From keyboards to ashes: Hezbollah’s information warfare unit under restructuring

During the height of the bombings, the Israeli army not only eliminated weapons caches and political and military leaders but also targeted Hezbollah’s cyber capabilities, virtually wiping them out. These fighters reveal that the movement has decided to allocate more resources to its cyber units, particularly those specializing in information warfare. However, the blows delivered by the IDF were severe, and Hezbollah is still licking its wounds. It will take time and considerable resources to regain a decent level of operational cyber capacity. In an interview with InCyber News, a member of the cyber units breaks down the objectives and stakes of this reorganization.

What kind of cyber operations are you conducting?

Currently, there’s no hacking, because the Israelis destroyed most of our capabilities. My work mainly focuses on managing social media accounts, to generate trends or respond to certain attacks, especially on Twitter. I also manage some news groups on WhatsApp. My latest mission was to mobilize people on various platforms and encourage them to attend the funeral of Sayyed Hassan Nasrallah. And just so you understand the scale, my budget for that operation was under $100… which, in itself, pretty much sums up our situation. Many of my colleagues wanted to resume work after the war. We got together, drafted a plan, and requested a budget to relaunch our operations—attacks, hacking, and the acquisition of new software. But we received no response from leadership. We’re still waiting, with no idea how long this will last.

How do you perceive the impact of your work on the conflict you’re involved in?

I’m convinced that 90% of the current war is based on information and technology, and only 10% on military combat. I enjoy my work and dedicate myself fully to it, but many of those making decisions don’t value it as they should. They remain stuck in old patterns and still consider guerrilla warfare to be more important than cyber warfare, which greatly limits our capabilities. In this field, we need a flexible budget to constantly purchase new software, but our resources are extremely limited, forcing us to work with whatever we have on hand.

After the last war, the situation changed: we were told we’d receive significant budgets, because leadership decided to reform and restructure our unit. But I remain skeptical. A few days ago, I received a call informing me that a new laptop had been purchased for me… and that’s it. As if cybersecurity boiled down to a single laptop.

Do you have specific targets, or are your actions part of a broader strategy?

In the past, we had a form of strategy—more precisely, a work plan and clear guidelines. Our main mission was to monitor various social media platforms and wage war on any account opposing the resistance, regardless of who operated it or where they were based. I can proudly say that any content opposing the resistance was systematically flagged until it was taken down. Whenever we had the opportunity, we also carried out cyberattacks. We were number one in Lebanon and rivaled the Saudi and Emirati cyber armies.

After the war, I’d be lying if I said we still had a strategy, a guideline, or a plan. Today, we have nothing. Nothing but promises, again and again. We don’t know whether the situation will remain the same or evolve. All we can do is wait. I can be patient—but many others can’t. Eventually, they’ll leave and look for something else. And when that happens, imagine how hard it will be for leadership to recruit new people to fill those positions…

How do you assess the effectiveness of your actions? What indicators do you use?

A few months ago, we were effective. But today, I won’t lie: we’ve lost our effectiveness. The Saudi cyber army is now 100 times more efficient than we are. Before, Twitter (X) was under our control. Today, we have no influence on the platform. That’s why you see more and more accounts conducting counter-propaganda against the resistance.

Personally, I still get some attention—my tweets are widely shared across Lebanon. But is it as effective as before? Clearly not. Six months ago, we were still coordinating with Iraqi and Iranian cyber armies. Today, that’s all over. We don’t even have offices anymore—we’re scattered all over Lebanon. We have a WhatsApp group for communication, even though we know it’s not secure. But that’s all we’ve got.

What are the main tools and technologies you use daily?

Our primary targets have always been X (Twitter) and Facebook. We had lots of software and thousands of accounts that allowed us to dominate counter-propaganda against the resistance and maintain control over X. But today, we’ve lost everything. Personally, I still manage around 300 accounts to amplify certain tweets, but does that allow me to influence or achieve any real goal? The answer is clearly no.

