HomePoliticsAnalysisThe Digital Footprint of Mass Killings: Insider Betrayal Cyberwarfare or Data Leaks?

The Digital Footprint of Mass Killings: Insider Betrayal Cyberwarfare or Data Leaks?


A photo taken on September 18, 2024, in Beirut's southern suburbs shows the remains of exploded pagers on display at an undisclosed location. Hundreds of pagers used by Hezbollah members exploded across Lebanon on September 17, killing at least nine people and wounding around 2,800 in blasts the Iran-backed militant group blamed on Israel. (Photo by AFP)

On Lebanon sovereignty, security, and targeted assassination: the pattern of Israeli killings in the country is a testament to the evolving nature of modern warfare, where cyber tools, data leaks, and intelligence-gathering overlap to produce deadly outcomes

Tuesday September 17 pagers used by Hezbollah members – including fighters and medics – detonated simultaneously across Lebanon around 3:30 p.m. (1230 GMT) killing at least nine people. Nearly 4,000 plus were wounded according to unofficial counts (2750, according to Ministry of Health sources). Blasts lasted around an hour, with witnesses and residents of Dahiyeh saying they could still hear explosions at 4:30 p.m. (1730 GMT).

One day after the same event occurs, this time talkies walkies explode. More than 100 people were wounded on this day.

The September 17 and 18 security breaches are not the last one; a number of Lebanese received messages Monday, September 23, on their mobile phones from the Israeli enemy stating: “If you are in a building that’s storing weapons belonging to Hezbollah, stay away from the village until further notice.” Even the Minister of Information Ziad Makary received a similar threat. OGERO sources confirmed the calls saying that they originate from many 04 Lebanese numbers. 

The Israeli enemy has also breached fixed-line telephone lines (07) and contacted several Lebanese individuals, urging them to distance themselves from anything related to Hezbollah. They warned them saying: “Anyone near Hezbollah facilities and weapons is putting their life at risk.”

The attack on beepers and talkies walkies were sophisticated, according to security sources and footage on social media, reportedly Israel’s Mossad spy agency planted a small amount of explosives inside 5,000 Taiwan-made pagers ordered by Lebanese group Hezbollah months before Tuesday’s detonations. The operation was an unprecedented Hezbollah security breach. Wounds are as problematic as mutilation of arms, kidneys and enucleation. AUBMC sources say that more than 1000 eye implantations will be needed in the coming days.

Security breaches of Hezbollah are not new over the past nine months, Israeli forces have conducted precise strikes targeting individuals, homes, and vehicles in South Lebanon and Beirut’s southern suburbs, severely disrupting daily life in Lebanon. These violations stem from years of data mismanagement, allowing Israeli military intelligence to exploit compromised Lebanese telecommunications networks, enabling them to spy on civilians, endangering lives, and causing widespread displacement.

In the complex geopolitical landscape of the Middle East, and as technology continues to evolve, these assassinations raise many questions: are these killings a product of advanced cyberwarfare, or are they facilitated by data leaks and compromised security within Lebanon?

 

History of illicit telecom structure

In the early 2000s, Lebanon witnessed a surge in the illegal use of beepers and walkie-talkies, particularly in remote and conflict-prone areas. These devices, which were originally meant for private communications, became tools for smuggling operations, illegal business activities, and even intelligence gathering. Unregulated sales of these devices grew, making it difficult for authorities to control their usage. By 2005, the Lebanese government, recognizing the potential security threat, initiated crackdowns on unauthorised communication networks. Raids and confiscations followed, but the devices had already become embedded in various sectors, from private businesses to militia groups. This period, often referred to as the “explosion” of beepers and walkie-talkies, highlighted the challenges of controlling communication technology in a country with weak regulatory frameworks, deep political divisions, and security concerns.

