Bloomberg Audio Studios, podcasts, radio news.
Fighting in the Middle East escalated over the weekend, with Israel and Hesbela stepping up their exchange of air strikes. As of this afternoon, local authorities say over three hundred and fifty people were killed and more than twelve hundred were injured in Lebanon by a series of Israeli air strikes on Monday, and the US is sending a small number of additional troops to the region amid the increasing tensions.
The latest escalation came after thousands of simultaneous explosions last week across Lebanon, the targeted members of Hesbola and a Ron backed militant group.
We are hearing of handheld radio's walkie talkie devices also exploding in people's hands, cars, and across at homes.
On Tuesday, an estimated three thousand to five thousand pager devices being used by members of Hesbela blew up all at once. The next day, waki talkies Hesbela used started exploding.
Too, so they were oftentimes on people's waist as you would expect for a page it, they were in people's bags.
Peter Martin is a Bloomberg reporter based in Nairobi who covers defense and intelligence.
Lots of the people who were injured, most of them were HESBLA operatives, but there were also a number of civilian bystanders.
At least thirty nine people died, including children, and thousands of people were injured. Lebanese officials believed these attacks on pagers and walkie talkies were planned and carried out by Israel. Israel has not confirmed or denied responsibility, and its officials are refusing to speak about the incidents, but reporting suggests Israel may have found a way to get explosives into the low tech devices while they were being made or before they were delivered.
One of the working theories at the moment, which is not being fully corroborated, is that these were inserted with amounts of explosives at some point in the supply chain.
National security experts say this wouldn't be the first time foreign actors have infiltrated a supply chain to carry out an attack. In fact, it's happening way more often than you might think.
What we know from speaking to current and former intelligence officials from the US and elsewhere is that supply chain tampering is rampant.
Today on the show, what the pager explosions in Lebanon reveal about the growing threat to global supply chains and what countries like the US and China are doing to protect their technology from foreign interference. This is the big take from Bloomberg News. I'm Sarah Holder. To understand what we know and what we still don't know about these attacks, I sat down with Katrina Manson.
I'm a snybersecurity reporter at Bloomberg.
Katrina told me the hasbelow was using low tech communications devices like pagers in the first place because they seemed less vulnerable to surveillance from Israel or the US. But that couldn't protect the products from physical tampering.
Well, there are number of different ways you can get into a supply chain. Ultimately, a factory produces a thing. Once it leaves the factory, someone can intercept it, take it, add something to it, and get it to the end user.
That's called interception meddling. That occurs after a product's been made. But it's also possible that the factory assembling the product could have tampered with it, or that another company down the supply chain could have tampered with one of its components. What do we know about when, where and how these devices became explosives.
One of the leading theories at this point has to be that from the point of manufacture these pages had explosives in them. How the got into Hesbola, how they were manufactured, where they were manufactured is I think one of the questions to be explored.
The brand on the pagers was gold Apollo, that's a Taiwanese company, but gold Apollo said they didn't actually manufacture those models. They pointed to a company based in Hungary, saying they produced the pagers, but.
The Hungarian government has said that the company registered in Hungary had no manufacturing facility, So that question becomes was it actually manufactured in Israel all along?
It could be months or even years before we understand how exactly these pagers were tampered with. But Katrina says this challenge in identifying each link in a supply chain is part of a larger problem, and it goes beyond just this incident.
And you can try and deconstruct even something for the military, which you would imagine would be the most checked thing. There's a supplier who has the contract that's a subcontractor, that's a subcontractor, and some where down that line, it's been explained to me, is the mom and pop shop, and where are they located? Does the ultimate contractor that's selling into the Pentagon actually know?
Naturally, having several companies involved in making these goods can introduce major security threats, and these kinds of supply chain threats are something that officials have been watching for a while now, as.
People have scrambled to understand the nature of supply chain attacks, which this one surely is. I think one question has been is this a new weapon of war? What I've learned is that it is not. A senior former intelligence official on the US side told me. In fact, supply chain attacks are ongoing. This is not something new. What is new is the scale, the targeted nature, although of
course there's significant collateral damage. Children were killed, and also the fact that it happened so publicly, and of course the fact that they were able to pull it off.
Reports suggests that it was a text message that triggered the explosions in thousands of pages and walkie talkies around Lebanon.
One key question is the actual message that delivered to the pages. Did that carry coded malware, some kind of payload that triggered the explosives inside the pages to go off. Or did the message just mean that operatives took their pages out and was there a separate vulnerability in the pages that was remote detonated a simultaneous attack. It probably, we think at this stage, uses both cyber and hardware, software and hardware combined. I think the combination of this
is very interesting. We all know now about cyber attacks disrupting access to your computer, your data, your files. Here it does something much more dangerous and clearly deadly. It uses something digital to create a real world effect. Well that is jargon for it has killed people.
Katrina says that combination of both software and hardware is part of the reason why this attack is such a watershed moment for people concerned about supply chain vulnerabilities, national security, and for people on the ground in the Middle East.
