Signals Intelligence – Information Gathering Basics

Why?

If you have a preparedness mindset knowing what is going on in your local area is important.  Communications monitoring is one of the five intelligence essentials for community security.  You should have already done some research and identified risks, hazards, gangs, resources and critical infrastructure in your neighborhood, known as your area of action (AOA) in military terms.

This article will go over some of the basics of what, and how, to gain signals intelligence (SIGINT), communications intelligence (COMINT), and electronics intelligence (ELINT).

Definitions

Area of Action (AOA) is a military term meaning the area of operation.  In this context it is your immediate community.

Signals Intelligence (SIGINT)

SIGINT is intelligence gather by the interception of signals.  SIGINT is a broad field and covers a number of sub-fields including communications and electronic intelligence: 

Communications intelligence (COMINT) is the gathering of intelligence from the communications between people.  Commonly from over the air communications but it can also be from taping into telephone lines (which is illegal unless you have a warrant).  In Amateur Radio there are other modes other than voice which can be used, such as digital messages, in a number of different modes (such as PSK31, MT-64 and lots others) and morse code.

Electronic intelligence (ELINT) is the analysis of the signal, where voice or other data cannot be determined, such as when a signal is encrypted.  In the military world this would include analysis of radar and other equipment emitting a signal.  In the civilian environment many law enforcement agencies encrypt some, if notall of their radio channels (see more below).  Direction finding can provide the location for the source of transmissions.  Direction finding is one, of many, sub-hobbies in Amateur Radio.

Analog audio is the most common form of transmitting audio signals.  Your standard AM and FM radio signals are in analog.  If you have HD radio in your car that is a digital signal (see below).

Digital audio is a processed signal, the audio is converted to data ‘bits’.  A digital signal is not as susceptible to interference as analog and the signal tends to be ‘cleaner.’  There are a number of digital signal formats, called codec.  In a public safety radio system the first part of the digital signal contains information that includes the radio ID as well as the talk group the radio is on.  This is similar to HD radio, where the signal contains information about the music being played, that is then displayed on the radio.  In older radio systems the format of the digital signal is proprietary.   P25 standards were developed to provide interoperability (see more below). 

Frequency is the specific frequency (usually in Mhz) that a transmission is on.  There are a number of different sources to find out what frequencies an agency transmitting on (see more below).

Channel is a name given to a frequency or pair of frequencies.  A pair of frequencies are used when a repeater is used, one frequency is used to transmit on, the other to receive.

A repeater is used to take a, usually, weaker signal and ‘repeat’ it so other users can hear.  A repeater is usually on a hill or high tower or other strategic location that will allow users to hear everyone else’s transmissions.

A talk group is a pseudo name for a channel in a trunked radio system.  They are usually named for the department that is using them, such as Fire 1, Fire 2, Police 1, etc.  In most cases there are more named talk groups than available channels on a system (see trunking system below).

Trunking or trunked radio system, is a computer controlled collection of repeaters to allow sharing of a limited number of channels between a group of users.  There may be over 1,000 radio users on a system, and 30 or more talk groups.  One channel is used as a ‘control’ channel, which communicates with all the radios that are turned on.  Each radio has a unique ID assigned to it, so the system knows what talk group each radio has selected.  When a radio pushes the push-to-talk (PTT) button it signals the system to assign an available channel (repeater) and all the radios on that talk group are switched to that channel by the radio system.  All this takes place in less than a second.  Older trunked systems used analog signals but most have transitioned to digital signals.

P25 is a set of standards developed for public safety communications with the intent that radios manufactured by different vendors will work on trunked systems made by different manufacturers.  Most proprietary trunked systems (Motorola and Harris being the two largest system manufacturers) are near end of life and are being replaced.  One part of the standards address the method and process used to convert the signal to the digital format. 

Digital Mobile Radio (DMR) is another digital and signal standard.  It is used in commercial radio applications as well as Amateur Radio.  Only newer scanners are capable of decoding DMR signals.  Some listings list DMR systems as TRBO or MotoTRBO.

