Richard Forno, University of Maryland, Baltimore County

Electronic pagers across Lebanon exploded simultaneously on Sept. 17, 2024, killing 12 and wounding more than 2,700. The following day, another wave of explosions in the country came from detonating walkie-talkies. The attacks appeared to target members of the militant group Hezbollah.

The pagers attack involved explosives planted in the communications devices by Israeli operatives, according to U.S. officials cited by The New York Times. Hezbollah had recently ordered a shipment of pagers, according to the report.

Secretly attacking the supply chain is not a new technique in intelligence and military operations. For example, the U.S. National Security Agency intercepted computer hardware bound for overseas customers, inserted malware or other surveillance tools and then repackaged them for delivery to certain foreign buyers, a 2010 NSA internal document showed. This differs from accessing a specific person’s device, such as when Israel’s Shin Bet secretly inserted explosives into a cellphone to remotely kill a Hamas bombmaker in 1996.

Hezbollah, a longtime adversary of Israel, had increased its use of pagers in the wake of the Hamas attack on Israel on Oct. 7, 2023. By shifting to relatively low-tech communication devices, including pagers and walkie-talkies, Hezbollah apparently sought an advantage against Israel’s well-known sophistication in tracking targets through their phones.

Cellphones: The ultimate tracker

As a former cybersecurity professional and current security researcher, I view cellular devices as the ultimate tracking tool for both government and commercial entities – in addition to users, criminals and the mobile phone provider itself. As a result, mobile phone tracking has contributed to the fight against terrorism, located missing people and helped solve crimes.

Conversely, mobile phone tracking makes it easy for anyone to record a person’s most intimate movements. This can be done for legitimate purposes such as parents tracking children’s movements, helping you find your car in a parking lot, and commercial advertising, or nefarious ends such as remotely spying on a lover suspected of cheating or tracking political activists and journalists. Even the U.S. military remains concerned with how its soldiers might be tracked by their phones.

Mobile device tracking is conducted in several ways. First, there is the network location data generated by the phone as it moves past local cell towers or Stingray devices, which law enforcement agencies use to mimic cell towers. Then there are the features built into the phone’s operating system or enabled by downloaded apps that may lead to highly detailed user tracking, which users unwittingly agree to by ignoring the software’s privacy policy or terms of service.

This collected data is sometimes sold to governments or other companies for additional data mining and user profiling. And modern smartphones also have built-in Bluetooth, Wi-Fi and GPS capabilities that can help with locating and tracking user movements around the world, both from the ground and via satellites. https://www.youtube.com/embed/CxC1KCoGbIM?wmode=transparent&start=0 Your phone contains many sensors that make it useful – and easy to track.

Advertisement

Mobile devices can be tracked in real time or close to it. Common technical methods include traditional radio direction-finding techniques, using intelligence satellites or drones, deploying “man in the middle” tools like Stingrays to impersonate cellular towers to intercept and isolate device traffic, or installing malware such as Pegasus, made by Israeli cyberarms company NSO to report a device’s location.

Nontechnical and slower techniques of user tracking include potentially identifying general user locations from their internet activity. This can be done from website logs or the metadata contained in content posted to social media, or contracting with data brokers to receive any collected location data from the apps that a user might install on their device.

Indeed, because of these vulnerabilities, the leader of Hezbollah earlier this year advised his members to avoid using cellular phones in their activities, noting that Israel’s “surveillance devices are in your pockets. If you are looking for the Israeli agent, look at the phone in your hands and those of your wives and children.”

Researchers have shown how these features, often intended for the user’s convenience, can be used by governments, companies and criminals to track people in their daily lives and even predict movements. Many people still aren’t aware of how much their mobile devices disclose about them.

Pagers, however, unlike mobile phones, can be harder to track depending on whether they support two-way communication.

Why go low-tech

A pager that only receives messages does not provide a signal that can facilitate tracking its owner. Therefore, Hezbollah’s use of pagers likely made it more challenging to track their operatives – thus motivating Israeli intelligence services’ purported attack on the supply chain of Hezbollah’s pagers.

Using low-tech tactics and personal couriers while avoiding the use of mobile phones and digital tools also made it difficult for the technologically superior Western intelligence agencies to locate Osama bin Laden for years after the 9/11 attacks.

