Tampered Taiwanese Pagers Used to Dodge Espionage Caused Deadly Explosions on Hezbollah

Metacurity proudly announces that our new sponsor, Anchore, helped bring you today's issue.

Anchore enables organizations to secure software supply chains and automate compliance to save time and reduce risk. Built for cloud-native applications and air-gapped environments, organizations can generate SBOMs and fix vulnerabilities while maintaining continuous government and industry compliance.

Officials briefed on the operation say Israel carried out a deadly operation against Hezbollah by hiding explosive material within a new batch of Taiwanese-made pagers imported into Lebanon from Gold Apollo in Taiwan that had been tampered with before they reached Lebanon.

According to officials, the attack killed at least nine people and wounded nearly 3,000 others.

Many of those hit were members of the militant group Hezbollah, but it wasn’t immediately clear if others also carried the pagers. Among those killed were the son of a prominent Hezbollah politician and an 8-year-old girl, according to Lebanon’s health minister

Most of the devices were the company’s AR924 model, though three other Gold Apollo models were also included in the shipment.

The explosive material, as little as one to two ounces, was implanted next to the battery in each pager, two of the officials said. A switch was also embedded that could be triggered remotely to detonate the explosives.

At 3:30 p.m. in Lebanon, the pagers received a message that appeared as though it was coming from Hezbollah’s leadership, two of the officials said. Instead, the message activated the explosives. Lebanon’s health minister told state media at least 11 people were killed and more than 2,700 injured.

According to the officials, the devices were programmed to beep for several seconds before exploding.

Hezbollah has accused Israel of orchestrating the attack but has described limited details of its understanding of the operation. Israel has not commented on the attack nor said it was behind it.

Independent cybersecurity experts who studied footage of the attacks said it was clear that a type of explosive material caused the strength and speed of the explosions.

“These pagers were likely modified in some way to cause these types of explosions — the size and strength of the explosion indicates it was not just the battery,” said Mikko Hypponen, a research specialist at the software company WithSecure and a cybercrime adviser to Europol.

Keren Elazari, an Israeli cybersecurity analyst and researcher at Tel Aviv University, said the attacks had targeted Hezbollah, where it was most vulnerable.

Earlier this year, Hezbollah’s leader, Hassan Nasrallah, strictly limited the use of cell phones, which he saw as increasingly vulnerable to Israeli surveillance, according to some of the officials as well as security experts.

“This attack hit them in their Achilles’ heel because they took out a central means of communication,” Ms. Elazari said. “We have seen these types of devices, pagers, targeted before but not in an attack this sophisticated.”

Israel has a long history of carrying out sophisticated remote operations, ranging from intricate cyberattacks to remote-controlled machine guns targeting leaders in drive-by shootings, suicide drone attacks, and the detonation of explosions in secretive underground Iranian nuclear facilities. (Sheera Frenkel and Ronen Bergman / New York Times and Associated Press)

Related: New York Times, Al Jazeera, Times of Israel, Jerusalem Post, Rolling Stone, Reuters, Ars Technica, 404 Media, Associated Press, The Guardian, Schneier on Security,  Semafor, The Stack, Reddit-hacking, UPI.com, The Hindu - Technology, The Intercept,  DAILYSABAH, Business Standard, Los Angeles Times, PCMag.com, Al Mayadeen, Gizmodo,  The Independent, Jerusalem Post, ibtimes.sgthat: Top News, RNZ News, Decripto.org, Daily Beast, The Verge, Metro.co.uk, OpIndia, Business Insider, Voice of America, Washington Free Beacon, TIME, Daily Dot, Algemeiner.com, CNN, Frontline. TheHindu, Associated Press, Times of Israel, Associated Press

Australian police said they infiltrated Ghost, an encrypted global communications app developed for criminals, leading to dozens of arrests during a global takedown of an encrypted communications network.

The app’s alleged administrator, Jay Je Yoon Jung, appeared in a Sydney court on charges including supporting a criminal organization and benefitting from proceeds of crime. Police allege that Jung developed the app specifically for criminal use in 2017.

Jung did not enter pleas or apply to be released on bail. He will remain behind bars until his case returns to court in November.

Australian Federal Police Deputy Commissioner Ian McCartney said Australian police arrested 38 suspects in raids across four states recently in what they call Operation Kraken. Law enforcement agencies were also making arrests in Canada, Sweden, Ireland, and Italy.

