Khamenei's state funeral is about to kick off in Tehran — massive crowds, the whole regime apparatus on display, grief or performance depending on who you ask. And all the coverage is asking the same question: who ordered the strike? But the real question is how Israel knew exactly where he'd be at that precise moment. Exactly where, exactly when.
That question gets more urgent with what's surfaced in the last few weeks. The leaked Israeli plans to target Abbas Araghchi and other Iranian negotiators hit the news in June, and then Iran's explicit signal that any assassination attempt triggers a renewal of war. The pre-strike surveillance apparatus is the most consequential part of this entire story, and it's also the part nobody's really digging into.
Which is exactly what Daniel sent us. He's asking about the intelligence phase that precedes these strikes by weeks, sometimes months. When Israel is planning something like the Khamenei operation, are they maintaining essentially twenty-four-hour surveillance on the target? And how is that actually done in practice? Because round-the-clock coverage means satellites, electronic surveillance, and human teams working in shifts — nobody can stay awake forever. And then there's the handover problem. How do you pass a target from one team to another without losing visual contact for even thirty seconds?
Daniel's exactly right that we're not getting this from official sources. Nobody's publishing the Mossad field manual. But we can piece together a surprisingly detailed picture from memoirs, operational leaks, and the forensic reconstruction of operations that succeeded and the ones that failed. The failures are actually more instructive, because that's where you see the seams.
Let's get into it. Before we talk about the Khamenei operation specifically, we need to understand the fundamental problem. How do you watch one person, every second, for days or weeks, without ever looking away?
The core puzzle is deceptively simple. You need to know where one person is at all times. But "at all times" turns out to be brutally difficult. Humans sleep — your surveillance team needs to sleep too. Satellites don't hover — they orbit, which means they're only overhead for a few minutes every few hours. And a target who knows they might be watched is actively trying to be unpredictable. So you're watching continuously, across multiple domains, with zero margin for error, against an adversary who's trying to make that impossible.
"zero margin" isn't rhetorical. In the Mahmoud al-Mabhouh operation in Dubai in twenty-ten, the surveillance team tracked his phone from the moment his flight landed. They knew which hotel he was checking into before he did. But when he walked through the lobby, there was a gap — maybe thirty seconds — where the team lost visual contact. He'd stepped into an elevator and they didn't know which floor he got off at.
That thirty seconds nearly killed the entire operation. They had to scramble, redeploy, figure out which room he was in without alerting hotel security or triggering his own counter-surveillance instincts. The strike itself took less than twenty minutes from entry to exit. The surveillance phase had been running for hours just in Dubai, and months of planning before that. The ratio is always wildly lopsided in favor of surveillance over strike.
Which is the first thing most coverage gets wrong. People imagine the dramatic part — the weapon, the escape, the geopolitical fallout. But the real operation is the weeks or months of watching that make the dramatic part possible. And the single most fragile moment in that entire chain isn't the strike. It's the handover. The moment when one team says "we've got him" and another team says "we're taking over." That's where operations fail.
To understand why, you have to think about what "twenty-four-hour surveillance" actually means in operational terms. It means layering three completely different surveillance systems — each with its own limitations, each with its own failure modes — and stitching them together so the target never enters a gap. The satellite layer gives you periodic high-resolution imagery, but only when the orbit lines up and the weather cooperates. The signals intelligence layer — cell phone triangulation, IMSI catchers, compromised towers — fills the gaps between satellite passes, but it's vulnerable to the target simply changing phones or going dark. And the human layer — operatives on the ground — provides the continuous visual confirmation that no machine can replicate, but introduces the shift-change problem.
Because machines can run indefinitely. People can't. And that's where the handover protocols get genuinely intricate. We'll walk through all three layers and then get into how the handovers actually work — the bump technique, the dead drop signals, the thirty-minute overlap between shifts. But the thing to hold onto is that every single piece of this stack can fail, and the difference between a successful operation and a catastrophic one is whether the failure happens at a moment when another layer is covering the gap.
Layer one — satellites. Israel's Ofek-eleven and Ofek-thirteen are the workhorses here. These are reconnaissance satellites in low Earth orbit, orbital period about ninety minutes. But just because the satellite passes overhead every ninety minutes doesn't mean it's imaging your target. The revisit time for a specific location can be six to twelve hours apart, depending on the orbit track. And that's in good weather.
If you're relying on satellites alone, your target could drive to another city, attend a meeting, and drive back, and you'd never know they left.
