Democracy Dies in Darkness

Exploding pagers leave clues to Israeli ‘red button’ plot,

12 min 3000

By Greg Miller, Cate Brown, Loveday Morris, Shira Rubin and Jon Swaine
September 21, 2024 at 3:02 p.m. EDT

The blackened husks of pagers and handheld radios that exploded in a colossal attack on Hezbollah this week have
become fragmentary clues to how Israel orchestrated what current and former Israeli and Western security officials
said was part of an elaborate, decade-long effort to penetrate the militant group.

Markings on the mangled electronic components have left a trail leading back through a manufacturer in Taiwan to
a Hungarian shell company suspected of being set up or exploited by Israeli intelligence to disguise its alleged role in
delivering the lethally rigged devices to Hezbollah. Security officials in another European capital have probed
whether a second shell company there was the real seller behind the pagers deal.

Current and former officials have described it as part of a multipronged effort by Israel over the past decade to
develop what Israeli officials referred to as a “red button” capability — meaning a potentially devastating penetration
of an adversary that can remain dormant for months if not years before being activated.

Israel’s reason for pressing one such “red button” this week remains murky, though experts have speculated that
Israeli officials were worried that the conversion of thousands of pagers to miniature IEDs was at risk of being
detected. Such attacks are generally designed to be unleashed as a prelude to a broader offensive, officials said,
sowing chaos in preparation for follow-on military operations.

The explosions on Tuesday killed at least 12 people and wounded as many as 2,800, according to Lebanon’s Health
Ministry, including Hezbollah operatives but also civilians and children. A second wave involving radios on
Wednesday killed at least 25 people and injured 450, the ministry said. An Israeli airstrike Friday on a Beirut suburb
killed more than 30 people, including two Hezbollah commanders and other members of the group as well as
children, but the pager and radio explosions have not been followed by major Israeli military incursions into
Lebanon.
A “red button” is “a concept for something you can use when you want or need it,” said a former Israeli official with
knowledge of the pager operation. The detonation of the devices this week “wasn’t part of the comprehensive plan”
envisioned when the operation was set in motion, the official said, though he stressed that Israeli officials believe
that it had substantial impact.

“Look at the outcome,” the former official said, referring to explosions that wounded or killed leaders, filled
hospitals and rendered operatives unable to use or trust basic communications gear.

He and other current and former officials spoke on the condition of anonymity, citing the secrecy and sensitivity of
the operation.

A second former Israeli intelligence official said that the explosions marked the culmination of a multiyear
investment in penetrating Hezbollah’s communications, logistics and procurement structures. Long before the
pagers were packed with explosives, the official said, Israel’s external intelligence agency, Mossad, and other services
had developed a detailed understanding of “what Hezbollah needs, what are its gaps, which shell companies it works
with, where they are, who are the contacts.”

After mapping those networks, the former official said, “you need to create an infrastructure of companies, in which
one sells to another who sells to another” — all to maneuver closer to Hezbollah’s purchasing agents, who rely on
shell companies of their own, while hiding any link to Israel.

Scant corporate records for the European companies linked to the pagers mention founders with no discernible
background as suppliers of communications gear or clear connection to the Israeli government, leaving uncertain
whether they were aware of the roles their firms may have played in the attack on Hezbollah.

With many Hezbollah operatives hospitalized and others scrambling to assess damage to the organization,
individuals tied to the group described the pager attack as a stunning security failure.

“How could Hezbollah not check this shipment when it arrived?” asked a Lebanese individual close to the
organization. “They have the technical capacity; they have manufactured drones and missiles. How can they not
detect this compromise?”

Key details about the operation remain unclear, including whether Israel intercepted and sabotaged an existing
pager shipment or executed a scheme in which Israeli intelligence entities actually manufactured or assembled
devices packed with explosives. The New York Times reported this week that Israeli intelligence both built the
devices and created front companies to deceive Hezbollah. The Israeli government has not publicly acknowledged
responsibility.

U.S. and Western security officials said they are still piecing together details. Several officials said that they assume,
but have not confirmed, that the work installing explosives inside the pagers took place in Israel, to avoid the risks of
exposure or accident in foreign territory.
In interviews, current and former intelligence officials marveled at the complexity of the plot, though some
questioned its strategic significance. One former U.S. intelligence official said that Israel’s decision to rig the devices
with explosives rather than with sophisticated espionage equipment reflected a “cult of the offensive mindset” in
Prime Minister Benjamin Netanyahu’s government, prioritizing displays of kinetic power that may not achieve
Israel’s broader aims in an escalating regional conflict.

Others defended the operation. “It’s a severe hit on the command and control structure” of Hezbollah, said Eyal
Pinko, a former Israeli naval commander and intelligence officer. “This will take Hezbollah off-balance; it will take
[Hezbollah leader Hasan Nasrallah] quite a long time to set back his forces.”

The complexity and audacity of the plot have drawn comparisons to other notable operations in the annals of
espionage. Thomas Rid, founding director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins
University, likened Israel’s apparent penetration of the pager supply chain to a post-World War II operation in
which U.S. and German intelligence agencies secretly gained control of a Swiss-based company, Crypto AG, that sold
rigged communications equipment to dozens of foreign governments.

Both operations involved the perennial intelligence objective of penetrating an adversary’s supply chain. Experts
also cited the so-called “Stuxnet” attack in which Israel and the United States collaborated to infect nuclear
enrichment equipment in Iran with damaging malware.

The pager case raises new moral and ethical questions, officials and experts said, because its aim, at least in part,
was to kill and maim in addition to sabotage or acquiring intelligence. If the United States had had advance notice of
the pager operation, given its widespread nature, officials “would freak out and pull every lever they think they had
to get them to not do it,” said Ralph Goff, a former senior CIA official who served in the Middle East. But a former
Israeli official said the attack “hurt as precisely as possible people who needed to be hurt.”