“We allege hundreds of criminals, including Italian organized crime, motorcycle gang members, Middle Eastern organized crime, and Korean organized crime, have used Ghost in Australia and overseas to import illicit drugs and order killings,” McCartney told reporters.

In 2022, international partners started targeting Ghost and asked the AFP to join an operational task force.

Europol established a global task force code-named OTF NEXT, which was led by the FBI and French Gendarmerie and includes the AFP, Royal Canadian Mounted Police (RCMP), Swedish Police Authority, Dutch National Police, Irish Garda Síochána, and the Italian Central Directorate for Anti-Drug Service. The Icelandic Police have also assisted the OTF.

While the AFP worked within the task force, it also established Operation Kraken after developing a covert solution to infiltrate Ghost. (Rod McGuirk / Associated Press)

Related: AFP,  iTnews, ABC, RTÉ, The Register, The Guardian, Cyber Daily, Reuters

The US Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T over a January 2023 data breach traced to one of its third-party cloud vendors.  

The breach, which resulted in the theft of information related to more than 8.9 million AT&T Mobility customers, happened through an unnamed company the telecom giant used for marketing, billing, and generating personalized video content. According to the settlement, AT&T shared customer data, including subscriber data, with the vendor to use its services.

The contract between AT&T and the vendor included specific requirements for protecting and disposing of that data, and multiple reviews and assessments conducted between 2016 and 2020 claimed that the vendor was adhering to data deletion policies.

However, the January 2023 theft included data that the vendor should have deleted in 2017 or 2018, and the FCC concluded that AT&T was ultimately responsible for the lapse.

Speaking at the Forum Global Annual Data Privacy Conference in Washington D.C. on Tuesday, FCC Enforcement Bureau Chief Loyaan Egal said the settlement should inform companies that the agency is more closely scrutinizing how businesses ensure their customer data is protected throughout their supply chains. (Derek B. Johnson / Cyberscoop)

Related: FCC, FCC, CRN, PYMNTS, Axios, Ars Technica

Please consider a subscription upgrade: Metacurity is a labor of love, but, as they say, love don't pay the bills. So please consider supporting my work with an upgraded subscription. Thank you.

In its regular report on election interference attempts, Microsoft researchers say that Russian propagandists are escalating attacks on the presidential campaign of Vice President Kamala Harris with false but widely circulated videos on social media, including one that featured an actor accusing Harris of a nonexistent hit-and-run that paralyzed a girl.

That video was a viral hit, spread by X accounts with as many as a half-million followers despite first appearing on a newly minted San Francisco news outlet that soon vanished. Posts featuring the video racked up 7 million views on X alone and were also on Facebook, TikTok, and YouTube.

Another video manufactured an assault on an attendee of a rally for Republican candidate Donald Trump, garnering millions of views, Microsoft said. One depicted a fake New York billboard with vulgar messages saying Harris wanted to change children’s gender. It drew hundreds of thousands of views on X.

In all, Microsoft called out three Russian government-backed groups in addition to those described in federal charges last week against employees at propaganda network RT.

One group was “adept at grabbing headlines with its outlandish fake videos and scandalous claims,” Microsoft said, while another “will likely only escalate its targeting of the Harris-Walz campaign in the lead-up to Election Day.”

Microsoft further outlined activity by six Russian hacktivist groups that claim to be independent but appear to work in tandem with the FSB security service, GRU military intelligence, or other Russian government entities.

Microsoft also said a Chinese influence group, more interested in dividing and confusing Americans than pushing for one candidate, had gotten much faster in using current events on social media and was interacting with other users, mainly as if the account holders were US Trump supporters. (Joseph Menn / Washington Post)

Related: Microsoft, Microsoft, Associated Press, NBC News, NextGov, NPR, Spectrum News, Engadget, Axios, Cyberscoop, Politico, NewsBytes, AFP, Cybernews, Neowin, CNN, ABC.net.au

Sources say the United States is urging Vietnam to avoid Chinese cable-laying firm HMN Technologies and other Chinese companies in its plans to build 10 new undersea cables by 2030.

Vietnam's five major aging subsea connections to the global internet have repeatedly failed, making new cables a top government priority. Sources say that since January, US officials and companies have held at least a half-dozen meetings with Vietnamese and foreign officials and business executives to discuss the Southeast Asian nation's cable strategy.

The sources say US officials have also separately shared intelligence about possible sabotage of the country's subsea cables. At the same time, subsea cables, which carry much of the world's data, have become central to the US-Sino tech war. Fearful of Beijing's espionage, Washington has previously successfully lobbied to exclude HMN Tech from another project.

