Hezbollah likely to launch retaliatory cyberattack on Israel, expert says
After the attack on Hezbollah beepers in Lebanon, concerns grow over the group's potential cyber capabilities against Israel.
When thousands of Hezbollah beepers exploded simultaneously across Lebanon last week, Israel was widely seen as the likely perpetrator, though it remained silent on the incident.
The explosions, occurring in markets and on the streets, shocked onlookers and raised concerns across the region. Many began to wonder how far enemies would go in their attacks, and how vulnerable modern societies have become with increased reliance on internet-connected devices.
Although Israel did not claim responsibility for last week’s attacks on beepers and walkie-talkies, it is widely believed to have carried them out. Dozens were killed and thousands injured, most reportedly members of Hezbollah.
Hezbollah’s leader, Hassan Nasrallah, vowed to avenge the attack.
So far, Hezbollah has responded with a massive rocket barrage on northern Israel over the weekend. However, the Iranian-backed group is also believed to have cyber capabilities that could be used in retaliation.
Is Israel vulnerable to a similar attack? And is it prepared for a widescale cyber offensive against its infrastructure?
No country is immune to such an event
“No country is immune to such an event,” Osher Assor, managing partner at Israeli cybersecurity consulting firm Auren, tells The Media Line. But, he says, Israel closely monitors its supply chains, ensuring that devices are thoroughly vetted before entering the country.
The Israeli Standards Institution plays a critical role by vetting nearly every product and service entering the country. “Israel could be exposed to attacks on the different stages of its supply chain,” says Assor. “But I presume that products are tested long before they enter the country.”
Details of the beeper attack surfaced over the weekend, though no one has confirmed responsibility. Media reports suggest the pagers were made by a shell company that embedded small, undetectable explosives inside. Hezbollah was caught off guard by the simultaneous explosions, and in a Thursday speech, Nasrallah admitted the attack’s success.
Without a doubt, we have suffered a major blow
“Without a doubt, we have suffered a major blow,” he said in a televised address.
Hezbollah is considered one of Israel’s most formidable enemies, with precision-guided missiles, well-trained troops, and cyber capabilities built over two decades. Experts say Hezbollah and Iran are also involved in global drug trafficking, using those funds to finance constant upgrades to their cyber capabilities. A 2012 Washington Institute report suggested Hezbollah’s drug trafficking revenue likely surpassed its income from all other sources. Hezbollah has consistently denied involvement in the drug trade.
“As the greatest drug barons in the world, Hezbollah and Iran have wide-reaching infrastructure, the ability to create shell companies and launder money all around the globe that enables them to transport whatever they want to wherever they want,” retired Cmdr. Dr. Eyal Pinko, a senior research fellow at the Begin-Sadat Center for Strategic Studies and a former senior consultant for intelligence, cyber, and security at the Israeli National Cyber Directorate, told The Media Line. “These abilities exceed those of Israel by far.”
This infrastructure gives Hezbollah the potential to conduct attacks similar to last week’s pager explosions.
Pinko explained that Hezbollah operates on the darknet, an encrypted and anonymized section of the internet, to trade in security vulnerabilities. The group uses its funds to buy these weaknesses, which allow them to carry out cyberattacks. Breach investigators, who identify these vulnerabilities, are in high demand, and Hezbollah’s resources allow it to hire skilled experts and acquire time-sensitive information.
In cyberwarfare, there is less meaning to the number of people or assault weapons each side has
“In cyberwarfare, there is less meaning to the number of people or assault weapons each side has,” said Pinko. “It’s a matter of having the relevant tool, knowledge, or access at any given moment. The meaning of power in cyberwarfare is amorphic and constantly changing.”
Since the war began in October last year, cyber incidents have sharply increased. According to the 2023 National Cyber Directorate report, cyberattacks shifted from data leaks and influence campaigns to causing disruption and damage. The report identified 800 “significant incidents” between the start of the war and the end of 2023. During this time, efforts were made to reduce vulnerabilities in hospital systems and control centers in the energy and water sectors, while also strengthening resilience in around 160 local authorities and supply chain entities.
“All that is needed is a crack in the wall to enter,” Assor explained the vulnerability to cyberattacks. “Israel is a cyber superpower, and we still haven’t seen any major attack. A state has a lot of assets, and every asset has the potential of a breach.”
Assor believes Hezbollah is capable of launching a large-scale cyberattack against Israel but has either not attempted it or has failed so far.
“Cyberattacks happen long before we actually feel them,” he said. “I wouldn’t be surprised if Hezbollah would try such an attack during the coming days. Hezbollah is Iran’s proxy, and Iran has such capabilities, and we have seen such attempts in recent days.”
In the early weeks of the war, Israel accused Iran and Hezbollah of attempting a cyberattack on a hospital in northern Israel. The attack was thwarted before it could disrupt hospital operations, but the National Cyber Directorate confirmed that “sensitive information” had been stolen from the hospital’s systems.
Reliance on smartphones and online infrastructure leaves both individuals and major systems vulnerable to such attacks.
“Attacking them is challenging but not impossible,” Assor added. “It boils down to money, time, and abilities.”
According to Pinko, both Hezbollah and Hamas have defensive and offensive cyber capabilities bolstered by Iran and China. In addition to a traditional arms race, there is a cyber race which is much more fast-paced and dynamic.
For years, Israel and Iran have fought a shadow war. Israel is thought to have carried out hundreds of airstrikes on Iranian targets in the Middle East, as well as cyberattacks on Iranian infrastructure. Meanwhile, Iran has been blamed for attacks on Israeli oil tankers, attempts to abduct and kill Israelis in places like Cyprus and Turkey, and a steady supply of weapons to its proxies.
Neither side is immune to cyberattacks or operations like last week’s pager offensive in Lebanon, and both are racing to prevent attacks while targeting each other.
“Israel is a strong country with impressive capabilities; it has the ability to strike even harder than what was seen last week in Lebanon,” Assor summarized.
Jerusalem Post Store
`; document.getElementById("linkPremium").innerHTML = cont; var divWithLink = document.getElementById("premium-link"); if (divWithLink !== null && divWithLink !== 'undefined') { divWithLink.style.border = "solid 1px #cb0f3e"; divWithLink.style.textAlign = "center"; divWithLink.style.marginBottom = "15px"; divWithLink.style.marginTop = "15px"; divWithLink.style.width = "100%"; divWithLink.style.backgroundColor = "#122952"; divWithLink.style.color = "#ffffff"; divWithLink.style.lineHeight = "1.5"; } } (function (v, i) { });