SIGINT

View Latest Activity

Home Forums Radio & Communication SIGINT

Viewing 5 reply threads
  • Author
    Posts
    • #96787
      Ronald Beal
      Participant

        I am just going to focus on short term radio SIGINT here.

        Anytime 2 parties communicate by radio, the transmissions can give an opponent a variety of information.

        The 3 main pieces of intel are presence, position, and content.

        Presence: If you live in a cabin in the woods, not near any main road, and have a cheap FRS radio set to scan, and suddenly you start picking up transmissions… there is a high likelihood that several people are nearby, (especially since FRS radios generally have less than a mile of range) The simple fact that a transmitter is operating nearby becomes actionable intel.

        Position: If a radio transmits for long enough, a variety of direction finding (DF) techniques can be employed. At it’s simplest, a DF can give you an approximate direction of the transmitter. Multiple DF’s, or a moving DF, or DF with a good signal path modeling software can the give a good approximate location of the transmitter. Certainly knowing where a hostile transmitter is, is good actionable intel.

        Both presence, and position are generally categorized as transmission security, or TRANSEC.
        So how do you avoid detection or radiolocation?

        1. Only transmit when absolutely necessary. No one can detect or DF a radio if it isn’t transmitting. (Well, some very expensive and specialized gear owned by some three letter agencies, and obscure military units can, but that is beyond the means of all but the most well equiped force.) The most common means of detecting a radio signal is have a scanner, or radio with a scan function continuously step through the available or likely frequencies. Their weakness is it takes time to go through all of the frequencies. The more frequencies that have to be scanned, the longer it takes. It can take over a minute to go through all of the ham VHF/UHF frequencies. FRS radios can take about 10 seconds. (only 22 or so channels)
        If the transmission is short enough duration, it may not be detected at all, or be mistaken for noise/interference

        2. Keep transmissions as short as possible, and only transmit what is essential. Use brevity codes. For example, you could use the code “sandpiper” to mean you have reached the planed upon rally point. Compare: “sandpiper, sandpiper”, vs “Mad dog to Wild Bill, Mad dog to Wild Bill, we are at the planned rally point. No major problems, although that last hill was a monster to climb. Everything else is good, Mad Dog Out!” Which transmission will be easier to detect and DF?

        3. Use obscure frequencies/bands. FRS and CB are easy to scan…. ham a little more difficult, not all scanners can listen to all frequencies. Many ham radios have a scan function, but if I am transmitting on 220mhz, and your radio only has 145mhz and 440mhz, you will never detect me.

        4. Used the lowest power output necessary to do the job (with a little margin for error.) If to people are only a block away, a 100 watt transmitter may be detected miles away, or farther, while 1/2 watt isn’t going to go much more than a mile on a good day, and will much harder to detect.

        5. Change frequencies regularly. Depending on the known capabilities of your foe, regularly could be once a week, once a day, hourly, or even after every group of transmissions. This is such an effective technique for preserving TRANSEC that the U.S. Army adopted SINGCARS radios in the late 80’s, early 90’s, that incorporate over 100 frequency changes a second. It is hard do detect, and even harder to DF a signal when you don’t know what frequency it will be on.

        6. Use ISM or SMR band radios… these license free radios such as Motorola’s MOTOTRBO, TriSquare eXRS, or the Nextel Direct Connect phones all use some form of spread spectrum (which is a form of frequency hopping) While power limited, (which also helps… see #4 above) these radios require specialist knowledge and equipment to detect.

        The last main category of intel from local SIGINT is the actual content of the transmission. Usually discussed as communications security or COMSEC. the message itself has intel value irregardless of the method it was sent. Carrier pigeon, radio, smoke signals, or whispering in someones ear. So how do we improve COMSEC of our team radio communications?

        1. Codewords. Like the “sandpiper” example earlier, having predetermined codewords can prevent your opponent from understanding your transmissions. Take care in crafting how your codewords are used. For example If you use “dragon” as code for bad guys, and want to say there are 4 bad guys on the north side of the boulder you were scouting… saying “I see 4 dragons on the November side of the boulder”… someone could fairly easily determine what you are talking about. where as “Dragon 4 November” can communicate the same thing and the opponent may think it is just a call sign, or just have no idea of the significance.