Also as early as the 1990s, Hezbollah began using the existing Lebanese communications infrastructure for its internal use. At the same time, Hezbollah began building a communications infrastructure parallel to that of the Lebanese state for the use of the organisation’s more sensitive communications. Hezbollah’s communications were both separate and interwoven in the Lebanese state’s communications system and soon after also into the global communications system.

 

How important is the independent communications network for Hezbollah?

Lebanon’s government warned its friends that “Iran telecom” was taking over the country two years ago when it uncovered a secret communications network across the country used by Hezbollah, according to a US state department cable.

Reports In 2007, asserted that Iran funded and improved Hezbollah’s new cellular infrastructure by building private cellular telephone networks that included high-frequency encrypted cells (“Iran telecom”). In a statement sent to the U.S. Embassy in Beirut, Lebanese Communications Minister Marwan Hamadeh then, wrote that the system was “a strategic victory for Iran since it creates an important Iranian outpost in Lebanon, bypassing Syria” … the value for the Iranians as strategic, rather than technical or economic.

The discovery in April 2008 came against a background of mounting tensions which escalated into street fighting in the capital just weeks later.

The US document, classified secret/noforn (not for foreign eyes) exposes deep regional and international concerns about the volatile situation in Lebanon amid fears of a new clash with Israel following the 2006 war.

Information on the Hezbollah fibre optics network, allegedly financed by Iran, was immediately passed to the US, Saudi Arabia and others by Lebanese ministers. The French president, Nicolas Sarkozy was “stunned” by the discovery, the US embassy reported.

The Lebanese are bound to assume that the information also went to Israel, for whom Hezbollah is a significant enemy and priority intelligence target.

The US cable is one of several that have been published in Beirut by the leftwing al-Akhbar newspaper which has apparently been leaked as part of the WikiLeaks cache obtained by the Guardian, the New York Times and three continental European publications.

Al-Akhbar has highlighted contacts between the March 14 movement led by the ousted prime minister Saad al-Hariri, the US and the Saudis, prompting denials or defensive reactions from those named. May 05, 2008, The Lebanese government, led by Fouad Siniora, decided, among other things, to dismantle Hezbollah’s independent underground telephone network, which was based on Lebanon’s cable infrastructure placed inside the state’s communication ducts. The purpose of Hezbollah’s independent telephone network is to provide communications between Hezbollah headquarters throughout Lebanon.

Hezbollah’s response to these decisions was swift and aggressive. In a speech on 8 May 2008, Nasrallah declared that Hezbollah’s independent telephone communications network was one of Hezbollah’s main weapons and any harm to it was in fact a declaration of war on Hezbollah. A few hours after Nasrallah’s speech, Hezbollah operatives with the aid of Amal activists took control of west Beirut, besieged the international airport, laid siege on the Sunni community leaders centre, headed by Saad Hariri, setting fire to the al-Mustaqbal network offices owned by Hariri and serving as his party’s mouthpiece.

 

The role of cyberwarfare

With the rise of cyberwarfare, Israel’s intelligence capabilities have become increasingly sophisticated. The Israeli Defense Forces (IDF), along with the renowned Mossad and Unit 8200, are known for their advanced cyber capabilities, allowing them to penetrate networks, intercept communications, and conduct espionage at unprecedented levels.

It is true that Lebanon spans decades, with a history of military intervention, espionage, and targeted assassinations, especially against Hezbollah leaders and operatives. Many of these killings are precise, with individuals eliminated in highly secure environments, suggesting that Israel’s intelligence agencies possess detailed knowledge of their targets’ whereabouts, movements, and networks. One of the most high-profile examples is the 2008 assassination of Hezbollah military commander Imad Mughniyeh in Damascus, Syria. A car bomb, reportedly planted by Israeli agents, killed Mughniyeh in a secure part of the city, leading to questions about how Israel was able to track him with such precision. Similar patterns have occurred in Lebanon, with key Hezbollah and Iranian-linked figures being targeted.

