A third but brief post on Israel’s exploding pager attack against Hezbollah. Several people have expressed incredulity that Israel would go to the trouble of setting up “their own factory” to manufacture the exploding pages against Hezbollah. I suspect people are envisioning something the size of a Foxconn iPhone line, but for smaller runs of less cutting-edge products, modern contract manufacturing can usually do things in much smaller footprints. Pagers are old 1980s tech, most probably use off-the-shelf commodity parts you can find anywhere, and I suspect Israel set up something much smaller.
You don’t need a line of assembly workers, you need a pick-and-place machine to attach the surface-mount components to your circuit board. Pick-and-place machines are also old technology that have gone through many iterations, but you can literally run a circuit board a assembly line in your garage. Here’s a guy that uses a very old pick-and-place machine to make amusement park controllers using equipment in his own shed.
Note that his boards are roughly the same size as a pager (probably slightly bigger). His is a low-tech approach that allows him to do all the steps himself and requires hand-soldering for some components. With a few more machines and a few more people, I suspect Israel could easily have run their exploding pager line out of a space of 1,000 square feet or less. Everything save the explosive batteries probably used commodity pager parts, and even the special command sequence to trigger the explosion was probably programmed into a commodity controller chip.
Israel also has a modern, sophisticated electronics sector, so it’s possible they contract with one of their existing military electronics contractors to do a run, but I’m not sure anyone had an assembly line suitable for turning out old-tech pagers, as you wouldn’t want to alert Hezbollah agents with a circuit board that looked too modern.
There were a lot of sophisticated aspects to Israel’s supply chain attack, especially how they used human intelligence to insinuate themselves into Hezbollah’s procurement system to be in a position to provide the pagers. And producing batteries that actually held explosives was not a trivial task. But setting up an assembly line for the pagers once they had done all the upfront espionage work to get in a position to provide them was probably among the least difficult aspects of the operation.
Tags: hacking, Hezbollah, Israel, Israel-Hamas War, Jihad, Lebanon, Military, Operation Grim Beeper, spying, supply chain, technology, video
People who don’t actually “do things” have no idea at all about the possibilities. No doubt, most of the Hezbollah leadership consists of people incapable of technical comprehension; they’re essentially “magical thinkers” who just use the technology they’re handed. The actual “capable people who understand” are likely two or three layers lower than dirt in the hierarchy, and odds are, they were overruled when they pointed out the potential problems.
I’d again like to point out that this was a layered attack, likely years or even decades in the making. The first essential step was convincing the leadership of Hezbollah that the smart phones they were using were security risks… That done, then they somehow convinced the “technical experts” in Iran and Hezbollah that pagers were a solution, and that instead of buying dozens of different ones from different sources (the way the mob buys burner phones…) they should get them from one supplier…
This was a highly complex, multi-layered attack, conducted over a very long period. If I were the Iranians and Hezbollah, right about now? I’d be questioning a lot of my life-choices, and be re-evaluating them.
Oh, smart phones are unquestionably a security risk. Unless you’re taking extraordinary precautions, both your location and your metadata are stored by whatever carrier they’re using in Lebanon, and I bet Israel already has backdoor access into that. And that’s to say nothing of individual applications (like Facebook) storing their own tracking metadata. Knowing Hezbollah, I’m guessing the sort of infosec required to keep various low-level foot soldiers from installing unathorized apps was just beyond them.
Browser cookies can also store their own metadata, and all that data can be aggregated and sold for ad revenue. And that’s just advertising companies selling your data, no malware required. And then there’s the treasure trove of email and text messages than can be accessed on compromised or insecure servers.
And, as Russia has learned, even just videos and pictures are useful sources of information in the hands of skilled intelligence sources (or distributed networks of geeks like 4Chan or Reddit).
So yes, having pagers actually would forestall many of the attack surfaces offered by smart phones. But only if you have a verified, secure supply chain to buy them from…
Lawrence, somebody had to convince the people “in charge” that smart phones were an issue, and the only way to actually do that would be to exploit the damn things and present them with facts on the ground. So long as it’s just something that the “guys not in charge” were merely “warning” against? The threat ain’t real.
Trust me on this: I was writing white papers up and handing them off to my bosses circa 2003-04 in reference to the risks associated with social media and connected commercial devices. At the time, my warnings were more about digital camera metadata and idiots posting things on MySpace, but everything I said was discounted and blown off. As a subordinate unit coming under 101st Airborne Division before its second deployment to Iraq, I had a presentation and paper I handed off to them, asking those questions about how we were to deal with the whole issue. They all stared at me like I had a third eye, or something… The majority of them simply could not comprehend the threat, even when I explained it in little-bitty words and had pictures depicting the problems.
