of command.
.