Comment by timcambrant

I agree with all of your questions. But covert organizations fall victims for this type of vulnerability all the time. Operation Trojan Shield and the ANOM network is one example. Operation Firewall and the ShadowCrew takedown was another. I believe LulzSec was taken down by bad opsec in the internal IRC channel as well. Bin Laden wasn't able to mix up his use of couriers and locations enough to stay hidden forever. It's easy for us to see the mistakes and point out that the criminals should have been more diligent or mixed up their operations more, but that would take more effort than anyone can consistently give over time.

Operational security is really hard and requires constant dedication which most organizations can't keep up over time. Eventually the most professional organizations will slip up and make some of the mistakes you point out above. It's very likely that someone has spies or informants inside organizations such as Hizbollah and Hamas. But this can also have been a lapse in standard operations that was finally detected and exploited by Mossad after actively watching for a long time.