Advertisement

In general, I believe the adversary in an asymmetric conflict using low-tech techniques, tactics and technology will almost always be able to operate successfully against a more powerful and well-funded opponent.

A well-documented demonstration of this asymmetry in action was the U.S. military’s Millennium Challenge war game in 2002. Among other things, the insurgent Red forces, led by Marine General Paul van Riper, used low-tech tactics including motorcycle couriers instead of cellphones to evade the Blue forces’ high-tech surveillance. In the initial run of the exercise, the Red team won the contest in 24 hours, forcing exercise planners to controversially reset and update the scenario to ensure a Blue team victory.

Lessons for everyone

The preference for terrorist organizations like Hezbollah and al-Qaida to avoid using smartphones is a reminder for everyone that you can be, and likely are being tracked in various ways and for various purposes.

Israel’s purported response to Hezbollah’s actions also holds a lesson for everyone. From a cybersecurity perspective, it shows that any device in your life can be tampered with by an adversary at points along the supply chain – long before you even receive it.

Richard Forno, Principal Lecturer in Computer Science and Electrical Engineering, University of Maryland, Baltimore County

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Advertisement

The science section of our news blog STM Daily News provides readers with captivating and up-to-date information on the latest scientific discoveries, breakthroughs, and innovations across various fields. We offer engaging and accessible content, ensuring that readers with different levels of scientific knowledge can stay informed. Whether it’s exploring advancements in medicine, astronomy, technology, or environmental sciences, our science section strives to shed light on the intriguing world of scientific exploration and its profound impact on our daily lives. From thought-provoking articles to informative interviews with experts in the field, STM Daily News Science offers a harmonious blend of factual reporting, analysis, and exploration, making it a go-to source for science enthusiasts and curious minds alike. https://stmdailynews.com/category/science/

Please leave this field empty

Want more stories
“Your morning jolt of Inspiring & Interesting Stories!”

Sign up to receive awesome articles directly to your inbox.

Email Address *

We don’t spam! Read our privacy policy for more info.

Please check your inbox or spam folder to confirm your subscription.

UPPER DARBY, Pa. /PRNewswire/ — Upper Darby School District (“UDSD”) is providing notice of recent events that may have affected the privacy of personal information related to certain individuals. The information involved in these events may include data related to current and former employees, as well as some student data.

DATA Events

In February 2024, UDSD identified unusual activity on certain IT systems. UDSD promptly took steps to secure its systems and initiated an investigation into the nature and scope of the issue. Through the investigation, it was determined that certain files were potentially copied from the systems by an unauthorized person on or around February 4, 2024. Further, in June 2024, UDSD learned that certain files were potentially copied from its systems by an unauthorized person on or around June 2, 2024. In response to these issues, UDSD undertook comprehensive reviews of the relevant files to determine what information was present and to whom it relates. While these efforts are still underway, UDSD has been working on an ongoing to mail letters to those individuals whose personal information was found in the relevant files. The investigations to date have determined that the type of information that may have been impacted varies per person, but may include name, address, date of birth, Social Security number, driver’s license number, other state identification number, medical and/or health insurance information.

UDSD takes these incidents, and the security of information in its care very seriously. UDSD has been working diligently to investigate and respond to these events, including moving quickly to initiate appropriate investigations, taking steps to assess the security of the network, and notifying potentially affected individuals on an ongoing basis as the investigations continue. UDSD is providing individuals with information and resources that they may use to better protect personal information.

UDSD encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring free credit reports for suspicious activity and to detect errors. Any suspicious activity should be promptly reported to the affiliated institutions. Individuals may also contact the three major credit reporting agencies for advice on how to obtain free credit reports and how to place fraud alerts and security freezes on credit files. The relevant contact information is below. More information on actions individuals may take to better protect their personal information may be found in the Steps Individuals May Take To Help Protect Personal Information section available on UDSD’s website at https://www.upperdarbysd.org/cms/lib/PA02209738/Centricity/Domain/4/UDSD%20-%20Website%20Notice.pdf.

UDSD has established a dedicated assistance line to answer questions regarding these incidents. If you have questions, please call 1-866-362-1773 Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time, excluding major U.S. holidays. Additionally, you can write us at 8201 Lansdowne Avenue, Upper Darby, PA 19082.