Digital Smart Technologies for Amateur Radio (D-STAR) is another digital signal format.  It is only found in Amateur Radio and at this time there are no scanners on the market that can ‘read’ D-STAR transmissions. 

Encryption is used in public safety applications.  Federal agencies are mandated to use encryption.  Local, county and state law enforcement agencies typically only use encryption for specialized units, such as SWAT, gang and drug units due to costs.  There are a number of difference types of encryption, with AES-256 being the current standard.  Older versions have been successfully broken with modern computer power and software but may still be in use in older public safety systems.  All radios must have the same encryption key.  Encryption can be compromised by failing to follow good practice.  Scanners cannot decrypt an encrypted transmission. 

Continuous Tone-Coded Squelch System (CTCSS) is a sub-audible tone that can be added to an analog frequency to help reduce interference from other users of the frequency.  In most cases it is used to eliminate interference getting into a repeater system.  It is commonly called ‘PL.’  CTCSS does not provide any privacy, and when scanning it is not necessary to listen to transmissions.

Digital Coded Squelch (DCS) is a digital version of CTCSS that puts a continuous stream of digital data on the transmitted signal.  As with DCS it is not necessary to program into a scanner to listen to the transmissions.

Network Access Code (NAC) is used similarly to CTCSS and DCS but on a digital system. Amateur Radio (Service) (aka ‘ham’) is a license radio service under Part 97 of the Code of Federal Regulations, FCC Rules.  Operators take an exam and get a call sign assigned by the FCC.  There are three levels, Technician, General and Amateur Extra (usually just called Extra).  Morse code is no longer a requirement for a license. 

There is an App for That

As with almost everything else these days there are a number of scanner applications and web feeds you can utilize to listen to public safety and other radio transmissions.  The most common app is Broadcastify. On the web  Radioreference.com provides links to numerous agencies audio through Broadcastify.  These feeds are provided by people who live within the radio range of an agency and have a scanner listening and fed into the web.  This means you could listen to the transmissions of Las Vegas police as the events were occurring from anywhere in the world and at no cost.  In fact a friend’s wife and two of her friends were in the area when the shooting started, he was able to give them directions based on the radio traffic he was listening too.

The disadvantage with an app is that you have no control over what is being fed.  Also, you do not receive the data that is in the transmission (in the case of trunked and P25 radio systems), and this can provide you additional information, even if the channel is encrypted.  As the apps are reliant on power and internet at the source they could be off line when you want to rely on them.  They could also be deliberately taken off line during a critical event.

Radio Frequency Sources

There are a number of ways to locate the radio systems and frequencies, the most user friendly is RadioReference.com.  You can search by county or agency.

You are more likely to find a trunked radio system in urban areas.  Entries for trunked systems will identify the type of system, the operating frequencies and many of the talk groups.  In large cities also look for a Federal interoperable system or frequencies. 

Also search the national agency frequencies.  Federal, or FEMA, task forces such as the Urban Search and Rescue (USAR) units carry encrypted radios.  Some of the ‘common Federal’ frequencies may be in use and, as they are intended for interoperable communications between Federal and local agencies, they are usually not encrypted (see NIFOG below).  National Red Cross frequencies can be found on this page but you will probably have to search the state or city page to find local frequencies they may be using.

Remember the information listed is provided by people who listen to the system so there could be talk groups that are not commonly used and therefore not listed.  Depending on the system there could be public safety and many of the local county or city departments on it.  Rural areas may still be using analog repeaters.

Another useful resource is the National Interoperable Field Operations Guide (NIFOG).  This contains national interoperable frequencies in various bands.  These are intended to allow local, state and Federal agencies to communicate.

