Network Wars

On the afternoon of Tuesday, September 17, 2024, a joint operation by the Israeli intelligence agency Mossad and the Israeli military targeted the communication network of Hezbollah. Thousands of communication devices were detonated simultaneously, resulting in thousands of injuries across Lebanon, marking the most serious attack by Israel against Hezbollah. Ironically, a second operation was carried out the following day, Wednesday, September 18, 2024, during which Israel also detonated thousands of devices of a different type within Hezbollah's communication networks, as part of a series of Israeli strikes aimed at the party's leadership, infrastructure, and framework due to its attacks against Israel.

The New York Times reported, citing American officials and others familiar with the operation, that Israel had placed explosives in a batch of calling devices manufactured in Taiwan, which were imported into Lebanon and intended for Hezbollah. The explosives were implanted next to the battery in each device, and a remote detonation switch was included, resulting in the deaths of at least 9 people and injuring over 2,800 others, including at least 170 in critical condition, according to the Lebanese Ministry of Health.

Despite its high risk and sensitivity, the operation did not come as a surprise. Israel has long carried out extensive series of dangerous targeting operations against hundreds of adversarial elements, both within Palestinian territories and beyond, using wired and wireless communication networks. Similarly, many intelligence agencies from other countries have employed the same methods against elements of irregular organizations or against leaders and members of state agencies and institutions.

In the context of the Israeli-Palestinian conflict, and drawing on the extensive experience gained by Palestinian factions over decades of Israeli targeting operations using communication networks—both terrestrial and aerial—one key factor that ensured the success of Palestinian operations targeting Israeli settlements in the Gaza envelope on October 7, 2023, was the reliance of these factions on primitive communication methods that were not connected to global networks. From the planning and training stages to execution, they utilized these networks as a means of deception and intelligence camouflage, making it difficult for Israeli intelligence to detect and anticipate their actions at various stages of the operation. This challenge hindered Israel's ability to conduct targeted strikes throughout its continuous military operations over the past year, during which it failed to achieve any of its declared objectives and did not secure any victories, even on a limited scale.

Israel, whose military intelligence is ranked among the most capable and advanced in intercepting electronic communications (often referred to as signals intelligence) globally, prioritized locating the architect of the October 7 attack as a primary objective of its military operations in Gaza. Capturing or killing Yahya Sinwar would represent a significant victory for Israel. However, even with military control over the Gaza Strip, Israeli intelligence was unable to achieve any meaningful results.

According to several intermediaries, the typical means of communication with Sinwar over nearly a year of the Israeli war involved handwritten messages. These messages were first passed to a trusted member of Hamas, who would then relay them through a network of couriers. The messages were often encoded with different symbols for various recipients and circumstances, based on a system developed by Sinwar and other prisoners during their time in Israeli jails.

In July 2024, Israel announced that it had killed Ismail Haniyeh, the political leader of Hamas, in Tehran, following claims earlier that month of having killed Hamas's top military commander, Mohammed Deif. Additionally, Israel conducted a strike on a residential building in Beirut that resulted in the death of Fouad Shukr, a key Hezbollah leader who had evaded the United States for decades. The Wall Street Journal reported that Shukr had been directed to an apartment after receiving a phone call, likely from someone who had infiltrated Hezbollah's internal communication network.

After Israel successfully targeted and killed high-ranking leaders in Hamas, particularly in the Beirut attack that killed Saleh al-Arouri, the deputy political leader of Hamas and one of the founders of its military wing, Sinwar's communication methods became more cautious and complex. He almost entirely shifted to handwritten notes and verbal communication. At times, he distributed audio recordings through a small circle of aides, according to Arab intermediaries.

Sinwar largely avoided phone calls, text messages, and other electronic communications that could be tracked by Israel. Instead, he utilized a sophisticated system of couriers, codes, and handwritten notes, which allowed him to direct Hamas operations even while hiding in underground tunnels, protecting him from Israeli intelligence gathering networks.

Thomas Withington, an expert in electronic warfare and a research fellow at the Royal United Services Institute in London, states that despite the Hamas leader's extreme caution, "he only needs to make one mistake to give Israel a golden opportunity." Withington adds, "That moment when he forgets discipline could very well be the moment that seals his fate."

Returning to the northern front, where Hezbollah is engaged with Israel, both sides have witnessed months of mutual attacks that pushed the limits of engagement rules. Israel has repeatedly sought to breach these limits in its efforts to restore deterrence and the reputation of the "mad dog." This culminated in a high-profile intelligence operation targeting a vast network of Hezbollah elements and leaders through the detonation of communication devices, as Hezbollah's communication system remained a constant target for dismantling.

