Technology forms the backbone of the way the world communicates. Well before recorded history, various means of relaying information using nonelectrical systems emerged. These include instruments (such as drums), smoke signals, and flags. Electricity revolutionised the means by which communication happens. Militaries and governments immediately understood the massive benefit provided by beyond-line-of-sight and later international communications.
Armies could better organise in the field, while governments could conduct diplomacy more centrally and rapidly. Simultaneously, intelligence experts recognised the vulnerabilities present in transmitting information through signals that do not abide by national borders. This branch of intelligence is called signals intelligence, or SIGINT. Signals can come from many systems, and SIGINT is interested in them all. These include radar, weapons systems, diplomatic communications, electronically monitored infrastructure, finance, industry, and more.
As technology improves, so too will our reliance on signals. The prevalence of smart devices is a great example, with all transmitting and exchanging data via the Internet of Things (source). SIGINT will remain a vital component in intelligence operations for as long as signals are a part of communicating.
1.0 What is SIGINT?
SIGINT, or signals intelligence, refers to intelligence derived from electronic signals. Practitioners usually do this through intercepts, the “listening-in” of transmissions not intended for the interceptor. As this definition implies, SIGINT is a broad discipline. Types of SIGINT include COMINT, ELINT, and FISINT. The first two have additional subcategories.
COMINT, or Communications intelligence, collects and analyses intercepts the communication signals of groups or individuals (source). COMINT has three main subcategories;
- Voice interception, i.e. phone calls, unencrypted radio communications, and bugs.
- Text interception, including emails, SMS, morse code, and fax.
- Signalling channel interception deals with the metadata that allows communication links with a desired target. This has the effect of narrowing down the geographical search for a target (source).
ELINT, or Electronic intelligence, refers to intelligence derived from electronic signals. Subcategories of ELINT include:
- TechELINT, or Technical ELINT, provides technical information on the signal and device emitting said signal (source). TechELINT can illuminate the general capabilities of a system, for example, a radar. Countermeasures can then develop using this intelligence as a guide.
- OpELINT is the NSA’s abbreviation of Operational ELINT, often called Electronic Order of Battle. OpELINT’s mission is to assist military operations through the generation of threat assessments (known as tactical ELINT), finding ELINT targets, and defining their “operational pattern” (source).
- TELINT, Telemetry Intelligence, deals with device telemetry, i.e. the continuous stream of data regarding location, speed, and other instrument readings to controllers on the ground. The NSA no longer considers TELINT a subtype of ELINT (source).
FISINT stands for Foreign Instrumentation Signals Intelligence and is an evolution of TELINT. It is concerned with similar objectives. FISINT deals with the telemetry associated with the “testing and operations of aerial, space, surface, or subsurface systems” (source).
2.0 Why is SIGINT Important?
So much of the modern world uses signals to pass information back and forth. Thus, SIGINT gives intelligence organisations the means to monitor traffic in the ether. As the NSA puts it, SIGINT is a “vital window for our nation into foreign adversaries’ capabilities, actions, and intentions” (source). Practitioners may use SIGINT for military operations, deterrence, diplomatic initiatives, or policy making.
2.1 Case Study – SALT I & II
SALT, or the Strategic Arms Limitation Treaty, was a vital part of détente, the relaxation of tensions between the East and West during the Cold War. Essential to SALT was the enforcement of its mandates. Of course, one party would hardly agree to arms control if the other would not subject itself to the same measures. They ensured fulfilment of the treaty, in part, through TELINT.
Article V of SALT I states, “Each party undertakes not to use deliberate concealment measures which impede verification by national technical means of compliance with the provision of this Interim Agreement” (source).
SALT II further develops this idea, stating, “neither Party shall engage in deliberate denial of telemetric information, such as through the use of telemetry encryption, whenever such denial impedes verification of compliance with the provisions of the Treaty” (source).
