NOTICE: Citizendium is still being set up on its newer server, treat as a beta for now; please see here for more.
Citizendium - a community developing a quality comprehensive compendium of knowledge, online and free. Click here to join and contribute—free
CZ thanks our previous donors. Donate here. Treasurer's Financial Report -- Thanks to our content contributors. --

Radiofrequency MASINT

From Citizendium, the Citizens' Compendium
(Redirected from TEMPEST)
Jump to: navigation, search
This article is developing and not approved.
Main Article
Talk
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and not meant to be cited; by editing it you can help to improve it towards a future approved, citable version. These unapproved articles are subject to a disclaimer.

Radiofrequency MASINT looks at signals incidentally produced by the main signal generator, such as "spillover" of sidelobes or harmonics. This form of MASINT also deals with radiofrequency signals that do not contain information, such as electromagnetic pulse weapons. Radiofrequency MASINT is one of the six major disciplines generally accepted to make up the field of measurement and signature intelligence (MASINT), as defined by the Center for MASINT Studies and Research: [1] breaks MASINT into:

with due regard that the MASINT subdisciplines may overlap, and MASINT, in turn, is complementary to more traditional intelligence collection and analysis disciplines such as signals intelligence and imagery intelligence.

The line between SIGINT and radiofrequency MASINT is a narrow one. In general, think of SIGINT as focused on information-bearing signals deliberately transmitted by the target (e.g.,a radio message or radar pulse). Radiofrequency MASINT, in turn, differs from nuclear MASINT about a nuclear explosion, where this discipline would focus on electromagnetic pulse while nuclear MASINT would look at ionizing radiation.

Where COMINT and ELINT, the two major components of SIGINT, focus on the intentionally transmitted part of the signal, radiofrequency MASINT focuses on unintentionally transmitted information. It complements SIGINT.

For example, MASINT working with COMINT might involve the detection of common background sounds expected with human voice communications. For example, if a given radio signal comes from a radio used in a tank, if the interceptor does not hear engine noise or higher voice frequency than the voice modulation usually uses, even thought the voice conversation is meaningful, MASINT might suggest it is a deception, not coming from a real tank.

Frequency Domain MASINT

Different from direction finding in SIGINT, frequency analysis MASINT concentrates not on finding a specific device, but on characterizing the signatures of a class of devices, based on their intentional and unintentional radio emissions. Devices being characterized could include radars, communication radios, radio signals from foreign remote sensors, radio frequency weapons (RFW), collateral signals from other weapons, weapon precursors, or weapon simulators (for example, electromagnetic pulse signals associated with nuclear bursts); and spurious or unintentional signals[2].

Unintentional RF radiation MASINT (RINT) can determining the frequency to which a receiver is tuned. The local oscillator intercept technique, Operation RAFTER was first made public by a book by a retired senior officer in Britain's counterintelligence service, MI5[3]. The book also discusses acoustic methods of capturing COMINT.

Electromagnetic Pulse MASINT

Nuclear and large conventional explosions produce radio frequency energy. The characteristics of the EMP will vary with altitude and burst size. EMP-like effects are not always from open-air or space explosions; there has been work with controlled explosions for generating electrical pulse to drive lasers and railguns.

The Air Force Technical Applications Center (AFTAC) was the focal point for MASINT surrounding the first Chinese nuclear test on 16 October 1964. Seven acoustic stations provided the initial detection. Correlating the acoustic data with electromagnetic pulse sensors gave the location and yield of the burst, and the analysis of airborne debris confirmed it. [4]

For example, in a program called BURNING LIGHT, KC-135R tankers, temporarily modified to carry MASINT sensors, would fly around the test area, as part of Operation BURNING LIGHT. One sensor system measured the electromagnetic pulse of the detonation.[5].

While EMP often is assumed to be a characteristic of nuclear weapons alone, such is not the case [6]. Several open-literature techniques, requiring only conventional explosives, or, in the case of high power microwave, a large electrical power supply, perhaps one-shot as with capacitors, can generate a significant EMP:

EMP intelligence deals both offensive capability to build, generate particular power vs. frequency spectra, and means of optimizing coupling or other power delivery, and defensive EMP considerations of vulnerability.

Vulnerability has two components:

  • Coupling modes possible between the EMP source and the equipment
  • Front door coupling goes through an antenna intended to receive power in the frequency range being generated
  • Back door coupling in which the EMP produces surges in power (including ground) and communications wire.
  • The level of energy coupled that will damage or destroy a particular target.

Another aspect of offensive EMP intelligence is to evaluate the ways in which an EMP weapon could improve coupling. One approach involves the device extruding antennas. Another, similar to other precision guided munitions, is to bring the device as close as possible to the target.

Intelligence about EMP defense would consider the deliberate use of shielding (e.g., Faraday cages) or greater use of optical cabling.

Unintentional Radiation MASINT

The integration and specialized application of MASINT techniques against unintentional radiation sources (RINT) that are incidental to the RF propagation and operating characteristics of military and civil engines, power sources, weapons systems, electronic systems, machinery, equipment, or instruments. These techniques may be valuable in detecting, tracking, and monitoring a variety of activities of interest.[2]

Black Crow: truck detection on the Ho Chi Minh trail

A Vietnam-era "Black Crow" RINT sensor, carried aboard AC-130 gunships, detected the "static" produced by the ignition system of trucks on the Ho Chi Minh trail, from distances up to 10 miles, and cue weapons onto the truck. [7]

Monitoring potentially necessary electronic emissions

Yet another technique that could determine the frequency to which a receiver is tuned was the technique of Operation RAFTER, which listened for the direct or additive frequency of the local oscillator in a superheterodyne receiver.

