October 7 attacks was recurrently presented as an Israeli security failure. The IDF didn’t only fail to predict the attack, but showed little readiness to contain the large scale influx of the Palestinian militants through Israel’s security barriers surrounding Gaza.
But the attack also revealed the degree to which Hamas had become capable of collecting, processing, and operationalizing intelligence in a professional and coordinated manner. The assault required familiarity with border defenses, surveillance gaps, military routines, communications vulnerabilities, and civilian geography. It was, in this sense, not merely a military operation, but an intelligence operation.
This is precisely what Netanel Flamer sought to answer in his book The Hamas Intelligence War against Israel. The book reconstructs the long and largely overlooked history of Hamas’s intelligence war against Israel, showing that October 7 was not an isolated rupture but the culmination of a decades-long process.
From local observation and human sources to open-source monitoring, cyber operations, counterintelligence, deception, and operational analysis, Hamas gradually built an intelligence culture suited to an asymmetric struggle. Flamer argues that even a weaker actor, lacking the vast resources of a state intelligence apparatus, can still gather useful information and use secrecy and adaptation to offset technological inferiority.
1. GEOINT
Hamas’s geospatial intelligence evolved from simple, tactical forward observation into a more organized and institutionalized intelligence system. In the early period, especially before Israel’s 2005 disengagement from Gaza, observation was usually carried out by the same operatives who planned or executed attacks. They studied Israeli settlements, patrol routes, checkpoints, military roads, buses, fences, sensors, and security routines. These observations helped determine timing, approach routes, target selection, and escape plans.
During the 1990s and Second Intifada, forward observation remained localized but increasingly systematic. Hamas operatives documented IDF checkpoints, patrols, troop rotations, military vehicles, and settlement defenses. Observation was also used in real time: operatives watched roads or targets and alerted attackers by phone when Israeli vehicles or soldiers approached. Tunnels added another intelligence layer, allowing Hamas operatives to observe Israeli outposts from close range before tunnel-bomb operations.
After 2005, Hamas’s GEOINT activity became more professionalized in Gaza. The organization developed armed border observation and guard units, known as murabitun (ready guards), which monitored IDF movements along the fence, often at night, using binoculars, cell phones, tactical radios, call signs, and coded reporting systems. Observation logs became formalized, recording exact times, vehicle types, troop numbers, and unusual activity. These reports appear to have fed into broader military intelligence analysis rather than serving only immediate operational needs.
Later, Hamas gradually moved from naked-eye observation and binoculars to more advanced tools, including UAVs and drones. With help from figures such as Tunisian engineer Muhammad al-Zuari, and through cooperation involving Iran and other experts, Hamas developed drone capabilities, including the Ababil1 models. These UAVs were used or displayed for observation, propaganda, and limited operational purposes.
2. HUMINT
Before the mid-2000s, HUMINT activity was mostly tactical and depended on individuals who had access to Israel, especially Israeli Arab citizens, East Jerusalem residents, and people who could travel through Jordan, Turkey, Saudi Arabia, or Israel. These recruits were asked to identify crowded civilian sites, bus routes, malls, military-linked targets, and security arrangements. Training sometimes included surveillance, encrypted communication, courier work, and basic clandestine methods.
After 2005 and Hamas’s growing institutionalization, HUMINT became broader and more sophisticated. Hamas sought people with better access, including dual nationals, East Jerusalem residents, Gaza residents with Israeli family links or permits, and people able to move inside Israel. Their tasks expanded from identifying attack sites to gathering information on army bases, Iron Dome batteries, airfields, and Israeli military movements. Communication increasingly shifted to encrypted or semi-secure channels such as Telegram and WhatsApp.
Hamas also used social engineering. Hamas operatives allegedly used fake WhatsApp identities to contact Israeli soldiers and ask for training schedules, unit locations, and operational routines. WhatsApp groups and online networks were also used to solicit information from sympathizers or people exposed to Israeli society.
Flamer also focused on Hamas’s “doubling” of sources: identifying people recruited by Israeli intelligence and turning them into double agents. Early cases in the 1990s focused on luring or assassinating Shin Bet handlers. Later cases aimed to feed false intelligence to draw IDF forces into ambushes. By the 2010s, such operations had become longer, more institutionalized, and more media-conscious, culminating in deception operations publicized through polished films.