Which is why Unit Eight Two Hundred — the signals intelligence arm — cross-references satellite passes with everything else. They build a pattern-of-life map. The target leaves his compound every Tuesday at nine in the morning. The satellite passes overhead at nine-fifteen. So you schedule the next pass to confirm he arrived at the expected location. You're not watching continuously from orbit — you're using the satellite to verify predictions generated from other intelligence.
Which brings us to layer two — the cell phone game. And this is where things get invasive fast.
The basic tool is the IMSI catcher — essentially a fake cell tower. It tricks the target's phone into connecting to it, which gives you location data, call metadata, sometimes even content. Israel's known to deploy these through diplomatic cover, through compromised local telecom infrastructure, even through drones. In the al-Mabhouh case, the moment his flight landed, the team already had his phone triangulated. They knew which terminal, which exit, which taxi. But the phone only tells you where the device is — not where the person is.
That distinction nearly cost them the operation. He walked into the hotel lobby, and for about thirty seconds, the surveillance team lost visual contact. The phone said he was in the building, but the building had twenty floors and they didn't know which one.
A phone can't tell you if the target handed it to an aide and walked out the back. That's the fundamental limitation of SIGINT — it's precise but not confirmable without human eyes. So the Dubai team had to scramble. They deployed operatives to different floors, checked elevator logs, and eventually reacquired him — but those thirty seconds were pure panic. If he'd switched phones immediately on landing, the entire operation might have collapsed before the strike team even entered the country.
Which is why layer three exists — the human teams. And this is the layer where the handover problem becomes acute, because satellites don't get tired and cell towers don't need shift changes, but people do.
Mossad's Kidon unit — the operational arm of Caesarea, the division that handles foreign operations — they work in cells of four to six operatives. Standard rotation is eight-hour shifts with a thirty-minute overlap for handover. Each team member has a specific role. You've got the shadow — the primary follower, the person who stays closest to the target. The eye handles overwatch, usually from an elevated position or a vehicle. The wheelman manages escape routes and vehicle positioning. And the sweeper runs counter-surveillance — they're not watching the target, they're watching for anyone who might be watching the team.
Four people, four distinct jobs, and if one of them gets made, the entire cell is compromised.
"getting made" happens more often than the public realizes. If a sweeper spots someone taking an interest in the shadow, the handover gets accelerated or aborted entirely. If the target enters a building with no windows — say, an underground parking garage — the eye loses overwatch and the shadow has to decide whether to follow in and risk exposure or stay outside and risk losing the target.
How do you maintain surveillance when the target goes into a windowless building?
You don't — not visually. What you do is set a perimeter. The eye covers every exit. The wheelman positions vehicles at the most likely departure routes. The shadow waits at the primary entrance. And you rely on SIGINT — if the target's phone is still active inside, you at least know they haven't left. But if they go dark — phone off, no signals — you're blind until they reemerge. That's why pattern-of-life analysis matters so much. If you've watched this target for six weeks and they always spend exactly forty-five minutes in that building, you can afford to wait. If it's a new location you've never seen them enter before, that's a crisis.
Let's talk about the handover itself. Two teams, one target, and a thirty-minute overlap window. How do you physically pass a human being from one set of eyes to another without the target noticing that the guy behind him at the coffee shop just changed?
There are a few techniques that show up repeatedly in the memoirs and leaked operational accounts. The most common is the bump — the outgoing operative walks past the target, physically passes them on the street, and the incoming operative picks them up from the opposite direction. The target sees someone walking toward them, not someone following them, so it doesn't trigger counter-surveillance instincts.
If you can't do the bump — say the target is stationary, sitting in a restaurant?
Then you use a dead drop handover. The outgoing team leaves a marked item at a pre-arranged spot — a newspaper on a specific table, a coffee cup at a particular corner of the bar. The incoming team sees the marker and knows exactly where the target is without either team having to make eye contact or communicate electronically. It's low-tech, it's almost invisible, and it works.
The Tehran nuclear archive heist in twenty-eighteen is probably the best case study of multi-team handover coordination. Mossad had teams watching that warehouse for seventy-two hours straight before the extraction.
Seventy-two hours of continuous surveillance on a single building in the middle of Tehran, with Iranian security forces everywhere. The handovers happened at night, during shift changes at nearby government buildings, so any unusual movement would blend into the normal security rotation patterns. The teams used dead drops — specific vehicles parked at specific angles, items left in windows — to signal target status without ever breaking radio silence. And the satellite layer was timed so that Ofek passes coincided with the handover windows, giving the operation commanders a top-down confirmation that all teams were in position.
