Tell us something about yourself and your research.
I’m Nati Flamer, 34 years old. I served in the Israel Defense Forces for almost a decade, in Military Intelligence. I engaged in research and taught an intelligence officers’ course, and at the same time I studied at a university. In one of my master’s-level courses I wrote a paper about Hezbollah’s intelligence activities during the second Lebanon war. When I examined the available sources on the subject, I discovered that this was an almost untouched area in academia. The study of intelligence in non-state organizations is simply an unplowed field. For my doctoral dissertation I decided to try to fill that vacuum in academic, and perhaps also public, discourse – about the phenomenon as such and regarding Hamas and Hezbollah in particular.
How do you explain that vacuum?
The truth is that it’s surprising. Especially because it’s not just a local phenomenon. Internationally, too, it’s an untouched subject: Just as there is no information about the intelligence methods used in Hamas and Hezbollah, there is no information about this in other such groups, either. I think there are two reasons for this. Conceptually, when we think of intelligence, we think of states, of structured, institutionalized bodies such as, say Unit 8200 [in the IDF], or MI6. The second reason is accessibility. It’s extremely difficult to access materials dealing with intelligence in terrorist groups. Obviously they have no archives, there is no orderly documentation. When I set out, one researcher told me that there was no point trying to write a 300-page doctoral dissertation, that I would have trouble even producing a brief article on the subject.
In your research, you drew upon open sources only, and even so I felt a bit strange while reading it – in case I was seeing content I wasn’t supposed to see. It turns out that quite a few secrets are concealed in the open sources.
That’s true. In contrast to what that researcher told me, information does exist, even quite a bit of it. You just have to be open to things. For example, I used legal sources. They are true treasures: Court rulings sometimes reveal intelligence stories such as about [Hamas and Hezbollah] running spies and agents inside Israel, or lookouts who were apprehended in the Gaza Strip from whose testimony it was possible to understand how the whole matter of surveillance works. I also used Shin Bet security service reports, all kinds of things that the IDF published over the years, and materials published by the organizations themselves. That was already more complicated. For example, there’s a series of books that Hezbollah published in the 1990s, which sum up their activity annually. In Israel only one volume is available, in the National Library, but I wanted to read them all. I found a place in Beirut where the books were available, but that’s obviously not a real option. In the end I found an Israeli at a university abroad who agreed to order a copy [of the set] from Beirut for me, and he sent it to me.
Which is how you found, in completely open sources, exciting stories such as cases of double agents.
- Politics, terrorism and cyberattacks: The challenges facing Israel's new Shin Bet chief
- When the Shin Bet chief warned that educated Arabs are a 'problem' for Israel
Both Hamas and Hezbollah know that Israel is running agents in their organizations. They have all kinds of ways to cope with this – arrest, torture, interrogations and killings – but sometimes they choose a cleverer way of dealing with the phenomenon: namely, turning the person into a double agent. Recruiting collaborators with Israel into their ranks, turning the threat into an opportunity. That’s a very difficult operation and, by the way, it is known as the “caviar” of intelligence. Thus I found a story about a Gaza resident who was a source of information for Israel, and after a certain period in which he worked for Israel he decided to confess his deeds to someone in Hamas. It’s not clear whether he acted out of ideological reasons or because he felt his life was in danger.
The Hamas man tells him, “Let’s take advantage of this,” and the guy started to tell Hamas about the information Israel wanted from him. For example, Israel talks to him about a particular house, and Hamas understands from this that Israel has plans to get to that house, and they booby-trap it. Afterward Hamas simply takes control of the man’s SIM card, so they can listen in on all his conversations with the Israeli handlers. Later on, the person who handles this man directly is a senior figure in Hamas’ military wing, Raed al-Atar, whom Israel assassinated during Operation Protective Edge [in 2014]. This shows intelligence activity being managed at high levels, not just as a local initiative, and also the importance of such operations from Hamas’ viewpoint. In the end, Israel discovers what’s going on and arrests the man – ultimately double agents are uncovered – and I actually scrape this whole treasure from a court ruling.
Obviously, a terrorist organization that takes on a state is in an inferior position in terms of intelligence. Still, in many cases that you mention in your research, it seems as though the disadvantage can be turned into an advantage.
