A Boogyman Behind Every Tree

Posted: 12/28/2013 in Communications

Recent articles at Guerillamerica, Signal Corps and here referencing the application of SIGINT, and COMINT have generated several follow-on replies. In reference to Sparks article “Watching The Watcher” that I re-blogged on this site, I had a series of queries from a reader asking about the vulnerabilities of HTs (Handy Talkies or handheld radios) to being remotely activated. He was concerned after my reply was, “if it is a newer Software Defined Radio (SDR) then it is entirely possible for them to be hacked and remotely activated. A better reply would have been; it’s possible but not probable with a few caveats.

As we all now know, the government is spending a lot of money and time in order to keep our country secure from “terrorist threats”. I personally believe, having been witness to our government’s M.O. for many years, that this is primarily .gov run amok, using 911 as an excuse, to create new agencies and expand existing agencies with bloated budgets that are good at justifying themselves. The intelligence community is, without a doubt, the greatest beneficiary of this bonanza.  In the Army we called this “The self licking ice cream cone”.

How does this impact our mission? Keep in mind that the vast majority of our governments intelligence work is done from behind a desk, in front of a computer. Also remember that due to human nature, the first target of choice will always be the easiest, with the largest payoff or “the low hanging fruit”.  Most government agencies allocate spending based on priorities of work. The NSA’s priority is obvious; the collection and storage of cell phone and internet traffic is the low hanging fruit. This is not to say that no resources are directed toward other forms of collection such as aerial platforms.

Because of the aforementioned, I wouldn’t be overly concerned regarding your radios being hacked. While cell phones are ubiquitous, Ham band HTs are not. Even non-ham band HTs, such as GMRS/FRS are a fraction of the number when compared with all the cell phones and computers in use. All cell phone and computer traffic has to go through third-party equipment and networks. That’s normally where the eavesdropping takes place. But also remember, a cell phone is still a radio that is tied to a network of repeaters and routers that we call cell phone towers. And even though it is illegal for civilians to possess the equipment to intercept digital cell phone calls during transmission from the phone to the tower, .gov is under no such legal restraints and does possess the equipment. I know for a fact that the government was under legal restraint to operate the equipment against American citizens in the US prior to NDAA. I suspect that has changed, and if  it has not changed, who will identify and prosecute violators? This is why cell phone and internet use can be risky and why it is considered the low hanging fruit in the intel community. Logic dictates that if you can easily gather mountains of information from those two sources from the safety of your cubicle and reap the benefit of vast funding doing so, why would you expend resources going after hicks in the woods with radios? The organizations that have the equipment and ability to intercept and DF your HTs are few and far between, let alone the organizations that can remotely activate your HT. To remotely activate your HT, they would first have to know what brand and model you are using, the radio would have to be an SDR vice tube or discrete component radio, have access to the radio’s software and then, if possible,  determine how to exploit it. I will tell you, and Sparks will verify, that Ham radio manufacturers change radio design, models and options about as often as my wife changes shoes and purses. At least three times a day. The amount of ham equipment available is staggering. In order to dedicate the resources required to attempt activate your HT, you would have to have become a major pain in someones ass on the order of UBL or the FARC.

Your comms equipment priorities when operating in the field should always be based on METT-TC :

MISSION:  What communications equipment do I need to accomplish the mission? Do I need long haul comms or just short-range line of sight radios? Can I do it without radios? Can I just use hand signals? Smoke? VS-17 panels? Whistles? Do I need an SOI? (you bet your ass you do!) don’t forget PACE.