We were to leave in November; this was presented to the Division staff in, oh, I believe starting in May-June timeframe. Whole thing was greeted by all concerned with incredulity and doubt, and I was told that I was delusional and over-reacting.
I never knew what incident precipitated the change, but in mid-August we got a ton of “guidance” basically regurgitating my earlier work, and they were all suddenly “concerned” about the threat of social media. The change had been pressed down from above, via CENTCOM, so I presumed it was something in-theater. None of the people involved who I had briefed bothered to remember my warnings, but they were damned certain to enforce the new edicts from the theater command.
The problem with hierarchy is that the people who thrive in such organizations usually wind up in charge of them, and they’re usually party-line dolts with limited imaginations and very little in the way of creativity or actual practical intelligence. This is why “young” organizations such as 1960s NASA are so different from the sclerotic NASA of the 1980s, and why SpaceX is running rings around the much “older” Boeing competition.
The signature of one of these sclerotic hierarchies is that while correct information rising up from under the management level gets ignored, the edicts delivered from on high are enforced with draconian glee, no matter what.
I’d also point out that to this day, the US Army has no workable solution to the issues of smartphones. Nobody does, despite their potential for all sorts of good things being enabled by them.
Hell, if it was me, they’d issue purpose-built units in Basic Training, use them to do much of the training on, and then have them set up such that the unit COMSEC officer can disable features like accessing the local cell networks. That’s the only way they’re ever going to get on top of this issue, but they’ll also never take it. Too unimaginative, too stupid, and nowhere near creative enough.
Not all military electronic production is low-volume. Anti-submarine sonobuoys and man-portable radios, for example, look very much like commercial technology, and such contractors have to adopt organizations that resemble civilian production for things like industrial equipment or even consumer durable goods, albeit with some domestic supply chain constraints. That can be quite the culture shock for the big monopsony/monopoly players, so these contracts tend to go to 2nd tier players or operationally independent subsidiaries.
Kirk, as you’ve pointed out before, parts of the Third World ascribe magic powers to the West. It’s not very hard to see a panic setting in naturally, especially given all of the rumors (and ACTUAL cases) regarding devices and apps spying on people for fun and profit. And, yes, the IDF has a long history of effective ELINT, and smartphones are not only vulnerable, but fools tend to use them in unsafe ways (how much valuable intel have Russians uploaded to the world on their own?). So, I don’t see see a need to plant the idea of going low-tech in Hez’s leadership’s heads. It’s certainly possible, but they could have legitimately arrived at the same conclusion entirely on their own. At that point, it’s just a matter of Mossad finding out about their plans and coming up with a way to convince them to buy *that* certain set of pagers, probably with bribes and discounts involved… that’s where the real tradecraft would have been.
@A.Nonymous,
I didn’t mean to imply that the Israelis “planted” the idea. All they had to do was demonstrate that they were capable of using those smartphones to the detriment of the Hezbollah types, and that demonstration would have done the work.
Wouldn’t surprise me a bit if there were Israeli influencers high up in organization. I would certainly suggest so, because if you had the wit I’d attribute to Mossad, the potential long-term effects could be parlayed up into years and even decades of mistrust… “Oh, that Ahmed… You know, he just happened to have left his pager at home, that morning… I wonder if he had a warning? Is he a possible Israeli agent…?”
Play your cards right, as a Mossad operator, and you could get years worth of work out of this. Implement plans-within-plans, and look to the long term; you could get serious mileage out of some creativity and very little effort.
This is one of the things that just annoyed the crap out of me with our own intel efforts; they did not seem to comprehend, within the hallowed ranks of our midwit intelligence agencies, just how to go about f*cking with the Islamic mind in either Iraq or Afghanistan. If it had been me? LOL… I’d have done so much damage to their equanimity that they’d still be spinning. All those Guantanamo Bay prisoners we released, and who went right back to making trouble? I’d have simply brought them in for some medical checks before releasing them, done just enough work to make them think that we might have implanted something into them, and then made damn sure that every one of them that went back to Afghanistan or Pakistan got a drone visit. You’d have had them hacking off limbs, to get rid of the tracker, and everyone in the organization would have made pariahs of them. Wouldn’t have taken much to do that, and it would have drawn attention away from our actual intel sources…
None of our guys are either that creative or that switched-on. Utterly unimaginative; Meinertzhagens they are not.
The “Factory in a Shed” is not new but is becoming increasingly common. Half a century ago, I heard an apocryphal story of a small business that made valve lifter bodies for Ford. The “business” was housed in a two car garage. It was completely automated. The owner periodically loaded the bar stock and form tool magazines and removed crates of machined parts. Most of the time, the line ran unattended with the lights off.
