Israeli spies have a decades-long history of using telephones — and their technological successors — to track, surveil and even assassinate their enemies.
As far back as 1972, as part of their revenge on the Palestine Liberation Organization for the killing of 11 Israeli athletes at the Munich Olympics, Mossad operatives swapped out the marble base of the phone used by Mahmoud Hamshari, the PLO’s representative in Paris, in his French apartment.
On December 8, when he answered the phone, a nearby Israeli team remotely detonated the explosives packed inside the replica base. Hamshari lost a leg and later died.
In 1996, Israel’s internal security agency, Shin Bet, managed to trick Yahya Ayyash, a skilled Hamas bombmaker responsible for the killing of dozens of Israelis, into accepting a call from his father on a Motorola Alpha cell phone brought into Gaza by a Palestinian collaborator.
Hidden inside the phone was about 50g of explosives — enough to kill anybody holding the phone to their ear. Both instances are now part of Israeli spy legend.
Among former intelligence officials, the cases are considered textbook successes, in which the phones served several crucial purposes: monitoring and surveilling the target ahead of the assassination; identifying and confirming the identity of the target during the assassination; and finally making it possible to use small explosive charges that killed only Ayyash and Hamshari in each case.
As hundreds of pagers suddenly exploded across Lebanon on Tuesday afternoon, the suspicion has immediately turned to Israel, the only regional power with a spy network capable of carrying out such an audacious, sophisticated and co-ordinated attack.
Hizbollah, the militant group many of whose devices were blown up in the attack, said that “we hold the Israeli enemy fully responsible”.
Israel’s military declined to comment on the attack, though Prime Minister Benjamin Netanyahu was on Tuesday evening consulting with his top security chiefs after the blasts, which killed at least 12 people including a child, and injured thousands.
The Lebanese militant group had turned to the pagers to avoid Israeli surveillance after a public plea by Hizbollah’s leader, Hassan Nasrallah, for its operatives to ditch their smartphones as Israel stepped up attacks against its commanders during almost a year of intensifying clashes.
With no GPS capabilities, no microphones or cameras, and very limited text broadcasting, pagers — at least in theory — have smaller “attack surfaces” than smartphones, making them tougher to hack.
Hizbollah appears to have preferred them for the same simplicity: they collect very little data to be siphoned off by Israel’s military intelligence.
But they seem not to have counted on the possibility that the tiny devices, usually powered by single AA or AAA batteries — and in the newest models, lithium — could be forced to explode.
Many of the explosions were captured on CCTV cameras as the targets went through the rhythms of daily life in supermarkets or strolling through southern Beirut.
They appear to have taken place within half an hour of each other, and were preceded either by a message or the beeping of an alert that prompted many to take the old-school communications devices out to look at their LCD screens, according to local media reports and videos posted on social media.
Two Israeli former officials, both with backgrounds in hacking the communications and other operations of the country’s enemies, told the FT that pagers do not usually have batteries large enough to be forced to explode with enough intensity to cause the injuries seen on the videos posted from Beirut hospitals.
Many of the injured in the videos are missing fingers and have facial injuries, while others are bleeding profusely from their upper thighs — near where trouser pockets would normally be — and in some cases from their abdomens.
Both ex-officials said there was not enough publicly available evidence to confirm how exactly the detonations were executed and co-ordinated.
They said two obvious possibilities existed: a cyber attack in which a malware forced the pager’s lithium battery to overheat and then explode, or an intervention known as a “supply chain attack”, in which a shipment of pagers bound for Lebanon may have been intercepted and a tiny amount of explosive surreptitiously inserted.
Given the small size of the explosions, both ex-officials said the cyber attack was possible, if technically complex.
“It’s not easy, but you can do it to a single device remotely, and even then you can’t be sure if it will catch fire or actually explode,” said one of the ex-officials. “To do it to hundreds of devices at the same time? That would be incredible sophistication.”
As Hizbollah made its switch away from smartphones, sourcing a technology that became largely obsolete in the early 2000s would have required the import of large batches of pagers into Lebanon.
But making them work effectively on existing mobile phone networks would be relatively easy, said one of the Israeli ex-officials.
Even today, a small market exists for pagers in industries where employees need to receive short text messages, from hospitals to restaurants and mail sorting warehouses.
While the text messages themselves could very easily be intercepted by Israeli intelligence, their true intent could be disguised by using codes or pre-arranged signals, making their appeal to Hizbollah obvious, said one of the ex-officials.
Since Hizbollah operatives were the most likely group to be using the pagers in Lebanon, an attacker could be relatively sure that they were mainly engaging with militant targets, the ex-official said.
“Even for Hizbollah, this should be a very easy investigation — were all the devices in question from the same manufacturer, maybe arriving in the same or similar shipments?” said one of the former officials.
“Or were they all kinds of different devices, from all kinds of shipments and given to a varied group of [operatives] — junior, senior, political?”
If they were all from a single batch, or a single supplier, it raises the possibility that the shipments were intercepted and small amounts of modern explosives inserted.
One possibility, the second official said, is that the explosive was hidden within the batteries themselves, a trick that Israeli and western intelligence agencies have long worried that terrorists would try on a commercial airliner.
That is why many airport security checks ask passengers to turn on their laptops to show their functioning screens and batteries, and ensure that the battery compartment has not been swapped out for explosives.
The second ex-official, who has worked on previous Israeli cyber-sabotage operations, said it was relatively simple to create a functioning lithium battery that nestles a small explosive charge within it.
But he said there were risks linked to doing this at scale: “The enemy is not simple, and of course they will carefully check any device before it is allowed anywhere near a senior member.”