        2. Encryption. When available, good encryption is the easy reliable solution. Unfortunately, not every radio, or radio band allows for encryption. FRS, CB, and HAM don’t allow for encryption, while some commercial systems do.

        3. Obscure modes. There are a number of digital modes that require special decoders in order to listen. I can transmit on my D-Star ham radio, and unless you have an AMBE decoder chip, or another D-Star radio, you will not be able to decode what I am saying. The ISM and SMR radios mentioned earlier all also use their own proprietary digital formats. While not exactly encryption, the difficulty in decoding makes it close.

        The Realities.
        When the U.S. Army deploys SIGINT teams, they have dedicated personal, and equipment tasked to the mission. an AN/MLQ-40 Prophet sigint system uses a 4 person crew on a humvee, and while the core of the system can be dismounted, the crew has to carry the radio, laptop, batteries, antennas, etc…
        Here is an example: http://www2.l-3com.com/linkabit/pdf/data_sheets/sigint/an-prd-13 (v)2 08009.pdf

        Performing good SIGINT requires dedicated personnel and equipment. Does your opponent have the resources to dedicate a person to that? For a small group, is it better for everyone to be running a gun, or can the group afford to have someone watching radios? In reality, unless you are specifically targeted, and your opponent has an idea of your commo capabilities, the chance of coming up against someone with real SIGINT capabilities is pretty low.

        Maintaining sigint in a fixed location such as your home, is a bit more feasible, but generally requires someone to be monitoring the system. it takes a human to observe the spectrum output of an SDR to determine that a signal is legit, or just noise. Can your opponent watch their radio all day, or do they need to use that personnel to also go on patrol, fix the car, harvest crops, man a OP, etc…
        Short of keeping an FRS, and CB radio on scan, I suspect most groups aren’t going to bother running SIGINT, unless there is a very specific target in mind.

        When determining your sigint plan, balance risk vs reward. The fact that I can easily get everyone in a mutual aid group to buy FRS radios, might outweigh the insecurities FRS radios offer. If my expected opponents aren’t going to devote lots of effort to SIGINT, then better the mediocre radio we have, vs the uber secure, spread spectrum radios that I don’t have, or don’t have enough for everyone in the team, etc… Use your judgment, and let mission define the gear.

        Hope this helps
        RB

      • #96788
        Max
        Keymaster

          Do handheld scanning spectrum analyzers offer enough info for presence and position info? I am thinking of a high directivity antenna and use of attenuators for the position data.

          Joe

        • #96789
          Ronald Beal
          Participant

            Usually. It does depend on the spectrum analyzer, sample rate, antenna, and a bunch of other stuff.

            Sometime this month I will be doing some tests using a RTL TV USB dongle as a spectrum analyser, and I will attempt to RDF (radio direction find) some spread spectrum frequency hopping nextel directalk radios. If I get a video put together, I will post links to it here.

            RB

          • #96790
            Max
            Keymaster

              The farthest distance your radios (and phones) can transmit, that is how close the collection team needs to be to you. And the collectors will want Line of Sight from them to you. You should get out a map and do some terrain analysis. They won’t want anything higher between you and them. Probably a good place to do some patrols/reconnaissance…

            • #96791
              Max
              Keymaster

                I would also recommend: Do not transmit from your patrol base/ basecamp unless really necessary. That way if you are DF’d they get the wrong location.

              • #96792
                Max
                Keymaster

                  Yes, don’t transmit from your base camp. That should be part of the SOP. And let’s not forget our cell phones are transmitting continuously, so our plans should detail at what point we turn our phones off before entering the base camp/ safe house.

                  I think that under certain scenarios, going into Mission Isolation, would probably be the least conspicuous way of going operational. You could manufacture “Cover” for basically disappearing and conducting operations. So yeah, your cell phone was turned off for 3 days, but it’s not an indication of anything operational because you were on a hiking trip.

              Viewing 5 reply threads
              • You must be logged in to reply to this topic.