3. OSINT
Hamas’s use of open-source intelligence developed from improvised media monitoring into an institutionalized intelligence practice. In the 1990s, Hamas relied on outlets and institutions such as Quds Press, the Islamic Center for Research and Studies in the United States, translation agencies in the Palestinian territories, and the Islamic University in Gaza to gather, translate, and circulate information from Israeli, Arab, and international sources. This material helped Hamas understand Israeli politics, public reactions, military responses, and the perceived impact of its operations.
Before the mid-2000s, OSINT was often gathered directly by operatives or associated media bodies. Hamas monitored Israeli media to assess how attacks were understood inside Israel, what security measures followed, and where Israeli vulnerabilities appeared.
After Hamas consolidated control in Gaza, OSINT became more systematic. The Military Intelligence Department produced regular reports such as “Israeli Affairs,” which collected and analyzed Israeli media coverage on security, military affairs, politics, foreign relations, society, and economics. These reports were not merely summaries; they turned open information into assessments of Israeli priorities, weaknesses, and decision-making. They also included instructions to destroy the material after use, indicating its internal intelligence value.
Hamas also produced video-based OSINT products such as “In the Margins of Events” and “The Israeli Viewer,” translating Israeli broadcasts and using them to educate operatives about IDF tactics, political debates, and social vulnerabilities.
4. SIGINT
Hamas’s SIGINT capabilities remained relatively limited compared with its other intelligence activities, but its cyber operations became a major compensating tool. Before Hamas took control of Gaza in 2007, there is little evidence of organized interception activity. Afterward, Hamas reportedly gained access to interception equipment, partly through equipment captured from Palestinian Authority security apparatuses and possibly through Iranian assistance.
During the 2008 Gaza War, Israel assumed Hamas could intercept communications and encrypted many frequencies; captured frequency scanners supported the claim that Hamas monitored some unencrypted IDF tactical communications. Hamas also attempted to intercept Israeli aerial observation broadcasts, especially UAV feeds, to identify areas under Israeli surveillance and warn operatives.
Flamer argues that Hamas’s traditional SIGINT remained constrained by the technical complexity of broad communications interception and by Gaza’s isolation. However, cyberspace gave Hamas a cheaper and more flexible route to intelligence collection.
Since at least 2014, Hamas has repeatedly targeted Israeli soldiers and security personnel through social engineering, fake social media identities, phishing, and malware. Operations involved impersonating attractive women, soldiers, or ordinary Israeli users on Facebook, WhatsApp, Instagram, and Telegram, then persuading targets to download malicious chat, photo, alert, or game apps. Once installed, these apps could give Hamas access to phones’ cameras, microphones, GPS locations, contacts, messages, files, photos, and videos. Some campaigns used fake app stores, counterfeit RedAlert-style warning apps, fake Cellcom forms, or direct download links.
Hamas also tried to penetrate IDF observation networks and community camera systems near Gaza. Separately, hacker groups probably linked to Gaza, such as Molerats, used phishing emails and malware against government, financial, media, and security targets across the Middle East and beyond.
5. Counterintelligence
Hamas’s counterintelligence developed as a core survival mechanism against Israel’s superior intelligence capabilities. From its earliest years, Hamas emphasized secrecy, compartmentalization, and the protection of internal information. Its first intelligence body, Majd, predated Hamas’s formal establishment and focused on identifying suspected collaborators with Israel, as well as people accused of moral offenses.
During the First Intifada, Majd gathered reports, surveilled suspects, interrogated them, and often executed them after coerced confessions. Many later senior Hamas figures, including Yahya Sinwar, passed through or were linked to this security milieu.
Hamas also developed strict internal security procedures. Cells were compartmentalized; operatives often knew only their immediate contacts; messages were passed through couriers, dead drops, codes, and concealed letters; and recruitment involved screening and surveillance.
The organization trained members to withstand Israeli interrogation and produced materials explaining Shin Bet methods, warning that confessions could expose networks and operations. It also practiced document security, including classification levels, coded references, secure storage, destruction procedures, and avoidance of fingerprints or other identifying markers.
Against SIGINT threats, Hamas tried to reduce reliance on phones, use couriers, code words, burner devices, encoded emails, and systematic tables of code words. It warned operatives about cellular tracking, interception, suspicious phone gifts, and dangerous keywords.
