Israeli military officials have warned residents in southern Lebanon and parts of Beirut to evacuate villages and neighbourhoods, sparking worries of a bombing campaign exploding into a full-blown war — and concerns that Israel had hacked into its northern neighbour’s telecommunications networks.
The bombing began within hours of Monday’s warnings, and more than 270 people have been killed in attacks across Lebanon’s south and east.
And later in the evening, Israel announced that it had also bombed parts of Beirut.
As fears of a war escalate, the warnings, experts say, are in themselves also a reminder of Israel’s technological superiority over Lebanon. They also repeat a playbook that Israel has used in Gaza.
Here’s what’s happened, why the warnings are significant and how Israel might have gained access to the private communication details of people across Lebanon.
What’s happened?
Residents of villages in southern Lebanon and in some Beirut neighbourhoods received messages and phone calls from a Lebanese number early on Monday ordering them to move away from Hezbollah strongholds.
Some people received recorded calls to their mobile phones or their landlines while some received text messages, Al Jazeera’s Mazen Ibrahim reported from Beirut. The messages were all the same, he said.
One message seen by Al Jazeera was delivered at about 8:20am [05:30 GMT] and read: “If you are in a building with Hezbollah weapons, stay away from the village until further notice.”
Radio broadcasts were also hacked to deliver the messages, Al Jazeera correspondents reported on Monday.
“We ask residents of Lebanese villages to pay attention to the message and warning published by the [Israeli military] and heed them,” Israeli army spokesman Daniel Hagari said in a video statement posted on the X platform early on Monday.
Ibrahim from Al Jazeera said the areas people were asked to evacuate have already witnessed high levels of displacement since October 8, the day Israel and Lebanon began trading fire.
“These are communities that have seen more than 100,000 people leave in the 11 months of war,” he said. “Only some people remain there — those who have refused to move so far.”
In Beirut, Lebanese Information Minister Ziad Makary was among those who received a recorded phone call, according to the state-run National News Agency.
“What we don’t know is how Israel got these details of people — cellphone numbers, locations. … Is it because of data leaks or because Israel has hacked into Lebanon’s telecoms infrastructure?” Ibrahim said.
Are these more than warnings?
Israel says its army sends warnings before bombings to minimise civilian casualties. That has been the country’s argument in Gaza during the ongoing war there, too.
But the facts on the ground don’t back that up. In many cases, Israel’s bombs have landed on buildings whose residents received no warnings. In other cases in Gaza, fleeing civilians have been attacked by Israeli forces.
The warnings can come in the form of text messages, phone calls or dropped leaflets. But the phone-delivered warnings in Gaza, experts have said over the years, are also an example of psychological warfare — a reminder to Palestinians that Israel’s security apparatus knows exactly where they are at any point in time.
The same tools used for precise warnings are also what has helped Israel to target its missiles.
On Monday, that pattern, which Gaza is familiar with, appeared to have extended into Lebanon.
How did Israel infiltrate Lebanese telecoms networks?
Last week, at least 37 people died after thousands of low-tech pagers and walkie-talkies presumed to belong to members of the Lebanese armed group Hezbollah exploded. Nearly 3,000 people were injured. Lebanon, Hezbollah and the group’s allies such as Iran blamed Israel. While Israel didn’t claim responsibility, most experts concluded it was behind those explosions.
While experts believe Israel planted explosives in those devices months before they were detonated, the ability to send targeted warnings to individuals in specific parts of Lebanon suggests that Israel has access to real-time information about Lebanese civilians — not just its supposed enemies in Hezbollah.
That’s not surprising, said Elijah Magnier, a risk and conflict analyst.
Magnier, who closely watches Israel’s conflicts in the Middle East, told Al Jazeera that Israel had hacked Lebanese networks way before October 8.
“They have access to landlines, car plate numbers, mobile phones — to the point that they are able to communicate to anyone in the south of Lebanon exactly as they are able to do in the West Bank or Gaza,” he said.
Sophisticated spyware technology and equipment means that Israel’s Mossad intelligence agency can map exactly who lives where, what phone numbers they have and who frequents their homes, Magnier said.
Spies, he added, can collect thousands of IP addresses in towns and cities just by driving on the streets with their equipment. When Israel’s intelligence detects a larger collection of phones than usual in a particular area, it can conclude that there’s an unusual event — like a Hezbollah meeting, for example — and deploy missiles, he added.
Has Israel issued such warnings before?
During the current war, Israel has so far dropped pamphlets to alert Lebanese border communities of an impending bombing campaign.
But it has in the past also been accused of hacking Lebanese telecommunications networks.
In 2018, Amal Mudallali, Lebanon’s permanent representative to the United Nations, accused Israel of hacking mobile lines and sending recorded messages to civilians in Kafr Kila village, warning them of imminent explosions amid tensions between Hezbollah and Israel that year.
“This constitutes a new and extremely serious attack on the security and safety of the citizens of Lebanon, whereby Israel is violating the dignity and privacy of individuals and making a direct threat against their lives,” Mudallali wrote in a letter to the UN Security Council, asking for condemnation of Israel’s “hostile” behaviour.
Israel is also known for its strong capabilities in breaking into electronic devices using malware.
Pegasus, one type of such malware, was developed by the Israeli company NSO Group and has been used by multiple countries to spy on their citizens, according to a 2021 investigation by Amnesty International, Forbidden Stories and a host of media houses.
Illegal data gathering in Lebanon likely dates back to 2007, when Mossad spy networks’ focus on communications systems were first uncovered in Lebanon, Magnier said. Those revelations came in the wake of the July 2006 war between Lebanon and Israel, which caused 1,191 to 1,300 Lebanese casualties and another 165 Israeli fatalities. Since then, more communication network spies have been discovered.
“Israel enjoys complete intelligence superiority over its regional enemies — even if it missed the Oct. 7 Hamas attack,” Ori Goldberg, an Israeli academic, wrote in the publication New Lines Magazine.
Is Lebanon’s data privacy framework weak?
As powerful as Israel’s technological capabilities are, weaknesses in Lebanon’s data security structures haven’t helped its citizens either, experts and privacy rights groups say.
At times, Lebanese state actors have themselves contributed to data breaches.
Lebanese embassies reportedly exposed the personal data of thousands of Lebanese citizens in the diaspora who had registered to vote in the run-up to the 2018 general election, according to the monitoring website Privacy International.
In the same year, the Lebanese security intelligence agency was found to have run several hacking campaigns since 2012, stealing thousands of gigabytes of data from users of messaging apps like WhatsApp and Telegram, according to researchers from the mobile security firm Look Up and the digital rights group Electronic Frontier Foundation. The state-backed hackers were called Dark Caracal.
The Lebanese Constitution does not explicitly guarantee privacy, and laws protecting electronic data are “weak”, according to Privacy International. While the 1999 Telecommunications Act protects people against surveillance and tapping (except in criminal investigations), a 2013 directive also requires internet service providers, cafes and other internet-enabled stores to keep user data for at least a year.
This month, Lebanese publications reported increasing cases of attempted WhatsApp hacking, with people receiving messages to click on suspicious codes and links and then receiving alerts that their WhatsApp had been opened on another device. Commenters on the social platform Reddit also reported the same.
According to information posted on WhatsApp’s frequently asked questions page (FAQs), the application sends a verification code to users when someone is trying to register another WhatsApp account with the same numbers.
“When you receive this notification, it means that someone has entered your phone number and requested the registration code,” WhatsApp says. “This often happens if another user mistyped your number when trying to enter their own number to register and can also happen when someone attempts to take over your account.”