The pager explosions in Lebanon on 17-18 September were the real-life manifestation of Bruce Williams’s movie Live Free or Die Hard, wherein the key antagonist employs cyber-attacks to wreak severe physical harm and deaths. Cyber-kinetic warfare, which was once a fictional construct, has now emerged as one of the most lethal means to inflict direct and indirect physical harm by sabotaging susceptible information systems and processes.
Cyber Physical Systems (CPS) remain the fundamental targets of cyber-kinetic attacks. These systems imply staunch integration-cum-coordination between physical and computational resources. CPS technologies are widely embedded in various industrial sectors such as automotive systems, environmental control, process control, distributed robotics, avionics, the defence industry and the energy sector, alongside critical infrastructure control, including water resources, electric power and, most notably, communication systems. Lebanon’s pager explosions have reignited attention towards cyber-kinetic warfare that, in turn, offers multifaceted lessons for Pakistan.
Cyber-kinetic attacks are not a novel phenomenon, and various hackers, including disgruntled employees and teenagers, employed them in the early 21st century. Various laboratory experiments, such as the 2007 Department of Defense Aurora Generator test―a cyber-attack to annihilate the electric grid and the 2010 CarShark―a tool created to function as a bus analyser as well as packet injector on Controllable Area Networks, augur the use of cyber-kinetic as systematic advancement of cyber warfare. However, in true essence, Stuxnet remains the first ever cyber-kinetic weapon.
Under the clandestine Operation Olympic Games, Israel’s Mossad, the Central Intelligence Agency and the National Security Agency developed a sophisticated digital weapon named Stuxnet that attacked Siemens Step7 software, crucial for handling industrial equipment, particularly centrifuges, to enrich uranium in Iran’s Natanz facility. Consequently, it debilitated almost 1,000 centrifuges, causing temporary deferment in Iran’s enrichment activities.
The pager blitz
The most recent example of a non-cyber-kinetic attack is Israel’s orchestration of pager attacks in Lebanon. Pagers are tiny communication devices that use radiofrequency to transmit messages. It is hard to monitor these devices given their non-reliability on physical hardware, making them comparatively secure to use by groups such as Hezbollah. Israel’s Mossad agency weaponised pagers into mini bombs to be used against Hezbollah during the ongoing Israel-Palestine issue. On 17-18 September, 2024, Lebanon witnessed the explosion of hundreds of pagers all across the country that brutally injured 3,500 and killed 42 people.
The intelligence agency of Israel concealed one of the most lethal explosives, the PETN explosive, with an electronic circuit of a pager signifying an amalgamation of technical acumen and spycraft. As per sources, Israel implanted nearly three grams of PETN in pagers coupled with a detonator activated remotely via coded message. The shipment of pagers to Lebanon remained halted for three months in a nearby harbour, and during this time, they were infested with explosive material. Pagers were found to be ingrained with the brand name “Gold Apollo”, a Taiwan-based tech company; however, it denied making them and asserted that BAC, a Hungary-based company, manufactured them under licence. Besides cyber-kinetic warfare, the process of infiltrating pagers also highlights the effective manipulation of the adversary’s supply chain, known as supply chain interdiction, thereby sparking fear of supply chain warfare. It demonstrates how enemies can target supply chains to steal critical data, sabotage resources and interdict operations.
Lessons for Pakistan
The unprecedented use of cyber-kinetic attacks in modern warfare offers strategic lessons for nations, particularly Pakistan. The weaponisation of ostensibly innocuous pagers implies how inimical forces can abuse lacunas in supply chains. With the changing landscape of cyber threats characterised by enhanced lethality of zero-day vulnerabilities and advanced persistent threats (APTs), stringent supply chain security measures and vendor risk management have become immensely important.
Pager attacks also highlight the burgeoning use of cyber tactics to sabotage communication systems in military operations and espionage. All these aspects necessitate the prioritisation of security protocols, notably in military communications networks and critical infrastructure. To further national resilience and mitigate risks emanating from cyber-kinetic and supply chain warfare, Pakistan shall devise and execute robust cyber security measures, consistently carry out vulnerability assessments and use advanced tracking devices to monitor shipments. Proactive intelligence in synergy with the security institutions is needed to neutralise risks prior to their occurrence. Lastly, it should promote the indigenisation of the defence sector to reduce reliance on Western technologies.
READ: Pakistan condemns Israel’s ‘growing adventurism’, calls on UN to stop it
The views expressed in this article belong to the author and do not necessarily reflect the editorial policy of Middle East Monitor.