American Partisan: Basic Sigint Equipment

Former US Army Signal Intelligence Analyst Madman Actual writes about his basic signals intelligence (sigint) equipment in this article from American Partisan.

Here are some basic tools to get you started on your Sigint Ninja journey, young Padawan. From left to right we have: a pen for writing, the Brushbeater RTO TACSOP(Tactical Standard Operating Procedure), above that is the antenna for an RTL-SDR dongle, above that is a manufactured Yagi antenna, below that is a Radioddity(pronounced Radi-oddity, could have swore it was radio-tiddy), below that is my Rite-in-the-Rain notebook, next is the mighty BaoFeng AR-152, my AMD Ryzen 3 powered Lenovo Laptop, a Sig 365XL because guns are cool and my finally my morning coffee.

Now that the run on sentence is complete, let’s talk SIGINT. The point of this little exercise is firstly, a functions check for my gear, and to give you a nice look at what can be used effectively. You don’t need all of these but you do need at least two. You NEED a two-way radio and a directional antenna. Yagi’s work well because of how the antenna is constructed. NC Scout has written extensively on this so I won’t waste time here.

Radioddity GS-5B

This little guy runs about $100 and is very handy to have around. It doesn’t have the transmit power of other radios in the same price range. In fact, the AR-152 is a much more capable communications device and is probably better for direction finding as well. I’m a great salesman, I know. I paid for this dumb little thing for two reasons: It’s rain proof(tested and satisfied) and it has a Received Signal Strength Indicator or “RSSI” on the display. So while you dorks are spinning in circles praying to the Sigint gods, I’ll be making precise movements to find the wascally wabbit. This bad boy has a lot of functionality to include scan mode, dual standby mode, up to 127 channel memory, and a mostly useless Bluetooth function. At least I can’t seem to find a reason to use it.

I’ve tested the 5B at range with omni-directional antennas and the RSSI is quite sensitive. A 2Watt power radio at 1 mile will usually show between a 1 and 2.5 value depending on the frequency used(one shown was used at 1 mile), wattage(low on AR-152) time of day and weather conditions(Chilly morning with no visible sun ~40F) A good rule of thumb is that the higher the frequency, the more susceptible the signal is to propagation interference. But this little bar above the frequency is a very handy tool when linked with a well tuned directional antenna. WELL TUNED is key. My trusty Sigint assistant Johnny Paratrooper and I tried this with a manufactured Yagi and while reception was phenomenal, directional sensitivity was lacking severely. A home-made, precisely cut antenna using your handy dandy RTO TACSOP with the cheat sheet will beat anything you can purchase on the web for a reasonable price.

  BaoFeng AR-152

This is functionally the same transceiver as the BaoFeng UV-5R and the like. Scanning speed is sub-par to dedicated scanners, but certainly is enough to get the job done. It also seems to be a bit more sensitive with higher squelch settings(1-5). I’m not sure if this is the antenna that comes with it but the Yagi just makes it all the better. We used this and the Yagi setup in the SIGINT Course taught by NC Scout and it works well. I highly recommend this combo for newer pupils to Radios and direction finding. It’s so easy, a caveman can do it.

Software Defined Radio(SDR)

Here we have the SDR Airspy waterfall display. We were transmitting 462.562, if you’ll notice the spike graph has a mound with a heavy spike. That’s what it looks like with a very strong signal, this particular one was within 2 feet of the SDR rabbit ear antenna. And you’ll see on the waterfall this is mirrored with the thick red line surrounded by the yellow coloring. This is simply a graphical representation of the Carrier Signal’s bandwidth being broadcast from the transmitting device, this was an AR-152 on Low power. You can see to the right on the waterfall display that around 464.200 there is some activity. This started exactly when began transmitting on 462.562, curious indeed. I transmitted in my living room with windows and mirrors and all sorts of things to bounce that signal all over.

When this happens, the mysterious phenomenon I call Signal Doppelganger occurs. Receivers will hear the same transmission but will appear as two separate frequencies on displays such as this. Clearly, one is the true signal, the other is a filthy imposter only there to confuse and disorient newbies. If you heard this with your UV-5R, you may be convinced that you got em’ but they’re too far away which is why the signal is so broken and barely readable. You’d be chasing a ghost.