This technique can be countered by shielding the intermediate frequency circuitry of superheterodyne receivers, or moving into software-defined radio using digital signal processors with no local oscillator.

Unintentional emissions from electronic devices

This discipline blurs into the various techniques for collecting COMINT from unintentional radiation, both electromagnetic and acoustic, from electronic devices. TEMPEST is an unclassified US code word for the set of techniques for securing equipment from eavesdropping on Van Eck radiation and other emanations. TEMPEST shielding of a radio receiver would protect against the RAFTER technique, but it should be remembered that RAFTER is aimed at a deliberately generated signal, as opposed to unintentional signals such as switch make-and-break pulses from a keyboard.

As early as the First World War, it was possible to intercept the information content of a telegraph or telephone using electrically unbalanced signals, by detecting signals of greater amplitude than the expected electrical ground. In an unbalanced transmission, the ground serves as a signal reference.[8] This technique deals with conducted rather than radiated signals. It was still useful against North Korean field telephones during the Korean War.

Shielding techniques used for TEMPEST also may provide protection against electromagnetic pulse.[9]

One of the blurry areas is understanding the normal incidental radiation from something as basic as a television set. The signals of a consumer product such as that [10] are sufficiently complex that it may be practical to hide a covert eavesdropping channel [11] within it.

Covert passive modulators for audio surveillance

Detail of passive modulator in bugged seal in U.S. Embassy, Moscow

Another category, to which the US code name TEAPOT may apply, is the detection not simply of RF, but of an unintended audio modulation of an external RF signal flooding the area being surveilled. Some object within the room acoustically couples to sound in the room, and acts as a modulator. The group doing the covert surveillance examines the reflected RF for amplitude modulation at the original frequency, or across a spectral band for frequency modulation

For example, in 1952, the Soviets presented the US Moscow embassy, then in Spaso House, with a beautiful Great Seal of the United States. The Seal, however, had an acoustic diaphragm, forming a side of a resonant cavity which, when illuminated with a microwave beam, reflected the beam back as a signal that was modulated by the audio of conversations in the room. The conversations caused the dimensions of the resonant cavity to change, producing the modulated signal, This was a Passive Resonant Cavity Bug.[8]







When Ambassador George Kennan learned of the device, he was appalled, but, for a time, used it either to annoy the Soviets, and perhaps to provide disinformation.
Kennan immediately became “acutely conscious of the unseen presence in the room of a third person: our attentive monitor,” feeling as though he “could almost hear his breathing.” Kennan was not blind to the irony of the situation, for during his many nights alone in the House, he had often read aloud in the same room as the Seal. Since there was no work to be done in the evenings, as well as the fact that he needed the practice since so few Russians ever spoke to him, Kennan sometimes read aloud from scripts of Russian broadcasts by the Voice of America. As such, his unseen audience was treated to “vigorous and eloquent polemics against Soviet politics,” which led Kennan to wonder whether or not the Soviets thought he “was trying to make fun of them.”[12]

This effect may not require a purpose-built modulator. Items as mundane as an incandescent light bulb may act as modulators. TEAPOT, assuming that is the code name, has similarities to the technique of using the reflections of a laser from a window. In that technique, the window vibrates from acoustic pressure on the inside, and modulates the laser carrier. New secure facilities, such as the CIA New Headquarters Building, often have reflective coatings on windows, probably as a countermeasure against laser modulation as well as photography.

Covert modulation

In the 1950s, it was found that there could be electrical coupling between the unencrypted side of a "RED" signal inside a secure communications facility, and either the conductor carrying the "BLACK" encrypted signal, or possibly the electrical ground(s) of the system. TEMPEST protective measures work against the situation when the frequency of the RED and BLACK signals are the same. The RED signal, at a low power level, may be intercepted directly, or there may be intermodulation between the RED and BLACK signals.

The unconfirmed code name HIJACK applies to a more advanced threat, where the RED signal modulates a RF signal generated within the secure area, such as a cellular telephone. [8] While HIJACK targets RF and analog modulation, NONSTOP (another unconfirmed code name) targets the pulses of a digital device, typically a computer.

References

  1. Center for MASINT Studies and Research. Center for MASINT Studies and Research. Air Force Institute of Technology. Retrieved on 2007-10-03.
  2. 2.0 2.1 US Army (May 2004). Chapter 9: Measurement and Signals Intelligence. Field Manual 2-0, Intelligence. Department of the Army.
  3. Wright, Peter; Paul Greengrass (1987). Spycatcher: The Candid Autobiography of a Senior Intelligence Officer. Penguin Viking. ISBN 0-670-82055-5. 
  4. Burr, William, ed. (23 March 2000), Excerpts, "History of the Air Force Technical Applications Center (AFTAC) 1 July-31 December 1964", The Chinese Nuclear Weapons Program: Problems of Intelligence Collection and Analysis, 1964-1972, vol. National Security Archive Electronic Briefing Book No. 26. p. 15
  5. Strategic Air Command. SAC Reconnaissance History January 1968-June 1971.
  6. Kopp, Carlo (1996). The Electromagnetic Bomb - a Weapon of Electrical Mass Destruction. Globalsecurity.org.
  7. Correll, John T. (November 2004), "Igloo White", Air Force Magazine Online 87 (11)
  8. 8.0 8.1 8.2 Tempest Timeline, 23 January 2002
  9. Electromagnetic Pulse (EMP) and TEMPEST Protection for Facilities, U.S. Army Corps of Engineers, 31 December 1990, Pamphlet EP 1110-3-2
  10. Atkinson, James M. (2002). Video Signal Eavesdropping Threat Tutorial.
  11. Atkinson, James M. (2002). Spectral Analysis of Various RF Bugging Devices.
  12. Spaso House: 75 Years of History, U.S. Department of State