Pagers and Walkie-talkies Over Cellphones – a Security Expert Explains Why Hezbollah Went Low-Tech for Communications

Mobile device tracking is conducted in several ways. First, there is the network location data generated by the phone as it moves past local cell towers or Stingray devices, which law enforcement agencies use to mimic cell towers. Then there are the features built into the phone’s operating system or enabled by downloaded apps that may lead to highly detailed user tracking, which users unwittingly agree to by ignoring the software’s privacy policy or terms of service.

This collected data is sometimes sold to governments or other companies for additional data mining and user profiling. And modern smartphones also have built-in Bluetooth, Wi-Fi and GPS capabilities that can help with locating and tracking user movements around the world, both from the ground and via satellites.

Mobile devices can be tracked in real time or close to it. Common technical methods include traditional radio direction-finding techniques, using intelligence satellites or drones, deploying “man in the middle” tools like Stingrays to impersonate cellular towers to intercept and isolate device traffic, or installing malware such as Pegasus, made by Israeli cyberarms company NSO to report a device’s location.

Nontechnical and slower techniques of user tracking include potentially identifying general user locations from their internet activity. This can be done from website logs or the metadata contained in content posted to social media, or contracting with data brokers to receive any collected location data from the apps that a user might install on their device.

Indeed, because of these vulnerabilities, the leader of Hezbollah earlier this year advised his members to avoid using cellular phones in their activities, noting that Israel’s “surveillance devices are in your pockets. If you are looking for the Israeli agent, look at the phone in your hands and those of your wives and children.”

Researchers have shown how these features, often intended for the user’s convenience, can be used by governments, companies and criminals to track people in their daily lives and even predict movements. Many people still aren’t aware of how much their mobile devices disclose about them.

Pagers, however, unlike mobile phones, can be harder to track depending on whether they support two-way communication.

Why Go Low-Tech
A pager that only receives messages does not provide a signal that can facilitate tracking its owner. Therefore, Hezbollah’s use of pagers likely made it more challenging to track their operatives – thus motivating Israeli intelligence services’ purported attack on the supply chain of Hezbollah’s pagers.

Using low-tech tactics and personal couriers while avoiding the use of mobile phones and digital tools also made it difficult for the technologically superior Western intelligence agencies to locate Osama bin Laden for years after the 9/11 attacks.

In general, I believe the adversary in an asymmetric conflict using low-tech techniques, tactics and technology will almost always be able to operate successfully against a more powerful and well-funded opponent.

A well-documented demonstration of this asymmetry in action was the U.S. military’s Millennium Challenge war game in 2002. Among other things, the insurgent Red forces, led by Marine General Paul van Riper, used low-tech tactics including motorcycle couriers instead of cellphones to evade the Blue forces’ high-tech surveillance. In the initial run of the exercise, the Red team won the contest in 24 hours, forcing exercise planners to controversially reset and update the scenario to ensure a Blue team victory.

Lessons for Everyone
The preference for terrorist organizations like Hezbollah and al-Qaida to avoid using smartphones is a reminder for everyone that you can be, and likely are being tracked in various ways and for various purposes.

Israel’s purported response to Hezbollah’s actions also holds a lesson for everyone. From a cybersecurity perspective, it shows that any device in your life can be tampered with by an adversary at points along the supply chain – long before you even receive it.

Richard Forno is Principal Lecturer in Computer Science and Electrical Engineering, University of Maryland, Baltimore CountyThis article is published courtesy of The Conversation.