SALT I and II were landmark treaties. Recent technological developments threatened Mutually Assured Destruction (MAD), the doctrine that prevented war between East and West. Anti-Ballistic Missile (ABM) defences, and Multiple Independently targeted Re-entry Vehicles (MIRV) warheads meant changed the calculus of a theoretical nuclear war (source). Now, states that fired first could conceivably avoid retaliation by the opposing party. SALT I and II limited the number of AMB sites and MIRV munitions, reducing these developments’ destabilising effect (source). While SALT I and II ultimately failed to reach maturity, they led to the establishment of START, which fulfils similar goals with similar enforcement mechanisms. SIGINT is essential in the maintenance of MAD and, thus, the prevention of nuclear war.
3.0 How to conduct SIGINT
SIGINT has a steep learning curve and a small entry cost. Government agencies have traditionally handled it. This is because they have access to sophisticated technology to enable SIGINT generation. However, with advancements in software and consumer technology, everyday people can engage in SIGINT.
The programs necessary for SIGINT usually require either Windows or Linux operating systems. Furthermore, free and paid options are available, with paid options usually granting more SIGINT capabilities. Examples of such software include Touchstone, Sigmira, and SPECTRE. A full list, complete with features, is available at RTL-SRD.
In addition to software, certain hardware accessories are a necessity. SDR, or Software Defined Radio dongles, enable hardware to tap into the electromagnetic spectrum. Popular options are approximately $30-$40, as seen with the RTL-SDR Blog V3 R860. An antenna is also required. Some antennas come in a package with an SDR, while you can find others separately. The examples provided above are sufficient for beginner SIGINT, which will be detailed below. However, be aware that more intensive operations require more expensive hardware and often additional power.
3.1: High-Frequency (HF) HAM Radio Interception.
The following checklist will teach a simple method to track aircraft transponders. This tutorial assumes you have an RTL dongle.
- Download and install SDR# with Community Plugins. You can download the SDR Package, but the community plugins are an excellent quality-of-life upgrade. Make sure to add the plugins in the installer and install the programme to your root directory (i.e. C:\ drive).
- Ensure you plug your SDR into your computer.
- Find your installation folder and open SDR.exe. Select the USB option of your RTL SDR from the sources tab at the top right.
- Click on the cog icon at the top of the screen. A Controller window will open up.
- Choose 2.8 MSPS for [Sample Rate] and Direct Sampling (q branch) for [Sampling Mode].
- Close the screen, and press the play button at the top of the screen. You should receive radio signals, though you must tune into specific frequencies.
The Radio Society of Great Britain has a list of HF bands in everyday use. Be aware that SDR# uses hertz, whereas megahertz is the typical unit in radio communications. So, a frequency in the 20-metre band would appear as, for example, 00.014.125.000 in SDR#. The bands are as follows (source);
- 80 metres: 3.500 – 3.800MHz
- 60 metres: 5MHz
- 30 metres: 7.000 – 7.200MHz
- 20 metres: 14.000 – 14.350MHz
- 17 Metres: 18.068 – 18.168MHz
- 15 metres: 21.000 – 21.450MHz
- 12 metres: 24.890 – 24.990MHz
- 10 metres: 28.000 – 29.700MHz
The tutorial above is a basic starter for DIY SIGINT. There are innumerable ways to utilise the software mentioned and hundreds of other programmes that I do not mention. Explore the software yourself, and take advantage of the hundreds of guides available for free online.
4.0 Tips and Tricks for SIGINT
As mentioned previously, SIGINT has a steep learning curve. It is, therefore, important to familiarise yourself with the components you will be using. Below is some advice on how to get the most out of your efforts.
- Use internet guides. These are a great way to ease yourself into SDR interception.
- Explore the software yourself. While guides are excellent, experimenting with the software will grant you a better feeling for the software and hardware capabilities.
- Familiarise yourself with the terminology used in SIGINT, especially regarding radio traffic. Going in completely blind is possible, but it makes a steep learning curve even steeper.
5.0 Common Mistakes to Avoid when using SIGINT
The biggest mistake many people make is to jump all in immediately. Resist the temptation to purchase an expensive SDR kit until you become familiarised with more basic setups. As price increases, so too does its capabilities; it is easy to become overwhelmed.
Be aware, if you plan on transmitting you are legally required to have a HAM radio license. Look up the specific requirements for the country you reside in. Most countries require operators to pass an exam before being granted a license.
