Setting aside the moral and ethical concerns of indiscriminate remote killing of people, one is shocked at the news from Lebanon. Two consecutive days pagers and walky-talkies have exploded killing dozens, including 2 children. The victims of this attacks purposely used obsolete technology to safeguard communications and prevent geo tracking. Obviously, this was not enough protection. These attacks appears to be the stuff from a spy movie. Such as the Explosive Pen from the James Bond franchise which the Q-branch developed a fictional miniature class IV grenade disguised as a ballpoint pen. It does not seem so fictionalize now.
People are trying to determine how this was accomplished? What type of incendiary mechanism was inserted into these devices? How were they configured to detonate? When were the devices tampered with? It is assumed this technology originated from the US and was shared with their allies. By exposing this method of attack people are going to be very wary of communication devices from now on. This zero-day and one-day attacks removes an arrow from the quiver of cyber weapons from any country or group by its dramatic use. Yet, to what end? What is the purpose of this attack? What is the end goal? No strategic asset was neutralized. It seems that the only purpose is to frighten and to provoke a response. Frightening and provoking an adversary at this time can rupture the very delicate balancing act that is middle east. Is this in anyone’s interest?
This event has posed many challenges to cybersecurity professionals. If you can blow-up a device remotely, what else can you do, perhaps less dramatic and how do you plan against this type of event? The most important and easiest way is to maintain cyber hygiene, the health and security resilience of systems, devices, networks, and data. This can be accomplished by applying patches and keeping hardware, software and operating systems up to date.
As cyber professionals, what can we learn from the case of the exploding pager? It is difficult task to open every device to check for tampering. What we need to do is to create a “gold standard” of a clean device. A device that has been so completely examined to ensure that nothing has been done to the device. Once we know that the software and firmware are correct and no tampering of the hardware has occurred, we use this device as the “gold standard” to compare all other devices. We need to check every device by turning on and ensuring that firmware and software are up to date. If hardware has been tampered with by something being added, the device would be heavier than the “gold standard” device and should be weighed to determine if the device needs to be examined further.
These are scary times at the moment. We are dependent on technology for just about everything we do. Even the Russian Federal Protective Service purchased typewriters to avoid being hacked, as they see no other way of protecting themselves. Yet practicing cyber hygiene by keeping up to date with patches and software will go a long way in helping with cyber protection.