This raises the question: are these killings the result of Israel’s cyberwarfare superiority? Unit 8200, Israel’s elite cyber intelligence unit, is often credited with executing cyber operations that compromise the security of hostile entities. For example, it is believed to have played a key role in the Stuxnet virus, which disrupted Iran’s nuclear program in 2010. The same cyber capabilities could easily be deployed in Lebanon, where Israel has a vested interest in monitoring Hezbollah’s activities and those of its allies. By infiltrating digital networks, Israel could potentially gain access to encrypted communications, satellite imagery, and real-time data on the movement of high-value targets. This capability would allow Israeli intelligence to execute “remote” assassinations with minimal physical presence, relying on cyber tools to plan and execute operations from afar.

 

The possibility of data leaks

 While cyberwarfare is a plausible explanation for Israel’s successful assassinations, data leaks and insider betrayals within Lebanon may also play a significant role. Lebanon’s political and security apparatus is often fragmented, and various factions have been accused of leaking sensitive information to foreign entities, including Israel. Internal corruption, financial incentives, and political infighting create opportunities for Israeli intelligence to exploit vulnerabilities within Hezbollah, the Lebanese army, and other groups. There have been multiple reports of Israeli intelligence infiltrating Lebanese networks through local informants, sometimes planting bugs in phones or offices to gather crucial information on targets. Moreover, the infiltration of mobile phone networks and communications channels in Lebanon has been a recurring issue. In 2010, for example, the Lebanese government accused Israel of tapping into its telecom networks and using the data to track and assassinate Hezbollah leaders. These accusations suggest that Israel’s intelligence operations rely not only on cyberwarfare but also on exploiting weaknesses within Lebanon’s digital infrastructure and security protocols.

Despite Lebanon’s weak cybersecurity infrastructure, including the country’s official websites, the government has been investing time and money to accumulate data of citizens by digitization of the public sector.

This shift, although crucial in improving governance, has had its backlash on citizens’ privacy. For example, telecommunications companies in Lebanon, Touch and Alfa, offer a service of selling phone numbers and emails of users to companies wishing to attract more clients by reaching out to people via messages or emails. The data supplied segments the target audience according to their gender, age, and profession, according to the companies’ websites.

 

Technological advancements or local failures?

The debate between cyberwarfare and data leaks as the primary tool for Israeli assassinations in Lebanon boils down to a combination of both. On one hand, Israel’s technological advancements in the field of cyber intelligence have given it a significant edge in identifying and neutralising threats. Through cyber espionage, Israel can gather real-time intelligence on enemy movements and communication, allowing it to strike at the most opportune moment. On the other hand, local failures within Lebanon’s intelligence and security networks cannot be ignored.

Lebanon’s infrastructure, especially in terms of digital security, has long been vulnerable to foreign interference. This makes it easier for Israeli intelligence to access sensitive information through leaks or compromised systems. Furthermore, the fractured political landscape in Lebanon often leaves space for internal informants to cooperate with foreign powers, knowingly or unknowingly leaking information that could facilitate assassinations.

 

The hybrid threat

Ultimately, Israeli operations in Lebanon can be seen as a manifestation of a hybrid threat that integrates advanced cyberwarfare with the strategic exploitation of data leaks. Israel’s intelligence community has honed a dual approach, leveraging cutting-edge technology alongside traditional human intelligence. This synergy enables them to effectively track and neutralise targets. Lebanon’s persistent vulnerability to cyber infiltration and internal disarray poses significant risks. With cyberattacks increasing by over 40% in the region in recent years, and incidents of data breaches becoming more common, the need for robust digital security measures is urgent. Without significant advancements in areas such as communication encryption and organisational cohesion, Lebanon will continue to be an attractive target for Israeli intelligence operations, whether through sophisticated cyber tactics or traditional data-gathering methods. Addressing these vulnerabilities is essential to bolster national security and resilience against external threats.