It is essential to understand that SIGINT is supplementary intelligence. While it may function in a vacuum, it works best when combined with other forms of intelligence. SIGINT is assumed to be irreproachable due to its impartial nature. Thus, policymakers and intelligence chiefs often overemphasise it over other means of intelligence, such as HUMINT (source). However, overreliance on SIGINT and other technical collection has resulted in numerous intelligence failures. These include; the Tet Offensive, the Iranian Revolution, the Soviet Invasion of Afghanistan, and India’s nuclear tests (source).
6.0 Tools and Resources for SIGINT
There are hundreds of excellent guides for SRC usage. “The Beginner’s Guide To Software Defined Radio RTL-SDR” by Tech Minds is an excellent overview of the capabilities present by using SDR devices.
Additionally, online communities have grown around SDR scanning. Reddit is a central hub for discussion, particularly r/RTLSDR, which has just under 90,000 members at the time of writing. You can find a welcome post giving you additional resources to work with.
To learn more about SIGINT-focused agencies, check out GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency by Richard J. Aldrich.
7.0 Frequently Asked Questions about SIGINT
Q: What is the difference between ELINT and COMINT?
A: COMINT contains speech or text, whereas ELINT does not. If it includes speech or text, it is COMINT. If it does not, it is ELINT (source).
Q: Do you need a license to receive transmissions using an SDR?
A: No, you only need a license if you are transmitting. If you are receiving transmissions, you do not need one.
Q: Does SIGINT include cyber operations?
A: No, SIGINT does not include cyber operations in its definition. However, SIGINT agencies, such as the NSA and GCHQ, are some of the critical actors in the cyber domain. The Dutch Joint Sigint Cyber Unit (JSCU) makes this explicit in its name.
Q: Where is SIGINT performed?
A: SIGINT can be performed in the field and at centralised locations (i.e. intelligence agencies). Battlefield SIGINT is a significant component of modern warfare. Specialised formations, such as Y Troop of the Royal Marines, are formed to assist frontline units. Additionally, ship and submarine-borne SIGINT vessels exist to gather data otherwise unavailable due to a lack of collection equipment at a specific geographic location.
Q: What is the difference between MASINT and SIGINT?
A: MASINT, or measurement and signatures intelligence, is the analysis of data gathered by sensors to identify features of the emitter or sender (source). In the words of the Congressional Committee on Intelligence, “Where SIGINT is akin to sound, and IMINT to sight, MASINT is akin to touch, taste and smell” (source). MASINT does not fit the traditional boundaries of SIGINT due to its exclusive focus on scientifically derived data. While it certainly overlaps with SIGINT capabilities, it remains its own discipline.
8.0 Advanced Techniques for SIGINT
The following tutorial will teach a simple method to track aircraft transponders. This tutorial assumes you have an RTL dongle and have already downloaded SDR# with Community Plugins.
- Download RTL1090 with Installer and Maintenance Utility. This version should prevent any issues with manual installation.
- Run with administrator access and install it in the same location as SRD#.
- A Zadig popup should appear; if it does not, reinstall it to a different folder. Follow the instructions on the screen.
- Navigate to your RTL1090 installation folder and open the 1_DO_READ_THIS_FIRST text file. Follow the instructions provided. If the URLs don’t work, paste the file name into google and obtain the files that way.
- Unzip the file, locate the missing .dlls, and paste them into your RTL1090 folder.
- Open up the RTL1090.exe. Hitting Start will begin transmission interception, as seen in the Table tab.
- Leave RTL1090 running in the background.
- Download PlanePlotter. Be aware, PlanePlotter is a paid programme; it can be used for free for 21 days before a license purchase is necessary. The paid version is €25, or about $27.
- Run the PlanePlotter setup wizard. Follow the instructions onscreen. Once again, install it to your C:\ drive.
- Run PlanePlotter. You can ignore the google maps popups if a simplistic global map is adequate for your needs. Configure your SDR at this time, following the instructions provided.
- Go through the dialogue prompts. Ensure you correctly identify the SDR connected to your computer. You can find the port number at the bottom right of RTL1090; replace the final sequence of the provided IP address with this port number.
