[News] The eyes and ears that decapitated Hezbollah

[Anti-Imperialist News]

 The eyes and ears that decapitated Hezbollah

As Hezbollah reels from a wave of assassinations deep within its
strongholds, an unseen war rages – one fought not with bullets, but with
hacked signals, infiltrated networks, and a digital battlefield where every
movement is mapped before it happens.

Anis Raiss <https://thecradle.co/authors/anis-raiss-122>

MAR 14, 2025 -
https://thecradle.co/articles/the-eyes-and-ears-that-decapitated-hezbollah
Photo Credit: The Cradle

They were not killed on the battlefield. One by one, inside operation
rooms, secured buildings, and what were supposed to be safe houses in
Dahiye – Beirut's southern suburb – Hezbollah’s commanders, members, and
operatives were assassinated.

Fuad Shukr, Ibrahim Aqil, Ali Karaki, Nabil Kaouk, Mohammad Srour, Ahmed
Mahmoud Wehbe. Then, the unthinkable: Secretary-General Hassan Nasrallah
himself. Just days later, his successor, Hashem Safieddine, was
assassinated too. Israel boasted of its success – eliminating West Asia's
most charismatic resistance leader and his replacement in the span of a
week.

These were not chaotic wartime deaths. They were calculated assassinations,
executed with precision – not through street-level infiltrations, but
through surveillance, intercepted signals, and compromised security
systems.
Hezbollah had once been disciplined, insular, and near-impenetrable. But
years of war in Syria forced the organization to expand its ranks
dramatically to sustain its military intervention in the neighboring state.
Yezid Sayigh of the Carnegie Middle East Center
<https://www.ft.com/content/6638813e-e246-4409-9a38-95bf60a220a8> notes
that Hezbollah “went from being highly disciplined and purists to someone
who ... let in a lot more people than they should have.” The structure that
once ensured its security had stretched thin, leaving the group more
exposed.

Miri Eisin, a former Israeli intelligence officer – now a senior fellow at
the International Institute for Counterterrorism <https://www.ict.org.il/>
– explained that after the 2006 war on Lebanon, Israel no longer viewed
Hezbollah as just a guerrilla force but as a complex “terror army.” This
new assessment forced Israeli intelligence to go deeper, scrutinizing
Hezbollah’s internal networks, leadership dynamics, and vulnerabilities
with unprecedented intensity.

This effort, which included AI-driven analysis of Hezbollah’s communication
patterns, allowed Israel to gradually compile a detailed map of the
organization’s high-ranking figures and their movements.

*Dahiye’s silent informants*


Walking through Haret Hreik, Ghobeiry, and other sectors of Dahiye,
security cameras, predominantly Chinese-made, are ubiquitous. Behind the
counters of butcher shops and bakeries, in electronic repair stores and
money exchanges, they quietly capture the daily rhythms of Dahiye. Their
distributor in Beirut, Bachir Hanbali Est. <https://www.bachirhanbali.com/>,
supplies an overwhelming number of these surveillance systems, primarily
from Dahua Technology <https://www.dahuasecurity.com/nl>.

Dahua's reach in Lebanon is extensive, with cameras installed not only in
commercial spaces but also in some municipal and privately owned security
networks.

