Developing and Exploiting Open Source Signals Intelligence

intelligence cycleThe whole point of intelligence is exploitation- what we collect and refine must be actionable. If not, it does us no good. You can run around with your rifle and kit all day and accomplish exactly zero without a larger coordination and dedicated effort towards recognizing how to exploit weakness in one’s foe. That is, if you don’t get yourself killed. Reality holds that the intelligence cycle begins and ends for most prepper-types with maybe listening to a police scanner every now and then (mostly worthless until something serious is going on), checking social media, gossiping, and then checking your favorite blogs. This all fits in the collection box of the intelligence cycle. Most have put next to zero time focusing on the enablers that are many, many more times important than trigger pulling. There’s a reason I don’t write a lot on line unit tactics (UW is NOT just learning battle drills and how to conduct an L-shaped ambush) even though I should- there’s no need. There’s only so many times you can read about breaking contact or magazine dumps; all of that fun stuff will become absolute hell because you didn’t take the time to work on he enablers & supporting tasks now. Not having to do that break contact because your dedicated signals collection guy on the patrol intercepted the OPFOR’s commo plan (because they were probably pretty sloppy) is a hell of a lot better than walking into an ambush. You might even get to lay one in for them and take their stuff. But don’t listen to me, I’ve only done this for real a few times.

IMG_1309Back in the early days of this blog I wrote short blurbs about the importance of things called Data Books– which should be nothing new for veterans of more elite units out there and for Long Range Marksmen. But Data Books are not limited to recording Data On Previous Engagements (DOPE) on our weapon systems– it should also serve as a quick reference on a large number of topics for us as we operate in an area. Things that really come in handy, such as:

  • Flora and Fauna, both good and hazardous
  • Key Terrain Features, including Human, in the Area of Operations (AO)
    • Local gathering sites
    • Local persons of influence
  • Equipment recognition guide and data cards
  • Technology present in my AO

That last bit is critically important- there’s a reason every Intelligence agency has a technology analysis branch. We have to know what a potential adversary’s capabilities are, beginning with his principle enabler- communications. As I cover in the RTO course, advancements in radio technology being fielded in all areas is changing at a rapid rate. Civilian data in the US is publicly published. Even military data is not terribly hard- the specifics take some digging but glossing over but FCC Frequency Allocations gives a great starting point as to what can be found where. It might be a really good idea, and one I cover in class, to write down all of the license free band frequencies; you know, like the frequencies those MURS, FRS/GMRS, and Marine are actually on? That way if I happen to come across a group talking on 151.82mHz, I know know they’re on MURS 1 and can begin communications mapping of their capabilities.

Wait, what? Communications Mapping is not at all a hard concept- I listen for you, write down where you’re transmitting and a compass bearing (if I can get it) while also writing down any other pertinent information. Things like callsigns, male/female voices, times, languages, accents, emotions, the level of training, and if they’re even hostile from the traffic itself are all items that can tell us the level of organization (or lack thereof) of our adversary. And while it sounds simple, it takes discipline and training to execute correctly and to also remember- you’ll be on the receiving end of this as well.

Finding information on systems used by other nations is not nearly as easy and requires either a bit of linguistics skills or extreme patience with google translate. But why would we even dedicate time to it? Because, there, sunshine, your gear is not the only ones that might pop up in your area of influence- your militia, “MAG”, NPT, or whatever you want to call it will all have a definite capability limit and if the world has went to pot bad enough for you to form the Wolverines, then there’s probably also going to be peacekeepers invited in by whatever body still holds the governmental reigns of power.

russian VHF
This is a Russian Army VHF radio, R-168-5UN-2E, filling the same role as our SINCGARS units. What’s significant is that its published frequency range is 30-107.975mHz, placing it in our broadcast FM radio range. Knowing this is vital to Partisan groups needing cheap early warning capability if facing users of Russian exported equipment.

I wrote a piece a long while back regarding the value of open source intelligence (OSINT) when it comes to technology of potential adversary nations. The links contained in that piece, written in 2015, either no longer work or have changed significantly to the present. Three years time does that. One of the things we should be doing is regularly staying on top of those changes as best we can. One way to do that is simply searching for foreign Infantry equipment- most nations today have the same operational security problems we do in the US- social media, competing contractors & corporate espionage, and good ol’ fashioned loose lips. Regardless, for those serious, a continuously updated data book needs to be maintained- hopeless tin foil shrieking doesn’t cut it. The info is out there for the dedicated.