Over the past decades, communication through terrestrial and aerial networks has been a key avenue for luring and capturing many leaders and members of irregular organizations, as well as officials from state agencies and institutions. Notable examples of such operations include the targeting of Osama bin Laden, Ayman al-Zawahiri, Qassem al-Rimi, and a long list of al-Qaeda leaders and members. Additionally, figures like Yahya Ayyash, a prominent leader in Hamas's military wing, and Qassem Soleimani, along with numerous leaders and members of the Quds Force and the Iranian Revolutionary Guard, as well as Hezbollah leaders and members, have also been successfully targeted through similar methods.

It is evident from precise targeting operations that communication networks have been utilized as traps for entrapment and nets for capturing. These networks are employed to lure leaders and members of irregular organizations, as well as officials from state institutions. A vast amount of information, data, and operational pathways accumulated over years is gathered into storage, processing, and analysis banks. This is part of governance mechanisms that enable political, security, and intelligence decision-makers to make informed and effective response decisions based on any geopolitical developments that may require varying levels of operational response, all while maintaining a high level of sustainable readiness, where local, regional, and international engagement and its requirements are the norm.

In the broader global context, particularly as a space for competition and conflict in communication networks, systems, and technologies, it is useful to highlight some key points in various contexts.

On February 11, 2020, The Washington Post published a detailed report on the Swiss company Crypto AG, which specialized in encrypted communication systems and technologies for over fifty years. The company sold its systems to more than 120 countries worldwide, including clients such as Iran, military juntas in Latin America, India, Pakistan, and even the Vatican, among others. These governments sought to secure their sensitive communications through generations of encrypted communication systems, evolving from mechanical gears to electronic circuits, and eventually to silicon chips and software. The Swiss company generated millions of dollars from the sale of these systems and technologies until 2018.

What the clients of Crypto AG never realized was that the company was secretly owned by the CIA in a highly classified partnership with West German intelligence. Officers from the CIA managed the company, overseeing its program and executives, and controlled nearly every aspect of Crypto's operations, including hiring decisions, technology design, algorithms, and sales targets.

The report referenced by The Washington Post describes how the United States and its allies exploited the naivety of other nations for years, taking their money while stealing their secrets. Foreign governments paid hefty sums to the U.S. and West Germany for the privilege of having their most sensitive communications read by at least two foreign countries (and possibly five or six). Meanwhile, spies from the U.S. and West Germany listened in on these communications. They monitored Iranian clerics during the hostage crisis of 1979, provided intelligence on the Argentine military to Britain during the Falklands War, tracked assassination campaigns against dictators in South America, and intercepted Libyan officials congratulating themselves on the bombing of a Berlin nightclub in 1986.

Ironically, The Washington Post, which published information about the operation first codenamed "Thesaurus" and then "Rubicon"—considered one of the boldest operations in CIA history—revealed it based on an intelligence report years after the CIA had sold Crypto AG and its assets. By 2018, the agency had exhausted all its espionage value from the company and had purchased the German stake in the early 1990s.

In a related context, one of the most significant blows to the CIA in its history came with the leak of classified government documents that shook the United States. These documents were leaked by Edward Snowden, a former employee of the CIA and the NSA, after he arrived in Hong Kong in mid-May 2013, revealing a program for spying on millions of people. Snowden's revelations plunged the Obama administration into both domestic and international turmoil, leading to pursuit by U.S. national security agencies and other Western countries, which prompted him to seek refuge under a strong umbrella: Russia.

The book "No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State" notes that the leaked documents included data showing that Verizon provided the NSA with all detailed call records between the U.S. and abroad, including local calls. This indicated that the agency was secretly and indiscriminately collecting phone records of at least tens of millions of Americans. Additionally, in just one month of 2013, the NSA collected over 3 billion samples of communication data from U.S. communication systems alone.

Snowden revealed that the U.S. government had established a global system of mass surveillance, enabling its intelligence agencies to eavesdrop on targets through emails and phone numbers under the PRISM program. Greenwald discovered from those documents that companies such as Google, Microsoft, Facebook, Skype, YouTube, and Apple had joined this program. Snowden stated, "There was a tunnel dug under a pineapple field, which once housed a plane manufacturing facility; it was placed in front of a station that allowed me almost unlimited access to communications from anyone who called a number or wrote on a computer, including 320 million Americans who were spied on daily, which constitutes a blatant violation not only of the principles of the U.S. Constitution but also of the core values of any free society."

Snowden expressed, "The things I saw began to genuinely infuriate me; I could monitor drones as they surveilled people they might kill. I could watch entire villages and see what everyone was doing. I observed the NSA tracking people online as they typed. I realized the true scope of this system, and almost no one knew it was happening. I realized they were building a system aimed at eliminating all privacy on a global scale, so that no person could communicate electronically without the NSA having the ability to collect, store, and analyze communications."

