Radiofrequency MASINT

From HandWiki
Revision as of 18:13, 8 February 2024 by Scavis2 (talk | contribs) (update)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Discipline within Measurement and Signature Intelligence (MASINT)

Radiofrequency MASINT is one of the six major disciplines generally accepted to make up the field of Measurement and Signature Intelligence (MASINT), with due regard that the MASINT subdisciplines may overlap, and MASINT, in turn, is complementary to more traditional intelligence collection and analysis disciplines such as SIGINT and IMINT. MASINT encompasses intelligence gathering activities that bring together disparate elements that do not fit within the definitions of Signals Intelligence (SIGINT), Imagery Intelligence (IMINT), or Human Intelligence (HUMINT).

According to the United States Department of Defense, MASINT is technically derived intelligence (excluding traditional imagery IMINT and signals intelligence SIGINT) that – when collected, processed, and analyzed by dedicated MASINT systems – results in intelligence that detects, tracks, identifies, or describes the signatures (distinctive characteristics) of fixed or dynamic target sources. MASINT was recognized as a formal intelligence discipline in 1986.[1] See Measurement and Signature Intelligence for an overview of the discipline and its unifying principles. As with many branches of MASINT, specific techniques may overlap with the six major conceptual disciplines of MASINT defined by the Center for MASINT Studies and Research, which divides MASINT into Electro-optical, Nuclear, Geophysical, Radar, Materials, and Radiofrequency disciplines.[2]

Disciplines

MASINT is made up of six major disciplines, but the disciplines overlap and intertwine. They interact with the more traditional intelligence disciplines of HUMINT, IMINT, and SIGINT. To be more confusing, while MASINT is highly technical and is called such, TECHINT is another discipline, dealing with such things as the analysis of captured equipment.

An example of the interaction is "imagery-defined MASINT (IDM)". In IDM, a MASINT application would measure the image, pixel by pixel, and try to identify the physical materials, or types of energy, that are responsible for pixels or groups of pixels: signatures. When the signatures are then correlated to precise geography, or details of an object, the combined information becomes something greater than the whole of its IMINT and MASINT parts.

The Center for MASINT Studies and Research breaks MASINT into:[2]

Where COMINT and ELINT, the two major components of SIGINT, focus on the intentionally transmitted part of the signal, radiofrequency MASINT focuses on unintentionally transmitted information. For example, a given radar antenna will have sidelobes emanating from other than the direction in which the main antenna is aimed. The RADINT (radar intelligence) MASINT subdiscipline involves learning to recognize a radar both by its primary signal, captured by ELINT, and its sidelobes, perhaps captured by the main ELINT sensor, or, more likely, a sensor aimed at the sides of the radio antenna.

MASINT associated with COMINT might involve the detection of common background sounds expected with human voice communications. For example, if a given radio signal comes from a radio used in a tank, if the interceptor does not hear engine noise or higher voice frequency than the voice modulation usually uses, even though the voice conversation is meaningful, MASINT might suggest it is a deception, not coming from a real tank.

Frequency domain MASINT

Different from emitter location in SIGINT, frequency analysis MASINT concentrates not on finding a specific device, but on characterizing the signatures of a class of devices, based on their intentional and unintentional radio emissions. Devices being characterized could include radars, communication radios, radio signals from foreign remote sensors, radio frequency weapons (RFW), collateral signals from other weapons, weapon precursors, or weapon simulators (for example, electromagnetic pulse signals associated with nuclear bursts); and spurious or unintentional signals.[3]

See HF/DF for a discussion of SIGINT-captured information with a MASINT flavor, such as determining the frequency to which a receiver is tuned, from detecting the frequency of the beat frequency oscillator of the superheterodyne receiver. This may also be considered unintentional RF radiation (RINT). The local oscillator intercept technique, Operation RAFTER was first made public by a book by a retired senior officer in Britain's counterintelligence service, MI5.[4] The book also discusses acoustic methods of capturing COMINT.

Electromagnetic pulse MASINT

Nuclear and large conventional explosions produce radio frequency energy. The characteristics of the EMP will vary with altitude and burst size. EMP-like effects are not always from open-air or space explosions; there has been work with controlled explosions for generating electrical pulse to drive lasers and railguns.

For example, in a program called BURNING LIGHT, KC-135R tankers, temporarily modified to carry MASINT sensors, would fly around the test area, as part of Operation BURNING LIGHT. One sensor system measured the electromagnetic pulse of the detonation.[5]

While EMP often is assumed to be a characteristic of nuclear weapons alone, such is not the case.[6] Several open-literature techniques, requiring only conventional explosives, or, in the case of high power microwave, a large electrical power supply, perhaps one-shot as with capacitors, can generate a significant EMP:

EMP intelligence deals both offensive capability to build, generate particular power vs. frequency spectra, and means of optimizing coupling or other power delivery, and defensive EMP considerations of vulnerability.

Vulnerability has two components:

  • Coupling modes possible between the EMP source and the equipment
    • Front door coupling goes through an antenna intended to receive power in the frequency range being generated
    • Back door coupling in which the EMP produces surges in power (including ground) and communications wire.
  • The level of energy coupled that will damage or destroy a particular target.

Another aspect of offensive EMP intelligence is to evaluate the ways in which an EMP weapon could improve coupling. One approach involves the device extruding antennas. Another, similar to other precision guided munitions, is to bring the device as close as possible to the target.

Intelligence about EMP defense would consider the deliberate use of shielding (e.g., Faraday cages) or greater use of optical cabling.

