Exploding pagers leave clues to Israeli ‘red button’ plot, officials say

The blackened husks of pagers and handheld radios that exploded in a colossal attack on Hezbollah this week have become fragmentary clues to how Israel orchestrated what current and former Israeli and Western security officials said was part of an elaborate, decade-long effort to penetrate the militant group.

Markings on the mangled electronic components have left a trail leading back through a manufacturer in Taiwan to a Hungarian shell company suspected of being set up or exploited by Israeli intelligence to disguise its alleged role in delivering the lethally rigged devices to Hezbollah. Security officials in another European capital have probed whether a second shell company there was the real seller behind the pagers deal.

Current and former officials have described it as part of a multipronged effort by Israel over the past decade to develop what Israeli officials referred to as a "red button" capability — meaning a potentially devastating penetration of an adversary that can remain dormant for months if not years before being activated.

Israel's reason for pressing one such "red button" this week remains murky, though experts have speculated that Israeli officials were worried that the conversion of thousands of pagers to miniature IEDs was at risk of being detected. Such attacks are generally designed to be unleashed as a prelude to a broader offensive, officials said, sowing chaos in preparation for follow-on military operations.

The explosions on Tuesday killed at least 12 people and wounded as many as 2,800, according to Lebanon's Health Ministry, including Hezbollah operatives but also civilians and children. A second wave involving radios on Wednesday killed at least 25 people and injured 450, the ministry said. An Israeli airstrike Friday on a Beirut suburb killed more than 30 people, including two Hezbollah commanders and other members of the group as well as children, but the pager and radio explosions have not been followed by major Israeli military incursions into Lebanon.

A "red button" is "a concept for something you can use when you want or need it," said a former Israeli official with knowledge of the pager operation. The detonation of the devices this week "wasn't part of the comprehensive plan" envisioned when the operation was set in motion, the official said, though he stressed that Israeli officials believe that it had substantial impact.

"Look at the outcome," the former official said, referring to explosions that wounded or killed leaders, filled hospitals and rendered operatives unable to use or trust basic communications gear.

He and other current and former officials spoke on the condition of anonymity, citing the secrecy and sensitivity of the operation.

A second former Israeli intelligence official said that the explosions marked the culmination of a multiyear investment in penetrating Hezbollah's communications, logistics and procurement structures. Long before the pagers were packed with explosives, the official said, Israel's external intelligence agency, Mossad, and other services had developed a detailed understanding of "what Hezbollah needs, what are its gaps, which shell companies it works with, where they are, who are the contacts."

After mapping those networks, the former official said, "you need to create an infrastructure of companies, in which one sells to another who sells to another" — all to maneuver closer to Hezbollah's purchasing agents, who rely on shell companies of their own, while hiding any link to Israel.

Scant corporate records for the European companies linked to the pagers mention founders with no discernible background as suppliers of communications gear or clear connection to the Israeli government, leaving uncertain whether they were aware of the roles their firms may have played in the attack on Hezbollah.

With many Hezbollah operatives hospitalized and others scrambling to assess damage to the organization, individuals tied to the group described the pager attack as a stunning security failure.

"How could Hezbollah not check this shipment when it arrived?" asked a Lebanese individual close to the organization. "They have the technical capacity; they have manufactured drones and missiles. How can they not detect this compromise?"

Key details about the operation remain unclear, including whether Israel intercepted and sabotaged an existing pager shipment or executed a scheme in which Israeli intelligence entities actually manufactured or assembled devices packed with explosives. The New York Times reported this week that Israeli intelligence both built the devices and created front companies to deceive Hezbollah. The Israeli government has not publicly acknowledged responsibility.

U.S. and Western security officials said they are still piecing together details. Several officials said that they assume, but have not confirmed, that the work installing explosives inside the pagers took place in Israel, to avoid the risks of exposure or accident in foreign territory.

In interviews, current and former intelligence officials marveled at the complexity of the plot, though some questioned its strategic significance. One former U.S. intelligence official said that Israel's decision to rig the devices with explosives rather than with sophisticated espionage equipment reflected a "cult of the offensive mindset" in Prime Minister Benjamin Netanyahu's government, prioritizing displays of kinetic power that may not achieve Israel's broader aims in an escalating regional conflict.

Others defended the operation. "It's a severe hit on the command and control structure" of Hezbollah, said Eyal Pinko, a former Israeli naval commander and intelligence officer. "This will take Hezbollah off-balance; it will take [Hezbollah leader Hasan Nasrallah] quite a long time to set back his forces."

The complexity and audacity of the plot have drawn comparisons to other notable operations in the annals of espionage. Thomas Rid, founding director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins University, likened Israel's apparent penetration of the pager supply chain to a post-World War II operation in which U.S. and German intelligence agencies secretly gained control of a Swiss-based company, Crypto AG, that sold rigged communications equipment to dozens of foreign governments .

Both operations involved the perennial intelligence objective of penetrating an adversary's supply chain. Experts also cited the so-called "Stuxnet" attack in which Israel and the United States collaborated to infect nuclear enrichment equipment in Iran with damaging malware.