Which brings us to the Fakhrizadeh case in twenty-twenty — the nuclear scientist killed on the road outside Tehran. That operation used a satellite-to-ground handover that's still studied in intelligence circles. The satellite pass pinpointed his vehicle on a specific route at a specific time. That data was relayed to a ground team that had positioned a remote-operated weapon system along that exact stretch of road.
Here's the detail that most accounts miss — the satellite didn't track his car in real time. It captured a single image during a pass, analysts identified the vehicle, and the ground team had to extrapolate his arrival time based on traffic patterns and his known driving habits. If he'd taken a different route, or stopped for gas, or left five minutes late, the entire strike window would have closed. The operation succeeded because the pattern-of-life surveillance had been running for months.
The Khamenei case is a different animal entirely. Everything we just described — the shifts, the bumps, the dead drops — that's the playbook for a mid-level operative. A Hamas commander, a nuclear scientist, someone who moves through the world with a security detail but still has a predictable life. The Supreme Leader of Iran is not that target. His movements are state secrets classified even to most of his own security apparatus. You can't just post a team outside his residence and wait for him to leave for work.
You don't start with the man himself. You start with the people around him. The most likely answer — and I want to be clear, we're piecing this together from past operational patterns, not from any confirmed source on the Khamenei strike — is that this involved compromised staff inside the Supreme Leader's office. Someone in his scheduling unit, someone on his security detail, someone close enough to know where he'd be and when.
The medical angle. He was eighty-seven, had known health issues. His medical team would have had regular access and predictable scheduling demands.
Signals intercepts from his medical team — appointment scheduling, prescription refills, specialist consultations — those create a skeleton of his movements. If you know he has a cardiology appointment on Thursday at ten, you know he'll be at a specific clinic, and you can work backward from there. But the critical piece is that none of this happens in a week. This is pattern-of-life analysis over months, maybe longer. You're not watching the man. You're watching everyone who touches his life, building a composite picture from fragments.
Which makes the Araghchi leak from June particularly interesting, because a diplomat is a completely different surveillance problem. A Supreme Leader is protected by secrecy. A diplomat is protected by immunity and by the fact that he moves between secure compounds where you can't just set up an overwatch position in a rented apartment across the street.
Diplomatic targets force you to get creative. The Araghchi plans that leaked — and we should note these were reported as prepared plans, not necessarily operational orders — reveal a surveillance approach that relies heavily on what the intelligence community calls "facilitated encounters." You can't follow a diplomat into a secure hotel. But you can compromise the hotel staff. You can't surveil a negotiating session. But you can track the drivers, the aides, the support staff who move between the secure compound and the outside world.
The driver knows where he's going before the principal does.
The driver, the chef, the translator, the guy who delivers the bottled water. These people aren't covered by diplomatic immunity, they're not trained in counter-surveillance, and they have predictable routines. If you can compromise one of them — bribe, coerce, or simply track — you get a window into the principal's movements without ever having to get eyes on the principal himself.
That's the thing about surveillance — the weakest link is almost never the target. It's the people the target doesn't think about.
Which brings us to what happens when surveillance breaks. Because it does break. It breaks more often than the public ever hears about, and the failures are where you really learn how these systems work under stress. The nineteen ninety-seven attempt on Khaled Mashal in Amman is the textbook case. Mossad operatives disguised as Canadian tourists tried to poison him on the street. The handover was rushed — the surveillance team had lost him briefly and the strike team was pushed into action before they had full confirmation of his route. The operatives were caught, the whole thing unraveled, and Israel ended up having to provide the antidote to save Mashal's life to contain the diplomatic fallout.
Rushed handover, incomplete picture, catastrophic outcome.
Contrast that with the Haniyeh operation in twenty twenty-four. Hamas leader Ismail Haniyeh was staying in an IRGC guesthouse in Tehran — a secure compound, presumably one of the hardest places in the world to surveil a target. The team had to maintain coverage for forty-eight hours inside a building where there was no line of sight between rooms. Handovers were happening in stairwells, in hallways, with operatives who couldn't see each other and couldn't communicate electronically without risking intercept.
How do you hand off a target you can't see to a team you can't talk to?