Alongside Israel’s mastery of signal interception and frequency-hopping
surveillance, these devices may have played a critical role in the
decimation of Hezbollah’s top leadership.
In almost every shop and establishment, a monitor sits behind the counter,
displaying live footage from a security camera – one lens pointed inside,
capturing the aisles, shelves, and cash register, and the other fixed on
the street, watching the ebb and flow of pedestrians and scooters. The
devices are mass-produced, sold in bulk, and installed without a second
thought – the kind of cameras that flood international markets: cheap,
functional, and forgettable.
But Dahua cameras have long been riddled with vulnerabilities. Their
systems have been repeatedly compromised, with security flaws allowing
attackers to seize full control of devices remotely. One of the most
egregious incidents occurred in 2017 when researchers discovered a hidden
administrator account – username 888888
<https://www.exploit-db.com/exploits/44002> – embedded within thousands of
Dahua DVRs, NVRs, and IP cameras. The flaw enabled remote logins, giving
full access to the device.
By 2021, new vulnerabilities emerged. Authentication bypasses (
CVE-2021-33044 <https://nvd.nist.gov/vuln/detail/cve-2021-33044>) allowed
attackers to hijack Dahua cameras without credentials, making it easier to
exploit security gaps. Dahua’s reliance on cloud-based storage also posed
new threats; through services like ThroughTek Kalay
<https://www.throughtek.com/overview/>, attackers could siphon live footage
remotely, intercepting real-time visuals from Dahiye’s shops and streets.
Further analysis revealed that a significant portion of Dahua cameras in
Beirut’s southern suburbs were never patched, leaving them vulnerable to
remote access breaches.
Patching vulnerabilities is often an afterthought. By 2021, at least 1.2
million Dahua cameras <https://nvd.nist.gov/vuln/detail/cve-2021-33044>
remained exposed on public networks and indexed on Shodan – a search engine
for internet-connected devices. In 2023, a vulnerability (CVE-2023-6913
<https://www.incibe.es/en/incibe-cert/notices/aviso/session-hijacking-imou-life-app>)
in Dahua’s consumer brand Imou allowed hackers to hijack camera feeds
simply by embedding malicious commands into QR codes.

*Israel's cyber warfare: Mapping, watching, killing*

Israel has developed an extensive cyber-espionage industry capable of
exploiting these vulnerabilities. One of the most significant players in
this domain is Toka <https://www.tokagroup.com/products#targeted>, a firm
founded by former Israeli prime minister Ehud Barak and ex-occupation army
cyber chief Yaron Rosen. Toka specializes in hacking security cameras,
enabling operators to locate, breach, and monitor surveillance systems
without detection.

The company’s technology is particularly effective against outdated or
insecure camera models, making Dahua’s widespread usage in Hezbollah
strongholds an exploitable weakness.

Internal documents obtained by *Haaretz*
<https://www.haaretz.com/israel-news/security-aviation/2022-12-26/ty-article-magazine/.premium/this-dystopian-cyber-firm-could-have-saved-mossad-assassins-from-exposure/00000185-0bc6-d26d-a1b7-dbd739100000>
revealed the extent of Toka’s capabilities. AI-powered software maps every
security camera in a target area, infiltrates their systems, and builds a
comprehensive heatmap of movement patterns.

The assassination of Hezbollah operative Abbas Ahmad Hamoud
<https://www.timesofisrael.com/2-said-killed-as-idf-strike-targets-prominent-hezbollah-operative-in-south-lebanon/>
in February 2025 demonstrated how this system operates in real-time.
Footage from a compromised juice bar security camera surfaced within hours,
showing Hamoud and his associate moments before the strike.

The rapid retrieval of such footage underscores the scale of cyber
espionage embedded in Hezbollah’s strongholds.

*The double breach: Signals and surveillance*

Lebanon's maze of security cameras is likely, by now, mapped, all
compromised, and all feeding intelligence in real-time. AI-powered facial
recognition software processes the data, flagging known faces,
cross-referencing them against existing databases, and building a heatmap
of Hezbollah commanders, operatives, and members. But it does not stop
there.

Many surveillance systems now integrate voice recognition, scanning
intercepted audio for familiar voices, matching speech patterns to
individuals. A commander steps into a cafe for a quiet meeting and orders
tea in a distinct tone – the system picks it up, flags the voiceprint, and
updates his location.

However, it is not just about tracking individuals, but also mapping their
hideouts: AI-powered surveillance tools track clusters of movement,
identifying locations that serve as unofficial meeting points. A small
storefront where the same group of men routinely gather? Flagged. A quiet
teahouse where certain figures regularly converge at odd hours? Noted. An
apartment where multiple high-ranking figures have appeared separately over
the course of a month? Marked as a probable safe house.

If cameras were the eyes of Israeli intelligence, then intercepted signals
were its ears. For years, Hezbollah has relied on encrypted,
frequency-hopping communications to prevent Israeli interception. The
principle is simple, at least in theory. Rather than transmitting over a
single radio frequency, the signal jumps unpredictably across multiple
frequencies in a sequence known only to the sender and receiver. It is like
trying to listen in on a conversation where every word is spoken in a
different room, on a different floor, and in a different building. Unless
you know the pattern, the message remains fragmented and inaccessible.

This technique, Frequency-Hopping Spread Spectrum (FHSS)*,* has been the
backbone of secure military communications since the Cold War. The
Americans used it to evade Soviet interception. The Soviets developed
countermeasures to break it. Iran, watching how its unencrypted radio
signals were intercepted by both Iraq and US intelligence during the 1980s,
understood its necessity and built its own FHSS-based systems to shield its
own and Hezbollah’s battlefield communications.

By the 2006 Israeli war on Lebanon, this technology was already proving its
worth. Hezbollah fighters, equipped with Iranian-supplied encrypted radios,
not only avoided Israeli interception but actively eavesdropped
<https://www.theregister.com/2006/09/20/hezbollah_cracks_israeli_radio/#:~:text=Hezbollah%20fighters%20reportedly%20used%20Iranian,to%20Hezbollah%20and%20Lebanese%20officials>
on the Israeli forces' communications*.* Israeli soldiers walked into
ambushes without knowing how their locations had been exposed. That war
ended with a realization for Tel Aviv. Israel was being outmaneuvered in
the electronic warfare domain*.* The same tactics that had once allowed
them to dominate Arab armies were now being used against them.
So, following the 2006 war – which did not succeed in delivering a decisive
blow to Hezbollah – Israel’s intelligence apparatus, particularly Unit 8200
and the military intelligence directorate, Aman, intensified their
data-gathering efforts on the group.

*Israel's devastating counter*

Tel Aviv’s counter-strategy has been methodical. The titan of Israel's
defense contractors, Elbit Systems
<https://elbitsystems.com/product/comint-df-solutions/#:~:text=Covering%20a%20wide%20frequency%20range%2C,tactical%20picture%20of%20the%20battlefield>,
has developed advanced electronic warfare platforms capable of detecting,
analyzing, and breaking frequency-hopping transmissions.

To understand how this works, imagine a net cast over an ocean of radio
frequencies. Instead of listening to a single channel, Elbit’s COMINT/DF
Solutions (communications intelligence) platforms scan entire bands of
frequencies at once. The moment a transmission appears – no matter how
briefly before it hops – the system detects it, logs it, and begins
reconstructing the pattern.
At first, it is just noise – a scattered series of signals appearing and
disappearing across different channels. But with time, patterns emerge. The
algorithm starts predicting when and where the next hop will occur. The
signal stops being a ghost and becomes a traceable entity. Once the pattern
is cracked, the next step is pinpointing the source. Every radio
transmission leaves a footprint – a burst of electromagnetic energy that
spreads outward. Elbit’s direction-finding (DF) technology works by
deploying multiple receivers (SIGINT-payloads) into several of its unmanned
aerial vehicles, like the Hermes 450 and 900
<https://www.youtube.com/watch?v=1wOJkpK-35Y> and SKYLARK 3, across an
area, triangulating signals to pinpoint exact locations for targeting.

Beyond Toka, Israeli firms such as Candiru
<https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/>
and Paragon Solutions
<https://www.middleeastmonitor.com/20250207-israeli-spyware-scandal-paragons-graphite-used-to-target-italian-journalists-and-critics/>
have developed malware to infiltrate cloud-stored data. Candiru’s flagship
spyware, Devil’s Tongue, allows attackers to compromise personal devices,
including PCs and smartphones, specifically in West Asia. Unlike Toka,
which hijacks IoT devices, Candiru’s malware infects operating systems,
providing direct access to cloud-stored security footage.

This is particularly significant because modern surveillance cameras do not
just store footage locally; many upload their recordings to cloud servers
accessible through mobile apps, browser portals, or network backups. If a
shop owner stored security footage remotely, Candiru’s malware could siphon
it directly from his cloud account, bypassing the need to hack the camera
itself.

Another Israeli firm, Paragon Solutions, takes this concept further. Its
spyware tool, Graphite
<https://www.middleeastmonitor.com/20250207-israeli-spyware-scandal-paragons-graphite-used-to-target-italian-journalists-and-critics/>,
extracts data from cloud backups – not only videos, but also logs,
timestamps, and metadata. This allows Israeli intelligence to reconstruct
entire networks of activity, detailing who entered a building, when, and
from which direction.