We also had software to hack vulnerable accounts on Facebook and X, but we lost them during the last war. We didn’t think we’d have to leave our offices for good. We were convinced it would only be a few days before returning, but in the end, a total war was launched against us, and we lost everything. I remember, when I left the office, I thought about taking some personal belongings, but I told myself it wasn’t necessary—I’d be back in a few days…

Do you have sufficient resources to carry out your missions, or are you limited by a lack of means?

Right now, no—we have absolutely nothing. And anyone claiming otherwise is lying. Even in the past, we had limited software, but the situation was a hundred times better than it is today. As I mentioned, the issue was that those making decisions didn’t really believe in the power of social media. However, I’m hearing that things are starting to change and that a new approach is being adopted regarding the importance of technology and its integration across the party’s various sectors.

What are the main internal issues you’re facing?

I think I’ve said a lot on that already, but I’ll add something else. One day, a superior openly told me: “We only have this unit because we were told we had to have one.” That speaks volumes about how leadership sees our department.

Another time, while I was explaining the importance of investing more in social media, the person in charge replied: “We’ll just ask people to stop believing what they read on social media.”

That shows just how outdated their thinking is…

How do you adapt and cope with opponents who have vastly superior resources?

We’re smart people—we’ve always managed to make something out of nothing. We’ve always been aware that our resources were limited compared to those of other cyber activists and cyber armies, but we learned to exploit our opponents’ weaknesses. That’s how we managed to work around our limitations. Also, when we faced a complex problem, we got help from the Iranians. We worked with them to acquire new technologies and software on the black market, since they always had a bigger budget than we did. But now, we no longer collaborate with them. Not because Iran refuses to help us, but because we need closed channels to communicate with them, and that’s not possible right now.

Is there cooperation with other units, groups, or private actors to enhance your capabilities?

We used to collaborate with Iranians, Iraqis, Bahrainis, the Saudi opposition, and on a personal level, I coordinated with Pakistanis and Indians. We worked together to hack and attack several infrastructures in Israel, including interfering with their navigation and GPS systems. Things were on a completely different scale back then.

You’re facing a state with considerable resources. What strategies allow you to compensate for this imbalance of power?

I’ll be honest: we never confronted Israel. If someone tells you that we fought Israel or stood up to it in the cyber domain, they’re lying. Israel has a dedicated cyber unit and the most advanced technologies—unlike us. Today, I can openly say this: we exaggerated our capabilities and achievements in this field, because that was part of the game. But in reality, we didn’t even have 1% of Israel’s capabilities.

Our targets were Israeli soldiers with limited cybersecurity knowledge, regular citizens, or a few isolated websites. But we were never able to penetrate Unit 8200, which oversees all of Israel’s cyber defense. In my opinion, that unit has already managed to hack every individual in Lebanon before and during the war, building a massive database on thousands of Lebanese and resistance leaders.

Sometimes we managed to hack cheap stores or surveillance cameras in some Israeli cities. But let’s be honest—any hacker with basic software could do the same.

Have you recently observed any disinformation trends used by states or other organizations engaged in information warfare?

Artificial intelligence. I see it everywhere, every day. And if we don’t have a counter-strategy, we’re definitively lost. People believe deepfakes generated by AI. These fake videos completely change public opinion, turning it against us in an instant. Today, people take these falsified videos as authentic. I’ve also noticed targeted geographical manipulation: some fake news is created and attributed to reputable media outlets. If you search for them, you’ll find seemingly credible sources, but in reality, it’s fake news. We’re under attack on multiple fronts. If we don’t change our approach, we’ll never win a future war.

In your opinion, what are the major challenges and future developments in information warfare?

There are many challenges, but the main one is the spread of misleading information by our enemies. During the last war, I saw and felt this threat. I warned leadership about it. Israel was broadcasting false information about certain targets, relaying it through different media. They then waited and monitored phones, because they knew that family or friends of the person being targeted would try to call to check if they were safe. As soon as the call was made, Israel located them and struck. This tactic was widely used in Lebanon and Gaza, and we lost many people because of it.

Israel also used AI to manipulate public opinion while carrying out cyberattacks on computers, systems, and phones. This last war must be studied as a perfect example of using AI to win a conflict. Israel is my eternal enemy, but we must admit it won this war thanks to new technologies.