To be noted that reports indicate that GPS spoofing has been happening since October last year. It even caused two aeroplanes to turn back and return to Turkey. Today, planes approaching Lebanon use different location services than their autopilot sources in the industry say. The authoritative site gpsjam.org shows an increased level of 10 percent spoofing here. Israel is using jamming and spoofing technologies to confuse GPS and telecommunications signals as part of its war strategy, a report by the authoritative internet watchdog SMEX says. GPS spoofing was also reported in the region, originating from unknown transmitters around the Iran-Iraq border and the Lebanese-Israeli border, detected by the United States Maritime Administration. GPS spoofing in Lebanon was also reported by organisations tracking its airspace. OPSGROUP and OLBB FIR (Lebanon’s flight information service) reported several cases of critical navigation failures on aircraft that departed from Tel Aviv and were led to fly toward Lebanon.

Earlier in the year The Ministry of Social Affairs, the Ministry of Justice and Lebanon’s Parliament website were also targeted. The Chamber’s press office announced this with all the gravity of a weather report. When news broke that the Ministry of Justice’s data was being hawked for Usd4500, one might have expected an uproar. 

For now, our data remains endangered, as it has been made easily accessible for the Israelis.

 

When did the data leaks start

Launched in 2015, the application Cars 961 allowed users to access detailed information about vehicle owners by simply uploading a car’s plate number. This app provided sensitive personal data, including the owner’s full name, address, date of birth, and phone number, before it was ultimately shut down. Unfortunately, this was not the first instance of such data leaks in Lebanon. Each year, personal data related to car plate numbers continues to be compromised due to the inadequate data storage and protection policies employed by the Lebanese government. For instance, sensitive information is often stored on unencrypted CDs, which have been leaked multiple times, facilitating the falsification of vehicle registrations. These CDs typically contain extensive data on car owners, including their full name, date and place of birth, registration number, residential address, cell phone number, and home phone number. Although the government began issuing biometric drivers’ licences in 2017 following a contract with Inkript, a Lebanese software development firm, the risk of data breaches remains high. Many governmental websites still lack robust security measures, leaving critical information exposed and vulnerable to exploitation. As a result, the protection of personal data in Lebanon continues to be a pressing issue.

 

Threats of leaking Syrian refugees’ data

In 2023, the Lebanese government requested access to data on over two million Syrian refugees residing in Lebanon from the United Nations High Commissioner for Refugees (UNHCR). Following negotiations, the UNHCR complied, and a military official confirmed that the sensitive information was transferred to the Lebanese authorities. This move has raised significant concerns among human rights organisations and activists, who fear that the data could be handed over to the Syrian regime. Such actions could facilitate a crackdown on political opposition and pressure refugees to return to Syria, where many face persecution. Given Lebanon’s fragile political climate and ongoing tensions, the implications for these refugees could be severe. Moreover, Lebanon’s data security infrastructure is notoriously weak, making this sensitive information vulnerable to unauthorised access. Previous incidents have shown that governmental staff sometimes leak or sell personal data to third parties, exacerbating fears about the misuse of refugee information. The combination of potential state surveillance and inadequate data protection could put millions of refugees at risk, highlighting the urgent need for stronger safeguards to protect their privacy and safety.

 

Lebanese embassies expose data of voters abroad

Following the parliamentary elections on May 6, 2018, Lebanese residents living abroad received emails containing personal data intended to confirm their voter registration. These emails included sensitive information such as voters’ full names, mothers’ names, fathers’ names, gender, date of birth, religion, marital status, and addresses. In a concerning incident, Lebanese expatriates in The Hague received an email that inadvertently CC’d over 200 voters, allowing all recipients to view and potentially share each other’s personal information. Similarly, the Lebanese embassy in the UAE sent confirmation emails to approximately 5,000 Lebanese expatriates, raising serious privacy concerns. Additionally, in various countries, voters were targeted with messages from political candidates as part of campaign strategies to encourage participation in the elections. These incidents highlighted significant flaws in data protection practices within the Lebanese electoral system, revealing vulnerabilities that could expose sensitive information to unauthorised access and misuse. As a result, there is a pressing need for stronger data privacy regulations and better training for officials handling voter information. Another way of accumulating data includes the biometric passports, licences, credit cards, and lately, civil extracts that have been issued by the Ministry of Interior. 