Setting domestic politics aside, the attitude of many preppers and preparedness-oriented groups has shifted from a threat of foreign invasion to a domestic insurrection; candidly I conclude they’re both on the table, and not only likely but will work in tandem. If you think that the US is the only country exploiting the role of armed groups to cause discord in a target nation, you’re woefully behind the power curve and have missed a few points entirely. But what comes next? Just like with our adventures in regime change…er…the ‘Arab Spring’, those groups will be supplied by their benefactor along with varying degrees of technological support. The occupying military force will be present in an ‘advisory’ or ‘peacekeeping’ role to either manage the chaos or support the favored regime. Compare the roles of the major powers in the Syrian conflict and you’ll get the idea. That reality presents itself with an exploitative value especially in the realm of communications.

PLA chest rig.jpgBut where to look? Search engines are our friends- particularly those with offshore servers and less of a political agenda. If I want to check out the new and upgraded equipment being fielded by the Chinese People’s Liberation Army (PLA), a great starting point is the dedicated forum ( that has regular posts on a lot of new in-service equipment. Several threads in particular are showcasing all of the new Infantry stuff.

What’s interesting, at least to this former ground pounder, is that the equipment being issued among PLA ground forces is remarkably similar to our own- part of the Chinese modernization plan put in place by Premier-for-life Xi Jinping. What you see above is a new model plate carrier which looks nearly identical to the ones being issued to US forces since 2012. But more significant is the relatively simple radio on the back of the vest. By its length the antenna tells us it’s low-band VHF (30~88mHz) and its size and placement tells us its meant for inter-squad use. Folks that have been to any of my classes know why a radio on the back is a pretty bad idea, if it wasn’t common sense already. Seeing something like this pop up in our AO tells us quite a bit about a group’s benefactor. It’s the pocket lint that matters- the small details you’d otherwise miss.

russian_SOFlayout2.jpgThe Chinese are not alone- Russia has rapidly modernized several of its ground forces’ enablers, readily seen in this layout from a captured Russian Special Operations Forces loadout in Syria. Looking to overseas sources, this layout of kit becomes pretty impressive- not just the IWT 640 Thermal Sight on the weapon, but the seemingly lightweight communications gear he was carrying. The handheld appears to be in the R-168 family of equipment and a quick reference tells us that it’s 146-174mHz. We know that it’s used to coordinate with other teams on the ground. The larger radio (bottom right) appears to be a R-168-5UN-1E, with a frequency  range of 30-87.975mHz. The set itself is a smaller version of this radio: R-168-5UN-2E.

I’ve got a lot of information and resources embedded in this text, but since the end state of intelligence is exploitation, how does it factor into our planning? The real objective of military equipment production is export sales. BRICS is a very real thing- and economic alliances are followed by military lend-lease ones. As factions galvanize on a conflict they’re provided support at some point from a sponsor nation. Since small arms are actually the simplest part of the equation (might be a shock to some of you) the more sophisticated equipment that provides purpose and direction needs a bit more attention on your part. You may not be able to counter it, but like a good judo form, learn the tell tale signs of its signature in your area by listening (and watching) and you’ll have an early warning that they’re roaming your AO- the biggest enabler I can think of- but it takes discipline and training. Find and Fix is the watchword of the guerrilla.

Remember again that the whole point of intelligence is exploitation- what we collect and refine must be actionable. If not, it does us no good. It begins with mapping the signals in your area and putting a label on it; it doesn’t have to be fancy, but you should know what goes where. Once you’ve found a signal, start trying to find the other data on it and what that exploitative value might be. Fortunately for you, we’ve got some classes lined up in the Fall focusing on building these skills in a live environment.


13 thoughts on “Developing and Exploiting Open Source Signals Intelligence

  1. A few comments on this excellent subject NCScout.

    Whether it is as simple as a localized natural disaster or as nasty as a domestic/foreign firefight, drama will eventually come to your doorstep.

