Stephen, the VodkaPundit, points out one of the major problems likely to be problematic for our collection of electronic and communication intelligence: the sheer rate and volume of potential "target" traffic in an age of e-mail, cell- and sat-phones, and cheap encryption.

He then asks:

Would any readers with actual signals intelligence experience like to weigh in on this, in a strictly unclassified manner?

This is somewhat tangential to the issue raised, and I may ramble a bit - there's a lot of ground to cover and I'm writing "off the cuff," so to speak. And I'm long-winded. And I'm not going to be able to address, even in an unclassified manner, all the possible things pertaining to Electronic Warfare and Signal Intelligence — there's just too much ground to cover.

As I think I've mentioned once or twice here, I was an Electronic Warfare/Signal Intelligence (EW/SIGINT) Voice Intercept Operator (Korean), Army MOS 98G, from '86 to '92, rising to the lofty and exalted rank of Sergeant before being sidelined by a back injury. [sigh.]

Stephen, as noted above, points out what must be a serious problem for the SIGINT community — the volume of traffic and the methods of transmission now available would appear to combine in such a way that "sorting the wheat from the chaff" is at the very least an order of magnitude harder than it was even a decade ago.

My experience is over a decade ago, but I think I can surmise that there are almost certainly plenty of methods that our guys can and do use to "sniff" the new transmission media, but once you have what you think is a kernel of wheat, you probably still have to decrypt it.

I worked in the radio jamming and intercept arena at the battlefield tactical level. [Note the name of this blog, eh?] I expect that things at the "tactical" level haven't changed quite as much as at the "strategic" level, except that radio signal encryption technology has probably become more widespread. [When I was in the Army, we had a near-monopoly on battlefield radio encryption - now it's much cheaper and easier.] Add frequency-hopping to the mix, and you have real problems if you're the intercepter.

To counter this, one of the missions of the EW side of the business is to screw with the bad guys' commo to the point where they have to transmit "in the clear," perhaps sending a message more than once, in order to get the message through.

Jamming, as a method of screwing with the bad guys, had three main tactics in my day, two of which were common, and one pretty difficult and rare. I imagine things haven't changed altogether too much in the intervening years.

The first (and the one that springs to most peoples' minds when you say "jamming") is to simply deny the use of a method of communication to the enemy. For instance, if you know that an enemy infantry division is using a certain set of radio frequencies for their command and control, you could simply blanket that particular radio frequency band with so much noise that no one can communicate at all. In the realm of internet communication, I suppose that would be analogous to flooding T1 lines (etc.) with random bits.

The effect of this is to force the enemy to use other (and, theoretically, less secure and effective) methods of communication, which would hamper their operations and make them more likely to be intercepted.

The second method, more devious, would be to try to screw with the enemy just enough that they have to either transmit the same information over and over, or so that they drop whatever encryption protocol that might be in place - making it more likely to be successfully intercepted. This is also effective it your colleagues on the intercept side of the business are trying to get a Direction Finding "fix" on the transmitter location for potential targeting: more transmissions means a better "fix" on the enemy location.

I suppose an internet analogy would be to "flip" a few bits in an encrypted e-mail so that the receiver knows he has received an e-mail, but that it's been garbled. He will either have to have it re-sent, or perhaps will drop the encryption altogether, if it's believed that the encryption is the problem. Or he may just pick up the phone. In any case, interception could be more likely.

A third, most devious method, is what is called "Imitative Communication Deception" - pretending to be one of the enemy. This is the most difficult thing I can think of at the moment, and it probably would not work if the two communicating parties know each other... but it can work well on the battlefield, where the people talking to each other on the radio often do NOT know each other well enough to recognize an imposter. But you need superior language skills to pull this one off. I was never that good a linguist.

I haven't even really touched much on the "Intercept" side of the SIGINT world yet, but that's all I have the time to write at the moment (Real Life intrudes yet again). Feel free to comment — I will try to answer any questions.

Posted by Russ at 12:38 PM, July 21, 2004 in Nat'l Security