Glenn Greenwald noted, "Transforming this network into a comprehensive surveillance system has potential implications different from any previous government surveillance programs. All previous spying systems were more limited and avoidable. Thus, allowing surveillance to root itself in the internet can expose all forms of interaction, planning, and even human thought to comprehensive government scrutiny, threatening to produce the most repressive and extreme instruments of governmental intervention in human history. This is what makes the information revealed by Snowden astonishing and vitally important; he made it clear that we stand at a historic crossroads."

Greenwald succinctly articulated the concerns that drove Edward Snowden to irreversibly expose the U.S. government's surveillance programs targeting everyone without exception.

The relentless war waged by the United States against the Chinese telecommunications giant Huawei, which operates in 170 countries and employs 194,000 people, underscores the importance of communication systems, networks, and technologies in national security considerations. In the early weeks of Joe Biden's presidency, the U.S. Federal Communications Commission (FCC) classified Huawei as a threat to national security, deeming it an "unacceptable risk," alongside other companies like ZTE, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology.

In line with decisions made during Donald Trump's administration, Jessica Rosenworcel, who temporarily led the FCC since Biden took office in January 2021, stated, "Americans rely more than ever on U.S. networks for work, study, and healthcare, and we must have confidence that our communications are secure and reliable."

 Israeli Winged Horse: Pegasus

On January 10, 2019, the Israeli newspaper Yedioth Ahronoth revealed a technology that enabled Mexican authorities to capture the world’s most dangerous drug lord, Joaquín Guzmán, known as "El Chapo." He was the top target for the United States after the elimination of Osama bin Laden. The newspaper disclosed that the technology used to apprehend this notorious drug baron is called "Pegasus," a system capable of infiltrating mobile phones, including encrypted devices such as BlackBerry.

Pegasus is a spyware developed and sold by NSO Group, founded in 2010, with around 500 employees based in Tel Aviv. According to Fast Company, NSO charges clients $650,000 for hacking 10 devices, in addition to a $500,000 installation fee for the software.

Kaspersky, a company specializing in antivirus software, clarified that Pegasus is classified as "modular malware," meaning it consists of different components. It first conducts a scan of the targeted device, then installs the necessary module to read user messages and emails, listen to calls, capture screenshots, log keystrokes, and extract browsing history and contacts. Pegasus can also listen to encrypted audio files and read encrypted messages by recording keystrokes and audio, allowing it to steal messages before they are encrypted and incoming messages after they have been decrypted.

In August 2020, Haaretz reported that the Israeli company NSO sold Pegasus spyware to Gulf states for hundreds of millions of dollars, facilitated by the State of Israel over the past years. In December 2020, the U.S. government placed NSO Group on its blacklist after discovering that 11 U.S. government sources stationed in Uganda had been targeted for surveillance using Pegasus software.

In July 2021, an investigative report involving 80 journalists from 17 foreign and Israeli media outlets confirmed that several governments and states around the world exploited the "Pegasus" program to spy on approximately 180 journalists globally. The program was misused by specific countries in cases deemed to be violations of human rights, along with a leaked list containing up to 50,000 phone numbers believed to belong to individuals of interest to NSO since 2016.

Reports from "The Washington Post," "The Guardian," and "Le Monde" revealed that the "Pegasus" program was used to spy on journalists and activists worldwide, as well as heads of state, diplomats, and members of royal families in Arab countries. This includes the Saudi journalist Jamal Khashoggi, who was murdered in his country’s consulate in Istanbul in 2018, with two numbers found on the list belonging to women close to Khashoggi.

According to a report published by Mediapart on September 24, 2021, the phones of five French ministers and a diplomatic advisor to President Macron were targeted by "Pegasus." The ministers included: Education Minister Jean-Michel Blanquer, Territorial Cohesion Minister Jacqueline Gourault, Agriculture Minister Julien Denormandie, Housing Minister Emmanuelle Wargon, and Minister for French Abroad Sébastien Lecornu. Mediapart reported that French security services detected the breaches during phone inspections and believe the hacking occurred between 2019 and 2020.

In a different context, British authorities stated in a statement on January 24, 2024, that the Emirates Telecommunications Group, also known as "Etisalat and more," holding a 14% stake in Vodafone, poses a risk to the country's national security. The authorities added that Vodafone must take steps to manage these risks.

The British government noted that the company should establish a national security committee to oversee sensitive operations that could impact national security, and that this committee must meet requirements related to board members.

Additionally, they mentioned that the risks are linked to Vodafone's role in providing communications for broad sectors of the central government and in protecting the country's cybersecurity. Vodafone has not yet commented on the government's statement.