720-891-1663

Cyber-Physical Hacks

Historically, we have physical universe attacks like Columbine or Gaza and the many variants in between.

Then we have the cyber universe attacks like Caesar’s Casino and Crowdstrike (which was a cyber incident but not an attack).

But more recently, we have begun to see cyber-physical attacks. The Colonial Pipeline attack that shut down the fuel supply to the US East Coast is one. The Stuxnet attack on the Iranian uranium enrichment program, widely believed to be the work of the US and Israel, is another.

Neither of these cyber-physical attacks hurt anyone.

But this week we had a cyber-physical attack that left 12 people dead so far and a couple of thousand injured. That is when cyber-physical attacks get very real.

Thousands of Hezbollah terrorists are reported to be injured in the attack.

The attack, as best we know now, synchronously exploded encrypted pagers that Hezbollah operatives had in their pockets. The pagers were recently purchased by Hezbollah, indicating a supply chain security problem.

One video post on Twitter shows the current state of the universe in Lebanon.

The pager explodes, the target falls down and most of the people near by just walk the other way. A few stand around, I guess to see what is going to happen next. Not a single person moves to help the guy.

It is possible that the locals knew the person was a terrorist and there was no sadness that he was killed.

But from a cybersecurity standpoint, how did someone (possibly Israel, but like with the Stuxnet attack, no one is fessing up right now) compromise several thousand pagers including putting some kind of explosive in them, get them deployed and then, get them all to explode at the same time. That is a very impressive bit of cyber-physical espionage.

These pagers were only a few months old and some “unnamed sources” said that among the victims were top Hezbollah leaders and their advisors. That by itself is a big challenge – make sure that the people they wanted to kill or injure actually had the new pagers.

A Saudi news channel said hundreds of pagers were detonated at the same time and around 500 terrorists are reported to have lost their eyesight, probably because, reports said that the pagers heated up before they exploded and people took them out of their pockets to look at them and then boom.

The attacks took place in both Beirut, Lebanon and Damascus, Syria.

Hezbollah leader Hassan Nasrallah ordered the pagers to replace cellphones used by the terrorists because cell phones were both traceable and hackable. I guess he didn’t consider a cyber-physical attack.

One EOD expert suggested that the explosive could have been the size of a pencil eraser, easy to hide in the compromised hardware.

Credit: Cybernews and SecurityWeek

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *