By Sharmine Narwani
The Special Tribunal for Lebanon (STL), the UN Security Council-initiated investigation into the February 14, 2005 assassination of former Lebanese Prime Minister Rafiq Hariri, formally unveiled its indictment of four alleged Hezbollah “supporters” last week.
There was nothing new in this document. Almost all details had been leaked to various media outlets at separate intervals since 2009.
But it is a compelling read nonetheless. There is no longer any need for conjecture, supposition or doubt – the heart of the case against the accused is now spelled out in black and white.
A Case Built Entirely on Telecommunications Data
The Tribunal’s case appears to be built on a simple premise: the “co-location” of cellular phones – traceable to the accused four – that coincide heavily with Hariri’s whereabouts and crucial parts of the murder plot in the six weeks prior to his death.
Using Call Data Records (CDRs) – which track incoming and outgoing calls, time, date, duration, and importantly, the location from which calls are made (identifiable by the nearby “cell towers” that carry a mobile phone call) – the STL identified a covert network of mobile phones called the “Red Network” used in the planning of the assassination.
The Tribunal reveals that CDR analysis links the Red Network to four other colour-coded cell phone networks, some of which are non-covert, i.e. the Personal Mobile Phones (PMPs) of the indictees. In short, what this means is that the suspected covert phone networks (Red, Blue and Green) were very frequently making calls from the same areas as the personal mobile phones of the four accused men.
Indeed, the intricate details and frequency of the various phone call-overlaps between the covert Hariri-tracking networks and the personal phones of the indictees make this appear to be a slam-dunk case. How could any of this be coincidence? In the two hours before the assassination, there were 33 calls along Hariri’s route within the Red Network alone, co-located with the PMPs of the suspects.
Not So Fast…
But there isn’t a literate soul in Lebanon who does not know that the country’s telecommunications networks are highly infiltrated – whether by competing domestic political operatives or by foreign entities. For its part, the Lebanese resistance group Hezbollah – with which the indictees are allegedly affiliated – has spent much of the past year explaining in painstaking detail the hazards of relying on telecom data that is readily penetrable by the state’s enemies.
This narrative has been backed by Lebanese officials, convicted “spies” and outed employees of telecom companies.
But how does this impact the STL’s meticulous circumstantial case?
On the one hand, Hezbollah supporters may very well have assassinated Rafiq Hariri – whether through direct orders from the resistance group’s leadership or in conjunction with other individuals or governments.
On the other hand, the telecommunication analysis provided by the Tribunal could instead represent an intricately planned and executed effort to frame Hezbollah.
It could go something like this:
Assume for a moment that there was in fact a genuine Hezbollah surveillance operation to track the whereabouts of Hariri. This, in itself, is not unusual by Lebanese standards – it is widely assumed in the Middle East that political camps engage in this kind of monitoring activities of key figures. Hezbollah leader Hassan Nasrallah last summer even televised intercepted Israeli video footage tracking Hariri’s various routes to and from Beirut in the time period leading up to his death. No biggie, right?
Caveat: In this scenario, the Hezbollah operatives use their personal mobile phones during their surveillance ops. They have no covert phones as suggested by the Tribunal’s colour-coded networks theory. In fact, the colour-coded networks and their history of phone calls don’t even really exist – they have been entirely fabricated and then cleverly co-located with the Hezbollah PMPs by an unknown entity that hacked into cell tower data logs.
Or assume instead that the assassination plot is entirely accurate as outlined by the STL. There were indeed colour-coded covert networks led by the Red Network to carry out the dirty deed – only no Hezbollah operatives were involved.
Caveat: In this scenario, an unknown entity has simply co-located targeted Hezbollah-supporter PMPs with the colour-coded Networks to make it seem as though there is a connection with these individuals.
Crazy Conspiracy Theories?
Now why stretch the possibilities of things when the truth is probably the most easily accessible of all the scenarios. Hezbollah did it. Plain and simple.
To suggest otherwise would mean that a conspiring “entity” would have to obtain the deepest access into Lebanese telecommunications networks at one or – more likely – several points along the data logging trail of a mobile phone call. They would have to be able to intercept data and alter or forge it, and then, importantly, remove all traces of the intervention.
But here’s where “unlikely” crashes into “bizarre.” In the past year, several employees of the state-owned Lebanese telecommunications operator Alpha have been arrested for providing foreign entities with access into their networks.
Charbel Qazzi, an Alpha department manager is under investigation for providing Israeli agents with passwords to access his company’s networks and cell towers from outside Lebanon. Tarek Rabaa, an Alpha network engineer, has reportedly confessed to providing foreign intelligence agents with maps of Lebanese telecom networks, network settings and details of product components used in cell towers – information relevant to Lebanon’s other state-owned MTC telecom company too. Critically, Rabaa has admitted to – at the specific request of his contact agent – blocking the purchase of more secure Chinese-made Huawei equipment, while recommending the procurement of products that are more easily compromised.
According to leading Lebanese daily Al Akhbar which published the phone numbers redacted in the Tribunal’s indictment, all cell phones in the covert Red and Green Networks are Alpha numbers, with the other networks a mix of Alpha and MTC phones.
A 2011 Rand Report commissioned by the US Air Force confirms that in the six years following it’s 2000 withdrawal from Lebanon, Israel was actively tracking Hezbollah’s cellular footprints: “Among other things, those organizations (Mossad and AMAN) carefully tracked various Hezbollah leaders by their given names, noms de guerre, addresses, cellular telephone numbers and radio call signs.”
But this is of little surprise to industry watchers. As recently as last October, the general assembly of the world’s leading industry standards organization, the 124-nation International Telecommunications Union (ITU), passed a resolution condemning past and present acts of “piracy, interference and interruption, and sedition by Israel against Lebanon’s fixed and cellular telephone networks.”
Nobody doubts Israel’s capacity to carry out this telecom sleight of hand – technology warfare is an entrenched part of the nation’s military strategies. This task would lie somewhere between the relatively facile telephone hacking of the News of the World reporters and the infinitely more complex Stuxnet attack on Iran’s nuclear facilities, in which Israel is a prime suspect.
And the fact is that Hezbollah is an early adherent to the concept of cyberwarfare. The resistance group have built their own nationwide fiber optics network to block enemy eavesdropping, and have demonstrated their own ability to intercept covert Israeli data communications. To imagine that they then used traceable mobile phones to execute the murder of the century is a real stretch. Even journalists in Beirut use multiple SIM cards and remove batteries from cell phones to escape basic tracking and monitoring activities.
Last year, Hezbollah Secretary-General Hassan Nasrallah made it very clear – in response to Tribunal leaks about potential suspects being Hezbollah-related – that there are “no rogue elements” in the organization. Which would suggest that if there is any Hezbollah linkage to Hariri’s murder, orders would have had to come from the top.
The question is: why would Hezbollah’s leadership want to kill Hariri?
When investigating crimes of this nature, one looks to identify suspects by examining modus operandi and motive as well as a slew of other likely give-aways. The kind of over-the-top detonation of explosives by a suicide bomber in a crowded public place packed with civilians is simply not Hezbollah’s style, whatever our media purports to allege about this organization – even Western diplomats in Beirut agree with this.
On the critical issue of “motive” however, there is even more head scratching that goes on here. Usually, the narrative that assigns motive for this crime to Hezbollah goes something like this: Syria’s President Bashar al-Assad, a close ally of Hezbollah, was at loggerheads with Hariri, had threatened him several times, and was furious at the former Lebanese PM for allegedly spearheading UN Security Council Resolution 1559 which created the basis for removing Syrian troops from Lebanese territory. Except that this narrative ignores the fact that Hezbollah is nobody’s hitsquad – again, our media’s oft-misleading conjecture aside – and has a Lebanese agenda quite separate from Assad’s grand plans for Syria.
A very interesting tidbit that has quietly emerged in the years since Hariri’s assassination reveals that, in spite of public adversarial agendas, a growing camaraderie had blossomed between Nasrallah and the former Lebanese prime minister in the six months before his untimely demise. During these talks, the men had apparently come to an understanding about Hezbollah’s retention of its weapons arsenal, further removing a motive for murder.
In a shocking video leak of the Security Council-backed investigative Commission’s interview of former Lebanese Prime Minister Saad Hariri – son of the slain Rafiq – the younger Hariri throws a cog in the “motives” wheel by revealing to investigators that his father and Nasrallah had “opened a door” recently: “My father trusted Hassan Nasrallah a lot and he thought he could work with him…he thought that Hassan Nasrallah was a man of his word.”
The secret weekly meetings between the two men took place in Dahiyeh, the heavily Shia suburb of southern Beirut, and Hezbollah assumed sole responsibility for Hariri’s safety during these clandestine visits. This would have been a huge leap of faith for someone as security conscious as Hariri, who travelled with a large contingency of bodyguards in armour-plated vehicles equipped with signal-jamming devices.
And it would certainly have provided Hezbollah with ample opportunity to do away with Hariri in a less provocative manner, if the group was so inclined.
Motive? Another way to look at this might be to ask who would most fear a fast friendship developing between Lebanon’s most popular Shiite and Sunni leaders?
All the telecommunications analysis in the world will not convince a large part of the Lebanese population that the data is “clean.” Perhaps it is unfortunate that the STL’s case happens to be based on what is viewed as a highly compromised sector and, as the indictment reads, “built in large part on circumstantial evidence.”
In the final analysis, after invasions, occupations and a wretched civil war, Lebanon will most likely resist being torn apart again over evidence this flimsy.
A version of this article first appeared on Al Jazeera English on August 31, 2011
Tarek Rabaa didn’t confess for spying & he was subject to fabrications & torture. They exploited Tarek case to blow up the telecom evidence which was the base to bring to STL the 4 indictees. CHARBEL Nahhas who allies with the the resistance told that telecom sector was infiltrated but without proof. The ITU cannot tell if the cellular was tampered & they didn’t say that. Dr Imad from the telecom regulatory body TRA is known by his strong connection with the resistance. THIS IS A SCANDAL FOR AOUN & conspiracy against Tarek Rabaa who is suffering from oppression and targeted media.
Pingback: Real Phone Hacking