GeoLegal Weekly #36 – Exploding Pagers and The Internet of Weapons

Just a quick note before jumping into this week’s essay – I’m hosting all-day GeoLegal Summits in New York and London in October with unbelievable speakers from top corporations, law firms and geopolitical analysis companies. If you’d like to attend or sponsor, you can book tickets or let me know (flash sale until friday).

Exploding Pagers (and Walkie-Talkies)

A man is going about his day, picking fruit in a Beirut supermarket. CCTV suddenly captures an explosion, likely in his pocket, and the man falls to the ground with other customers in the store scattering. The man is one of thousands whose pagers exploded in a simultaneous attack yesterday. As I publish right now, there are reports of additional explosions today including of other devices like walkie-talkie radios.

This week I’ll dive into the corporate implications of pager warfare.

It is widely suspected Israel conducted the attack as part of its increasingly hot conflict with Iran and its Lebanon-based surrogate Hezbollah. Hezbollah has increasingly turned to the use of a closed network of pagers for communication in order to limit the ability of eavesdropping and location tracking. Israel apparently intercepted the supply of pagers and implanted explosive material which was remotely detonated.

There are a few ways to analyze such an event. First, it may be a prelude to a broader attack by Israel, which will be facilitated by having knocked out Hezbollah’s communication network. Second, it is a way for Israel to show Hezbollah just how deep it is in their communications network in order to gain leverage. Third, it raises the chances of the region becoming further engulfed in a conflict that could have all sorts of second order effects (as I’ve written about previously). 

But the less talked about story is perhaps the most obvious: A regular household item – a pager –  has been turned into a weapon of attack.  For all the worry about AI-powered drones and the future of warfare, the fact is that the internet of things can be turned into an internet of weapons. 

While any attack like this is sophisticated in its imagination and coordination, the fact is that this is not an AI-powered robot attacking from the sky. This is the use of a mutated version of conventional consumer technology to expand the battlefield. The big change here is less one of capability and more one of intent.

In effect, the attacker decided that they would take the opportunity to kill or injure thousands of suspected enemy militants with little regard for collateral damage. After all, this attack didn’t happen on the battlefield. It happened to pager-carriers who were in the vicinity of others. Whose bags may have been left in a cloakroom. Who may have been dining in a restaurant, etc.

The disregard for collateral damage is striking in the arc of 21st century warfare but less so in the last 12 months. After all, on October 7, 2023, Hamas militants killed over 1,000 Israelis in a terrorist attack and Israel’s response has killed tens of thousands of Palestinians. Russia and Ukraine are locked in a war of attrition where flying drones into apartment buildings in each others’ capital is a win regardless of who was inside. International law is doing little to restrain forms of combat or to punish aggressors. It seems to be barely a consideration. 

The Internet of Weapons

Where we used to worry that our search engines were spying on us, now we must worry about our televisions and toasters. Globalization used to simply deliver cheaper manufactured goods assembled in an economically efficient way. Now it may deliver trojan horses into our companies and houses.

While this attack appears to have required tampering with devices, the Internet of Things (IoT) creates many opportunities for attack that don’t require physical tampering. A shift in intent and guardrails is important as we have more exposure than ever before due to goods made everywhere and connected always. 

Years ago, I read a story of China hacking the US Chamber of Commerce’s thermostat, which seemed like it might come in handy to influence a negotiation by making it so uncomfortable one party throws in the towel. But what if a hacker could control a thermostat and lock your doors, causing inescapable pain or physical risk – that is much scarier. 

When your household boiler can be made to overheat and explode or your mobile phone can be made to  cause significant burns, the only safeguards we have are a sense that someone can’t get to you (no longer the case), that someone wouldn’t want to get to you (less certain in a world where countries don’t care about collateral damage), and that someone would be afraid to get to you because of the consequences (increasingly unlikely in a world where legal safeguards are eroding).

Implications

As cross-cutting geopolitical relationships cause greater tensions while legal safeguards fall away, an increase in technological capability or a shift in intent can spell serious implications for companies caught in the middle. 