I will say that the Grim Beepers were well engineered for the task; designed to kill or injure the person holding the device and little else. The Israelis could have engineered much more explosive into the device by making the case using one of the hard plasticized explosives like LX-14 but this would have injured more civilians.
The high irony here, aside from making Hezbollah buy the bombs, is they would have got better security from going to an older cell phone, let’s say a ’90’s Motorola Razor, than they got with the new pagers. Aside from tower tracking. But then, that’s what they’ve got Stingrays for.
Injection moulding case halves with a commercially attractive SPI Class C finish would be the challenging, long lead time task on the critical path to make these pagers. IMI has lots of circuit board capacity, but limited injection moulding die sinking capacity.
IMI may not have the injection molding experience, but the rest of Israeli industry? They do that all day long, in job lots. Hiding a production run of pager bodies in with all that would have been child’s play, and even if Hezbollah or Hamas operatives were at work in those Israeli factories at the time of production, they’d have never known what they were making.
One would think that after decades of this Wile E. Coyote crap, constantly playing the coyote to Israel’s roadrunner, that the Arabs of the region would learn, but… Nope. They can’t, apparently.
The wise move, historically speaking? Would have been to embrace all their fellow Semites coming home, integrated them in, and then provided them with all the oil wealth they could possibly use to recreate the glories of the old days. Instead, they decided to fight over a piece of land that they’d ruined for generations, and here we are. As an ethnicity, the Islamic Arabs are sadly not all that wise; it’s always taken an outsider to lead them anywhere effective. One should remember that Saladin was a Kurd, and that the Arab Legion was set up and handed over to the Hashemites by outsiders, namely the British. Arabs can be good soldiers, but left to themselves and their own leadership resources…? Historically, it’s been chaos.
Regarding to convincing Iranian Revolutionary Guard and Hezbollah that their cell phone are security risk. Mossad have thoroughly infiltrated telcos in Lebanon that IDF planes were using cell tower triangulation to for targeting. After so many years of their guys getting mysteriously droned, it isn’t a leap for them to be convinced to switch to a lower tech solution.
Exactly what I was getting at…
If you do “war” right, you effectively conduct training on your enemy such that they do as you want them to, making it easier to kill them.
Ideally, this is a multi-step process that you have planned in advance so that you can take advantage of it. Condition them to think that you’re using cell phones to track them, then take advantage of their move to pagers, then once they’ve done that, be prepared to take out the replacement for pagers.
Not sure where they go, after that, but… I’m sure Israel is waiting in the wings with something to take advantage of it all.
“IMI may not have the injection molding experience, but the rest of Israeli industry? They do that all day long, in job lots. Hiding a production run of pager bodies in with all that would have been child’s play, and even if Hezbollah or Hamas operatives were at work in those Israeli factories at the time of production, they’d have never known what they were making.”
Die sinking for plastic molding less than 100 shots is fairly quick. Die sinking for more than 100 plastic moulding shots requires cutting extensive cooling passages. Even here in America I never got a cooled plastic mould any quicker than 60 days, and I had to commandeer an entire die shop.
Such balls out efforts don’t really lend themselves to security.
Not too clear on the point of your blithering, but…
https://www.aran-rd.com/
That’s one of many Israeli companies, at least one of which was probably involved in making the machinery for whoever was doing the injection molding of those pagers in the first place. It would have been fairly simple to either have the bodies redirected off the production lines that made them originally, or divert the requisite molds to where the Israelis could have them made. Given that this is a well-known area of Israeli expertise…? I’m not so sure your lead times here in the US are even relevant, as much industrial capacity as we’ve shipped overseas. Your “60 days” could well have included them shipping the molds in from wherever they were actually fabricated.
As it happens, I happen to know a bit about the industry: Microsoft used to have its dies made in Europe and Israel to their designs, and then brought them here to the US for quality-control checks, and then shipped them off again to where they were doing their contract manufacture in Asia.
How do I know this? My brother-in-law has some the crates (more stainless steel shipping containers) that he used to move the damn things around for Microsoft here in the Puget Sound area.
Your example, Aran, produces their injection mould designs in Shenzhen, China. There appear to be 5 injection moulding die sinkers in Israel.
Did the grim beepers use a mould identical to one already in production? That would be the simplest answer. Why reinvent the wheel, if you happen to have one within reach when you need one?
Consumer electronics are usually designed from the inside out. The case is the last element of a design and is devised to barely clear the guts.
It is important to present internal free space within an exploding pager case comparable to similar none plosive devices if you are trying to conceal 50+ grams of PETN. An obviously stuffed interior (or diminished battery life) raises the suspicion of curious targets.
Hence a custom case.