When an organization like that takes on a state, it doesn’t expect to win the battle. Hamas and Hezbollah understand the limits of their strength. They don’t expect to vanquish Israel, but rather to damage its capabilities and strike at its soft belly. The thing is, the intelligence required for this is not of the highest level. Take, for example, the naval commando disaster [in 1997, when 12 members of the elite Shayetet 13 unit were killed in an ambush in Lebanon]. From Hezbollah’s viewpoint, that was an episode during which, as an organization, they succeeded in uncovering an operation by perhaps the world’s best commando unit, deep inside their territory. As far as we know, they accomplished this by raising an antenna and using it to intercept the communications of a drone. What a tremendous strategic achievement, using super-basic intelligence. If we had exposed a similar operation by Hezbollah, it would not have been seen as an exceptional accomplishment, but as one more terrorist attack that we succeeded in preventing. For us, it’s bread and butter, for them it’s the crowning glory.
Because the war is being waged all the time, including at the level of public awareness.
Yes, and that characterizes asymmetrical warfare in general. Because of the weak side’s limitations, its inability to score significant achievements, they rely on strategic accomplishments. It’s actually David managing to get close to Goliath’s forehead.
So, paradoxically, the advantage lies on their side.
Yes. It’s usually said that in an asymmetrical war, a deadlock constitutes a victory for the weak side.
I think Hezbollah leader Hassan Nasrallah said something to that effect.
When a terror organization takes on a state, it doesn’t expect to win the battle. Hamas and Hezbollah understand their limits. They don’t expect to vanquish Israel, but rather to damage its capabilities and strike at its soft belly.Flamer
In his “spider’s web” speech [May 2000], he said exactly that. That Israel has nuclear arms and air power, but is as weak as a spider’s web. In the intelligence context, this means that sometimes intelligence information that a state might perceive as insignificant, can be pure gold for a non-state organization. It’s hard to get into the head of the other side and understand which intelligence is critical for them, or why and to what extent.
Let’s talk a bit about what’s known as counterintelligence. Explain what it is.
If positive intelligence is information I collect in order to carry out my activity, counterintelligence or negative intelligence serves to disrupt activity by the other side. Because these [non-state] organizations are up against an intelligence system that is strong, sophisticated and larger than theirs, they invest heavily in counterintelligence. Hamas was into this from the outset. As much as they could, their activity was executed with extreme secrecy and maximum monitoring. For example, they used primitive means like passing notes instead of making phone calls. It’s interesting, by the way, that both [Ismail] Haniyeh and [Yahya] Sinwar, two top Hamas figures, have counterintelligence backgrounds. In the second half of the 1980s Sinwar was in charge of al-Majd, a kind of counterintelligence unit run by Hamas in the southern Gaza Strip; Haniyeh was active in it as well. Counterintelligence is relatively well-developed in Hamas; it’s an area in which they can show fine achievements, the most impressive of which is, in my view, the Gilad Shalit story [referring to the IDF soldier kidnapped by Hamas and held from 2006 to 2011] – Hamas counterintelligence operated perfectly in that case.
For over five years.
Yes, and that was is in Gaza, not southern Lebanon. Shalit was held in small, closed Gaza, under Israel’s nose, and Israel couldn’t track him down. Hamas pulled it all off with an insane level of compartmentalization. The number of people in Hamas who knew where Shalit was could be counted on the fingers of one hand, and all of them were confidants of Ahmed Jabari [a top commander of Hamas’ military wing]. Suleiman al-Shafi [an Israeli journalist] reported that when Israel wanted to get new glasses to Shalit, via the Red Cross, Hamas refused to take them, for fear that Israel had implanted something in them, which would make it possible for them to discover where he was being held. They simply drew all the lessons from years of confronting Israel and applied them perfectly, leaving Israel without an answer. The working assumption of intelligence is that at some point the enemy will make a mistake from which you can profit – but Hamas simply made no mistake in this case.
Both Hezbollah and Hamas have undergone a significant evolution: from small organizations to large, institutionalized ones. Can you explain how that evolution is manifested in the realm of intelligence? Let’s start with Hamas.
With Hamas we’re talking about two periods, with the watershed being the disengagement [Israel’s withdrawal from the Strip in 2005] and Hamas’ takeover of the Strip [in 2007]. Before 2007, and even before 2005, Hamas still worked in squad format, with each squad being a self-enclosed unit. Many times the terrorist who perpetrates an attack is also the one who collects the intelligence materials. The intelligence itself was based on lookouts, overt collection of materials and the use of very basic HUMINT [human intelligence, typically gleaned via espionage or interrogations]. If they wanted to carry out an attack on a certain building, say, they would collect information about the security arrangements there, the times of the day people pass by, etc. Basic intelligence. Pinpoint.