First, sprawling global supply chains mean you and your company can get caught in between two hostile actors. A Taiwanese company was tagged as the source of the explosive pagers but they claim their brand had simply been licensed to a Hungarian company that actually produced the product and did the deal with Hezbollah. While companies have always been concerned about resellers pushing product to sanctioned entities, they are probably less concerned that the products will be weaponized than they are about being embarrassed and fined. This is a new avenue of risk. The product this Taiwanese company makes and sells was used as a weapon against their ultimate customers, by other actors. Might customers now cancel orders because of an association they have little ability to control?  How about their other licensing partnerships? Could this event, which they likely had no direct involvement in, kill their business?

Second, threats of exposure to globally manufactured connected devices pile on to economic nationalism concerns that are threatening trade more broadly. Concerns about securing one’s supply chain quickly give rise to shortening or disassembling the supply chain altogether. 

This isn’t just Donald Trump’s tariff proposals or his Vice-Presidential nominee calling for all toasters to be made in America regardless of cost. For instance, the US and EU recently added steep tariffs on Chinese electric vehicles due to concerns about trade practices (and, of course, to protect their own manufacturers). When the fear goes beyond trade and shifts to terror, there are significantly more risks to open trade. Could China weaponize its electric vehicles in the event of a conflict – driving them off roads, exploding their batteries or even simply shutting them down? Yes, probably. And those fears will be used by politicians in favor of protectionism. 

Third, fears of cyber attacks, espionage, manipulation and the like will increasingly lead to more onerous regulations and obligations with respect to security and compliance. How do you know if the devices you have brought into your office have been tampered with? How can you make sure they aren’t spying on you? What about the Chinese electric vehicles you brought into your fleet – how can you be sure that they won’t be hacked or sabotaged by a third party to cause havoc or increase tensions between the US and China? Things that may be corporate hygiene today will increasingly become bureaucratized and mandated, with rising compliance costs. If you think Know Your Customer is onerous, get ready for Know Your Supplier.

Fourth, it’s not hard to imagine product liability scenarios from weaponized products. While this appeared to be a case of a foreign military intelligence service physically intercepting pagers, if such an attack happened in the US using traditional consumer devices, I can imagine many plaintiff’s lawyers would be eager to file broad-based lawsuits against the manufacturer and the network provider for failing to safeguard their supply chain and systems.

Fifth, this raises concerns about supply chain resilience that I’ve highlighted in past weeklies. You may be careful about the devices you bring into your organization. But you also may depend on suppliers who aren’t. Similarly, you may depend on government infrastructure that is constantly under attack by other countries looking for a way in. Provisioning for resilience and optionality is critical in a world where you are exposed to more risk. 

Finally, there’s also the risk to other producers in a country where technology has been weaponized. For instance, assume Israel did this attack. How do users of Israeli civilian technology feel about security of devices after seeing the ability of Israel to weaponize technology? What if your government conducted an analogous exploit – would your customers continue to trust you or penalize you for the flag of your headquarters?

In Other News

7-11 – A National Security Treasure: Are cheeseburger hotdogs critical infrastructure? Possibly. 7 and i, the parent of 7-11, has been classified as core to national security by the Japanese government. The timing is interesting as it comes amid the company rejecting a takeoff offer by a Canadian firm. This is one of a long line of political uses of national security reviews and classifications this year, like that related to TikTok or US Steel.

US Steel: In classic form, US President Joe Biden and his potential successor Kamala Harris made a lot of noise about how they wanted to block Nippon Steel’s acquisition of US Steel. In fact, having scored their populist points, they agreed with Nippon Steel to flip consideration until after the election. There are few more classic textbook moves in political season than this – take the populist credit then shove under the rug when no one is looking.

Trump Assassination Attempt: It’s hard to grapple with the fact that an assassination attempt on a former president running to retake office could come last on the list of news this week. Perhaps I’m becoming desensitized to how political violence is increasingly normalized in US political discourse. As I wrote previously, the shots fired at Trump over the summer were startling because they got through and hit him. In this case, the Secret Service scared away the gunman and later arrested him, which is kind of the way it’s supposed to work. While the intent to injure the former president was the same, the outcome was not. In a world of rising threats, more and more of them will get through. This one didn’t, so I think this story has had a line drawn under it. 

*Thanks to Karthik Sankaran for the phrase Internet of Weapons.

-SW