You pre-position. You establish dead drop locations inside the building before the target even arrives — a specific plant in a hallway, a light left on in a particular room, a window shade at a specific height. Each signal means something different. "Target is in room three-oh-four." "Target has not moved in two hours." "Strike window is open." The entire operation runs on a choreography that was rehearsed before anyone ever entered the country.
That's the part that's hard to wrap your head around — the amount of pre-positioning. You're not improvising surveillance. You're running a play that was written weeks earlier, with contingencies for every handover point, every dead drop, every possible failure pattern.
Which is where the technological evolution comes in, because AI and computer vision are changing what's possible. Israel's "The Gospel" system — a computer vision platform that can track a target across multiple camera feeds simultaneously — ingests footage from street cameras, traffic cameras, security cameras, and alerts human operators when the target is about to leave a coverage zone.
Instead of having a human watching sixteen screens and inevitably blinking at the wrong moment, the machine never blinks.
The machine never blinks, never gets tired, never has a shift change. But it introduces new failure pattern. Facial recognition can be spoofed — a target who knows they're being watched can wear clothing patterns designed to confuse computer vision algorithms, the digital equivalent of camouflage. False positives can send a team scrambling after the wrong person. And there's the over-reliance problem — if your human operators start trusting the system implicitly, they stop doing the kind of creative counter-surveillance thinking that catches things the algorithm misses.
The technology reduces one kind of risk — human fatigue, human error in handovers — but it creates a different kind. You're trading the devil you know for the devil you don't.
That's the question that hangs over all of this. We've spent the last decade building surveillance systems that are more automated, more networked, more AI-driven. They're incredibly capable. But they're also more complex, which means more points of failure, and the failures are harder to diagnose because you're debugging an algorithm instead of debriefing an operative who can tell you exactly what they saw and what they missed.
What does all of this mean for someone trying to understand how these operations actually work — or, more practically, how to spot the signs that one is underway?
The first takeaway is counterintuitive, and it's the thing most coverage gets exactly backward. The weapon isn't the fragile part. The escape plan isn't the fragile part. The fragile part is the surveillance chain — specifically, the handover. If you can disrupt the moment when one team passes the target to another, you can prevent the strike entirely.
Which is why counter-surveillance teams — the people protecting high-value targets — don't spend their time looking for snipers. They spend it looking for shift changes. They watch for the same face appearing in different locations at predictable intervals. They look for the bump, the dead drop, the thirty-minute overlap window. If you can identify the handover rhythm, you can map the entire surveillance operation.
That's not theoretical. Iranian security doctrine shifted significantly after the Fakhrizadeh hit. They started running randomized convoy routes, decoy vehicles, and — crucially — they started training their protective details to identify surveillance handover patterns rather than just looking for weapons. The operational logic is simple: you can't stop a strike you don't see coming, but you can spot the surveillance that precedes it.
Second takeaway — and this is where things get uncomfortable — the shift to AI-assisted surveillance is a double-edged sword in ways that most analysis hasn't caught up to yet. Yes, computer vision eliminates the fatigue problem. The Gospel system doesn't get tired, doesn't lose focus, doesn't have a bad day. But it introduces vulnerabilities that human-only surveillance never had.
Adversarial attacks on facial recognition are a real thing. There's published research — open-source, peer-reviewed — demonstrating that specific clothing patterns, infrared emitters embedded in glasses, even makeup applied in particular geometric configurations can cause computer vision systems to misidentify or lose track of a target entirely. A target who knows they're under AI surveillance can literally dress to become invisible to the algorithm.
The over-reliance problem is arguably worse. If your human operators spend years trusting an automated system that's right ninety-nine percent of the time, what happens the one time it's wrong? Do they even notice? Or does the target walk through a gap that nobody's looking for because the screen says everything's fine?
There's also the spoofing angle. If you can compromise the camera network — inject false feeds, replay old footage, create phantom targets — you can send a surveillance team chasing ghosts while the real target moves freely. None of this is science fiction. These are known attack vectors that security researchers have been documenting for years, and the more we automate surveillance, the more surface area we create for those attacks.
Which brings us to the third takeaway, and I think this is the one that actually changes how you should read the news. If you want to know where the next targeted assassination is going to happen, don't watch for the strike. Watch for the surveillance buildup.