That changes as the organization becomes more institutionalized, as does its intelligence activity. A military intelligence division is established in Hamas’ armed wing, Iz al-Din al-Qassam, a system of lookouts is put in place based on sectoral divisions, each battalion has its own lookouts, and information gathering is done systematically, in an orderly way, with documentation of the findings and their integration into a complete picture.
Your doctoral thesis contains a form that lookouts were supposed to fill out, divided into specific hours and sectors.
Hamas counterintelligence operated perfectly in Gilad Shalit's case. Shalit was held in small, closed Gaza, under Israel’s nose, and Israel couldn’t track him down.Flamer
Indeed. And the overt gathering of information also undergoes a process of institutionalization, with the production of intelligence reports based on open sources from which conclusions are drawn. Gradually the organization also enters the realm of UAVs [unmanned aerial vehicles, or drones] and cyber, and starts to execute impressive operations relative to its limited resources.
What about Hezbollah?
They also went through several phases. In the 1990s, the intelligence they had related mainly to IDF outposts [in southern Lebanon] and the movement of forces, and was based on daytime observations carried out by squads, using binoculars. Intelligence collection improved in the second half of the 1990s, and included the use of night-vision equipment, interception of UAV broadcasts and an initial ability to field agents. After the IDF’s withdrawal from Lebanon, in 2000, Hezbollah established itself throughout the southern part of the country and consolidated its military wing, and its information gathering also became more institutionalized, with an extensive and systematic use of agents and strategic utilization of intelligence materials.
This was the period in which Hezbollah set up a monitoring network. Possessing a detailed list of the IDF’s communications frequencies in the northern region, the organization listened in systematically and picked up the traffic on the network, word for word. These capabilities were put into practice in 2006, during the second Lebanon war, when Hezbollah observed, listened in, ran agents and gleaned information from the media – and all in all, succeeded in creating quite a good picture of Israel and the IDF, which served it in managing the fighting. After the war, the organization underwent significant processes of change and upgrading, reshaped its systems and integrated information by means of a central intelligence unit, reestablished its network of lookouts, and like Hamas, entered the cyber realm. Of course, all along the way, Hezbollah has been enveloped by massive Iranian support in terms of information, know-how, equipment, training, etc.
That goes without saying.
When I started my doctoral dissertation, my supervisor, Prof. [Eliezer] Tauber, absolutely insisted that I learn Farsi. At first I questioned that, because it wasn’t my impression that there were significant sources that were not in English, Hebrew or Arabic. But he wouldn’t relent and said, “The Iranians are involved in this, so that [learning Farsi] will be useful.” I heeded what he said. I learned Farsi for my doctorate and in the end it led me to relevant information about one of the greatest mysteries: how [Hezbollah leader] Imad Mughniyeh was assassinated [in a car bomb attack in Damascus, in 2008].
I didn’t know there was a mystery.
Mughniyeh shaped Hezbollah’s intelligence culture with his own two hands. He was careful and cunning, and considered to be a very hard nut to crack. When Israel managed to get to him, many wondered how it was actually done. Naturally, I have no pretensions and had none, about answering that question, but one day I found on the web an interview with a senior Iranian figure who has observed Hezbollah from day one. In the interview he related that Mughniyeh, a few months before his assassination, decided to change his behavior. Until then he had been like a very elusive cat – it was impossible even to photograph him – and one day he simply decided to let go. The senior Iranian person said in the interview that he had met with Mughniyeh shortly before the assassination, had commented about his behavior and urged him to be careful. He says he also spoke with his aides, told them that Mughniyeh was walking around openly and that it was terribly dangerous. The aides replied that there was nothing that could be done, that it was his decision and he was insistent.
In your research you write at length about what’s known as open or overt intelligence information – such as that gleaned from newspapers, the internet and the like. Keeping that in mind, before this interview, I looked for some relevant information myself on the web, and the truth is that I was appalled by the amount and quality of what I saw there.
I learned Farsi for my doctorate and in the end it led me to information about one of the greatest mysteries: how [Hezbollah leader] Imad Mughniyeh was assassinated [in a car bomb attack in Damascus, in 2008].Flamer
There is a great deal of open information in Israel, especially on the web, with which the enemy can have a field day. That too is a subject that’s related to asymmetry. These organizations are undemocratic, while Israel, though it has censorship, is a democracy. One implication is that there is a lot of security information that is simply out there flowing around.