While Radio Reference does list some Amateur Radio frequencies a more complete list can be found at RepeaterBook.com.  Searching the web for local ham clubs and they will list frequencies of repeaters they maintain.  You should also search for your local Amateur Radio Emergency Services (ARES) and see if you can find a copy of their communications plan, this will list repeaters and simplex frequencies they will use to support local emergency management in an emergency.

screen shot of FLDIGI

Amateur Radio has access to a large spectrum of frequencies in many bands (see amateur band plan).  Scanners will receive the common VHF (2 meter) and UHF (70cm) amateur frequencies but not their HF (short wave) allocation.  During major disasters long range communications into and out of the disaster area are done on HF frequencies.  Other than voice communications Amateur Radio is known for it’s ability to pass messages in digital formats.  There are a number of different digital formats hams can use and, just like voice, in many different parts of the frequency spectrum.  Researching your local ARES group may provide you some of the frequencies they use for digital communications.  A free software program called Fldigi is used by hams to send and receive digital messages.  You can download it and by just simply setting it to use the microphone on your computer it will decipher any message it hears over your scanner if it is in the right mode.  Commonly on the VHF frequencies the MT-64 format is used.

Amateur Radio has a number of digital voice modes that it can use.  D-STAR and DMR are two of the most common ones.  With both these systems local repeaters can be connected to other similar repeaters all over the world.  As mentioned previously scanners will not decode D-STAR transmission but newer ones will decode DMR signals. 

You will want to research how many D-STAR repeaters are in your area and if they are used for emergency communications.  If so you might want to invest in a D-STAR capable radio so you can monitor emergency communications.  Currently Icom is the only manufacturer of mobile D-STAR capable radios.  Current models (ID-4100A) are around $450 however the older model ID-880 may be found on eBay or similar sites for less than $300.  The easiest way to program these radios with D-STAR information is with RT Systems software.

There are a number of different DMR networks, the most common and rapidly growing is Brandmeister.  Brandmeister has a dashboard and from there you can search for repeaters as well as hotspots (a small transmitter that someone has at their house connected to the network).  It is also possible to listen to the audio on any repeater and on any of the thousands of talk groups.  If you have a local Amateur Radio DMR repeater you will only hear a talk group that a user has connected to.  If you want the ability to listen to any talk group, and especially the state or national emergency ones then you would need to invest in an openSPOT and a DMR capable hand held radio.  The openSPOT is a digital radio that connects through your internet to the DMR network.  As with the use of scanner apps this is subject to you having power and an internet connection.

If you are near a body of water you may want to listen to some marine channels.  VHF marine channels are referred to by their number.  Marine channel 16 is a calling frequency, and once contact is established you switch to another channel.  The U.S. Coast Guard monitors Ch. 16 but also operates on channels 21A, 22A and 23A.  In addition to the VHF marine channels there are a number of marine frequencies in the MF and HF bands.

There are a lot of digital communications in the HF bands, especially military and Federal agencies such as the Coast Guard and Customs and Immigration.  During disasters Amateur Radio operators provide communications into and out of the area using HF frequencies.  Also in the HF bands you will find continuity communications capabilities such as the National Communications System Shared HF Resources (SHARES) program.   If you search ‘HF frequencies’ in radioreference.com you will see a number of lists (below the [Ad] links) for USAF, HF Military, HF Maritime, USCG and a number of other lists.  A web search will also find numerous lists of HF frequencies put together by other monitoring enthusiasts.  As mentioned before, print these lists and keep in a binder/note book.

Your AOA

You will need to identify the resources and assets in your area that use radios.  The obvious ones are your local police, fire and emergency medical services.  Others can include;

  • Water company
  • Electrical company
  • Public works
  • Airlines & companies that provide ground support such as fuel and ground handling
  • Air traffic control
  • Airports, not forgetting uncontrolled airports (as they usually have a frequency assigned)
  • Amateur Radio, to include Amateur Radio Emergency Services
  • Red Cross
  • Salvation Army
  • NOAA
  • Federal agencies (although many will be encrypted)
  • Local Community Emergency Response Teams (CERT) (may be using FRS, GMRS and/or ham frequencies)
  • Neighborhood watch (may be using FRS or GMRS)
  • School – Security and BASE units

Scanner Selection

Local Radio Systems

There are numerous scanners available, hand held or desk/mobile configurations.  Rather than provide a review of multiple scanners I recommend the Home Patrol II scanner, it has high reviews from all who have used it.  Most scanners require the user to program in the frequencies and systems you want to listen to.  The Home Patrol II uses your zip code or it’s built in GPS to select from it’s database.  This makes set up and using very easy.  The Home Patrol II will work with all trunked systems on the market as well as DMR and conventional analog transmissions.  It will also run on regular batteries so you should make sure you keep a stock of both regular alkaline as well as rechargeable and have the means to recharge them by solar power.