Wrap Up

All considered, I highly suggest you start with a cheaper radio like the BaoFeng lineup of  UV-5R, 82L, AR-152 and many more. If you feel like forking over a Benjamin, the Radioddity GS-5B isn’t a bad choice either with the RSSI. SDR’s are NOT tactical but very useful for the Homestead or in a truck being used for Sigint Area Studies. A good Sigint Team uses a combination of tools and could be a nightmare for street commies and even a more professional force with some training and coordination. The RTO/Advanced RTO and Sigint class shows you how to use a digital tablet and an analog radio to play games with enemy communications, the Tactical Sigint Exploitation will show you some strategy and more tricks on making an effective Low Level Voice Intercept Team.

Wyoming Survival: Uniden BCD436HP Is Number 1

Wyoming Survival has an article up about the Uniden BCD436HP scanner. This is a scanner that we’ve recommended ourselves in our post about Suggested Radio Equipment for Community Safety. This is a pretty feature rich scanner, which can make it somewhat intimidating for users new to scanning. Luckily, it’s pretty much ready to go out of the box, and fairly user friendly to get started with basic scanning in your area. We’ll just add a note here about programming software for this scanner. Uniden has their own Sentinel software for this device, but we’ve been using BuTel’s ARC536PRO software, which seems to have more to it.

Uniden BCD436HP Scanner

Anyone who has been following me for awhile knows I’ve been testing the Uniden BCD436HP VS. The Whistler TRX-1. I’ve written multiple posts about them and how good the decode DMR, how quickly they pick up signals, and what not. Today while messing around I stumbled on a feature of the Uniden that puts in the top spot for you digital scanner and SIGINT tool.

I have been having a bunch of discussions on Instagram about the use of scanners other than listening to local LEOs. I was making multiple short videos about what they were asking. I was discussing about using 2 scanners scanning different bands searching for the Baofeng Brothers. In the video I was using the Whistler TRX-1 on UHF and the Uniden BCD436HP on VHF. To do this on the Uniden you have to use the Discovery mode. You set your limits. I set mine to 136 MHZ to 179 MHZ which is what the Baofeng UV-5R will cover. So when the Uniden captures a frequency in Discovery mode it logs it so you can go back and see what frequency it was that it got a hit. What I didn’t know was it also records the audio of that hit!! This is HUGE!!

So let’s say you are in your Listening Post and you are getting your instant coffee ready. While you are pouring the sugar the scanner picks up part of a PSK31 transmission. You spill your hot ass coffee in your lap trying to get to the scanner to at least catch the frequency it was on but you’re unable to because your crotch is burning from the hot coffee you spilt all over yourself. Yeah with the Uniden BCD436HP you don’t have to worry about that since it logged the frequency AND recorded what audio it picked up.

I don’t know what else to say. It decodes DMR, logs the frequency, AND records the audio for you to review later. Its hard to ask for much more in a SIGINT tool

S2 Underground: Intro to Sigint

S2 Underground has a new video providing an introduction to signals intelligence, that is intelligence derived from electronic signals and systems, such as communications systems, radars, and weapons systems. If you’re interested in the topic, Brushbeater has a signals intelligence course, though the last one for 2022 was a week ago.

00:00 – Introduction and History

03:48 – Flight Tracking Apps

06:13 – ADS-B Receivers

07:39 – Software Defined Radios

11:01 – Scanners

15:43 – HackRF Devices

17:35 – Recap

17:58 – Your Own Communications

19:39 – Feasible and Realistic

25:25 – Have a Goal

26:24 – Shelter

29:30 – Automation

30:18 – Integration

31:27 – Closing Thoughts

AmPart: Signals Intelligence – Electronic Isolation Of A Target

NC Scout at American Partisan has written an article on signals intelligence and how to exploit it to disrupt an enemy’s communications. Please note that disrupting someone’s radio communications during peacetime is usually illegal. The FCC can fine you thousands of dollars, revoke any radio licenses you have, and confiscate your radio equipment.

Signals Intelligence: Electronic Isolation Of A Target

Not too long ago I ran a short post over at Brushbeater noting a story from the Marine Corps, pairing signals collection guys with Scout Snipers in a somewhat new small unit strategy. Building on the successes SOF units have had for a long time now in recognizing the rapid value of SIGINT in the field, pairing the two elements only makes sense. The idea is to isolate a target where they’re most vulnerable- electronic communications- in order to end the fight quickly with as few casualties on our side as possible. And working from a prepared citizen’s point of view, those same capabilities can and should be reflected in your own training.