- Configure your home location by going to Options – Home Location – Home Location Setup. Input your coordinates. This step is essential, as aircraft appear relative to your location. An incorrect position will display aircraft at a different location than in reality.
- PlanePlotter should now be plotting air traffic onto the map. Be aware that small receivers, such as the RDL dongle, will have a limited range for picking up transmissions.
- To pick up radio traffic from planes, return to SDR#. Find Frequency Scanner in the Menu tab.
- Outline the bands you wish to monitor. This varies by region, so look up common aerial bands in use around your area.
- Hit Scan and Play to begin radio interception.
Specific frequencies will utilise digital audio digitisation methods, such as DMR (digital mobile radio). These frequencies require decoding to listen. Below is a link to a video describing the process of decoding digital audio using SDR#.
9.0 Case Studies for SIGINT
SIGINT has played an essential part in the generation of intelligence since World War I, when wireless communication became the norm. However, during the Cold War, SIGINT truly matured into what we know today. From listening posts to complex intelligence operations, SIGINT proved to be one of the most potent weapons in the West’s arsenal. This has prompted specialisation that makes Western intelligence agencies extremely adept at SIGINT. The following two case studies will examine the complex relationship between targets and hunters concerning SIGINT.
9.1 The Venona Project and Black Friday
In the early days of the Cold War, Western powers occupying Germany faced a problem. In the words of Churchill, “an iron curtain ha[d] descended across the Continent” (source). This barrier restricted freedom of movement, trade, and, most importantly, information. Establishing a HUMINT network in the East was prohibitively difficult and unlikely to guarantee results (source). However, the West had a trick up its sleeve; Project Venona.
Project Venona was an operation that exploited secret flaws in Soviet encryption methods. In 1952, after nine years of attempting to break Soviet cyphers, American and British SIGINT operators learned that the Soviets were reusing codes from 1945, a crucial mistake they sought to capitalise on (source). By 1948, the Soviets caught wind of Verona thanks to an American double agent and retooled their encryption methods. This led to an intelligence blackout called Black Friday on 19 October 1948 (source). However, Project Venona resulted in substantial benefits to Western intelligence agencies. The programme identified Soviet spies working within American and British classified circles, notably a Manhattan Project scientist and four of the Cambridge Five (source).
9.2 Operation GOLD/REGAL and the Berlin Tunnel
While Black Friday made nine years of work obsolete, US and UK SIGINT agencies looked for alternative routes to intercept Soviet traffic. Soon, their eyes settled on West Berlin. As a legally recognised bastion of democracy and Capitalism under the Four-Power agreement established at Yalta and Potsdam, the West had a firm position to work from (source). From this position, the idea of tapping into underground Eastern Bloc cables was borne, leading to Operation REGAL, also called Operation GOLD.
Operation REGAL/GOLD was an ambitious plan to tap into the communication lines running under Berlin, which ran throughout Europe, including the Soviet Union (source). The programme was informed by British intelligence’s previous operation in Vienna (source). In 1953, the architect of the Vienna tunnel operation, Peter Lunn, was present in Berlin and began work. Activated in 1955, it was over 1,476 feet long (source). The Soviets were aware of its operation since 1954 (source). They let it run until 1956 before shutting off access to Eastern communications (source).
The take from this brief stint in operation was enormous. 368,000 conversations were fully transcribed, with Americans and British listeners recording 4,000ft (+1,200m) of teletype reel per day of operation (source). The take was so great that American and British intelligence services worked on it until 30 September 1958 (source). Such an effort led to important information about Soviet nuclear programmes, the denouncement of Stalin, and Military/GRU intelligence (source).
SIGINT is one of the most important aspects of modern intelligence. COMINT, ELINT and FISINT are all important in their own right. They represent different aspects of SIGINT essential to its structure as a primary intelligence discipline. While these functions are crucial in a modern context, additional forms of intelligence supplement SIGINT. Sensors are undoubtedly suitable and continue to get better as technology progresses. However, there is no substitute for an expert on the ground or any better way to verify intelligence than from a different source. Understand that SIGINT is vital to intelligence generation, not the “end-all-be-all”.