Communications intelligence

From Citizendium, the Citizens' Compendium
Jump to: navigation, search
This article is developing and not approved.
Main Article
Talk
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and not meant to be cited; by editing it you can help to improve it towards a future approved, citable version. These unapproved articles are subject to a disclaimer.

Communications Intelligence (COMINT) is the subset of SIGINT concerned with signals intended to be intelligible to human beings, in the form of voice, messages, or images. The US Joint Chiefs of Staff defines it as "Technical information and intelligence derived from foreign communications by other than the intended recipients".[1]

Unfortunately, the terms SIGINT and COMINT often are interchanged, with the additional confusion, in U.S. practice, that all SIGINT designated as sensitive compartmented intelligence (SCI) is in what is called the "COMINT Control System". Both COMINT and ELINT SCI are stamped with the control marking Handle through COMINT Channels Only (CCO) It should be noted that COMINT is commonly referred to as SIGINT, which can cause confusion when talking about the broader intelligence disciplines.

Information among people, or from sensors (e.g., video) will reveal some or all of the following:

  1. Who is transmitting and or where they are located. If the transmitter is moving, the report may give a plot of the signal against location.
  2. If known, the organizational function of the transmitter
  3. The time and duration of transmission, and the schedule if it is a periodic transmission
  4. The frequencies and other technical characteristics of their transmission
  5. If the transmission is encrypted or not, and if it can be decrypted. If it is possible to intercept either an originally transmitted cleartext or obtain it through cryptanalysis, the language of the communication and a translation (when needed)
  6. The addresses, if the signal is not a general broadcast and if addresses are retrievable from the message. These stations may also be COMINT (e.g., a confirmation of the message or a response message), ELINT (e.g., a navigation beacon being activated) or both. Rather than, or in addition to, an address or other identifier, there may be information on the location and signal characteristics of the responder.

Cryptanalysis

While SIGINT and COMINT are usually assumed to involve electromagnetic signals, encrypted text, in the form of printer or facsimile output, may be captured. Of course, it would be most common to intercept text or encrypted voice sent by radio, or on cables that are tapped. In any case, the discipline of cryptanalysis is generally not dependent on the means of signal transmission. The general techniques of mathematical cryptanalysis are extremely complex, and are discussed in separate articles.

Modern cryptosystems use precision time-of-day as another variable, so in addition to recording the signals of extracted (but encrypted) information, the recorders must have synchronized timestamps. GPS is the usual source of precision timing for Western forces.

Acoustic cryptanalysis

One special case, where signal and human interface are known, is called acoustic cryptanalysis, where it is possible to record both the sounds of the human input (e.g., strokes on a keyboard) or output (e.g., the sounds of an impact printer), and correlate the two. This was first done when the encryption and decryption were done with electromechanical devices. In 1956, U.K. COMINT specialists succeeded in such an attack against Hagelin machines used by Egypt. The technique was assigned the code word "ENGULF".[2]

A defense against such attacks, even with all-electronic workstations and cryptosystems, can involve generating random noise that corresponds to combinations of keystrokes.[3]

One of the reasons to do acoustic cryptanalysis is not to break all encryption with this technique, but to gain insight into the way the cryptosystem operates on words or messages that the cryptanalyst can assume will be sent. This is called a known plaintext attack

The threat of new code talkers

In the Second World War, the United States used volunteer communicators known as code talkers, who used languages such as Navajo, Comanche and Choctaw, which would be understood by few people, even in the U.S., who did not grow up speaking the language. Even within these uncommon languages, the code talkers used specialized codes, so a "butterfly" might be a specific Japanese aircraft. British forces made more limited use of Welsh speakers for the additional protection.

While modern electronic encryption does away with the need for armies to use obscure languages, it is certainly possible that guerrilla groups might use rare dialects that few outside their ethnic group would understand.

Signal acquisition

Even if a radio signal is not encrypted, there are a variety of electronic characteristics that must be solved before the human-sensible information can be extracted. Given the simplifying assumption that the signal stays on a single frequency, it will still be necessary to determine the type of modulation in use.

In a field environment, locating, capturing, and extracting meaningful information, even if the information is encryption, may require a team of analysts, substantial automation, or both. Remember that in other than the simplest situations, there are apt to be multiple signals of interest, which each may need more than one instrument and analyst. For example, the Israel Aerospace Industries ELK-7035 commercial COMINT system,[4] intended for multiple signal interception, has features including:

  • manual or programmed search and scan for signals of interest. In the automated mode, up to 500 channels can be evaluated per second. Certain channels can be continuously monitored, and other channels excluded from search.
  • linkage to direction finding subsystem. Knowing the location of a source can guide the signal extraction (e.g., a given country's medium artillery batteries might be known to use frequency modulation, of a certain bandwidth per channel, for its tactical communications). If direction finding can localize the transmitter to the known position of an artillery site, the signal analyzers can be set to look only for the signals likely to be of interest)
  • recording for future analysis. New signals cannot always be understood in real time. It may take recording, and massive correlation at a major COMINT analysis center, to define the patterns and procedures of an adversary's communications.