If the emerging outlines of the plot are confirmed, Israel could also face questions about its decisions to base
elements of the operation in Western countries and possibly to have exploited individuals — including alleged front
company founders — who may not have understood the consequences of their alleged roles in the pager
transactions.

“There’s a lot of front companies and cutouts and fake personas,” said Gavin Wilde, a former White House official
who is a cybersecurity expert at the Carnegie Endowment for International Peace. “If there really are folks who were
truly patsies, they’re going to have to live in fear the rest of their lives because [even if they were unaware of the plot]
Hezbollah isn’t going to believe that.”

By tracing clues in the bomb debris, a network of suppliers and shell entities starts to come into sight. Back panels of
the pagers were marked with brand and model information associated with a Taiwanese manufacturer, Apollo Gold,
that remains a major supplier of devices that were widespread in the 1990s but have since been largely displaced by
cellphones.

Hezbollah reportedly turned to the use of pagers because it believed their low-tech limitations made them less
vulnerable to hacking by Israeli intelligence.
Facing a deluge of media inquiries, Apollo Gold executives said the company had neither designed nor manufactured
the devices circulated by Hezbollah, and that they were produced under a licensing arrangement with a company
based in Hungary called BAC Consulting KFT.

The true nature of BAC’s work remains opaque. According to Hungarian company records, the company was
registered in May 2022, and it lists 118 business activities in its corporate filing, including book publishing, motion
picture distribution and the manufacturing of “oils and fats” and “imitation jewelry.” The company’s website —
disabled since Tuesday’s attack — touts an equally wide-ranging set of services, offering consulting advice on
everything from social impact investing to waste management solutions.

A woman listed as the founder of BAC Consulting, Cristiana Barsony-Arcidiacono, 49, did not respond to multiple
requests for comment from The Washington Post. Reached briefly by NBC News earlier this week, she said she was
“just an intermediate” in the pager transactions and never had custody of the devices.

Barsony-Arcidiacono’s mother told the Associated Press on Friday that her daughter is now in the protective custody
of the Hungarian government. Hungarian authorities did not respond to a request for comment on the arrangement.

But a Hungarian security official said that investigators had determined that BAC was a shell company and was
involved in the transaction that supplied pagers to Hezbollah. The devices “never came to Hungary,” the official said,
but the BAC identity appears to have been used as part of the operation to deceive Hezbollah, though it is not clear
that Barsony-Arcidiacono “was involved or has deep knowledge.”

Taiwanese police visited a BAC office in Taipei on Wednesday and uncovered shipping records that indicate Gold
Apollo last sent 254 pagers to Hungary in 2022, according to local media. Another business contract reportedly
seized by investigators indicated that the Taipei-based firm earned $15 for each pager sold by BAC.

Bulgarian security services this week investigated a second company, Norta Global Ltd. of Sofia, following a media
report on Wednesday that the firm had sold and delivered the exploding pagers to Hezbollah. Telex, a Hungarian
news website, attributed the information to unidentified sources.

Bulgaria’s state agency for national security issued a statement Friday saying that it had “established beyond doubt”
that no communications devices detonated in Lebanon or Syria had been “imported, exported or manufactured in
Bulgaria.” The statement did not rule out a Norta Global connection to the pager sale to Hezbollah, however, saying
only that the company “did not carry out transactions in respect of which Bulgaria has jurisdiction.”

Bulgarian records state that Norta Global is owned by Rinson Jose, a 39-year-old Norwegian man who was born in
India. Jose incorporated the firm in April 2022 to do “technological project management,” according to its formation
paperwork, which was signed by Jose in Oslo. Jose previously formed a technology firm in Norway named Nortalink.

During 2022 and 2023, Norta Global received total revenue of more than $1.5 million at today’s exchange rate,
according to financial reports filed to Bulgarian authorities. Throughout that period, Jose had a full-time job with an
Oslo-based media company, according to his online résumé.
In a brief interview, Norta Global’s accountant did not respond to questions about whether the firm had connections
with Israel. The accountant, Dimitar Daskalov, repeatedly directed The Post to the statement from the security
services.

Jose has a profile on Founders Nation, an Israeli business networking website, that lists multiple organizations with
connections, either now or in the past, to the Israel Defense Forces as official partners.

Guy Franklin, who is identified as a co-founder of the site, said he had never heard of Jose or Norta Global and that
he did not believe Israel’s government provided any funding via Founders Nation. “In the tech world you want to
have as many logos on your platform to show that you have support (not finance-wise) from many entities,” Franklin
said in a text message.

Jose did not respond to calls and messages from The Post. A friend in Oslo, Bibin Bhaskaran, said that he and Jose’s
brother had also been unable to reach Jose.

Jose traveled to Boston on Tuesday and remained in the United States as of Friday, according to U.S. government
records. He was there to attend a technology conference, according to a source familiar with his plans as well as a
report on the Norwegian VG news site.

Jose did not respond to requests for comment. An organizer at the conference, sponsored by the software company
HubSpot, told a Post reporter that Jose had not picked up a credential created for him or attended any sessions.
Efforts to reach him at more than 30 hotels listed on the conference website were unsuccessful.

Elizabeth Dwoskin, Abbie Cheeseman, Ellen Nakashima, Susannah George, Suzy Haidamous, Louisa Loveluck, Vic
Chiang, Pei-Lin Wu, Evan Hill, Imogen Piper, Aaron Schaffer, Adam Taylor, Shane Harris and Souad Mekhennet
contributed to this report.