This is the actionable part. Unusual satellite activity over a specific location — intelligence agencies track orbital paths, and a sudden concentration of passes over one city is noticeable. Unexplained cell tower outages — if the network goes down in a specific neighborhood for "maintenance" that nobody announced in advance, that's a red flag. A sudden spike in diplomatic travel to a particular city, especially from countries that don't normally send delegations there.
Or the quieter signals. A spike in hotel bookings near a government compound. Rental cars being reserved under corporate accounts that don't normally operate in that area. Local staff being hired for short-term contracts at facilities near a potential target's known locations. These are all things that show up in commercial data if you know what to look for.
The surveillance phase leaves footprints. It has to — you can't put four to six operatives in a foreign city without generating transactions, movements, patterns. The intelligence community watches for these signatures constantly. But the public can watch for them too, or at least understand what they mean when they start showing up in news reports. If you see a story about unexplained Israeli diplomatic activity in a particular city, followed by reports of cell network disruptions, followed by satellite imagery analysts noting unusual orbital patterns — you're not reading random news. You're reading the surveillance buildup.
The timeline matters. These buildups don't happen overnight. If the surveillance phase runs for weeks or months, the precursors are visible for weeks or months. The strike, when it comes, isn't the beginning of the operation. It's the end. Everything you needed to know was already in the news, if you knew how to read it.
Which leaves us with one final question that I think is going to become increasingly urgent in the next few years. We've been talking about state-level actors — Mossad, Unit Eight Two Hundred, the kind of surveillance apparatus that requires satellites and billion-dollar budgets. But the technology we just described is getting cheaper and more accessible by the month. Facial recognition is available as a cloud service. IMSI catchers can be built from off-the-shelf components. Computer vision models that rival The Gospel are open-source and downloadable.
The question isn't whether non-state actors are going to start playing this game. It's when. And what happens when they do.
This is the democratization problem that almost nobody in the security community is talking about publicly. A well-funded terrorist organization or a criminal syndicate doesn't need its own Ofek satellite. It can buy commercial satellite imagery from companies that sell sub-meter resolution to anyone with a credit card. It doesn't need to develop its own facial recognition platform. It can rent one. The barrier to entry for twenty-four-hour surveillance tradecraft is collapsing, and the handover protocols we just spent this episode describing are not classified secrets. They're documented in memoirs, in court records, in forensic reconstructions of operations that went wrong.
Here's the uncomfortable implication — the same techniques that let a state eliminate a high-value target also let a non-state actor kidnap one. Or assassinate one. Or simply track one until the moment is right. The tradecraft doesn't care about your motives. It just works.
The countermeasures we've developed assume a state adversary — someone who has to worry about diplomatic fallout, about attribution, about the rules of a game that non-state actors aren't playing. If a terrorist cell adopts these surveillance techniques, they're not worried about their operatives getting caught and triggering an international incident. They're planning to die anyway. That changes the entire risk calculus.
The next time you read about a targeted assassination — and given the way things are going, that won't be long — ask yourself a different question than the one the headlines are asking. Don't ask who did it. Don't ask what weapon they used. Ask how long they were watching. Because the answer to that question tells you more about the operation than the strike itself ever will. A strike that took twenty minutes after six months of surveillance is a completely different animal than a strike that took twenty minutes after a week of surveillance. The first one tells you the target was penetrated at the institutional level. The second one tells you they got lucky.
The surveillance timeline also tells you something about who's next. If an agency just spent half a year building a surveillance architecture around one target, they're not going to dismantle it when the operation ends. That infrastructure — the compromised staff, the dead drop locations, the pattern-of-life databases — it's reusable. The surveillance outlasts the strike.
That's the thought I keep coming back to. We're all watching the funeral, watching the geopolitical fallout, watching to see if Iran follows through on its threat to renew the war. But the surveillance apparatus that made the strike possible didn't disappear when Khamenei died. It's still there. It's still watching. And the next target is probably already being tracked.
Now: Hilbert's daily fun fact.
Hilbert: In nineteen twenty-one, a deaf community in Guyana used a sign language dialect that measured distance not in miles or kilometers, but in "canoe-hours" — the time it took to paddle between villages along the Essequibo River. One canoe-hour equaled roughly four point three modern miles in calm water, but the unit shrank during the rainy season when currents ran faster.
I don't know what to do with "canoe-hours.
Feels like something you'd enjoy, actually. Very water-conditional.
This has been My Weird Prompts. Thanks to our producer Hilbert Flumingtop. If you want to send us a question like Daniel did, email the show at show at my weird prompts dot com.
Until next time.