Voice interception

A basic COMINT technique is to listen for voice communications, usually over radio but possibly "leaking" from telephones or from wiretaps. If the voice is encrypted, the encryption must be solved. Even if the voice is not encrypted but is digitized, the encoding must be recognized before the voice can be understood.

Obviously, the interceptor must understand the language being spoken. Finding linguists, especially those that will understand unusual dialects, is one of the practical challenges for COMINT organizations.

Text interception

Not all communication is in voice. Morse code interception was once very important, but Morse code telegraphy is now obsolescent in the western world, although possibly used by special operations forces. Such forces, however, now have portable cryptographic equipment. Morse code is still used by military forces of former Soviet Union countries.

Specialists scan radio frequencies for character sequences (e.g., electronic mail) and facsimile.

Signaling channel interception

A given digital communications link can carry thousands or millions of voice communications, especially in developed countries. Without addressing the legality of such actions, the problem of identifying which channel contains which conversation becomes much simpler when the first thing intercepted is the signaling channel that carries information to set up telephone calls. In civilian and many military use, this channel will carry messages in Signaling System 7 protocols.

Retrospective analysis of telephone calls can be made from call detail records (CDR) used for billing the calls.

Monitoring friendly communications

More a part of communications security than true intelligence collection, SIGINT units still may have the responsibility of monitoring one's own communications or other electronic emissions, to avoid providing intelligence to the enemy. For example, a security monitor may hear an individual transmitting inappropriate information over an unencrypted radio network, or simply one that is not authorized for the type of information being given. If immediately calling attention to the violation would not create an even greater security risk, the monitor will call out one of the BEADWINDOW codes[5] used by Australia, Canada, New Zealand, the United Kingdom, the United States, and other nations working under their procedures. Standard BEADWINDOW codes (e.g., "BEADWINDOW 2") include:

  1. Position: (e.g., disclosing, in an insecure or inappropriate way, "Friendly or enemy position, movement or intended movement, position, course, speed, altitude or destination or any air, sea or ground element, unit or force.
  2. Capabilities: "Friendly or enemy capabilities or limitations. Force compositions or significant casualties to special equipment, weapons systems, sensors, units or personnel. Percentages of fuel or ammunition remaining."
  3. Operations: "Friendly or enemy operation – intentions progress, or results. Operational or logistic intentions; mission participants flying programmes; mission situation reports; results of friendly or enemy operations; assault objectives."
  4. Electronic warfare (EW): "Friendly or enemy electronic warfare (EW) or emanations control (EMCON) intentions, progress, or results. Intention to employ electronic countermeasures (ECM); results of friendly or enemy ECM; ECM objectives; results of friendly or enemy electronic counter-countermeasures (ECCM); results of electronic support measures/tactical SIGINT (ESM); present or intended EMCON policy; equipment affected by EMCON policy."
  5. Friendly or enemy key personnel: "Movement or identity of friendly or enemy officers, visitors, commanders; movement of key maintenance personnel indicating equipment limitations."
  6. Communications security (COMSEC): "Friendly or enemy COMSEC breaches. Linkage of codes or codewords with plain language; compromise of changing frequencies or linkage with line number/circuit designators; linkage of changing call signs with previous call signs or units; compromise of encrypted/classified call signs; incorrect authentication procedure."
  7. Wrong circuit: "Inappropriate transmission. Information requested, transmitted or about to be transmitted which should not be passed on the subject circuit because it either requires greater security protection or it is not appropriate to the purpose for which the circuit is provided."
  8. Other codes as appropriate for the situation may be defined by the commander.

In WWII, for example, the Japanese Navy made possible the interception and death of the Combined Fleet commander, Admiral Isoroku Yamamoto, by BEADWINDOW 5 and 7 violations. They identified a key person's movement over a low-security cryptosystem.

References

  1. US Department of Defense (12 July 2007), Joint Publication 1-02 Department of Defense Dictionary of Military and Associated Terms
  2. Wright, Peter (1987), Spycatcher: The candid autobiography of a senior intelligence officer, Viking
  3. Asonov & Rakesh Agrawal (2004), Keyboard Acoustic Emanations
  4. Israel Aerospace Industries, ELK-7035 - All - Platform Comint Systems: Operation
  5. Combined Communications-Electronics Board (CCEB) (January 1987). ACP 124(D) Communications Instructions: Radio Telegraph Procedure.