#FactCheck - "AI-Generated Image of UK Police Officers Bowing to Muslims Goes Viral”

Introduction

Pagers were commonly utilized in the late 1990s and early 2000s, especially in fields that needed fast, reliable communication and swift alerts and information sharing. Pagers typically offer a broader coverage range, particularly in remote areas with limited cellular signals, which enhances their dependability. They are simple electronic devices with minimal features, making them easy to use and less prone to technical issues. The decline in their use has been caused by the rise of mobile phones and their extensive features, offering more advanced communication options like voice calls, text messages, and internet access. Despite this, pagers are still used in some specific industries.

A shocking incident occurred on 17th September 2014, where thousands of pager devices exploded within seconds across Lebanon in a synchronized attack, targeting the US-designated terror group Hezbollah. The explosions killed at least 9 and injured over 2,800 individuals in the country that has been caught up in the Israel-Palestine tensions in its backyard.

The Pager Bombs Incident

On Tuesday, 17th September 2024, hundreds of pagers carried by Hezbollah members in Lebanon exploded in an unprecedented attack, surpassing a series of covert assassinations and cyber-attacks in the region over recent years. The Iran-backed militant group claimed the wireless devices began to explode around 3:30 p.m., local time, in a targeted attack on Hezbollah operatives. The pagers that exploded were new and had been purchased by Hezbollah in recent months. Experts say the explosions underscore Hezbollah's vulnerability as its communication network was compromised to deadly effect. Several areas of the country were affected, particularly Beirut's southern suburbs, a populous area that is a known Hezbollah stronghold. At least 9 people were killed, including a child, and about 2,800 people were wounded, overwhelming Lebanese hospitals.

Second Wave of Attack

As per the most recent reports, the next day, following the pager bombing incident, a second wave of blasts hit Beirut and multiple parts of Lebanon. Certain wireless devices such as walkie-talkies, solar equipment, and car batteries exploded, resulting in at least 9 people killed and 300 injured, according to the Lebanese Health Ministry. The attack is said to have embarrassed Hezbollah, incapacitated many of its members, and raised fears about a greater escalation of hostilities between the Iran-backed Lebanese armed group and Israel.

A New Kind of Threat - ‘Cyber-Physical’ Attacks

The incident raises serious concerns about physical tampering with daily-use electronic devices and the possibility of triggering a new age of warfare. This highlights the serious physical threat posed, wherein even devices such as smartwatches, earbuds, and pacemakers could be vulnerable to physical tampering if an attacker gains physical access to them. We are potentially looking at a new age of ‘cyber-physical’ threats where the boundaries between the digital and the physical are blurring rapidly. It raises questions about unauthorised access and manipulation targeting the physical security of such electronic devices. There is a cause for concern regarding the global supply chain across sectors, if even seemingly-innocuous devices can be weaponised to such devastating effect. Such kinds of attacks are capable of causing significant disruption and casualties, as demonstrated by pager bombings in Lebanon, which resulted in numerous deaths and injuries. It also raises questions on the regulatory mechanism and oversights checks at every stage of the  electronic device lifecycle, from component manufacturing to the final assembly and shipment or supply. This is a grave issue because embedding explosives and doing malicious modifications by adversaries can turn such electronic devices into weapons.

CyberPeace Outlook

The pager bombing attack demonstrates a new era of threats in warfare tactics, revealing the advanced coordination and technical capabilities of adversaries where they have weaponised the daily use of electronic devices. They have targeted the hardware security of electronic devices, presenting a serious new threat to hardware security. The threat is grave, and has understandably raised widespread apprehension globally.  Such kind of gross weaponisation of daily-use devices, specially in the conflict context, also triggers concerns about the violation of International Humanitarian Law principles. It also raises serious questions on the liabilities of companies, suppliers and manufacturers of such devices, who are subject to regulatory checks and ensuring the authenticity of their products.

The incident highlights the need for a more robust regulatory landscape, with stricter supply chain regulations as we adjust to the realities of a possible new era of weaponisation and conflict expression. CyberPeace recommends the incorporation of stringent tracking and vetting processes in product supply chains, along with the strengthening of international cooperation mechanisms to ensure compliance with protocols regarding the responsible use of technology. These will go a long way towards establishing peace in the global cyberspace and restore trust and safety with regards to everyday technologies.