    Recently one of my group decided to go off in a non-prepping excursion because after all, “Mr. Trump is in charge now”. As foolish as that opinion is it has become the mantra for a lot of pre-Trump preppers.

    To the folks that start to wander away from the task at hand I suggest that this lull is God’s way of saying, “get out there and practice.”

    As Coach Lombardi reminds us, “Practice does not make perfect. Only perfect practice makes perfect.”

    Well most of my team is still practicing like tomorrow will be “the day”. We garden, raise live stock, sharpen our shooting skills, can, use all of of our equipment and not let it sit in its original cartons, hone our ham radio skills, PT, et cetera.

    As one example, that directly applies to this article is we participated in an amateur radio ‘Fox Hunt” this past Saturday. Why might a prepper find this skill valuable you might ask – Think radio direction finding! Think NCScouts “Intelligence Cycle”.

    Using a cheap ‘home brew’, tape measure Yagi antenna, you too can zero in on someone broadcasting within your AO. One fix only gives you a general line on the transmission, which is valuable; However, multiple fixes narrows down the location of the transmission even more.

    When ever a Fox Hunt is advertised we do it. We do it as practice for the inevitable day it will be used not for practice.

    Looking forward to the RTO 202 class at the end of October NCScout!


    1. ghosttiger

      Tape measures are often free at Harbor Freight, too. PVC isn’t expensive. I have a spare tape set aside to build one of these. Good contribution!

  2. Pingback: Brushbeater: Developing, Exploiting Signals Intelligence – Lower Valley Assembly

  3. ghosttiger

    Good stuff as always. Very interesting that Russian and Chinese squad radios TX on our FM frequency. If I were them, I’d probably use that to my advantage for propaganda dissemination. But I’m sure they would never think of that… 😉

    1. That could be one option, but there’s a couple of other possibilities. Both armies mentioned are rooted, strategically, in mobile warfare. Because of that they may plan their equipment capability along with some level of interoperability with the target nation’s most common equipment. Setting up commo between a vehicle convoy from locally sourced (stolen) trucks for example, would be incredibly easy with a couple of transmitters and the rest simply receiving commands and acknowledging with turn signals, flags, etc.

      That, propaganda value, a psyop tool, etc. Lots of reasons why.

      I’ve never found any documents stating a reason for this capability on the Russian Army’s part, so really I’m reasonably guessing. But the fact that it *can* is significant as an early warning system when you hear their signature over the radio (even if it’s encrypted, you’ll still hear the carrier).

      1. PRCD

        I think another possibility is that we can’t understand most of the radio stations in dense urban areas anyway: they’re in Spanish, Chinese, Vietnamese, etc. The Russians often build stuff out of band from us. Check out the website. All of the Russian SAMS/IADS use different frequencies than ours since they have different goals with their air defense systems. The Chinese tend to buy them from the Russians and then copy and modify them. What are Chinese and Russian FM bands? Does anyone have a spectrum allocation chart?

      2. Willy

        The Russians may have been thinking primarily of Europe when they included FM broadcast band capability in their systems. I believe the FM broadcast band in Europe, Africa and parts of the Middle East are essentially the same as ours – ITU Region 1 is 87.5 – 108 MHz, almost identical to our 88 – 108 MHz. I think Australia changed theirs to align with Region 1.

  4. Doc

    This is a regular site for me, although I only comment occasionally. I would highly recommend listening to a police scanner regularly. It’s good to know what’s going on in your AO, but much more importantly you get to understand the nuances of the traffic. It takes time to develop an ear for a comms net. Radio codes, acronyms, even tones of voice can tell a story.

    I’d also recommend a loop antenna mounted on a 3′ piece of PVC or wood for a DF antenna. For the VHF high band, a loop about 10 inches in diameter as described in “Transmitter Hunting: Radio Direction Finding Simplified” by Moell & Curlee is excellent. It’s very easy to carry and the null is extremely sharp allowing you to get an excellent azimuth.

    This link also gives some good suggestions:

    Thanks Scout,
    Doc out

    1. As for listening to a scanner…it’s important to know the protocols, but there’s not a ton of other value for the *casual* listener.

      That’s an excellent book, and one I reference often. 🙂

Comments are closed.