It’s not enough to simply have a scanner, however nice it might be, and call yourself good on signals intelligence. Situational awareness, maybe, maybe, but none of it will do you much good without a means to exploit what ever it is you’ve collected.

The purpose of intelligence is exploitation. 

Recording voice traffic with common items makes exploitation easy

What that means in practical terms is that unless I can do anything with what I’m hearing, its completely useless to me. So what if I hear some traffic on a random frequency. Did I take the time to record it? What did they actually say? What is their level of training or discipline? Who’s the person in charge on the mic?

We can listen to all the traffic we want, but if we have no way of exploiting that, then we’re wasting our time.

Some of the equipment you’ll need for a signals collection package at the small unit level includes a decent scanner capable of decoding P25, a communications receiver, an inexpensive analog radio,  a recording device, a Yagi, and a frequency counter. Most of the higher end scanners on the market have up-gradable firmware that is enabling the decoding of P25 modes in use with public service as well as DMR which is very common today in the US as well as being used in Ukraine and Syria among guerrillas. A communications receiver, while similar to a scanner, will tell us the exact frequency the traffic is on, unlike most digital scanners today. We need to know this in order to have the operating frequency- its not enough to know what they’re saying, but we need to know what frequency they’re on so that if we decide to shut down their communications, we can effectively attack.

Our inexpensive analog radio enables us to not just have additional redundancy in our kit, but it’s also a useful exploitation tool. Depending on what type of gear your opponent has, something like a UV-5R can become our weapon in shutting their communications down. Using a Yagi to first get a bearing on their direction and then focus our signal in their direction, overloading their radios. This is beginning what’s known as isolating the target…

Click here to finish reading the article at American Partisan.

Dialtone: Are You Wearing a “Wire”?

Dialtone has a quick tip on how to stealthily gain some signals intelligence about your local RF neighborhood – Are you wearing a “wire”?

Quick and easy. Simple and stealthy. Just a Binding post to BNC connector. Add ear buds and drop the radio in a bag. Run close call and survey the RF landscape around you with no one even knowing. Don’t over think it. Just take a walk around and see what you get.

See the SIGINT for Everyone article for more information and article links on collecting radio frequency information.

See also Dialtone’s Low Budget Signal Intercept Kit Part 1

and Low Budget Signal Intercept Kit Part 2

American Partisan: SIGINT for Everyone

NC Scout at American Partisan has an informative article up, Signals Intelligence: Capabilities for Anyone, discussing readily available and simple equipment that anyone can use to build their signals intelligence capabilities. Signals intelligence is one of the best, if not the best, ways to know what is going on around you, whether that is in the aftermath of a disaster or during a civil disturbance/conflict.

One of the points I’ve stressed for a long time is the value found in using simple equipment to the maximum of its potential. Whatever it might be optics to weapons to electronics, my own combat experience has fostered an appreciation for Keeping it Simple, Stupid. And that’s the very paradigm I teach my class from–taking what’s common and simple to understand and learning the techniques of using it to its peak potential. The same is true for building signals intelligence capabilities among preppers and/or potential partisans. Not that long ago the RAND Corporation published a white paper on the very topic; what they found was that not only does the capability exist to monitor most real-world threats in any given environment, anyone can do it.

During our market scan, we found examples of SIGINT capabilities outside of government that are available to anyone. The capabilities we found have applications in maritime domain awareness; radio frequency (RF) spectrum mapping; eavesdropping, jamming, and hijacking of satellite communications; and cyber surveillance. Most of these capabilities are commercially available, many are free, and some are illegal. In our view, the existence of both legal and illegal markets and capabilities results in an environment where SIGINT has been democratized, or available to anyone.

(Weinbaum, Berner and McClintock, 2017)

From experience monitoring the Taliban on a decade old Radio Shack Pro-96 in Afghanistan, an undisciplined adversary will usually tell you everything you want to know over the air. Even if he thinks he’s secure with electronic encryption, the presence of the signal itself can be detected as soon as he keys up. After working with several private groups and teaching techniques to not get found in my RTO Course, I can positively say that a lot of people are at a distinct disadvantage in the communications department not through equipment but through a complete misunderstanding of the actual function of their gear. As anyone who’s trained with me knows, tactical communications is a whole other animal from nearly everything folks think they know. The first rule of Signals Counterintelligence is to have a competent plan and not set patterns. But what about collection? Those same mistakes we aim to correct through training are likely to be repeated by the opposing force. Even if they have all the technical enables in the world, a lot can be done with basic equipment…

Click here to read the entire article.