The pager case raises new moral and ethical questions, officials and experts said, because its aim, at least in part, was to kill and maim in addition to sabotage or acquiring intelligence. If the United States had had advance notice of the pager operation, given its widespread nature, officials "would freak out and pull every lever they think they had to get them to not do it," said Ralph Goff, a former senior CIA official who served in the Middle East. But a former Israeli official said the attack "hurt as precisely as possible people who needed to be hurt."

If the emerging outlines of the plot are confirmed, Israel could also face questions about its decisions to base elements of the operation in Western countries and possibly to have exploited individuals — including alleged front company founders — who may not have understood the consequences of their alleged roles in the pager transactions.

"There's a lot of front companies and cutouts and fake personas," said Gavin Wilde, a former White House official who is a cybersecurity expert at the Carnegie Endowment for International Peace. "If there really are folks who were truly patsies, they're going to have to live in fear the rest of their lives because [even if they were unaware of the plot] Hezbollah isn't going to believe that."

By tracing clues in the bomb debris, a network of suppliers and shell entities starts to come into sight. Back panels of the pagers were marked with brand and model information associated with a Taiwanese manufacturer, Apollo Gold, that remains a major supplier of devices that were widespread in the 1990s but have since been largely displaced by cellphones.

Hezbollah reportedly turned to the use of pagers because it believed their low-tech limitations made them less vulnerable to hacking by Israeli intelligence.

Facing a deluge of media inquiries, Apollo Gold executives said the company had neither designed nor manufactured the devices circulated by Hezbollah, and that they were produced under a licensing arrangement with a company based in Hungary called BAC Consulting KFT.

The true nature of BAC's work remains opaque. According to Hungarian company records, the company was registered in May 2022, and it lists 118 business activities in its corporate filing, including book publishing, motion picture distribution and the manufacturing of "oils and fats" and "imitation jewelry." The company's website — disabled since Tuesday's attack — touts an equally wide-ranging set of services, offering consulting advice on everything from social impact investing to waste management solutions.

A woman listed as the founder of BAC Consulting, Cristiana Barsony-Arcidiacono, 49, did not respond to multiple requests for comment from The Washington Post. Reached briefly by NBC News earlier this week, she said she was "just an intermediate" in the pager transactions and never had custody of the devices.

Barsony-Arcidiacono's mother told the Associated Press on Friday that her daughter is now in the protective custody of the Hungarian government. Hungarian authorities did not respond to a request for comment on the arrangement.

But a Hungarian security official said that investigators had determined that BAC was a shell company and was involved in the transaction that supplied pagers to Hezbollah. The devices "never came to Hungary," the official said, but the BAC identity appears to have been used as part of the operation to deceive Hezbollah, though it is not clear that Barsony-Arcidiacono "was involved or has deep knowledge."

Taiwanese police visited a BAC office in Taipei on Wednesday and uncovered shipping records that indicate Gold Apollo last sent 254 pagers to Hungary in 2022, according to local media. Another business contract reportedly seized by investigators indicated that the Taipei-based firm earned $15 for each pager sold by BAC.

Bulgarian security services this week investigated a second company, Norta Global Ltd. of Sofia, following a media report on Wednesday that the firm had sold and delivered the exploding pagers to Hezbollah. Telex, a Hungarian news website, attributed the information to unidentified sources.

Bulgaria's state agency for national security issued a statement Friday saying that it had "established beyond doubt" that no communications devices detonated in Lebanon or Syria had been "imported, exported or manufactured in Bulgaria." The statement did not rule out a Norta Global connection to the pager sale to Hezbollah, however, saying only that the company "did not carry out transactions in respect of which Bulgaria has jurisdiction."

Bulgarian records state that Norta Global is owned by Rinson Jose, a 39-year-old Norwegian man who was born in India. Jose incorporated the firm in April 2022 to do "technological project management," according to its formation paperwork, which was signed by Jose in Oslo. Jose previously formed a technology firm in Norway named Nortalink.

During 2022 and 2023, Norta Global received total revenue of more than $1.5 million at today's exchange rate, according to financial reports filed to Bulgarian authorities. Throughout that period, Jose had a full-time job with an Oslo-based media company, according to his online résumé.

In a brief interview, Norta Global's accountant did not respond to questions about whether the firm had connections with Israel. The accountant, Dimitar Daskalov, repeatedly directed The Post to the statement from the security services.

Jose has a profile on Founders Nation, an Israeli business networking website, that lists multiple organizations with connections, either now or in the past, to the Israel Defense Forces as official partners.

Guy Franklin, who is identified as a co-founder of the site, said he had never heard of Jose or Norta Global and that he did not believe Israel's government provided any funding via Founders Nation. "In the tech world you want to have as many logos on your platform to show that you have support (not finance-wise) from many entities," Franklin said in a text message.

Jose did not respond to calls and messages from The Post. A friend in Oslo, Bibin Bhaskaran, said that he and Jose's brother had also been unable to reach Jose.

Jose traveled to Boston on Tuesday and remained in the United States as of Friday, according to U.S. government records. He was there to attend a technology conference, according to a source familiar with his plans as well as a report on the Norwegian VG news site .

Jose did not respond to requests for comment. An organizer at the conference, sponsored by the software company HubSpot, told a Post reporter that Jose had not picked up a credential created for him or attended any sessions. Efforts to reach him at more than 30 hotels listed on the conference website were unsuccessful.