Electronic pagers across Lebanon exploded simultaneously on Sept. 17, 2024, killing 12 and wounding more than 2,700. The following day, another wave of explosions in the country came from detonating walkie-talkies. The attacks appeared to target members of the militant group Hezbollah.
The pagers attack involved explosives planted in the communications devices by Israeli operatives, according to U.S. officials cited by The New York Times. Hezbollah had recently ordered a shipment of pagers, according to the report.
Secretly attacking the supply chain is not a new technique in intelligence and military operations. For example, the U.S. National Security Agency intercepted computer hardware bound for overseas customers, inserted malware or other surveillance tools and then repackaged them for delivery to certain foreign buyers, a 2010 NSA internal document showed. This differs from accessing a specific person's device, such as when Israel's Shin Bet secretly inserted explosives into a cellphone to remotely kill a Hamas bombmaker in 1996.
Hezbollah, a longtime adversary of Israel, had increased its use of pagers in the wake of the Hamas attack on Israel on Oct. 7, 2023. By shifting to relatively low-tech communication devices, including pagers and walkie-talkies, Hezbollah apparently sought an advantage against Israel's well-known sophistication in tracking targets through their phones.
Cellphones: The ultimate tracker
As a former cybersecurity professional and current security researcher, I view cellular devices as the ultimate tracking tool for both government and commercial entities – in addition to users, criminals and the mobile phone provider itself. As a result, mobile phone tracking has contributed to the fight against terrorism, located missing people and helped solve crimes.
Conversely, mobile phone tracking makes it easy for anyone to record a person's most intimate movements. This can be done for legitimate purposes such as parents tracking children's movements, helping you find your car in a parking lot, and commercial advertising, or nefarious ends such as remotely spying on a lover suspected of cheating or tracking political activists and journalists. Even the U.S. military remains concerned with how its soldiers might be tracked by their phones.
Mobile device tracking is conducted in several ways. First, there is the network location data generated by the phone as it moves past local cell towers or Stingray devices, which law enforcement agencies use to mimic cell towers. Then there are the features built into the phone's operating system or enabled by downloaded apps that may lead to highly detailed user tracking, which users unwittingly agree to by ignoring the software's privacy policy or terms of service.
This collected data is sometimes sold to governments or other companies for additional data mining and user profiling. And modern smartphones also have built-in Bluetooth, Wi-Fi and GPS capabilities that can help with locating and tracking user movements around the world, both from the ground and via satellites.
Mobile devices can be tracked in real time or close to it. Common technical methods include traditional radio direction-finding techniques, using intelligence satellites or drones, deploying "man in the middle" tools like Stingrays to impersonate cellular towers to intercept and isolate device traffic, or installing malware such as Pegasus, made by Israeli cyberarms company NSO to report a device's location.
Nontechnical and slower techniques of user tracking include potentially identifying general user locations from their internet activity. This can be done from website logs or the metadata contained in content posted to social media, or contracting with data brokers to receive any collected location data from the apps that a user might install on their device.