danmorgan76:

Great research and info. by Sparks.

A question I posed to a commenter and to a group of like minded radio savvy individuals recently; what do you do after SHTF and you determine , by the use of your scanner/analyser, that someone is emitting in you AO/AI and they mean you harm? I got a lot of blank stares.
The point is to remember that communication equipment is just a tool that allows you to effectively coordinate actions with friendlies and understand the intentions of not-so-friendlies. Nothing more.

So now you have three options:
1. Bug out to your secondary retreat and hope the bad guys don’t follow/find you.
2. Conduct a recon patrol that will probably be frago’d to become a combat patrol and deal with the problem.
3. Die in place.

The first two options require some prior planning and rehearsal/training, the last, not so much. In order to put the first two in place you must:

Put together plans for and rehearse occupying a secondary retreat.

If you don’t have a group (No man is an island) it’s time to start putting one together. It’s hard to repel boarders when it’s just you and the wife. If you don’t have some serious weapons training under your belt and don’t know the difference between a recon, security or combat patrol, then those black rifles in your safe are pretty much useless. Take a look at the training Mosby or Max offer. Or find some prior service combat arms guy in your area that can get you spun up. Trust me, they are out there and they are conducting the training.

Or just pick option three.

Originally posted on Signal Corps - Sparks31:

http://eartoearoak.com/software/rtlsdr-scanner

A cross platform Python frequency scanning GUI for USB TV dongles, using the OsmoSDR rtl-sdr library.

In other words a cheap, simple Spectrum Analyser.

This software is good for getting a picture of RF emitters in your AO. In SIGINT terms this is known as a Spectrum Search or a Band/Sector Search. Once you have acquired some emitters, you may then perform a Point Search to ID them and possibly start collecting COMINT.  Here are a couple of pictures of the software in action:

spec824Here is the software taking a look at the spectrum range of 824-849 MHz.  While the actual interception of certain communications in this frequency range may be a violation of 18USC2511, the identification of signals in this range for laboratory research and interference mitigation purposes is legal.  Since this software simply acts like a spectrum analyzer and does not extract the communications content…

View original 260 more words

This is in reply to a recent comment by a fellow Paratrooper bud of mine.

Rakkasan, Good job on the ICOM R-6 scanner purchase. Here’s the deal. The scanner will have to be programmed using the supplied book. And what you want to listen to is up to you. We use our R-20 to listen to “Bubba” in our A.O. That means the gmrs/frs/cb/marine/murs radios that “Bubba” can easily get his hands on and use around our retreat. So I would concentrate on programming those frequencies first. They can be found on the internet. The scanner is tiny enough that you can pack it in your gear and monitor while at home, on the move or while laid up in the patrol base (hint, hint). Sort of like having your own SOT-A. Believe me, those scanners will bust right through the so called “privacy settings” on those radios. But they can’t pick up the Motorola DTR.

You can also program it to listen to some local public service (police, rescue, fire, etc). First you have to get their frequencies and the easiest way is to subscribe to Radio Reference online. If your local public service are using the new digital or trunked systems, the R-6 will not receive them. My group uses the Uniden HomePatrol for that because it’s a lot easier to program for that specific use, it constantly updates and will monitor trunked and other new systems. With the HomePatrol you plug in the Zip Code and BAM!, your listening.

If you find hand programming your ICOM scanner a pain in your fourth point-of-contact, then do like I do and buy the BUTEL ARC 6 software for the R-6 or R-20. You will also need a cable to connect your computer to the radio. Either the ICOM OPC-478 cable for a RS-232 port on your computer or the ICOM OPC-478UC cable for the USB port on your computer. Most computers have the USB port. For my money, the software is the way to go.

The whip supplied with the scanner is OK on some bands and not so good on others. So, a lot of radio folks like to attach home made or purchased antennas in order to extend the range of reception or intercept. The cable you were asking about is to connect the radio to a wire antenna to do just that. One end of the cable will attach to the plug when the short whip (or as we called them the “donkey dick”) on the radio is unscrewed. The plug on the radio under the whip is an “SMA” type. One side of the cable screws onto it. The other side of the cable is the PL-259 type connector. You can screw it to any antenna that has a SO-259 connector. (PL stands for plug, SO stands for socket). SMA is listed as male or female. SO/PL-259 connectors are usually attached to larger diameter coaxial cables mostly used for short wave or Ham radios.