HF Receivers

To listen to HF transmissions you are going to need a different receiver, one designed for HF/shortwave.  You want to get one with a digital display so you can tune to a specific frequency.  The Tecsun PL-660 is a good receiver and can be found on about $120.  The new model, the Tecsun PL-880 is about $160.  The only difference I can see is that the 880 can be operated on 120v.  There are a number of other shortwave scanners you can search, but make sure they have SSB (single sideband) capability as most HF signals are SSB.

Strange Messages

While scanning the HF bands you might come across stations transmitting series of numbers in groups.  These are ‘numbers stations’ and were common in World War II as well as the Cold War.   A transmitter in a friendly country transmits the numbers which can be heard over a regular AM radio to an agent.  Only the agent that the message is intended for has the ability to decrypt the message by using a one-time pad (OTP).  With OTP’s the page with that particular cypher is only used once, then destroyed.  By doing this it is impossible to determine who the message is for and it cannot be broken.

If you have ever watched any modern war movies you have probably heard Emergency Action Messages (EAM).  The US Military operates the High Frequency Global Communication’s System (HF-GCS).  During the Cold War Strategic Air Command (SAC) maintained an airborne command plane nick named “Looking Glass”  and B-52 bombers were in the air 24/7.  During this time it was possible to hear regularly transmissions on the HF-GCS.  While it is still in use today transmissions are less frequent. 

In addition to sending EAM’s the HF-GCS sends high priority messages known as Skyking or Foxtrot Broadcasts.  The message is in a different format to EAM’s and starts; “Skyking skyking do not answer..”

When listening to HF-GCS transmissions you may hear an echo.  This is because the HF GCS has transmitters all over the world to ensure global communications:

Andersen Air Base, Guam
Andrews AFB, Maryland
Ascension Island
Croughton AB, United Kingdom
Diego Garcia Naval Station, Indian Ocean
Elmendorf AFB, Alaska
Hickam AFB, Hawaii
Keflavik NAS, Iceland
Lajes AB, Azores
McClellan, California
Offutt AFB, Nebraska
Salinas, Puerto Rico
Sigonella Naval Station, Sicily, Italy
Yokota AB, Japan
Air Force Eastern Test Range, Florida

With the recent news that the USAF is considering again putting the B-52’s on 24/7 alert there may be more traffic on these frequencies.

Deciding what to buy will depend on your assessment of what radio transmissions you want to monitor.

Ears To Hear You Better

To hear most of your local public safety transmissions the antenna that comes with the scanner will usually work.  However, to hear low power or simplex (non-repeater) channels you will want an outside Tram 1410 Broad Band Discone/Scanner Base Antennaantenna.  There are lots of antenna choices depending on what frequencies you want to concentrate on.  To get the best utilization of your scanner and cover all the frequencies it will receive a discone base antenna is best, however there are a number of other choices depending on the space you have available and whether you want to conceal it.  You will also need some suitable coax cable to connect your antenna to the scanner.  You should also use sealant tape around the connector at the antenna, if you get water in the connector, and then the cable, it will render it almost useless.  The best place for advise on what to get is your local Ham Radio Outlet or other ham store.  Most will carry scanners, some CB’s and antennas and are a wealth of good information.

What to Listen To

Your situation will determining what to listen to.  For general day-to-day you might want to listen to police dispatch that covers your neighborhood.  You will want to research what, if any, 10-codes or other codes your local and state police departments use.  It will probably take some time for you understand what they are saying, and determining call signs assigned to different units.  Take notes in a note book, do not rely on a computer file or document as you might not have access if the power is out for an extended time.  You should also do this for other agencies and organizations in your AOA.  As you do so you should create a battle map (see below).