Paragon was founded
<https://en.globes.co.il/en/article-how-virtuous-is-paragon-on-privacy-1001497228>
by Brig. Gen. (res.) Ehud Schneorson, the former commander of Israel’s
elite cyber-intelligence Unit 8200, along with former Israeli prime
minister Ehud Barak – who founded Toka.
In December 2024, Paragon was acquired
<https://newsinterpretation.com/the-500-million-secret-inside-the-paragon-deal/>
for $500 million by AE Industrial Partners, a US private equity giant.
Depending on its expansion, the deal could reach $900 million, a valuation
that underscores just how lucrative and strategically valuable this
technology has become. With Barak’s fingerprints on both Paragon and Toka,
the ties between Israeli cyber-warfare firms and western intelligence
interests are becoming increasingly difficult to ignore.

*Hezbollah's next steps*

Hezbollah has endured war and assassinations before and sprung back
stronger than ever – namely, the murder of the resistance movement's
secretary-general Abbas al-Musawi in 1992 and the targeted killings of Mustafa
Badreddine
<https://jcpa.org/mustafa-badr-al-din-zulfiqar-and-the-ansariya-operation/>
and Imad Mughniyeh, architects of Hezbollah’s military strategy. These
dealt heavy blows but did not dismantle the organization's command.
Even the assassination of Iranian Quds Force Commander Qassem Soleimani
<https://www.france24.com/en/20191001-shadowy-iran-commander-gives-interview-on-2006-israel-hezbollah-war>,
a figure whose influence extended deep into Hezbollah’s strategic doctrine,
did not fracture the Axis of Resistance.
The assassinations in Dahiye - 172 commanders killed, including six from
the Jihadi Council, 15 heads of units, and numerous second-level commanders
– were a brutal wake-up call and will usher in a period of evaluation and
recalibration, one that may involve shifts in command, logistics,
intelligence, and economic management.

Israelis are already claiming that Hezbollah's tech revival will be led by
Iran's Islamic Revolutionary Guard Corps (IRGC), though there is no
credible evidence of this. In one such instance, the Israeli research
outfit Alma Center
<https://israel-alma.org/irans-military-aid-to-hezbollahs-rehabilitation-involved-units/>
has
alleged that the IRGC has mobilized five units to aid Hezbollah’s
technological and logistical reconstruction.

While Iranian expertise in cyber operations, intelligence gathering, and
electronic warfare is well documented, these assertions are based on
Israeli assessments and have not been independently verified.

What will, however, be interesting to watch is whether the Lebanese
resistance group will reap any benefits from the Iran–Russia Comprehensive
Strategic Partnership
<https://vpk.name/en/538275_the-military-of-10-countries-are-interested-in-buying-russian-communication-systems-azart.html>,
which includes the provision of secure battlefield communication systems
resistant to NATO-grade electronic warfare. Iran's access to Russian Azart
tactical radios
<https://uawire.org/iran-used-russian-satellite-navigation-system-during-the-attack-on-us-military-bases-in-iraq>
could also potentially enhance Hezbollah’s ability to evade Israeli SIGINT.

For residents of Dahiye, beneath their grief, the questions come hard and
fast*: *What now? What happens when an entire command structure is
decimated? Who takes their place? What lessons are drawn from this?
The answers point in one direction: a technology revolution in the
battlefield - where information precision matters more than firepower. A
revitalized resistance that can match Israel's technological edge.
Hezbollah had that edge in 2006; Israel reversed it in 2024.

In a recent interview on Al Mayadeen TV, senior Hezbollah official Nawaf
Moussawi openly admitted
<https://x.com/thecradlemedia/status/1897710773901967765?s=46> that
negligence and operational shortcomings contributed to the martyrdom of
Hassan Nasrallah. Acknowledging it is one thing. Closing the gap is another.
 If Hezbollah fails to close its vulnerabilities, the next assassination
will not just be inevitable - it is already in motion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://freedomarchives.org/pipermail/news_freedomarchives.org/attachments/20250315/0227939e/attachment-0001.htm>