If you want to use a lighter, thinner type of cable, then instead of the SMA / PL-259 cable, pick up the SMA / BNC adapter for a few bucks at Universal-Radio.com. You will see them listed on the ICOM R-6 page. Go to Radio Shack, purchase a few feet of RG-58 coax with BNC ends attached, cut off one end and solder a 10′ piece of thin black plastic coated 18 to 22 gauge wire to the center conductor (make sure you don’t let the outer braid touch the center wire, strip the braid back an inch or so then tape the joint up or put heat shrink over it). Attach the other end (with the uncut connector) to the radio and scan away. If the radio reception is overloaded, start cutting the wire (not the coax) shorter until the reception is reasonable. If you cut it too short, start over. Here’s what I would do; I would run the short whip when on the move, scanner attached to my plate carrier or vest in a MOLLE pouch with the ear bud in one ear, then when we stop for a long break or in the patrol base, pull the whip, attach the wire antenna and throw the wire up in a tree or bush or carry a tack with the antenna and pin the free running end of the antenna to a tree trunk as high as I can reach. That makes it easy to pull down and stow if you have to bug out. Somebody in the patrol should be monitoring at all times. We want to know what “Bubba” is doing around us.

Now that your totally confused, here’s yet another option; for about $20.00 you can purchase a ready-made dual band flexible antenna. It is the OPEK HR-603VU-SMA VHF UHF DUAL BAND FLEXIBLE HANDHELD PORTABLE HAM ANTENNA w/SMA. Screw it to the scanner and go to town. The whip is flexible enough to bend over and tuck under a MOLLE loop on your ruck when on the move. When you stop moving, extend the whip up for better reception. The down side is if you are in an area with a lot of traffic it might be too sensitive.

Better yet, enroll in one of Sparks31’s communications courses while you still can and learn first hand from a master.

DOL

Dan

The Frequency Spectrum

Posted: 02/08/2014 in Uncategorized

A commenter recently posted a question regarding a specific handheld scanner. While replying, I remembered a site that displays all US frequency allocations in chart format. Here is the link: http://www.ntia.doc.gov/files/ntia/publications/2003-allochrt.pdf Save it to PDF for future reference.

Recent articles at Guerillamerica, Signal Corps and here referencing the application of SIGINT, and COMINT have generated several follow-on replies. In reference to Sparks article “Watching The Watcher” that I re-blogged on this site, I had a series of queries from a reader asking about the vulnerabilities of HTs (Handy Talkies or handheld radios) to being remotely activated. He was concerned after my reply was, “if it is a newer Software Defined Radio (SDR) then it is entirely possible for them to be hacked and remotely activated. A better reply would have been; it’s possible but not probable with a few caveats.

As we all now know, the government is spending a lot of money and time in order to keep our country secure from “terrorist threats”. I personally believe, having been witness to our government’s M.O. for many years, that this is primarily .gov run amok, using 911 as an excuse, to create new agencies and expand existing agencies with bloated budgets that are good at justifying themselves. The intelligence community is, without a doubt, the greatest beneficiary of this bonanza.  In the Army we called this “The self licking ice cream cone”.

How does this impact our mission? Keep in mind that the vast majority of our governments intelligence work is done from behind a desk, in front of a computer. Also remember that due to human nature, the first target of choice will always be the easiest, with the largest payoff or “the low hanging fruit”.  Most government agencies allocate spending based on priorities of work. The NSA’s priority is obvious; the collection and storage of cell phone and internet traffic is the low hanging fruit. This is not to say that no resources are directed toward other forms of collection such as aerial platforms.

Because of the aforementioned, I wouldn’t be overly concerned regarding your radios being hacked. While cell phones are ubiquitous, Ham band HTs are not. Even non-ham band HTs, such as GMRS/FRS are a fraction of the number when compared with all the cell phones and computers in use. All cell phone and computer traffic has to go through third-party equipment and networks. That’s normally where the eavesdropping takes place. But also remember, a cell phone is still a radio that is tied to a network of repeaters and routers that we call cell phone towers. And even though it is illegal for civilians to possess the equipment to intercept digital cell phone calls during transmission from the phone to the tower, .gov is under no such legal restraints and does possess the equipment. I know for a fact that the government was under legal restraint to operate the equipment against American citizens in the US prior to NDAA. I suspect that has changed, and if  it has not changed, who will identify and prosecute violators? This is why cell phone and internet use can be risky and why it is considered the low hanging fruit in the intel community. Logic dictates that if you can easily gather mountains of information from those two sources from the safety of your cubicle and reap the benefit of vast funding doing so, why would you expend resources going after hicks in the woods with radios? The organizations that have the equipment and ability to intercept and DF your HTs are few and far between, let alone the organizations that can remotely activate your HT. To remotely activate your HT, they would first have to know what brand and model you are using, the radio would have to be an SDR vice tube or discrete component radio, have access to the radio’s software and then, if possible,  determine how to exploit it. I will tell you, and Sparks will verify, that Ham radio manufacturers change radio design, models and options about as often as my wife changes shoes and purses. At least three times a day. The amount of ham equipment available is staggering. In order to dedicate the resources required to attempt activate your HT, you would have to have become a major pain in someones ass on the order of UBL or the FARC.