Related:

Sparks 31: Low Level Voice Intercept

Sparks 31: Indicator Frequencies

The above links are now gone. Below are the recovered content of the two articles.

LLVI – Low Level Voice Intercept

That intercept operator from the 513th MI Brigade is using an AOR AR8200. A good choice for a wideband portable if you can afford it. Considering what some of you spend on an M4orgery that won’t see half the action a communications receiver in the hands of a competent operative will see, the AOR is a bargain. However, now that events have gone to a slow boil in the US, and that this is a come-as-you-are party, you just have to run what you brung.

Low-Level Voice Intercept (LLVI) is exactly what what the name implies. It’s performing point and sector searches for voice communications, and something scanner hobbyists have been doing for decades. Even if all you have is a cheap Chinese HT, you can still run LLVI as it receives the VHF-high and UHF land mobile bands just fine. I’ve actually had students in previous classes do that, and they managed just fine.

Here are some examples of less-expensive gear you’d use for LLVI. The receiver on the left is a Whistler WS1040. No surprises there. It covers all the necessary bands, does P25 Phase I, trunking, and has Spectrum Sweeper. To the right is an Alinco dual-band (2m/440) HT that has some extended receive coverage up to ~900 MHz. They both have 1/8″ audio jacks for plugging in headphones. I run them right into my amplified shooting earmuffs that conveniently have a 1/8″ audio jack input. It serves both to keep the noise level down at a field LP, and let you hear what’s going on around you. A notebook for logging and keeping useful reference material handy. Spare batteries, writing instrument, and something to hold it all that I found at a local army/navy store.

Go visit Radioreference.com to get frequency data for your point and sector searches, use online mapping will show you places that are located above your average terrain for listening. Gear up, take a quick hike, do some listening, and enjoy the view.

Indicator Frequencies

Via a suggestion from my friend “GDJ”. Here is a list of common indicator frequencies. They are FCC-allocated for public safety intersystem, interoperability, or mutual-aid use. They are usually quiet until something big (involving multiple jurisdictions) happens. That’s what makes them indicator frequencies.  Most of the time they will be analog FM, which means any old flea market special police scanner can be tasked with monitoring them.
While these are the official FCC allocated frequencies for this purpose, that doesn’t necessarily mean a region will be using them. Do your research.Indicator Frequency List
39.46 – Police Intersystem
39.48 – Fire Intersystem
45.86 – Police Intersystem
45.88 – Fire Intersystem
121.500 – Aeronautical “Guard” (AM)
154.2650 – Fire Intersystem
154.2800 – Fire Intersystem
154.2950 – Fire Intersystem
155.1600 – Search and Rescue Common
155.3400 – EMS Mutual Aid
155.4750 – Law Enforcement Mutual Aid
155.7525 – National Interoperability Calling
453.2125 – National Interoperability Calling
851.0125 – Mutual-Aid Calling

Sparks31: Monitoring Exercise/Contest, Dec. 7, 2018

Sparks31 has announced a monitoring exercise (MONEX) for the anniversary of the Pearl Harbor attack, December 7th, 2018. Participants will be entered into a drawing for a free 2019 class of his. A MONEX is a good way to gain familiarity with using your equipment, listening for signals, and recording activity within your listening range. Sparks31 has at least a couple of classes in Washington state, including one in the Yakima valley, in 2019.

MONEX: Pearl Harbor – 07DEC2018

MONEX: Pearl Harbor

Date/Time

07DEC2018 – 0000-2359 UTC
Equipment Required
SSB/CW/digital HF receiving capability from 1600-28000 KHz.
Procedure
  • User selects frequency range(s) from Table 1, above.
  • User performs band/sector searches on selected frequency ranges for at least 1 hour during time frame specified.
  • User logs following data: DATE, TIME, FREQUENCY, MODE, CALLSIGNS(?), TRAFFIC, MISC NOTES/COMMENTS
  • User posts log as a comment to this post, and via email to sparks31wyo@gmail.com.