Not to say, gushing. With an emphasis, by the way, on what’s known as “interviews with senior figures.” What these people allow themselves to do to garner some media exposure is indescribable.
Okay, we’re getting into a super-sensitive area here. Really. The report of the Winograd Committee [which probed the events of the second Lebanon war] devotes a whole chapter to the IDF, communications and censorship, and the problem is addressed there at length. Look, these interviews have hasbara [propaganda] value, they sometimes contain messages earmarked for the enemy. Not all the comments are slips of the tongue, but the interviewees also aren’t sufficiently aware [of what they are saying]. There is a delicate balance, which is constantly shifting. I don’t think that in the name of information security all mouths and all breaches have to be shut, but it’s definitely necessary to think about this point. Maybe we don’t think about it enough.
That’s one of the things I understood from my work: When you, as a senior figure, give an interview, you have to be aware that these organizations are accessing the information you’re sharing, which you perhaps don’t even perceive as liable to constitute a threat. In my PhD dissertation, I mention the case of Hamas activists who placed an explosive device on rail tracks in June 2002 [in Lod]. The device exploded and a few people were wounded. According to Hamas, after the attack, they monitored Israeli media broadcasts about the incident. They heard a police officer say in an interview that the device weighed about five kilos and that it’s very fortunate that it was that small, because if it had been three times the size, the damage would have been far greater. That is an amazing remark, and the headline that the interview was given in the literature of the organization’s operatives, in which the behind-the-scenes of these actions are described, was, “The enemy teaches us how to operate.”
That is related with what we talked about earlier, about how the disparities in the balance of power can actually serve those in an inferior position. A small organization can also be more creative than a large state, and cross lines that a state is perhaps unable to cross.
Yes. I think Hamas’ cyber story is a clear example of a creative use of resources, of transforming the disadvantage into an advantage. Over the past few years Hamas set up a sort of fictitious network of profiles on social media. They are profiles of pretty, scantily dressed girls, who reach out to various people, including soldiers, chat with them, try to make some sort of contact that is supposedly intended to develop into a romantic relationship, with the goal being, of course, to try to run them [as agents]. It’s what’s known as “useful idiots,” meaning someone becomes an agent for the other side without realizing it. So a good-looking girl writes a soldier a message along the lines of, “Hey, you poor guy, stuck on the base, what a cutie, send me a photo, so I can see where you are” – and he doesn’t suspect, and sends it.
That’s one scenario – the least bad. In the bad scenario, the girl tells the soldier that her Telegram and WhatsApp aren’t working, that she wants to send him clips and photos of herself, and she asks him to download a chat app that will allow her to transmit them. She sends a link, and when he downloads the app his phone is hacked and controlled remotely by Hamas. I see that as being super-creative, exploiting a new technological platform. We talked about the disadvantage, ostensibly, of Israel’s being a democracy: As a by-product of that there is a lot of information that’s floating around in open sources, and this is another example that illustrates it. What we have here is a technological breakthrough which is based on a given situation – the IDF drafts youths, whose life is their phone – and it manages to contain this complexity. The IDF will not tell soldiers that it’s taking their phone away on Sunday and will return it on Friday, and these breaches are part of the price we are paying for the fact that we are a society that is technological and open.
Your thesis has screenshots of some of the correspondence you mention. What can I tell you? You need to have undergone a lobotomy to believe that this is a real girl and to go along with it. It’s a moment in which Israel loses.
It’s a campaign in which we’re losing. The campaign over awareness has failed. We are not coping with this threat, it’s within us, the potential damage it could cause us is enormous. I don’t know what goes on at the decision-making level, but even if they understand this, it’s not trickling down. If I had to hoist one red flag after my research, this would be the one. It’s absolutely serving the enemy – and, by the way, also enemy states, not just terrorist organizations.
I myself was contacted a few months ago via one of the social media. The profile looked fine, active, there were a reasonable number of friends, but when I started to probe I recognized the familiar characteristics from fake profiles that Hezbollah and Hamas use on the web. I understood unequivocally that it was this, and that the profiled individual trying to be in contact wanted me as a useful idiot. It was interesting to see it live – the activity reached my very doorsill. The intelligence battle is being waged with great intensity. We have to remember that. And technology places the threat right in the palm of our hand.