Your comms equipment priorities when operating in the field should always be based on METT-TC :

MISSION:  What communications equipment do I need to accomplish the mission? Do I need long haul comms or just short-range line of sight radios? Can I do it without radios? Can I just use hand signals? Smoke? VS-17 panels? Whistles? Do I need an SOI? (you bet your ass you do!) don’t forget PACE.

ENEMY:  In the signal arena, how can the enemy exploit your available communications? If you can’t answer that question, your intel sucks balls and you are a miserable failure as a leader. You probably spent all your time and money on guns, ammo and Mosby’s or Max’s classes, when you should have allocated some on training folks in your group on intel.  So take your shooters to the field, key a mic and try to outrun a JDAMS.   If the BDA photo in the article didn’t get your attention, or you think you can outrun one like the hero in the movie, take a look at the real thing. I can tell you from experience, that is probably the Mk 82 500 lb, not the Mk 84, 2,000 lb version. https://www.youtube.com/watch?v=LFkzAFkM_mE   I would highly recommend attending Sam’s course over at Guerrillamerica.com.  to  get your intel folks up to speed. You have several signal threats; 1. the local bubbas, the golden hoard and/or local law enforcement with civilian scanners or like type radios monitoring your comms. 2. Local law enforcement with augmentation from other government agencies. 3. Military without SIGINT assets but with like type radios to intercept your comms 4. Military SIGINT. 5. .gov SIGINT.  1 through 3 can be hampered with the use of brevity codes and encryption. 4-5 can hear you and find you.  Your best defense is a good intel system. Know your threat!

TERRAIN & WEATHER:  How will terrain affect my comms; line of sight radio in the mountains? How can I use the terrain to mask my radio signals? Can I rig long wire antennas without trees? Do I need whisper mics and ear buds at the ambush point?  Is the mission at night and will hand and arm signals be seen by all members of my patrol?  Will smoke be effective in the rain? at night?

TROOPS:   Do I have folks trained in the use of my radios? Do they understand hand and arm signals, can they read the SOI? Do I have enough troops to provide security while my radio operators set up antennas? Do I have enough troops to carry radios and batteries? How do I cross load comms equipment?

TIME AVAILABLE:  Do I have time to train them on and practice with the radios? Will there be time to set up long wire antennas? Do I have enough time to get to my target while humping the extra weight of the radio gear?

CIVILIAN CONSIDERATIONS:  When I key my radio mic, will grandpa, who lives in the house across the valley, hear my transmission over his TV set? Will the bear hunters in the woods intercept my GMRS radio transmissions on their radios? The truckers on their CBs? If I leave my long wire antenna in the trees, will some kid happen upon it?

If you do your signal planning, training and have good signal intel, wondering if someone can activate your radio remotely should be way down on your list of worries.

danmorgan76:

This is, without,question, the single most important item of communications equipment you should have at your retreat. It should be the first piece of radio gear you acquire. I would rather hear what is being  over the all the airwaves around my site, than have the most up-to-date, high-speed, low-drag transceivers. The radio watch in your BDOC should always be monitoring the scanners, 24/7. And a big thanks should go out Sparks for finding this item for a great price. I’m a sucker for anything ICOM, their equipment is first-rate. I would attach an extended, matched antenna, hung as high as possible, to increase the range.

Another important use, as Sparks implies in his post and indicates on his frequency list, are known surveillance device transmitting frequencies. You can use the scanner as a poor man’s sweep. This ties with Sam Culper’s article on GPS beacons and other tracing devices.

Originally posted on Signal Corps - Sparks31:

Icom IC-R5 Wideband Receiver and TL-29 knife.  A popular combination with SOT-A types.

Icom IC-R5 Wideband Receiver and TL-29 knife. A popular combination with SOT-A types.

Wireless surveillance occurs across the spectrum.  Usually the stranger the frequency, the better.  Wireless surveillance devices can (and will) show up anywhere, although there are some places where they are more commonly found. Click here for a list of common surveillance frequencies.Pay close attention to the ones marked “hostile”.

This Icom IC-R5 has a frequency coverage of 150 KHz. to 1.3 GHz., and 1000 memory channels.  You can program in the common surveillance frequencies into the memory channels for a quick initial look. The R5 also has what Icom calls “Full Scan” that will search through it’s entire 150 KHz.-1.3 Ghz. frequency range looking for signals.