Interceptions playing around with technology to mess things up. That is not new and now, of course are explosions, but this is a horror show of three thousand explosions at once. The Israelis have shown that they could find a way into the pockets of Hesbella operatives on a scale that, of course, will leave lasting psychological impact on Hesbelah.
Well, how has it impacted Lemanon and what has that collateral damage been even in the days after the attack.
Well, first of all, you've got children dying, You've got pages going off in grocery markets, in cars, everyone's attention was on this page. For that item of low tech communication to be the thing that exploded is very psychologically damaging and operationally damaging, logistically damaging, and of course it creates questions of what can I touch next? What else could go wrong?
So what else could go wrong, not just in the Middle East, but in devices all over the world, And what are governments doing to prevent these kinds of attacks? That's after the break The attacks in Lebanon were a public, tangible example of supply chain vulnerabilities being exploited, and Bloomberg defense reporter Peter Martin told me they were a major warning for people around the world.
I think it's a moment of reckoning for a lot of global policymakers. The US and China have been thinking for years about how they're diversified supply chains could be impacted by their interdependence.
Of course, it's easier said than done to unravel that interdependence, in part because it's hard to know exactly what products and what components of those products could be compromised.
In the past, when I've spoken to Pentagon officials, I've heard that in some of the US's kind of top ticket items, the US military has no idea how many Chinese components there are. They're working hard to figure it out, but we're talking about incredibly complex pieces of machinery that involve everything from nuts and bolts to the latest semiconductors, and the attempt to unravel that is really complicated and really expensive.
How can countries like the US disentangle themselves from other countries when it comes to the manufacturing process.
I think it's really a question of de risking. The idea that any country could produce every thing it needed on its own is not really realistic. It would just
be too expensive and too difficult to do it. The way that the US has tried to get at it in recent years is through this concept of friendshuring, so making sure that US supply chains for national security equipment, for example, run through friendly countries like say Japan, the United Kingdom, NATO members, so not trying to do everything at home, but trying to make sure that they're at least produced by countries that are friendly to US interests.
Cybersecurity reporter Katrina Manson says the US government is particularly concerned about relying on Chinese telecommunications equipment from companies like Huawei, which it is deemed a threat.
They've come up with a policy called rip and replace. That's the idea that every single component potentially could be at risk, and the US is really trying to get Huawei out of its supply chain.
There's also an effort to push for what's called a bill of materials.
Where the providers are sent actually certify, yes, we can tell you exactly who has put ingredients into our cake, our technological cake, and we can say we are confident that they're okay. Now, that's actually a really hard question to answer.
Now. All these efforts are not necessarily because the US is worried that a bunch of iPhones are suddenly going to explode in the way that Pagris did across Lebanon.
What's been put to me is that this is a specific kind of attack that is not likely to be repeated many times. It's taken years and years and years to develop. It's specific to the kind of risk that the Israelis are prepared to take on and the logistics that they're able to devote. And the phrase goes, you use it, you lose it. So now that it's happened and the whole world has seen, the operation is a bust.
I think the idea that members of the public will find that their phones are going to explode on them is extremely unlikely. What it does show, I think for the public is that devices have vulnerability tees. Nefarious acts can occur should anyone have the intent on a number of devices that are connected to you and your home.
I was at a conference the other day where Ambassador Nate Fick, he's the cyber envoid for State Department, and he said, I was making a house with my wife ten years back, and the contractors came to me and said, this is the least connected house we've ever come across designs for He's made sure to exclude digitally connected devices from his home. That says something I think so, And of course we're all being surveiled now. Your phone is
the most dangerous weapon ever to be invented. I've had numerous US officials say that, and there's a real sense that people still don't understand that danger or have become comfortable with it.
The US and other governments are trying to stay on top of these supply chain threats with regulation. Congress has tried to ban TikTok in an effort to protect US consumer data, and just today the Biden administration proposed a ban on hardware and software for connected cars coming from China or Russia. But Peter Martin told me he thinks it's impossible to secure supply chains across the board. At the end of the day, you've got to prioritize.
It's really a question of thinking about what degree of risk is acceptable for which technology. So in the case of a fighter jet, for example, highly sophisticated piece of equipment, very expensive, involves the life of the pilot and missions that are critical to US national security, the US is going to want to have as much control over that
supply chain as possible. When it comes to personal electronics, the threshold is going to be much lower, although, of course, events in Lebanon showed that just because an item is mundane, it doesn't mean that it's safe.
This is The Big Take from Bloomberg News. I'm Sarah Holder. This episode was produced by Julia Press. It was edited by Caitlin Kenny, Dan Flatley, and Andrew Martin. It was mixed by Alexander Sugura. It was fact checked by Adrianna Tapia. Our senior producer is Naomi Shaven. Our senior editor is Elizabeth Ponso. Our executive producer is Nicole Beamster. War Stage Bauman is Bloomberg's head of Podcasts. If you liked this episode, make sure to subscribe and review The Big Take wherever
you listen to podcasts. It helps people find the show. Thanks for listening. We'll be back tomorrow