A Boogyman Behind Every Tree

Recent articles at Guerillamerica, Signal Corps and here referencing the application of SIGINT, and COMINT have generated several follow-on replies. In reference to Sparks article “Watching The Watcher” that I re-blogged on this site, I had a series of queries from a reader asking about the vulnerabilities of HTs (Handy Talkies or handheld radios) to being remotely activated. He was concerned after my reply was, “if it is a newer Software Defined Radio (SDR) then it is entirely possible for them to be hacked and remotely activated. A better reply would have been; it’s possible but not probable with a few caveats.

As we all now know, the government is spending a lot of money and time in order to keep our country secure from “terrorist threats”. I personally believe, having been witness to our government’s M.O. for many years, that this is primarily .gov run amok, using 911 as an excuse, to create new agencies and expand existing agencies with bloated budgets that are good at justifying themselves. The intelligence community is, without a doubt, the greatest beneficiary of this bonanza.  In the Army we called this “The self licking ice cream cone”.

How does this impact our mission? Keep in mind that the vast majority of our governments intelligence work is done from behind a desk, in front of a computer. Also remember that due to human nature, the first target of choice will always be the easiest, with the largest payoff or “the low hanging fruit”.  Most government agencies allocate spending based on priorities of work. The NSA’s priority is obvious; the collection and storage of cell phone and internet traffic is the low hanging fruit. This is not to say that no resources are directed toward other forms of collection such as aerial platforms.

Because of the aforementioned, I wouldn’t be overly concerned regarding your radios being hacked. While cell phones are ubiquitous, Ham band HTs are not. Even non-ham band HTs, such as GMRS/FRS are a fraction of the number when compared with all the cell phones and computers in use. All cell phone and computer traffic has to go through third-party equipment and networks. That’s normally where the eavesdropping takes place. But also remember, a cell phone is still a radio that is tied to a network of repeaters and routers that we call cell phone towers. And even though it is illegal for civilians to possess the equipment to intercept digital cell phone calls during transmission from the phone to the tower, .gov is under no such legal restraints and does possess the equipment. I know for a fact that the government was under legal restraint to operate the equipment against American citizens in the US prior to NDAA. I suspect that has changed, and if  it has not changed, who will identify and prosecute violators? This is why cell phone and internet use can be risky and why it is considered the low hanging fruit in the intel community. Logic dictates that if you can easily gather mountains of information from those two sources from the safety of your cubicle and reap the benefit of vast funding doing so, why would you expend resources going after hicks in the woods with radios? The organizations that have the equipment and ability to intercept and DF your HTs are few and far between, let alone the organizations that can remotely activate your HT. To remotely activate your HT, they would first have to know what brand and model you are using, the radio would have to be an SDR vice tube or discrete component radio, have access to the radio’s software and then, if possible,  determine how to exploit it. I will tell you, and Sparks will verify, that Ham radio manufacturers change radio design, models and options about as often as my wife changes shoes and purses. At least three times a day. The amount of ham equipment available is staggering. In order to dedicate the resources required to attempt activate your HT, you would have to have become a major pain in someones ass on the order of UBL or the FARC.

Your comms equipment priorities when operating in the field should always be based on METT-TC :

MISSION:  What communications equipment do I need to accomplish the mission? Do I need long haul comms or just short-range line of sight radios? Can I do it without radios? Can I just use hand signals? Smoke? VS-17 panels? Whistles? Do I need an SOI? (you bet your ass you do!) don’t forget PACE.

ENEMY:  In the signal arena, how can the enemy exploit your available communications? If you can’t answer that question, your intel sucks balls and you are a miserable failure as a leader. You probably spent all your time and money on guns, ammo and Mosby’s or Max’s classes, when you should have allocated some on training folks in your group on intel.  So take your shooters to the field, key a mic and try to outrun a JDAMS.   If the BDA photo in the article didn’t get your attention, or you think you can outrun one like the hero in the movie, take a look at the real thing. I can tell you from experience, that is probably the Mk 82 500 lb, not the Mk 84, 2,000 lb version. https://www.youtube.com/watch?v=LFkzAFkM_mE   I would highly recommend attending Sam’s course over at Guerrillamerica.com.  to  get your intel folks up to speed. You have several signal threats; 1. the local bubbas, the golden hoard and/or local law enforcement with civilian scanners or like type radios monitoring your comms. 2. Local law enforcement with augmentation from other government agencies. 3. Military without SIGINT assets but with like type radios to intercept your comms 4. Military SIGINT. 5. .gov SIGINT.  1 through 3 can be hampered with the use of brevity codes and encryption. 4-5 can hear you and find you.  Your best defense is a good intel system. Know your threat!

TERRAIN & WEATHER:  How will terrain affect my comms; line of sight radio in the mountains? How can I use the terrain to mask my radio signals? Can I rig long wire antennas without trees? Do I need whisper mics and ear buds at the ambush point?  Is the mission at night and will hand and arm signals be seen by all members of my patrol?  Will smoke be effective in the rain? at night?

TROOPS:   Do I have folks trained in the use of my radios? Do they understand hand and arm signals, can they read the SOI? Do I have enough troops to provide security while my radio operators set up antennas? Do I have enough troops to carry radios and batteries? How do I cross load comms equipment?

TIME AVAILABLE:  Do I have time to train them on and practice with the radios? Will there be time to set up long wire antennas? Do I have enough time to get to my target while humping the extra weight of the radio gear?

CIVILIAN CONSIDERATIONS:  When I key my radio mic, will grandpa, who lives in the house across the valley, hear my transmission over his TV set? Will the bear hunters in the woods intercept my GMRS radio transmissions on their radios? The truckers on their CBs? If I leave my long wire antenna in the trees, will some kid happen upon it?