References:

1. https://indianexpress.com/article/what-is/what-is-a-pager-9573113/

2. https://timesofindia.indiatimes.com/world/middle-east/pager-attack-in-lebanon-why-was-hezbollah-using-outdated-pagers-in-2024/articleshow/113442551.cms

3. https://www.ndtv.com/world-news/explained-how-pagers-turned-bombs-and-why-israel-is-being-blamed-6592100

4. https://edition.cnn.com/2024/09/17/middleeast/lebanon-pager-attack-explosions-hezbollah-explainer-intl-latam/index.html

5. https://www.theguardian.com/world/2024/sep/18/hezbollah-pager-explosion-lebanon-israel-gold-apollo

6. https://apnews.com/article/lebanon-israel-exploding-pagers-hezbollah-syria-ce6af3c2e6de0a0dddfae48634278288

7. https://21stcenturychronicle.com/smartphones-solar-panels-walkie-talkies-intercoms-car-betteries-explode-in-lebanon/

https://www.coastreporter.net/the-mix/lebanon-is-rocked-by-a-second-wave-of-exploding-devices-as-israel-declares-a-new-phase-of-war-9536618

‍

Introduction:

Welcome to the second edition of our blog on Digital forensics series. In our previous blog we discussed what digital forensics is,  the process followed by the tools, and the subsequent challenges faced in the field. Further, we looked at how the future of Digital Forensics will hold in the current scenario.  Today, we will explore differences between 3 particular similar sounding terms that vary significantly in functionality when implemented: Copying, Cloning and Imaging.

In Digital Forensics, the preservation and analysis of electronic evidence are important for investigations and legal proceedings. Replication of the data and devices is one of the fundamental tasks in this domain, without compromising the integrity of the original evidence. 

Three primary techniques -- copying, cloning, and imaging -- are used for this purpose. Each technique has its own strengths and is applied according to the needs of the investigation.

In this blog, we will examine the differences between copying, cloning and imaging. We will talk about the importance of each technique, their applications and why imaging  is considered the best for forensic investigations.

Copying

Copying means duplicating data or files from one location to another. When one does copying, it implies that one is using standard copy commands. However, when dealing with evidence, it might be hard to use copy only. It is because the standard copy can alter the metadata and change the hidden or deleted data .

 The characteristics of copying include: 

• Speed: copying is simpler and faster,compared to cloning or imaging.
•  Risk: The risk involved in copying is that the metadata might be altered and all the data might be captured.

Cloning

It is the process where the transfer of the entire contents of a hard drive or a storage device is done  on another storage device. This process is known as cloning . This way, the cloning process captures both the active data and the unallocated space and hidden partitions, thus containing the whole structure of the original device. Cloning is generally used at the sector level of the device. Clones can be used as the working copy of a device .

Characteristics of cloning: 

•  bit-for-bit replication: cloning keeps the exact content and the whole structure of the original device. 
• Use cases: cloning is used when it is needed to keep the original device intact for further examination or a legal affair. 
•  Time consuming: Cloning is usually longer in comparison to simple copying since it involves the whole detailed replication. Though it depends on various factors like the size of the storage device, the speed of the devices involved, and the method of cloning.

Imaging:

It is the process of creating a forensic image of a storage device. A forensic image is a replica copy of every bit of data that was on the source device, this including the allocated, unallocated, and the available slack space .

 The image is then used for analysis and investigation, and the original evidence is left untouched. Images can’t be used as the working copies of a device.  Unlike cloning, which produces working copies, forensic images are typically used for analysis and investigation purposes and are not intended for regular use as working copies.

Characteristics of Imaging:

•  Integrity: Imaging ensures the integrity and authenticity of the evidence produced
•  Flexibility: Forensic image replicas can be mounted as a virtual drive to create image-specific mode for analysis of data without affecting the original evidence . 
• Metadata: Imaging captures metadata associated with the data, thus promoting forensic analysis.

Key Differences

• Purpose: Copying is for everyday use but not good for forensic investigations requiring data integrity. Cloning and imaging are made for forensic preservation.
• Depth of Replication: Cloning and imaging captures the entire storage device including hidden, unallocated, and deleted data  whereas copying may miss crucial forensic data.
• Data Integrity: Imaging and cloning keep the integrity of the original evidence thus making them suitable for legal and forensic use. Which is a critical aspect of forensic investigations.
• Forensic Soundness: Imaging is considered the best in digital forensics due to its comprehensive and non-invasive nature.
• Cloning is generally from one hard disk to another, where as imaging creates a compressed file that contains a snapshot of the entire hard drive or a specific partitions

Conclusion

Therefore, copying, cloning, and imaging all deal with duplication of data or storage devices with significant variations, especially in digital forensic. However, for forensic investigations, imaging is the most selected approach due to the correct preservation of the evidence state for any analysis or legal use . Therefore, it is essential for forensic investigators to understand these rigorous differences to avail of real and uncontaminated digital evidence for their investigation and legal argument.

