Skip to content
Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Bellingcat)   Tracking Military and Intelligence Personnel with a Beer App   (bellingcat.com) divider line
    More: Scary, Military, Military base, location history of military personnel, Navy, American users, beer-rating app Untappd, check-ins, intelligence locations  
•       •       •

913 clicks; posted to Geek » on 18 May 2020 at 3:10 PM (13 days ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



14 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest
 
2020-05-18 1:23:45 PM  
An issue since the beginning of cell phones.
 
2020-05-18 3:38:32 PM  
This is why you get OpSec refresher training every year.
 
2020-05-18 4:23:57 PM  

FrancoFile: This is why you get OpSec refresher training every year.


Not enough.

I'm going to cut and paste this from a previous post of mine.

In a real war against an adversary that has any kind of a competent signals intelligence (SIGINT) organization, it's not going to matter.

And cell phone use of any kind will be a security risk.  Just turning them on means they'll transmit, trying to connect to the local cell towers, and if you transmit, you can be located.  And if you can be located, you can be killed.

It's even worse because an astute adversary will be able to track the progress of different units by knowing who is assigned to what unit, and unless you can have your soldiers maintain absolute discipline and keep their phones from transmitting at all, follow those particular phones as they go from one area to another.

Let's also suppose that John J. Obmar is assigned to a reconnaissance platoon.  He's out with his unit probing for the enemy.  They're on complete radio silence.  They have some down time, still back a bit from the front line.  And he's a bit bored and wants to listen to some tunes, maybe play a game, so he pulls out his phone.  He's smart, though, he'd got the Wifi turned off, and it's in airplane mode.  So he pulls out his phone and turns it on, and he's got his Bluetooth headsets....

Meanwhile, an enemy mobile SIGINT unit a few kilometers away detects the signal.  "What?" you say, "That's impossible, Bluetooth is short range!  Like just a couple dozen feet!".  And that's true, unless the receiver is using a high gain dish antenna and a very sensitive receiver, along with software designed to find very weak signals.  Then the signal can be detected for miles.   Maybe not decoded, but detected.

So the guys at the SIGINT van call it in.  None of the other ground units can hear it of course, and you can only get a bearing from a single intercept location, not a fix.  So they call in an Antonov An-12 or Shaanxi Y-8 SIGINT aircraft to locate it.  Operating behind their own lines, the crew of the aircraft detect the signal, and take a series of bearings on it as they fly a particular flight profile.  They locate the area the signal is coming from, and it's a few acres of woods, a place where there shouldn't be a signal.  But there it is, uncomfortably close to the their forward units.  Because they've located it within a radius of a few hundred meters, they decide to lay in an artillery barrage.......

So Corporal Obmar's unit dies because he wanted to listen to some Cardi B to take the edge off.
And of course, that's assuming he was being relatively smart, turning off the more powerful transmitters in his phone.  If he doesn't, well, that means they'll be able to hear him from that much further away, and maybe even get a precise GPS location by spoofing the phone and sending a location request.

The opposing force doesn't have to be able to understand what it is saying or "tap into" the signal in order to locate the phone.

If you radiate, you can be located.  And if you can be located, you can be killed.
 
2020-05-18 4:40:23 PM  

dittybopper: FrancoFile: This is why you get OpSec refresher training every year.

Not enough.

I'm going to cut and paste this from a previous post of mine.

In a real war against an adversary that has any kind of a competent signals intelligence (SIGINT) organization, it's not going to matter.

And cell phone use of any kind will be a security risk.  Just turning them on means they'll transmit, trying to connect to the local cell towers, and if you transmit, you can be located.  And if you can be located, you can be killed.

It's even worse because an astute adversary will be able to track the progress of different units by knowing who is assigned to what unit, and unless you can have your soldiers maintain absolute discipline and keep their phones from transmitting at all, follow those particular phones as they go from one area to another.

Let's also suppose that John J. Obmar is assigned to a reconnaissance platoon.  He's out with his unit probing for the enemy.  They're on complete radio silence.  They have some down time, still back a bit from the front line.  And he's a bit bored and wants to listen to some tunes, maybe play a game, so he pulls out his phone.  He's smart, though, he'd got the Wifi turned off, and it's in airplane mode.  So he pulls out his phone and turns it on, and he's got his Bluetooth headsets....

