A SIGINT report from the RNC

Compiled and submitted by an anonymous donor:

2016 RNC Cleveland, Ohio SIGINT

The Republican National Convention was held in Cleveland, OH on July 18-21, 2016. Officials began implementing the security zone and closing areas off to traffic on the evening of July 14th. Monitoring of communications began on a periodic basis on 7/14/2016 and continued until 7/21/2016.

Equipment used was a Yaesu FT2900R with an Arrow J-pole antennae, A Kenwood TM-V71A, and a Uniden BCD436HP.

The following frequencies were observed to have active traffic during this period.

136.3750 AM USCBP Air to Air clear (Two UH-60 Blackhawks relieved each other to provide constant aerial support during hours of activity, Omaha 1 and 2). Usually at around 5000′

139.875 NFM Civil Air Patrol analog Tac #1 (Constant flight operations in the TFR zone utilizing a typical search pattern flight route) Usually around 12,000′

156.120 Unknown Encrypted

160.735 Unknown Encrypted

160.800 Unknown Clear

161.025 Unknown Clear

161.8750 U.S. Coast Guard Auxiliary Clear

163.6250 USCBP Digital Clear and Encrypted

163.6750 USCBP NFM Analog Clear and Encrypted

164.400 Unknown Encrypted

165.2375 USCBP Tac Digital Encrypted

165.295 Unknown Encrypted

165.785 Unknown Encrypted

167.635 Unknown Encrypted

168.500 Unknown Encrypted

168.835 Unknown Encrypted

168.8375 USCBP Air #1 Encrypted

170.145 Unknown Encrypted

170.550 Unknown Encrypted

170.860 Unknown Encrypted

170.880 Unknown Encrypted

171.250 Unknown Encrypted

171.3125 USCG NET 131 USCG Nationwide VHF

172.410 Unknown Encrypted

172.900 Unknown Clear and Encrypted

173.525 Unknown Encrypted

252.1000 USAF Reserve Command Post to CAP

282.8000 AM USAF CAP

298.950 AM USAF Aerial Refueling Routes, AR-217 Entry

348.9000 AM USAF Aerial Refueling Routes, AR-206H Primary

376.0750 USCBP Air Interdiction Blue 4 Encrypted (Believed to be a digital link)

Additional Notes

  1. Scan of 411.000 to 419.000 revealed no traffic.

  2. City Police Used the Regional APCO P25 system

  3. On the ground intel units initially using an unidentified encrypted frequency later began switching back and forth to the P25 regional net. Total of 21 teams identified (“Oscar” units) that blended right in with the demonstrators.

  4. OHP Ground and aerial units utilized their existing system throughout.

  5. City and OHP aerial units kept below the Blackhawks

  6. Despite all the planning many ground units were without water, food, and battery resupply for up to 18 hrs per day until nearly the end of the operation.

  7. Encryption only works when everything is working perfectly. This operation was in a built up urban area with easily available support. In rural or rough terrain areas it would be hit or miss. Often if the units were encountering problems communicating they would break into clear mode. OTAR (over the air rekeying) effectiveness is unknown to this observer.

  8. Optimum monitoring of this situation would have required a minimum of four trained SIGINT collectors to gather all the available communications.

  9. County EOC (Seperate from P.D. JTOC) was manned 24hr per day with EOC operators and ARES volunteers.

  10. A Second back-up EOC was also manned 24/7 at the American Red Cross in Akron, Ohio about 30 miles South in case primary EOC went down.

  11. Very very slow response to potentially serious info. Example, Out of State troopers reported seeing a male sticking his head in and out of a 7th floor building where all the other windows were closed. Also reported seeing a bright green light periodically from the same window directly overlooking parade route of BLM with P.D. Foot and bicycle units flanking, tailing and leading. Almost 3 hours later before a regular zone car responded to check area.

  12. Did not observe any use of federal or local inter-operability frequencies in the clear.

And there it is…done with simple, off the shelf equipment and good observation.

19 thoughts on “A SIGINT report from the RNC

  1. S6cnrdude

    Good report! S31 recently listed some resources on formal SIGINT: TM 32-250 Fund. of Traffic Analysis, FM 34-40-2 Basic Crypto. and FM 34-3 Intel Analysis (Mar 90). I’m always interested in how other do so I can learn and improve.

    1. FMs are fine, but stale as an MRE cracker. Find a book on foxhunting, it’ll be much more entertaining and you’ll probably get more out of it. As for crypto, the needs depend entirely on one’s adversary.

      A proper SIGINT report is simple.

      1. Date Time Group, Your Callsign, Grid Location
      2. Frequency Observed
      3. Callsign(s) Observed
      4. Nature or Length of Traffic (to include the message itself)
      5. Mode (FM, AM, Polarization if it can be determined, Analog/Digital, etc.) and Crypto mode present, if any
      6. Azimuth or grid to target, if it can be determined.
      7. Any additional observations made.

      1. *If using SDR – don’t forget the record button…

        **If using conventional analog scanners – don’t forget you have an Audio-out and a microphone-in on your PC…

      2. The Alinco DJ-X11 keeps catching my eye, but I’ve been waiting for more info on the new Icom R30. It’s a thing…just not much on it.

        Plus I’m saving my lunch money for an Elecraft KX2.

      3. …sausage finger “smartphone” malfunction…

        My handheld is swimming in a lake, so I’ve been using a laptop and an SDR. To say it’s portable is generous…

      4. S6cnrdude

        Good info and format. I just picked up a WS1088. I need to learn how to use it effectively. It does have the recording feature. But I also plan to keep a written log.

      5. Good scanner. I have it’s little brother (PRO-668/ WS1080) floating around for digital monitoring.

        Also, on the topic of books on Signal monitoring, check out Lawrence W. Myers.

  2. Pingback: Brushbeater: A SIGINT Report From The RNC | Western Rifle Shooters Association

  3. PSYOP

    Excellent sitrep….The time is now, to learn and do, as we routinely discuss and “encourage,” fellows, not when “it” hits, cause knowing how to use ones kit, in an active scenario, under less than ideal conditions, will not automagically transpire and make one become “supercommoman,” no matter how many CCR’s one has stashed away in .50cal ammo cans…

    I am regularly, along with fellows i know, using/testing/tinkering with various commo gear, and am an IT guy by training and profession, also a former 72E (long time ago but basics stick) and routinely refer to my manuals, and cheat sheets to get it right….

    It takes practice, real world practice, like driving downtown, perhaps to a local airport or police HQ, with ones gear, and just using and listening, making notes, learning, unlearning and relearning about what works, and doesn’t….

    This particular OODA loop, once in play, will be a vicious bitch….

  4. Charles Griffin

    I am looking to add an AOR 5500 to my kit (Uniden bcd536hp, Airspy SDR)…is it worth the effort?

    1. AOR makes good kit. If you’re picking it up at a good price (we are talking the 5500 Spectrum Display) then yeah, it’s great for a fixed station. Otherwise, it’s cheaper and simpler to do it with an SDR dongle and a laptop.

Comments are closed.