Source: The National
Author: Robert Tollast
Thursday 26 September 2024 16:27:54
Hezbollah has long been a secretive organisation. In 2006, when Israel invaded southern Lebanon, an Israeli officer said the Iran-backed militia "rigorously maintained a high level of encryption" to avoid interception of radio and phone calls.
This was one of several factors that helped turn the Israeli advance into a crawl through well-hidden ambushes, despite Israel having assets such as Gulfstream G550 aircraft trying to intercept communications.
Years later, something drastically changed.
The group has suffered relentless assassinations of senior commanders, often in meeting places thought to be secure. How can this turnaround be explained? A fatal decision made about 2022 or before to use obsolete civilian radios illustrates a wider problem.
On the surface, the fact that their radios and thousands of their pagers were rigged with bombs – exploding on September 17, killing scores and injuring thousands – was the group’s worst security breach.
The setback tells a wider story about its limited options to maintain secrecy, an organisation-wide vulnerability nearly a year into its fight with Israel, which it says is intended to force a ceasefire in Gaza. Since Israel's war with Hamas broke out, air strikes have levelled much of the enclave, killing about 41,500 people.
Experts say the armed group has not kept up with the modern “transparent battlefield", where it is increasingly hard to hide from drones and electronic surveillance. Hezbollah, they say, is a victim of its own expansion to become a bigger target to spy on.
“Over a period of 18 years they went from a core organisation with little cells, not just locally but around the world, to tens of thousands strong, deeply involved in international arms and drug trafficking, and fielding battalions,” says Steven Wagner, a professor of intelligence at Brunel University.
According to United Against Nuclear Iran, an NGO, their Icom IC-V82 radios – reportedly Chinese copies of the Japanese brand – had been in service with the group’s elite Radwan Force commandos for two years.
The digital radios also have an analogue mode that can scramble communications, something “trivially crackable", Mr Wetzels said. The data compression “is not encryption since there is no secret key material involved. Anyone who knows how the codec works can decode the signal,” he said.
“Perhaps Hezbollah's comms security people considered those scramblers and proprietary codecs useful, but I doubt an organisation as practically experienced with Israeli cryptanalytic capabilities would fool themselves into believing that,” he said.
Instead, Mr Wetzels says the group, for a bit more money, could have bought radios that meet the US government’s Advanced Encryption Standard.
“The group might have opted for the Icom because the surrounding infrastructure including base stations/repeaters and antennas is cheaper and easier to set up and procure for a proscribed organisation than more professional radio standards.”
This slip-up says as much about opting for cheaper tech as it does about survival in modern war.
Aware of this, pagers were seen as difficult to hack into, unlike phones, which have signals that can be intercepted from the air, or be broken into by “zero click” attacks that reveal their data.
Aircraft-mounted devices called IMSI catchers can trick mobiles into connecting with them. They have been used by the Coalition against ISIS, Israel against several groups and Russia in its war in Ukraine.
Once a phone is compromised, each number in its contacts becomes a potential target. Some technology is so powerful that it can increase the phone’s signal for better tracking.
For this reason, Hezbollah leader Hassan Nasrallah urged members this year to “turn off your phones and put them in an iron box".
Traditionally, small militant cells present a harder intelligence target than bigger armies. Militants hide among civilians, passing messages through couriers. Their operations require minimal covert movement, such as a bomb in a car.
Armies move thousands of tonnes of supplies each day. The combined sum of communications needed for operations is known as an army’s “emissions", which can also include careless phone calls home or photos on social media.
Russian and Ukrainian forces discovered this the hard way since Moscow’s 2022 invasion, losing thousands of soldiers due to unencrypted communications and frontline selfies. Ukraine’s latest radios, unlike the Icom, “hop” between frequencies, changing code encryption at the same time, making detection and decoding a challenge. Some operate on a "mesh network" that makes pinpointing individual units harder.
Today, Hezbollah has become an “army” of scores of thousands of men backed by Iran. It’s an old problem for militants: the bigger the network, the bigger you are to spy on.
“The Palestine Liberation Organisation was well-supported by states. Israel took advantage of the increased visibility of the group and its presence and recognition in various countries; which, of course, meant larger ‘emissions,’” says Luca Trenta, a professor of intelligence studies at Swansea University.
Shir Mor, a counterterrorism expert focused on the Middle East and Israeli military intelligence veteran, agrees.
“Initially, Hezbollah functioned as a small, secretive entity, but its growth into a much larger organisation, while expanding its ability to project power in regions like Syria also introduces significant risks. Larger groups are inherently harder to control, which makes operational secrecy, discipline and security far more difficult to maintain,” she says.
This makes the group’s purchase of outdated radios and previous use of mobile phones all the more perilous.
Ms Mor highlights how the group could have learnt from recent history. In Iraq, the government, US and British forces were withering under attacks by Al Qaeda and various other groups, including at one point a small number of Lebanese Hezbollah operatives, between 2004 and 2011.
Thomas Withington, an expert on electronic warfare who has advised governments on security, says this creates its own challenges.
“When you're able to break into your enemy's communications, it's obviously very useful. But the first problem is it yields a massive amount of data. If you think of a modern army, or think of something like Hezbollah, imagine on a daily basis just how much information is flowing within that organisation. There's masses of it,” he says.
He says the organisation has built a fibre optic fixed line system that can only be tapped physically within Lebanon. But this is of limited use with hundreds of units to communicate with.
“When information has relevance, it becomes intelligence. So you've got to sift through all of that, you've got to extract, ‘what do I need to know in the next 10 minutes? In the next day, next week, next month?' There's a huge amount of data management. And what's true and what's false?
"Hezbollah know the Israelis are listening to them, so they'll put a lot of false traffic on those networks. They’ll be using code words. Do you know what those code words are? For every one code word that's true, there's probably two that are red herrings.”
While modern armies struggle with these problems, Philip Smyth, an expert on Hezbollah, says the group should rethink its entire hierarchy.
“A lot of leaders are old timers. These are the guys who delegate techy jobs to underlings who are also learning this on the fly," he says. "Now apply those concepts to building an army for the first time, advancing quite quickly into new technological and military spheres, while fighting constantly.
"The pace for learning and adopting and integrating new tech, getting leadership to appreciate the issues, is hard to manage.”