Meanwhile, an enemy mobile SIGINT unit a few kilometers away detects the signal.  "What?" you say, "That's impossible, Bluetooth is short range!  Like just a couple dozen feet!".  And that's true, unless the receiver is using a high gain dish antenna and a very sensitive receiver, along with software designed to find very weak signals.  Then the signal can be detected for miles.   Maybe not decoded, but detected.

So the guys at the SIGINT van call it in.  None of the other ground units can hear it of course, and you can only get a bearing from a single intercept location, not a fix.  So they call in an Antonov An-12 or Shaanxi Y-8 SIGINT aircraft to locat ...



Cool your jets, man.

They weren't using the beer app in the Tora Bora hills, for crying out loud.

TFA is not a case of SIGINT.
 
2020-05-18 4:51:37 PM  

FrancoFile: Cool your jets, man.

They weren't using the beer app in the Tora Bora hills, for crying out loud.

TFA is not a case of SIGINT.



1.  Yes, it literally *IS* a case of SIGINT.  Signals Intelligence.  That's literally what it is.
2.  Are we only ever going to be going against illiterate goat herders in far-off mountains in the future?  What happens when we aren't?
3.  I use a Gnome monosoupape.  It's air-cooled.
 
2020-05-18 5:00:47 PM  

dittybopper: FrancoFile: Cool your jets, man.

They weren't using the beer app in the Tora Bora hills, for crying out loud.

TFA is not a case of SIGINT.


1.  Yes, it literally *IS* a case of SIGINT.  Signals Intelligence.  That's literally what it is.
2.  Are we only ever going to be going against illiterate goat herders in far-off mountains in the future?  What happens when we aren't?
3.  I use a Gnome monosoupape.  It's air-cooled.



Nope, it's open-source intel.  There is no interception at all.

The app is doing exactly what it's intended to do, and the publicly-available info it provides happens to have a side effect of providing intel to adversaries.
 
2020-05-18 5:00:56 PM  

dittybopper: FrancoFile: Cool your jets, man.

They weren't using the beer app in the Tora Bora hills, for crying out loud.

TFA is not a case of SIGINT.


1.  Yes, it literally *IS* a case of SIGINT.  Signals Intelligence.  That's literally what it is.
2.  Are we only ever going to be going against illiterate goat herders in far-off mountains in the future?  What happens when we aren't?
3.  I use a Gnome monosoupape.  It's air-cooled.


I'm just spit-balling here, but I'm betting that you aren't the first to point that vulnerability out and in a true hot-war between combatants that both have that degree of capabilities neither would let their soldiers deploy with personal electronics, period.  The only crap onboard anything that vulnerable to detection would be TEMPEST rated shiat and as invisible as humanly possible to discovery.

/I also ponder if two adversaries of such abilities going into a hot war would last long enough for a single soldier to put their boots on the ground before both were annihilated along with the rest of us.
 
2020-05-18 6:28:49 PM  

BumpInTheNight: dittybopper: FrancoFile: Cool your jets, man.

They weren't using the beer app in the Tora Bora hills, for crying out loud.

TFA is not a case of SIGINT.


1.  Yes, it literally *IS* a case of SIGINT.  Signals Intelligence.  That's literally what it is.
2.  Are we only ever going to be going against illiterate goat herders in far-off mountains in the future?  What happens when we aren't?
3.  I use a Gnome monosoupape.  It's air-cooled.

I'm just spit-balling here, but I'm betting that you aren't the first to point that vulnerability out and in a true hot-war between combatants that both have that degree of capabilities neither would let their soldiers deploy with personal electronics, period.  The only crap onboard anything that vulnerable to detection would be TEMPEST rated shiat and as invisible as humanly possible to discovery.

/I also ponder if two adversaries of such abilities going into a hot war would last long enough for a single soldier to put their boots on the ground before both were annihilated along with the rest of us.


The bluetooth example assumes something of an ideal case of terrain, training, and hardware, but conceptually it's fairly accurate.  That's how entire companies of Ukrainians have died all at once since 2014.  In a real example that illustrates a lot about all involved, the Ukrainian Army was so ineffective at supply that they couldn't get flashlights down to the units.  The soldiers knew not to use their phones as phones but didn't get the memo that turning them on to use the flashlight was enough to attract the undesired gentle attentions of Russian artillery.