ENEMY:  In the signal arena, how can the enemy exploit your available communications? If you can’t answer that question, your intel sucks balls and you are a miserable failure as a leader. You probably spent all your time and money on guns, ammo and Mosby’s or Max’s classes, when you should have allocated some on training folks in your group on intel.  So take your shooters to the field, key a mic and try to outrun a JDAMS.   If the BDA photo in the article didn’t get your attention, or you think you can outrun one like the hero in the movie, take a look at the real thing. I can tell you from experience, that is probably the Mk 82 500 lb, not the Mk 84, 2,000 lb version. https://www.youtube.com/watch?v=LFkzAFkM_mE   I would highly recommend attending Sam’s course over at Guerrillamerica.com.  to  get your intel folks up to speed. You have several signal threats; 1. the local bubbas, the golden hoard and/or local law enforcement with civilian scanners or like type radios monitoring your comms. 2. Local law enforcement with augmentation from other government agencies. 3. Military without SIGINT assets but with like type radios to intercept your comms 4. Military SIGINT. 5. .gov SIGINT.  1 through 3 can be hampered with the use of brevity codes and encryption. 4-5 can hear you and find you.  Your best defense is a good intel system. Know your threat!

TERRAIN & WEATHER:  How will terrain affect my comms; line of sight radio in the mountains? How can I use the terrain to mask my radio signals? Can I rig long wire antennas without trees? Do I need whisper mics and ear buds at the ambush point?  Is the mission at night and will hand and arm signals be seen by all members of my patrol?  Will smoke be effective in the rain? at night?

TROOPS:   Do I have folks trained in the use of my radios? Do they understand hand and arm signals, can they read the SOI? Do I have enough troops to provide security while my radio operators set up antennas? Do I have enough troops to carry radios and batteries? How do I cross load comms equipment?

TIME AVAILABLE:  Do I have time to train them on and practice with the radios? Will there be time to set up long wire antennas? Do I have enough time to get to my target while humping the extra weight of the radio gear?

CIVILIAN CONSIDERATIONS:  When I key my radio mic, will grandpa, who lives in the house across the valley, hear my transmission over his TV set? Will the bear hunters in the woods intercept my GMRS radio transmissions on their radios? The truckers on their CBs? If I leave my long wire antenna in the trees, will some kid happen upon it?

If you do your signal planning, training and have good signal intel, wondering if someone can activate your radio remotely should be way down on your list of worries.

    • sparks31 says:

      After MSG Morgan’s comment about outrunning a JDAMS, I had to put that CCR video up. 🙂

      I have in my possession several police scanners that cycle through frequencies at 100 channels per second. At the typical 5 KHz. spacing, it’ll tear through the entire 4 MHz. wide 2 meter ham band in eight seconds. There are some models of spectrum display units and spectrum analyzers that will enable you to look at the entire two meter ham band at once for activity. FM signals, such as those from your Baofeng HT, show up rather well. That’s off the shelf civilian gear. I have a list of frequencies I have compiled over the years that contains all the common handheld and portable radio frequencies. That includes MURS, FRS, GMRS, and CB as well as all the VHF/UHF presets such as 151.625 and 464.55 MHz. used in low-end commercial portable radios such as the Motorola SP10 series. The list is a tad under 200 frequencies, so it takes one of my scanners less than two seconds to check them all for activity. The list was generated via OSINT a few years back. Part of the list is in Ticom’s Garbage Channel Scanning article. http://ticom.livejournal.com/181773.html

      Low power HF CW signals, and spread spectrum signals such as the DTR, are harder to find. Something like PSK31 in an out of the way place is even harder. Semi-burst signals such as HSCW are easy to overlook if you’re searching the bands looking for COMINT. Your technical specialist should be looking at stuff like that. If he isn’t, then he’s a fucking idiot and he needs to unstick his head from his ass, or you need to get rid of him.

  1. Anonymous says:

    I helped design military DF gear that could scan faster than that – on dual receivers – and pass anything interesting to a third DF receiver to boot. All in a package carried by one grunt, as just part of his load. It didn’t work against spread spectrum signals – at that time – but the firmware might have been updated since then. There are problems DFing spread spectrum, unless you can de-spread it.
    So keep your powers as low as possible, and the transmissions as short as possible. 0 Watts at 0 seconds is best! If you must transmit, plan on something unpleasant happening at your location within 15 minutes – be moving elsewhere within 5 minute.

  2. danmorgan76 says:

    Brother, I couldn’t have said it any plainer, or better myself.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.