All qualifying participants will be entered into a drawing for one (1) free admission to any one 2019 Class. To qualify, at least three complete log entries must be submitted.

Click here for more details at Sparks31.

Sparks31 Introduces Basic Grid-Down Communications Class

Sparks31 has introduced a new class which will debut in Watertown, CT – Basic Grid-Down/Down-Grid Communications (combined with his SIGINT class). Sparks will be bringing some classes to Washington state (including Yakima and Seattle) in 2019, and hopefully this class may be added to the lineup. Communication is critical in a disaster. Can you still communicate with those you need to if the internet and phone system go down?

This is a one-day class that covers all the basics you need to set up your monitoring post, collect signals intelligence (SIGINT), get on the air with amateur radio and personal communications services (FRS, GMRS, MURS, CB, Part 15), and establish communications networks and interoperability with other like-minded individuals.

Topics of instruction include the following:

  • Learning about Electronic Communications – A Primer
  • Communications Monitoring HF-to-UHF
  • Intelligence versus Information
    • Intelligence Requirements
  • SIGINT – Signals Intelligence
  • Listening Posts and SIGINT Operations
  • Communications Services
    • Amateur Radio
    • Part 95 & 15 (license-free or “license by rule” services)
  • Communications Networks
    • Interoperability – What it is, and how to make it work.
  •  Increasing System Performance
    • Antennas
  • Grid-Down versus Down-Grid Realities
  • Basic Crypto Systems and When It Is Legal to Use Them
  • Alternatives to Radio Communications
Cost for this class is $100. Please enroll via our storefront at https://squareup.com/store/sparks31/.

Sparks 31: More Practice – SIGINT, COMINT

From Sparks31

radioshack-pro-34

Practice. Practice. Practice.

That’s how you become good.

You know where you live. (At least I hope so…)

You live in a state, county, and maybe even in a municipality (city, town, village, borough, etc.)

That means you will have a state police/highway patrol, county sheriff, and possibly a local municipal police force.

Each will have its own dispatch/operations frequency or talkgroup if they use a trunked system.

You should know what State Police/Highway Patrol troop covers your area, and what precinct your local PD your neighborhood is in (if your town/city PD is that big).

That should be three frequencies and/or talkgroups.

Go to Radio Reference.

Select your area.

Program in the necessary data.

Go to the local dollar store and get a composition-type  notebook.

Listen.

If there is too much traffic, then just listen to one. Start with your municipal PD  or county sheriff if you live in an unincorporated area.

Take notes.

Listen some more.

Keep taking notes.

Do it for a week.

Then do it some more.

Keep practicing. That’s how you become good.

Sparks has a class on all this in Denver in October.

Brushbeater has a radio operator class in Montana in September.

Forward Observer has an SHTF Intelligence class in Florida at the end of August.

Everyone is telling you to get trained. Events are telling you to get trained. Why aren’t you?

 

Sparks31 Releases Commo Book

Sparks31, a frequent internet writer on emergency communications, has released a new book titled Commo.  It is available in print and as an eBook on Lulu.com.

EDIT: The books are no longer available on Lulu. See the mirror links at the bottom of the article.

Hardcopy – http://www.lulu.com/content/paperback-book/commo/2…

Digital (Free Download) – http://www.lulu.com/shop/sparks31/commo/ebook/prod…

Sparks31 has previously written Communications for 3%ers and Survivalists and also Down-Grid Communications.

Follows an excerpt from the introduction:

Imagine, for a moment, that right now the grid goes down, either accidentally or by design. Would you be able to:
• Communicate with family members to determine their safety/well being, and have them initiate contingency plans?
• Alert and mobilize the members of your group?
• Collect intelligence information to find out local conditions?
• Collect intelligence information to find out the geographical extent of a disaster or similar event/situation?

Now lets go to the actual present, our status­quo dystopian reality. Are you able to:
• Communicate with family and group members in a manner that minimizes your footprint?
• Collect intelligence information to find out local, regional, national, and worldwide conditions/events via alternative means?
• Minimize or eliminate your surveillance footprint when necessary for privacy reasons?

Communications skills in a down­grid situation, meaning both now and in an uncertain future, is an essential survival skill for anyone interested in maintaining control over their own destiny. You don’t need to be an electronics expert, although your group or tribe will
certainly need one. You do need to have a certain level of
knowledge, dependent on your aptitude and general skill­
set.