It's also possible (seen it in action) to triangulate someone through Tinder by getting the distance to someone from different locations.  It's the creepy lovechild of sigint and open source.

Consider, however, that the same decisionmaking that had brought us the F-35 also goes into the design and acquisition of intercept equipment.  Unless you're going against the Russians.
 
2020-05-18 6:57:20 PM  

006andahalf: The bluetooth example assumes something of an ideal case of terrain, training, and hardware, but conceptually it's fairly accurate. That's how entire companies of Ukrainians have died all at once since 2014. In a real example that illustrates a lot about all involved, the Ukrainian Army was so ineffective at supply that they couldn't get flashlights down to the units. The soldiers knew not to use their phones as phones but didn't get the memo that turning them on to use the flashlight was enough to attract the undesired gentle attentions of Russian artillery.

It's also possible (seen it in action) to triangulate someone through Tinder by getting the distance to someone from different locations. It's the creepy lovechild of sigint and open source.

Consider, however, that the same decisionmaking that had brought us the F-35 also goes into the design and acquisition of intercept equipment. Unless you're going against the Russians.


True, I was only thinking of stories like that idiot ISIS guy who was posting to social media and got his location bombed to dust a couple hours later and things like that.  I figure that one in particular was not realizing what gets embedded into photos uploaded from smartphones, at least the official word is the photo was the thing that gave him away.

I would love to get a story out of the Tinder app one you mentioned though, god damn I bet that would be funny.
 
2020-05-19 12:24:22 AM  

BumpInTheNight: 006andahalf: The bluetooth example assumes something of an ideal case of terrain, training, and hardware, but conceptually it's fairly accurate. That's how entire companies of Ukrainians have died all at once since 2014. In a real example that illustrates a lot about all involved, the Ukrainian Army was so ineffective at supply that they couldn't get flashlights down to the units. The soldiers knew not to use their phones as phones but didn't get the memo that turning them on to use the flashlight was enough to attract the undesired gentle attentions of Russian artillery.

It's also possible (seen it in action) to triangulate someone through Tinder by getting the distance to someone from different locations. It's the creepy lovechild of sigint and open source.

Consider, however, that the same decisionmaking that had brought us the F-35 also goes into the design and acquisition of intercept equipment. Unless you're going against the Russians.

True, I was only thinking of stories like that idiot ISIS guy who was posting to social media and got his location bombed to dust a couple hours later and things like that.  I figure that one in particular was not realizing what gets embedded into photos uploaded from smartphones, at least the official word is the photo was the thing that gave him away.

I would love to get a story out of the Tinder app one you mentioned though, god damn I bet that would be funny.


Calling in an artillery strike because of a Tinder location?

We call that "Swipe right, until there's just a smear left"
 
2020-05-19 8:37:06 AM  

BumpInTheNight: /I also ponder if two adversaries of such abilities going into a hot war would last long enough for a single soldier to put their boots on the ground before both were annihilated along with the rest of us.


I disagree.  Why does a military conflict between nuclear powers have to go full MAD nuclear?

This is often said, but the thinking seems to be this:

1.  Two major nuclear powers start a war.
2.  ?????
3.  Nuclear armageddon.

There are all kinds of possible scenarios that don't involve nuclear weapons of any kind.  And in fact, there is a huge incentive to avoid even the appearance of their possible use.
 
2020-05-19 9:21:40 AM  

006andahalf: The bluetooth example assumes something of an ideal case of terrain, training, and hardware, but conceptually it's fairly accurate.


Actually, all you really need is the hardware (and software).

Obviously, it isn't going to happen if the guy with the Bluetooth headphones is hunkered down in a foxhole or there is some terrain blocking the signal, though that's less important than for detection by ARDF aircraft as opposed to a ground unit.

The point I was trying to make though is that if you've got a hundred people each with a smart phone or other device that can transmit a radio signal, what are the odds that they are going to be 100% disciplined in their use?

The answer is "Zero".

About the only safe place in the military for something like that is on a submarine, because it's inherently a Faraday cage by its construction.