Against GEOINT threats, Hamas studied Israeli UAVs, thermal imaging, surveillance systems, and aerial observation. It promoted camouflage, smoke screens, movement under cover, thermal insulation, and eventually extensive subterranean operations. Tunnels became both an operational and counterintelligence answer to Israel’s aerial and visual surveillance.
Hamas also struggled with OSINT exposure. It needed to publicize attacks for morale and propaganda, but feared that claiming responsibility or media coverage would reveal operational secrets.
6. Operational intelligence
In the early First Intifada, Hamas’s operational intelligence was minimal. Sympathizers identified buses by sound or relied on immediate observation. By the early 1990s, Hamas cells were conducting reconnaissance, studying Israeli routines, and learning from failed operations.
After a failed 1992 car bombing, Hamas analyzed why the vehicle was detected, concluding that stolen cars, unchanged plates, timing, and location choices could expose operations. Before a 1992 attack on an IDF vehicle in Gaza, Hamas observed patrol routes, timing, traffic patterns, possible IDF responses, and escape routes. The cell selected a strike day and hour that would allow the attackers’ vehicle to blend into Palestinian worker traffic. Afterward, Hamas studied Israeli media and military reactions to assess the attack’s impact and improve future operations.
The abduction of Israeli soldier Nahshon Waxman in 1994 demonstrated a more sophisticated blend of intelligence and deception. Hamas studied earlier abduction failures, selected disguises, rented a vehicle in a way that limited traceability, prepared a hiding place, and misled Israel into believing Waxman was held in Gaza rather than near Jerusalem. The later abduction of Gilad Shalit in 2006 showed even greater operational maturity. Hamas conducted detailed border observation, selected Kerem Shalom after analysis, studied IDF routines, dug a tunnel covertly, compartmentalized information, and maintained strict secrecy during Shalit’s captivity.
After Hamas seized Gaza in 2007, operational intelligence supported tunnel attacks, border raids, West Bank plots, and target selection. Hamas combined forward observation, maps, aerial photos, OSINT, HUMINT, and online recruitment to identify military sites and potential targets. Flamer also notes Hamas’s creation of target files for Israeli settlements near Gaza.
7. Research, analysis and assessment
In the early 1990s, Hamas focused mainly on operational lessons: how Israeli forces responded after attacks, how security checks worked, and how to overcome specific obstacles such as detection dogs or identification procedures.
After institutionalization, Hamas produced educational materials such as the monthly series Know Your Enemy, designed to teach operatives about Israeli strengths, weaknesses, technology, aircraft, surveillance systems, and ways to counter them. It also established a military academy after 2008, with curricula that included Israeli weapons and military systems. Other internal materials studied the IDF’s structure, regional commands, tanks, APCs, active defense systems, and vulnerable points in Israeli equipment. This knowledge was later applied operationally, including against Israeli armored vehicles during the 2014 Gaza War.
At the strategic level, Hamas tried to assess whether Israel would launch major operations against Gaza. It studied Israeli politics, media, public opinion, foreign relations, election cycles, and military behavior. However, Flamer argues that Hamas repeatedly misread Israeli intentions, especially before the 2008 and 2012 campaigns. Its reliance on OSINT and lack of high-quality sources inside Israeli decision-making made it vulnerable to Israeli deception.
Flamer also examines Hamas’s “enemy image” of Israel: a mixture of ideological assumptions about Jewish weakness and internal division, alongside recognition of Israel’s military, technological, organizational, and intelligence strengths. This ambivalence contributed to both serious study and repeated strategic miscalculation.
Asymmetric intelligence war
Flamer argued that Hamas’s conflict with Israel included a continuous, asymmetrical but mutual intelligence war. Hamas began with local, tactical intelligence gathered by small cells, but after the mid-2000s its intelligence activity became more institutionalized, professional, and multidimensional. This shift was driven by organizational development, Israel’s withdrawal from Gaza, Hamas’s territorial control, and wider technological change.
Hamas expanded from close-range observation and sporadic OSINT into systematic GEOINT, HUMINT, OSINT, cyber activity, and counterintelligence. Its intelligence helped it plan operations, build target files, conceal activities, and sometimes achieve major successes, such as keeping Gilad Shalit hidden for years. Yet Hamas remained weak at strategic intelligence because it lacked access to Israel’s inner decision-making circles and relied heavily on OSINT, making it vulnerable to Israeli deception.
Author
Discover more from THE PUNDIT
Subscribe to get the latest posts sent to your email.