Unintentional radiation MASINT

The integration and specialized application of MASINT techniques against unintentional radiation sources (RINT) that are incidental to the RF propagation and operating characteristics of military and civil engines, power sources, weapons systems, electronic systems, machinery, equipment, or instruments. These techniques may be valuable in detecting, tracking, and monitoring a variety of activities of interest.[3]

Black Crow: truck detection on the Ho Chi Minh trail

A Vietnam-era "Black Crow" RINT sensor, carried aboard AC-130 gunships, detected the "static" produced by the ignition system of trucks on the Ho Chi Minh trail, from distances up to 10 miles, and cued weapons onto the trucks.[7]

Monitoring potentially necessary electronic emissions

Yet another technique that could determine the frequency to which a receiver is tuned was the technique of Operation RAFTER, which listened for the direct or additive frequency of the local oscillator in a superheterodyne receiver.

This technique can be countered by shielding the intermediate frequency circuitry of superheterodyne receivers, or moving into software-defined radio using digital signal processors with no local oscillator.

Unintentional radiation from electronic devices

This discipline blurs into the various techniques for collecting COMINT from unintentional radiation, both electromagnetic and acoustic, from electronic devices. TEMPEST is an unclassified US code word for the set of techniques for securing equipment from eavesdropping on Van Eck radiation and other emanations.

One of the blurry areas, for example, is understanding the normal incidental radiation from something as basic as a television set. The signals of a consumer product such as that[8] are sufficiently complex that it may be practical to hide a covert eavesdropping channel [9] within it.

Covert modulators for audio surveillance

Another category, to which the US code name TEAPOT may apply, is the detection not simply of RF, but of an unintended audio modulation of an external RF signal flooding the area being surveilled. Some object within the room acoustically couples to sound in the room, and acts as a modulator. The group doing the covert surveillance examines the reflected RF for amplitude modulation at the original frequency, or across a spectral band for frequency modulation

For example, in 1952, the Soviets presented the US Moscow embassy with a beautiful Great Seal of the United States. The Seal, however, had an acoustic diaphragm, forming a side of a resonant cavity which, when illuminated with a microwave beam, reflected the beam back as a signal that was modulated by the audio of conversations in the room. The conversations caused the dimensions of the resonant cavity to change, producing the modulated signal, This was a Passive Resonant Cavity Bug.[10]

This effect may not require a purpose-built modulator. Items as mundane as an incandescent light bulb may act as modulators.

TEAPOT, assuming that is the code name, has similarities to the technique of using the reflections of a laser from a window. In that technique, the window vibrates from acoustic pressure on the inside, and modulates the laser carrier.

Secure signal leakage into ground

As early as the First World War, it was possible to intercept the information content of a telegraph or telephone using electrically unbalanced signals, by detecting signals of greater amplitude than the expected electrical ground. In an unbalanced transmission, the ground serves as a signal reference.[10]

Covert modulation for digital surveillance

In the 1950s, it was found that there could be electrical coupling between the unencrypted side of a "RED" signal inside a secure communications facility, and either the conductor carrying the "BLACK" encrypted signal, or possibly the electrical ground(s) of the system. TEMPEST protective measures work against the situation when the frequency of the RED and BLACK signals are the same. The RED signal, at a low power level, may be intercepted directly, or there may be intermodulation between the RED and BLACK signals.

HIJACK is a more advanced threat, where the RED signal modulates a RF signal generated within the secure area, such as a cellular telephone.[10] While HIJACK targets RF, NONSTOP targets the pulses of a digital device, typically a computer.

References

  1. Interagency OPSEC Support Staff (IOSS) (May 1996). "Operations Security Intelligence Threat Handbook: Section 2, Intelligence Collection Activities and Disciplines". https://fas.org/irp/nsa/ioss/threat96/part03.htm. 
  2. 2.0 2.1 Center for MASINT Studies and Research. "Center for MASINT Studies and Research". Air Force Institute of Technology. http://www.afit.edu/cmsr/. 
  3. 3.0 3.1 US Army (May 2004). "Chapter 9: Measurement and Signals Intelligence". Field Manual 2-0, Intelligence. Department of the Army. https://atiam.train.army.mil/soldierPortal/atia/adlsc/view/public/10536-1/FM/2-0/chap9.htm. 
  4. Wright, Peter; Paul Greengrass (1987). Spycatcher: The Candid Autobiography of a Senior Intelligence Officer. Penguin Viking. Wright 1997. ISBN 0-670-82055-5. 
  5. Strategic Air Command. "SAC Reconnaissance History January 1968-June 1971". http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB184/FR28.pdf. 
  6. Kopp, Carlo (1996). "The Electromagnetic Bomb - a Weapon of Electrical Mass Destruction". Globalsecurity.org. http://www.globalsecurity.org/military/library/report/1996/apjemp.htm. 
  7. Correll, John T. (November 2004). "Igloo White". Air Force Magazine Online 87 (11). Igloo White (text only). http://www.airforcemag.com/MagazineArchive/Pages/2004/November%202004/1104igloo.aspx. Retrieved 31 July 2013. 
  8. Atkinson, James M. (2002). "Video Signal Eavesdropping Threat Tutorial". http://www.tscm.com/TSCM101video3.html. 
  9. Atkinson, James M. (2002). "Spectral Analysis of Various RF Bugging Devices". http://www.tscm.com/spectan.html. 
  10. 10.0 10.1 10.2 "Tempest Timeline". 23 January 2002. http://cryptome.org/tempest-time.htm.