Oh, and training?  The people who operate that kind of equipment in the various military organizations around the World are generally very well trained.  You don't pull Private Ivanov or Private Chan straight off the farm and put them on a highly sensitive intercept receiver and say "OK, try and find some stuff".  You hand-pick the smart ones, train the fark out of them, and give them the best equipment.

Semi-related story.  This weekend, we had a "foxhunt".  President of the local club asked if he could put a 100 mW transmitter in my front yard, and using *VERY* primitive methods, people actually found it.

The winner didn't even have a directional antenna.  He simply drove around listening to see how strong the signal was.  When he got close, he tuned his receiver slightly off from the signal as a primitive (but effective) form of attenuator.

Now, that transmitter had about the same power as a high power Bluetooth, and it could be heard with primitive "tape measure" 3 element Yagi antennas out to nearly 2 miles radius from the transmitter.

Granted, it was a much lower frequency and a much more narrow-banded signal, *BUT* a higher frequency like the 2.4 GHz used by Bluetooth would allow the use of a much, much higher gain antenna, and more advanced techniques can help pull more broadband signals out of the muck.

RDF is something that is pretty ancient technology but it still works.

Oh, and before the objection that Bluetooth is frequency hopping and therefore immune to things like interception and direction finding, that's not true.

During the First Gulf War, the Iraqis, using Soviet "Monkey Model" signals intelligence equipment, were able to intercept US frequency hopping transmissions and predict when and where US airstrikes were going to happen.  They just didn't have the capability to do much about that.

http://sdsc.bellschool.anu.edu.au/sit​e​s/default/files/publications/attachmen​ts/2016-03/078_The_intelligence_war_in​_the_gulf_%28Canberra_papers_on_strate​gy_and_defence%29_Desmond_Ball_105p_07​31512065.pdf
(Chapter 4:  Iraq's Technical Intelligence Capabilities)
 
2020-05-19 9:51:39 AM  

dittybopper: 006andahalf: The bluetooth example assumes something of an ideal case of terrain, training, and hardware, but conceptually it's fairly accurate.

Actually, all you really need is the hardware (and software).

Obviously, it isn't going to happen if the guy with the Bluetooth headphones is hunkered down in a foxhole or there is some terrain blocking the signal, though that's less important than for detection by ARDF aircraft as opposed to a ground unit.

The point I was trying to make though is that if you've got a hundred people each with a smart phone or other device that can transmit a radio signal, what are the odds that they are going to be 100% disciplined in their use?

The answer is "Zero".

About the only safe place in the military for something like that is on a submarine, because it's inherently a Faraday cage by its construction.

Oh, and training?  The people who operate that kind of equipment in the various military organizations around the World are generally very well trained.  You don't pull Private Ivanov or Private Chan straight off the farm and put them on a highly sensitive intercept receiver and say "OK, try and find some stuff".  You hand-pick the smart ones, train the fark out of them, and give them the best equipment.

Semi-related story.  This weekend, we had a "foxhunt".  President of the local club asked if he could put a 100 mW transmitter in my front yard, and using *VERY* primitive methods, people actually found it.

The winner didn't even have a directional antenna.  He simply drove around listening to see how strong the signal was.  When he got close, he tuned his receiver slightly off from the signal as a primitive (but effective) form of attenuator.

Now, that transmitter had about the same power as a high power Bluetooth, and it could be heard with primitive "tape measure" 3 element Yagi antennas out to nearly 2 miles radius from the transmitter.

Granted, it was a much lower frequency and a much more narrow-banded signal, *BUT* a higher frequency like the 2.4 GHz used by Bluetooth would allow the use of a much, much higher gain antenna, and more advanced techniques can help pull more broadband signals out of the muck.

RDF is something that is pretty ancient technology but it still works.

Oh, and before the objection that Bluetooth is frequency hopping and therefore immune to things like interception and direction finding, that's not true.