In the case of a winter storm you might want to listen to public works or other agencies responsible for snow ploughing to determine what roads are passable or not.  Depending on your area this could be your city or county or the state.

If power goes out there may be traffic on a police channel if it was because of an accident, if a larger area is involved your electric utility company channel might have some information on.

While you would normally not monitor a talk group that is encrypted because you will not hear anything useful information can still be obtained from most trunked systems.  As mentioned above the digital signal contains information about the radio, including it’s ID.  If you monitor the local SWAT talk group and you suddenly see an increase in radio traffic (ELINT) it may indicate a situation is occurring.  If you note down ID’s you can determine how many radio users (i.e., officers) are involved.  The same applies for Federal agencies, by monitor over time you gain a knowledge of the normal day-to-day volume of transmissions, and who they are.  If you see sudden changes it may indicate something is going on.

Previously we discussed HF communications and how to listen to them.  For local events you are not going to gain any information from HF communications, however if there is a wide scale/large area event HF communications may provide you information that is not available locally.

Where Are They?

With communications on conventional frequencies, not a trunked system, it may be possible to determine where the transmission is coming from.  By having several people listening in different areas of town and using directional antennas it is possible to get a bearing from each location and then triangulate.  However, in most normal situations transmissions are so short that it is not possible on a daily basis.  With a repeater you need to listen to the input frequency, or the frequency the mobile is transmitting from.  With a trunked system it is almost impossible, especially if it is a multi-site system.  This is because one transmission is repeated on all the sites simultaneously.

What To Do With The Information

Firstly, you should create a battle map.  This is a local map where you plot events, units assigned and their call signs.  This will help you develop a pattern of the call sign of units and police and fire districts/response areas.

Battle mapping a parade or protest or some other event going on in your area is especially important.  This will keep you advised of road closures, or the way a crowd is moving, etc.

As mentioned earlier, monitoring encrypted talk groups will not provide you any audio but you can battle map the ID’s of radios transmitting.  Sudden increases in the number of radios transmitting, or a sudden stop, might indicate a raid of some kind. Having a local community preparedness or neighborhood watch group is a good way to keep your neighborhood safe.  Creating communications capabilities between each other, that do not rely on cell phones, should be a priority.

The Amateur Redoubt Radio Operators Network (AmRRON) is a network of (mostly) ham radio operators that have a preparedness mindset.  AmRRON has regular nets for practice at both the local and on HF frequencies.  They also utilize Fldigi to send formatted messages, with an application that integrates the form into the Fldigi software.  By sending reports to other groups it may help to paint a picture of something larger going on.

The SPOT report is a concise report of essential information.  The format of the information uses the SALUTE format:

  • Size (Platoon? Battallion? # of Vehicles? # of Persons)
  • Activity (Convoy, Checkpoint, Patrol, Cordon, Training, Interrogation, Relocating/Evacuating Citizens, Etc.)
  • Location (GPS/Grid Coord, Address, Road Name/#, Direction, Proximity to Landmarks, Nearest Town, Etc.)
  • Unit   Domestic/Foreign, Police, Military, Branch, Guard/Reserve, Unit Designation, Civ Supt, Volunteer, Etc.)
  • Time & Date  (Date/Time Group: YYMMDD 24hr-Time eg. 20131117 0930 Mtn/Pcfc/Zulu, Etc.)
  • Equipment  (Weapons, Equipment, Supplies, Vehicles, Armor, Etc.)

While AmRRON does have an on-line form to submit a SPOT report you should locate AmRRON members in your area and integrate your SIGINT with the ability to send a SPOT report over the air.

Since the invention of morse code the ability to communicate have been increasingly important to war,  peace and our public safety services.  As a society, we have become so attached to our communication devices that you see people driving while on their cell phones, or texting.  We even see people crossing the street and walking around, on their cell phones, totally oblivious of what is going on around them, and sometimes with disastrous consequences.  We are connected 24/7, we cannot be without our cell phones.  Being situationally aware is essential if you want to keep yourself, your family and your community safe.

Remember, Fortune Favors the Prepared