Finally, sources say APTelecom, a little-known consultancy, has been part of the talks to persuade Hanoi. (Francesco Guarascio, Phuong Nguyen and Joe Brock / Reuters)

California will now require social media companies to moderate the spread of election-related impersonations powered by artificial intelligence, known as “deepfakes,” after Gov. Gavin Newsom, a Democrat, signed three new laws on the subject.

The three laws, including a first-of-its-kind law that imposes a new requirement on social media, primarily deal with banning or labeling the deepfakes.

Only one of the laws will take effect in time to affect the 2024 presidential election, but the trio could offer a road map for regulators across the country attempting to slow the spread of the manipulative content powered by artificial intelligence.

The laws are expected to face legal challenges from social media companies or groups focusing on free speech rights.

Separately, Newsom said he is concerned about a potential “chilling effect” on the development of artificial intelligence posed by another AI bill, SB 1047, to regulate the new technology passed by the state legislature.

That bill would hold artificial intelligence companies legally liable if they don’t take the required safety measures and their technology causes significant harm later. Newsom must now sign the legislation into law or veto it.

“We dominate this space, and I don’t want to lose that,” Newsom said Tuesday during an appearance at Salesforce Inc.’s Dreamforce conference in San Francisco. The governor said he is weighing what risks of AI are demonstrable versus hypothetical.

“The impact of signing wrong bills over the course of a few years could have a profound impact” on the state’s competitiveness, Newsom said.

Finally, Newsom signed two union-supported bills restricting the use of AI digital replicas of performers into law.

In a symbolic move, the governor visited the Los Angeles headquarters of the performers’ union SAG-AFTRA on Monday to officially greenlight the bills AB 2602 and AB 1836, which the California state Senate passed in August. SAG-AFTRA sponsored both bills after instituting initial AI protections for members in its 2023 TV/theatrical contract. (Stuart A. Thompson / New York Times and Brody Ford / Bloomberg and Katie Kilkenny / The Hollywood Reporter)

Related: Associated Press, ABC7, Cointelegraph, Election Law Blog, Politico, Governor of California, KTVU-TV, TechCrunch, Bloomberg Law, Yahoo Finance, Associated Press, Benzinga, Los Angeles Times, The Information, TechCrunch, San Francisco Business Times, San Francisco Chronicle, Mercury News, Politico, Engadget, IndieWire, Deadline, Digital Music News, The Hill, Decrypt, Cryptopolitan, The Verge, Variety, CBS News, The Wrap, Governor of California, Politico

Researchers at Huntress report that hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks.

The researchers detected the attacks on September 14, 2024. Huntress has already seen active breaches through these attacks at plumbing, HVAC, concrete, and other sub-industry companies.

In these attacks, the attackers are taking advantage of a combination of exposed services amplified by users not changing default credentials on privileged accounts.

In these attacks, the attackers take advantage of a combination of exposed services amplified by users not changing default credentials on privileged accounts. (Bill Toulas / Bleeping Computer)

Related: Huntress, The Record

Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet.

vCenter Server is the central management hub for VMware's vSphere suite, helping administrators manage and monitor virtualized infrastructure.

The vulnerability (CVE-2024-38812), reported by TZL security researchers during China's 2024 Matrix Cup hacking contest, is caused by a heap overflow weakness in vCenter's DCE/RPC protocol implementation. It also affects products containing vCenter, including VMware vSphere and VMware Cloud Foundation. (Sergiu Gatlan / Bleeping Computer)

Related: Security Week

Best Thing of the Day: Discord Takes a Step Toward Greater Privacy

Discord announced that audio and video calls inside the platform will now be end-to-end encrypted (E2EE), meaning even Discord will not know what users are talking about. 

Worst Thing of the Day: The Judiciary Is Spooked About Election Hacking

US Circuit Judge Michael Scudder, who chairs a committee on information technology for the federal courts, warned of the potential election-year hacking risk for the judiciary during a meeting of the US Judicial Conference, the judiciary's top policymaking body, in Washington, DC.

Bonus Worst Thing of the Day: Meet the New Bill, Same As the Old Bill

EFF warns that an amended version of the Kids Online Safety Act (KOSA) that is being considered this week in the US House is still a dangerous online censorship bill that contains many of the same fundamental problems significant a similar version the Senate passed in July

Closing Thought