BEIRUT — Over the past two weeks, people in Lebanon have been receiving anonymous threats and evacuation warnings via various platforms including SMS, WhatsApp, and phone calls, claiming to be from the Israeli military. The messages have targeted specific areas, with residents reporting calls from foreign and local numbers, often masked to appear as Lebanese. Similar tactics were reported to be used in Gaza.
The Israeli military has also hacked radio waves, broadcasting “warning” messages while drivers were listening to their car radio.
Similar warnings have been sent out across various areas of the country, including in central Beirut, however, the messages appear to be a hoax. On Sunday, Lebanese authorities arrested individuals suspected of having sent out some of these fake evacuation notices.
On Sept. 23, after his office received a phone call citing a evacuation order, Lebanese caretaker Minister of Information Ziad Makari advised the public not to overreact, and that the authorities were monitoring the situation.
How are these messages sent?
Israeli forces may have used online applications and telecommunications data to send these messages, while some were transmitted via masked numbers and automated recordings, according to a report by SMEX, a Lebanese non-governmental organization with a mission to advocate for digital rights in the Arab world.
Similar methods were used by Israel during the 2006 war, including the interception of signals to gather phone numbers and send warnings, the report added.
Cyber security consultant Roland Abi Najem told L'Orient Today that the process of sending these messages to a wide number of people living in Lebanon does not require great sophistication.
“Our private data are well exposed,” he said. “This is problem number one and we cannot do anything about it. For example, I can know all the details of your life from your car plate number."
According to SMEX, data protection systems are very weak in Lebanon, leaving large amounts of residents’ private data exposed or vulnerable to breaches and leaks. The country ranked 109th out of 182 in the world in the Global Cybersecurity Index report prepared by the International Telecommunication Union, released in 2020. Israel ranks 36th globally.
Telecommunication Minister Johnny Corm told L’Orient Today that the process of masking one’s number and sending messages to many people is “simple.”
“They can use a phone application, or VPN, that is accessible to everyone,” he said.
A VPN (Virtual Private Network) is a service that encrypts your internet connection and routes it through a remote server, providing online privacy, security, and the ability to access content restricted by location.
Is it possible to differentiate real from fake threat?
"Around three-quarters” of the messages people are receiving on their phones claiming it is from the Israeli military “are fake," Abi Najem said.
Right now, the Israeli army is mainly broadcasting its warnings in official statements on social media platforms, clipping area maps and, in many cases, naming the street and building that will be targeted, Abi Najem added.
Analyzing whether a threat received via a call or a message is real or fake should be taken case by case, Abi Najem said. "We cannot make one assessment for all the messages sent or that will be sent," he added.
While it’s complicated to determine whether the Israeli military is in fact behind some of the messages or not on the spot, the telecommunications ministry encourages people who receive those messages to call the customer support of Lebanon’s national network Ogero, or the Lebanese telecom companies, either Touch or Alfa, Corm said.
“The problem is that people behind these fake messages are using an app to mask their numbers, making it difficult to track them,” he added.
In its report, SMEX says that a technical audit can trace the source of suspicious calls and messages, particularly those sent through conventional networks like landlines and mobile phones.
The telecommunications minister said his ministry has been able to track down messages coming from local numbers, but that messages coming from abroad are more difficult to trace.
In a recent statement to local TV channel Al Jadeed, Corm said that “an investigation is underway to verify the authenticity of the communications and threats received by a number of Lebanese people."
What precautionary steps can be taken in this situation?
To stay safe from suspicious communications, SMEX advises people to avoid returning calls or sending SMS messages to unknown numbers, and never click on links, even from familiar contacts. If you answer a suspicious call, the organizations recommends not to press any numbers and report the incident to authorities.
It also advises to only join WhatsApp groups managed by trusted individuals and to adjust your WhatsApp settings to limit group additions to your contacts by navigating to Settings > Privacy > Groups > My contacts only.
"The primary responsibility lies with the Lebanese state, not individuals, as it is responsible for protecting data, tracking and monitoring these communications, and addressing the vulnerabilities, taking the necessary actions both locally and internationally," SMEX says.