Icom’s current pocket-size wideband receiver is the IC-R6.  Other than a change in nomenclature it’s pretty much the same radio.  They are $180 at Gigaparts.  That’s a pretty…

View original 15 more words

The following open source account of the near destruction of the FARC and ELN in Columbia S.A. makes for a very good primer in the lessons learned process. It will also offer some insight into something near and dear to my heart, the results of poor communication practices. Maybe I can talk Mosby at Mountain Guerrilla and Sam at Guerrillamerica in to doing a decent writeup on both the UW and intel. aspects of the article. Disclaimer:  This article is not intended to be a exhaustive study on the conflict in Columbia. 

http://www.washingtonpost.com/sf/investigative/2013/12/21/covert-action-in-colombia/

While in the Army, and particularly while in SF, I was able to attend several “lessons learned” events where we would take an operation, failed or successful, and pick it apart in order to determine what was done right or wrong. This allowed us to avoid making the same mistakes someone had already made, and thus mitigate the pain involved, or on the other hand, where the operations were successful, to adopt their methods for our own use.

The U.S. Army’s Center for Army Lessons Learned (CALL) is the formal proponent for the U.S. Army lessons learned process. We won’t go into the formal process that they have established. They’ve most likely changed it since I got out and it’ll save my body armor from taking a HEAT round flung by some staff weenie who is a dual trained expert at both L.L.  and “Death by PowerPoint”.  We’ll use the informal, “setting around the team room with the guys under the watchful eye of the Team Daddy” method. Everybody reads the after action reviews, any open source info, classified stuff from the 2 shop and other related info, gets together and on a white board, works up the information pertinent to the teams mission. The useful stuff goes into the team SOPs or TTPs.  It made for a good use of down time, and sure beat picking up pine cones on main post. While the time frame for most of the operations that we dissected were of much shorter duration, this article is very easy to tear apart.

My take on the article:

The insurgency in Columbia is nearly 50 years old.  In 2000 the UW theater was so well-developed that the sovereign nation had ceded control of vast amounts of the country to the insurgents.  Historically, in most UW situations, that is near the tipping point of collapse of a regime. In some cases (most) the end game can then be determined by additional outside help being supplied to either side in the conflict. Take Afghanistan, Libya, and  Syria for instance. In the first two instances, the government was overthrown with outside forces helping the rebels, in the last the government is being supported by Russia. In the case of Columbia, the U.S. government chose to come to the rescue for several reasons, but mainly due to the FARCs use of drug production and smuggling weapons to fund their operations. For the U.S. Government the final straw appears to be the killing and hostage taking of the American contractors.

Lessons I took from the article:

1.  Maintain the moral high ground. If the only way you can fund your endeavor is through the sale of drugs, humans or weapons, you’ve got a pretty sorry excuse for a revolution. Good luck finding anyone that is not either scared shitless of you or a sociopath to follow you.

2.  Just because you have your opponent seemingly on the ropes, keep in mind they might have buddies waiting to come to the rescue. Always watch your flanks.

3. Understand the politics of the situation. (much as I hate politics). Had it been the current U.S. administration vice the Bush administration, what course of action would have been taken by the U.S.? Time is on the side of the insurgent (remember, this was a 50-year-old insurgency) don’t become impatient and make your move too soon.

4. Always keep the locals on your side. They are the source of most HUMIT. I took this as one of the FARCs biggest mistakes. You can’t make targeting all local officials as part of your SOP. Just remember, everybody is related to somebody else.

5.  Pick your targets wisely and strategically. If there is no long-term gain for your group, and the payout is peanuts, why waste your time, and scarce resources. That’s why we do target folders. The insurgents offered up the final excuse for the U.S. to become involved when they captured the three American contractors and killed a fourth. The wise course would have been to return them safely. What would have been the long-term benefit for the FARC in keeping them as hostages? Governments are always looking for a excuse reason to test out new weapon systems help out their neighbors in need.

5. Know and understand the threat and don’t become lazy and complacent with your SOI and other communication procedures. Always assume someone is listening in.  Signal collection appears to have been very extensive. Be very careful with your radios. Notice how their communications were compromised, even their home-grown codes. Another good reason to change your SOI daily. However, I don’t believe that the only SIGINT gathered by the NSA was intercept of radio and cell phone communications. The GPS targeting information appears to be very precise as shown in the bomb damage assessment (BDA) photo.  This is an indication of radio direction finding or GPS transmitters being placed on target. If transmitters were used, they had to be put in place by a local. If someone lased the targets, that requires involvement of someone with local knowledge of the terrain. Yet another reason not to piss off the locals.

6.  Keep your groups small, large groups make large targets.  Small groups will join to become larger groups usually for specific operations then split up into the original small groups once the operation is complete.

Now everyone else is invited to pile on.