If you do your signal planning, training and have good signal intel, wondering if someone can activate your radio remotely should be way down on your list of worries.

Watching The Watchers – Wideband Receivers

This is, without,question, the single most important item of communications equipment you should have at your retreat. It should be the first piece of radio gear you acquire. I would rather hear what is being  over the all the airwaves around my site, than have the most up-to-date, high-speed, low-drag transceivers. The radio watch in your BDOC should always be monitoring the scanners, 24/7. And a big thanks should go out Sparks for finding this item for a great price. I’m a sucker for anything ICOM, their equipment is first-rate. I would attach an extended, matched antenna, hung as high as possible, to increase the range.

Another important use, as Sparks implies in his post and indicates on his frequency list, are known surveillance device transmitting frequencies. You can use the scanner as a poor man’s sweep. This ties with Sam Culper’s article on GPS beacons and other tracing devices.

Lessons Learned – SIGINT Operations

The following open source account of the near destruction of the FARC and ELN in Columbia S.A. makes for a very good primer in the lessons learned process. It will also offer some insight into something near and dear to my heart, the results of poor communication practices. Maybe I can talk Mosby at Mountain Guerrilla and Sam at Guerrillamerica in to doing a decent writeup on both the UW and intel. aspects of the article. Disclaimer:  This article is not intended to be a exhaustive study on the conflict in Columbia. 

http://www.washingtonpost.com/sf/investigative/2013/12/21/covert-action-in-colombia/

While in the Army, and particularly while in SF, I was able to attend several “lessons learned” events where we would take an operation, failed or successful, and pick it apart in order to determine what was done right or wrong. This allowed us to avoid making the same mistakes someone had already made, and thus mitigate the pain involved, or on the other hand, where the operations were successful, to adopt their methods for our own use.

The U.S. Army’s Center for Army Lessons Learned (CALL) is the formal proponent for the U.S. Army lessons learned process. We won’t go into the formal process that they have established. They’ve most likely changed it since I got out and it’ll save my body armor from taking a HEAT round flung by some staff weenie who is a dual trained expert at both L.L.  and “Death by PowerPoint”.  We’ll use the informal, “setting around the team room with the guys under the watchful eye of the Team Daddy” method. Everybody reads the after action reviews, any open source info, classified stuff from the 2 shop and other related info, gets together and on a white board, works up the information pertinent to the teams mission. The useful stuff goes into the team SOPs or TTPs.  It made for a good use of down time, and sure beat picking up pine cones on main post. While the time frame for most of the operations that we dissected were of much shorter duration, this article is very easy to tear apart.

My take on the article:

The insurgency in Columbia is nearly 50 years old.  In 2000 the UW theater was so well-developed that the sovereign nation had ceded control of vast amounts of the country to the insurgents.  Historically, in most UW situations, that is near the tipping point of collapse of a regime. In some cases (most) the end game can then be determined by additional outside help being supplied to either side in the conflict. Take Afghanistan, Libya, and  Syria for instance. In the first two instances, the government was overthrown with outside forces helping the rebels, in the last the government is being supported by Russia. In the case of Columbia, the U.S. government chose to come to the rescue for several reasons, but mainly due to the FARCs use of drug production and smuggling weapons to fund their operations. For the U.S. Government the final straw appears to be the killing and hostage taking of the American contractors.

Lessons I took from the article:

1.  Maintain the moral high ground. If the only way you can fund your endeavor is through the sale of drugs, humans or weapons, you’ve got a pretty sorry excuse for a revolution. Good luck finding anyone that is not either scared shitless of you or a sociopath to follow you.

2.  Just because you have your opponent seemingly on the ropes, keep in mind they might have buddies waiting to come to the rescue. Always watch your flanks.

3. Understand the politics of the situation. (much as I hate politics). Had it been the current U.S. administration vice the Bush administration, what course of action would have been taken by the U.S.? Time is on the side of the insurgent (remember, this was a 50-year-old insurgency) don’t become impatient and make your move too soon.

4. Always keep the locals on your side. They are the source of most HUMIT. I took this as one of the FARCs biggest mistakes. You can’t make targeting all local officials as part of your SOP. Just remember, everybody is related to somebody else.

5.  Pick your targets wisely and strategically. If there is no long-term gain for your group, and the payout is peanuts, why waste your time, and scarce resources. That’s why we do target folders. The insurgents offered up the final excuse for the U.S. to become involved when they captured the three American contractors and killed a fourth. The wise course would have been to return them safely. What would have been the long-term benefit for the FARC in keeping them as hostages? Governments are always looking for a excuse reason to test out new weapon systems help out their neighbors in need.

5. Know and understand the threat and don’t become lazy and complacent with your SOI and other communication procedures. Always assume someone is listening in.  Signal collection appears to have been very extensive. Be very careful with your radios. Notice how their communications were compromised, even their home-grown codes. Another good reason to change your SOI daily. However, I don’t believe that the only SIGINT gathered by the NSA was intercept of radio and cell phone communications. The GPS targeting information appears to be very precise as shown in the bomb damage assessment (BDA) photo.  This is an indication of radio direction finding or GPS transmitters being placed on target. If transmitters were used, they had to be put in place by a local. If someone lased the targets, that requires involvement of someone with local knowledge of the terrain. Yet another reason not to piss off the locals.

6.  Keep your groups small, large groups make large targets.  Small groups will join to become larger groups usually for specific operations then split up into the original small groups once the operation is complete.

Now everyone else is invited to pile on.