Steps Individuals May Take To Help Protect Personal Information

Monitor Accounts
Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also directly contact the three major credit reporting bureaus listed below to request a free copy of your credit report.

Advertisement

Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.

As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a security freeze, you may need to provide the following information, depending on whether you make the request online, by phone, or by mail:

1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
2. Social Security number;
3. Date of birth;
4. Addresses for the prior two to five years;
5. Proof of current address, such as a current utility bill or telephone bill;
6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, etc.);
7. Social Security Card, pay stub, or W2;
8. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.

Should you wish to place a credit freeze, please contact the three major credit reporting bureaus listed below:

Additional Information
You may further educate yourself regarding identity theft, fraud alerts, credit freezes, and the steps you can take to protect your personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or your state Attorney General. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement, your state Attorney General, and the Federal Trade Commission.

SOURCE Upper Darby School District

STM Daily News is a vibrant news blog dedicated to sharing the brighter side of human experiences. Emphasizing positive, uplifting stories, the site focuses on delivering inspiring, informative, and well-researched content. With a commitment to accurate, fair, and responsible journalism, STM Daily News aims to foster a community of readers passionate about positive change and engaged in meaningful conversations. Join the movement and explore stories that celebrate the positive impacts shaping our world.

https://stmdailynews.com/category/stories-this-moment

Advertisement

ALABASTER, AL — Heart South Cardiovascular Group (“Heart South”) announces a data incident that may have affected certain individuals’ information. On May 30, 2024, Heart South experienced a cybersecurity incident. Heart South immediately began an investigation, which included working with third-party specialists to determine the nature and scope of the incident. The investigation determined that certain information stored on its network was accessed by an unauthorized party between May 29, 2024 and May 30, 2024. While the review of the impacted information is still ongoing, the investigation has determined the information at risk may contain first and last name together with one or more of the following: address, date of birth, driver’s license number, Social Security number, diagnosis/condition, lab results, medications, and/or other treatment information. Heart South is currently obtaining address information for potentially impacted individuals and will be providing written notice to individuals for whom it has addresses. 

In response to this incident, Heart South implemented additional security measures to further minimize the risk of a similar incident occurring in the future. Heart South also notified law enforcement and is reviewing its policies and procedures related to data protection. Heart South has no reason to believe any information has been misused as a result of this incident. However, Heart South is providing individuals access to credit monitoring and identity protection services as an added precaution. If you have questions about this incident or would like to enroll in the credit monitoring and identity protection services, please call (888) 774-0744 between the hours of 8:00 a.m. to 8:00 p.m. Central Time, Monday through Friday, excluding holidays. You may also write to Heart South at 1022 1st Street N. #500, Alabaster, AL 35007.

In general, Heart South encourages individuals to remain vigilant in regularly reviewing and monitoring all account statements, explanation of benefits statements, and credit history to guard against a­ny unauthorized transactions or activity. If suspicious or unusual activity on accounts is discovered, please promptly contact the financial institution or company. Individuals may also place a fraud alert or credit freeze by contacting the credit reporting agencies: TransUnion 1-800-680-7289; Experian 1-888-397-3742; Equifax 1-888-298-0045.   

Individuals can further educate themselves regarding identity theft, fraud alerts, credit freezes, and steps to protect their personal information by contacting the credit reporting bureaus, the Federal Trade Commission (“FTC”), or their state Attorney General. The FTC may be reached at 600 Pennsylvania Ave. NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement, the Alabama Attorney General, and the FTC. The Alabama Attorney General may be contacted at Office of the Attorney General, 501 Washington Avenue, Montgomery, Alabama 36104; 334-242-7300; or https://www.alabamaag.gov.

/PRNewswire — Aug. 2, 2024/

SOURCE Heart South Cardiovascular Group

STM Daily News is a vibrant news blog dedicated to sharing the brighter side of human experiences. Emphasizing positive, uplifting stories, the site focuses on delivering inspiring, informative, and well-researched content. With a commitment to accurate, fair, and responsible journalism, STM Daily News aims to foster a community of readers passionate about positive change and engaged in meaningful conversations. Join the movement and explore stories that celebrate the positive impacts shaping our world.

Advertisement

https://stmdailynews.com/category/stories-this-moment