During the First Gulf War, the Iraqis, using Soviet "Monkey Model" signals intelligence equipment, were able to intercept US frequency hopping transmissions and predict when and where US airstrikes were going to happen.  They just didn't have the capability to do much about that.

http://sdsc.bellschool.anu.edu.au/site​s/default/files/publications/attachmen​ts/2016-03/078_The_intelligence_war_in​_the_gulf_%28Canberra_papers_on_strate​gy_and_defence%29_Desmond_Ball_105p_07​31512065.pdf
(Chapter 4:  Iraq's Technical Intelligence Capabilities)


I agree entirely that toting phones around in a contested RF environment is almost a guarantee for getting found and blown up and the only way to reduce it is to not have them.  Right now most advanced-ish non-western countries are pretty far ahead in the intercept game simply because they have no rules to limit how they acquire equipment, train, or operate.  The US' acquisitions process (the same one that gave us the F-35) is a major bottleneck, as well as an obligation to not do illegal stuff.  Funny enough there is a bit of a renaissance for HF because RDF against it is less precise than against VHF or UHF.  There's also word of stuff that rides beneath noise floor but I haven't heard much of that.

/contrary to the fantasies of the folks at Ars and friends, legality actually does matter
//at least until you get to the political level
 
2020-05-19 11:03:24 AM  

006andahalf: I agree entirely that toting phones around in a contested RF environment is almost a guarantee for getting found and blown up and the only way to reduce it is to not have them.  Right now most advanced-ish non-western countries are pretty far ahead in the intercept game simply because they have no rules to limit how they acquire equipment, train, or operate.  The US' acquisitions process (the same one that gave us the F-35) is a major bottleneck, as well as an obligation to not do illegal stuff.  Funny enough there is a bit of a renaissance for HF because RDF against it is less precise than against VHF or UHF.  There's also word of stuff that rides beneath noise floor but I haven't heard much of that.



You can do that now with modes like WSPR (Weak Signal Propagation Reporter) and JT9 in ham radio.

Granted, it's *SLOW*, but it is absolutely possible to communicate something that's at or below the noise floor of a typical receiver.  The way you do that, though, is by having very long integration times, which means your bit rate goes way down.  TANSTAAFL.

Also, RDF against HF isn't any less precise than it is against VHF or UHF, at least as expressed in terms of degrees of accuracy.  But when you add in the ionosphere, and the longer distances, yeah, it's less accurate.

One thing about lower HF too is that you can employ what is know as "Near Vertical Incidence Skywave" which makes it harder to DF a signal on the ground.   The idea of NVIS is that you pick a frequency below the critical frequency so the ionosphere reflects your signal back to Earth even if it's radiated at 90 degrees (ie., straight up).  The types of antennas most efficient for doing that minimize the "ground wave" component of the radio signal, and that's what close-up HF DF antenna/receivers use.

Also, because of D-layer absorption during the day, it minimizes the distance you can be intercepted during daylight.  So you end up with relatively short range (300 miles radius, give or take) but continuous communication coverage without issues relating to terrain.   That makes it a really nifty thing.

However, there are downsides.  There is very limited bandwidth available.  During "normal" times, generally you'd use freqs just below 8 MHz during the day and just below 4 MHz at night.   We're at the worst sunspot minimum in the last 200 years, so right now, you have to use 4 or 5 MHz during the day and 2 MHz at night.

In addition, while it's hard to DF that kind of signal from the ground, it is relatively easy to DF it from the air.  Remember that HF has three kinds of waves:  Ground waves, which is the part of the signal that propagates across the ground, Skywave, which is the part of the signal that bounces off of the ionosphere and back to the ground, and direct wave, which is the kind of signal where you're "line of sight" to the transmitter.

You can't really DF an NVIS signal from the ground accurately because there is minimal ground wave and the skywave is at too steep of an angle to get a good bearing from it.

But if you put your DF gear in an airplane, depending on its altitude, you can DF the direct wave from the air, and get an accurate bearing.   And because you're moving, you can quickly determine where a transmitter is located.

This is why ARDF was invented in the first place:
https://www.nsa.gov/Portals/70/docume​n​ts/news-features/declassified-document​s/cryptologs/cryptolog_13.pdf

See: "ONE CHANCE IN THREE, BUT IT WORKED!", page 41.

Basically, the NVA and VC were using NVIS communications, and the US Army PRD-1 DF sets couldn't get good bearings on them from any distance.   So they invented a way to get bearings on them from light aircraft.

That principle is still used today by the RC-12 GUARDRAIL aircraft that the US Army flies.  It has about 83 of them according to Wikipedia.
 
Displayed 14 of 14 comments

View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking





On Twitter




In Other Media
X
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.