‍

Introduction

In this age, when our data stands as the key to all resources, espionage has moved from dark alleys and trench coats to keyboards and code. In this era of active digital espionage, where intelligence is stolen through invisible cyberattacks that target computer networks. Cyber espionage and spying have become the most critical threat in the hyper-connected world of today. As governments, corporations, and individuals store an immense amount of confidential information online, the grounds of espionage have shifted from land and sea to the silent realm of cyberspace. 

What is Cyber Espionage? 

Cyber espionage refers to the unauthorised access of confidential data for strategic, political, military, and financial gain, unlike cybercrime, which is mostly about money. Cyber espionage is about gaining information power. The very first documented case dates back to 1986-87, when a group of German hackers breached the US military establishment and the defence systems and sold that stolen data to the Soviets and the KGB. This was the beginning of a new era where classified intelligence could be gathered even without entering a building. 

Cyber espionage is mostly carried out by trained espionage professionals, elite hackers, and corporate spies whose sole purpose is to target the government, research organisations, military establishments, and other critical infrastructures.   

The Objective

The act of Cyber Espionage is being driven by three major objectives, such as;

• Stealing of Intellectual Property- Starting from information and data related to military establishments to pharmaceutical patents, stealing innovation is cheaper than funding R&D. 
• Political and Diplomatic Advantage- As government networks are hacked to access state secrets, negotiation strategies, and classified communications.
• Military Intelligence- Cyber spies also work to steal data on weapons troop movements, defence systems, and war systems, often years before conflict breaks out. 

In a world being shaped by digital power, information is not just about knowledge. Rather, it is all about ensuring dominance. 

The arsenal of modern digital spies is more sophisticated, and most importantly, they are used covertly rather than the spy gadgets that are shown in spy movies. Some of the tactics resorted to by the cyber spies can be recognised as; 

• Phishing Attacks through fake emails that lure victims to click on malicious links or sharing of passwords. 
• Persisting Advanced Threats through long-term stealth attacks in a network for more than a month or a year. 
• Malware and Spyware are invisible software that logs keystrokes, records screens, or steals files silently. 
• Deepfake Manipulations by creating AI-generated fake videos that can influence political developments in the country. 

Anything that makes cyber espionage terrifying is not just the theft, but the fact that it goes undetected. 

What Differentiates Cyber Espionage and Cyber Warfare

Cyber espionage is a silent and stealthy tactic that is carried out with utmost secrecy, being a long-term effort for intelligence gathering. It mostly focuses on the stealing of data, whereas Cyber warfare is an open and destructive tactic that is used to create an immediate and visible impact to create disruption. However, espionage is an act that prepares the battlefield for the warfare of the future. 

Taking instances of real instances of cyber espionage, we can refer to examples such as; 

• Operation Aurora was conducted in 2010, where Chinese Hackers based in Beijing tried to steal IP data from Google and American tech giants. 
• The Stuxnet attack in 2010 was another cyber weapon that was developed to sabotage Iran’s nuclear centrifuges. 
•  SolarWinds Attack of 2020 was an instance of cyber espionage where a supply chain hack was carried out to target multiple US federal government agencies. 

As most of these instances reflect that they were battles without guns, but with the use of codes. Several sources raise the question of whether cyber-attacks can be stopped. The answer lies in the fact that they cannot be stopped completely, but can be minimised to some extent, by developing capabilities to counter and deter cyber-attacks with the help of equal cyber defence capabilities. 

Conclusion 

From the Cold War era to the present Code War, espionage has evolved with technology. An effort that was once taken solely by spies and human assets, with the passing of time enhancement of technologies it is now expanded to malware, phishing, social engineering, and remote digital inflation. In this age of information warfare, espionage is faster, cheaper, and harder to trace than ever before. The enemies of a nation may never cross its borders, but they may already be inside its systems. However, the world has now officially entered a new battlefield, without boundaries, uniforms, and bombs. It is now being fought through bytes, breaches, and invisible enemies.  

References

• https://www.sentinelone.com/cybersecurity-101/threat-intelligence/cyber-espionage/
• https://www.espiamos.com/en/content/espionage-in-the-digital-world-threats-and-opportunities.html
• https://www.apu.apus.edu/area-of-study/information-technology/resources/what-is-cyber-warfare/
• https://pride-security.co.uk/the-rise-of-digital-warfare-understanding-the-evolution-of-cyber-espionage/

‍