A nice run down into how Hezbollah rolled up a CIA spy ring in Lebanon in late 2011.
The adversary, Hezbollah, used access to the telephone company logs they have those, and searched for atypical mobile phone usage patterns:
- phones that only receive a few calls / messages over long periods of time
- mobile phones that are never mobile
- weird / unusual messages PIZZA!!
That is, they were looking for phones that were kept at home, turned on occasionally, and only received calls/sms infrequently. The exact usage pattern one would expect for a mobile that is used exclusively for a handler to contact an agent.
This data gave Hezbollah a general location down to the apartment complex of where the agents were located. Next, the adversary correlated the location data with the home addresses of members who had access to secret information. They conducted surveillance on those members and discovered they were using a Pizza Hut to meet with their handlers.