As if the embassies, telecommunications, car plates, AUB, OGERO, ministries and special tribunal data leaks were insufficient, the Lebanese government is striving to gather more data from its citizens to be handed to a poorly protected and easily penetrated telecom infrastructure.

 

A hacking scandal in the history of Lebanon

In July 2018, Krypton Security, a Lebanese hacking firm established in 2013, compromised the security of several major public institutions in Lebanon. The breach affected critical systems, including civil flight data at Beirut International Airport, the websites of the Ministry of Economy and the Ministry of Interior, OGERO (the telecommunications provider), and the Civil Status Directorate. Additionally, the hackers accessed information from platforms associated with Lebanese security agencies. The breach came to light when Inconet Data Management (IDM), an internet distribution company, lodged a complaint with the Public Prosecution Office after unsuccessful attempts to stop the hacking activities that had begun in 2017. Investigations subsequently linked the attacks to Khalil Sehnaoui, a Lebanese-Belgian consultant and head of Krypton Security.

 

Schools’ continuous data leaks

In 2023, the Ministry of Education inadvertently published the personal data of over 27,000 teachers from Lebanon’s public schools on its official website. This data, which was exposed due to a technical error, included teachers’ names, email addresses, working hours, marital statuses, and bank account numbers. Notably, the ministry did not issue a justification or correction for this breach. This incident is not isolated. In 2022, approximately 56,000 Grade 9 students had their personal data, including grades and identification details, publicly disclosed online. Following that leak, the Ministry of Education announced an investigation but simultaneously emphasized its intent to digitize data for employees and students, neglecting to address the underlying issues of Lebanon’s weak cybersecurity infrastructure. These recurrent breaches underline the urgent need for comprehensive data protection policies and improved security measures within governmental institutions to safeguard sensitive information.

 

Ministry of Communications hands over citizens’ data to Lebanon’s Special Tribunal

During his tenure as Minister of Telecommunications from 2005 to 2008, former MP Marwan Hemadeh collaborated with the Special Tribunal for Lebanon in the aftermath of the assassination of former Prime Minister Rafic Hariri on February 14, 2005. To support the ongoing investigations, Hemadeh provided the tribunal with data concerning individuals residing in Lebanon, facilitating the tracking of phone calls related to the case. The tribunal’s verdict, issued 15 years later, found Salim Ayyach, linked to Hezbollah, guilty in absentia while acquitting three other suspects. The investigation faced significant challenges, including the assassination of Lebanese investigator Wissam Eid in 2008. Eid had played a crucial role in the inquiry, supplying critical plans and phone numbers connected to the attack on Hariri. His murder underscored the dangers faced by those involved in high-profile investigations in Lebanon, highlighting the intricate connections between political violence, security, and the manipulation of telecommunications data in the region.

 

What’s next

The pattern of Israeli killings in Lebanon is a testament to the evolving nature of modern warfare, where cyber tools, data leaks, and intelligence-gathering overlap to produce deadly outcomes. While it is likely that Israel uses its cyberwarfare capabilities to track and eliminate high-value targets, data leaks from within Lebanon’s own institutions also play a critical role. For Lebanon, addressing these vulnerabilities is essential to protect its sovereignty and prevent further breaches that lead to targeted assassinations.

 

Maan Barazy is an economist and founder and president of the National Council of Entrepreneurship and Innovation. He tweets @maanbarazy

The views in this story reflect those of the author alone and do not necessarily reflect the beliefs of NOW.