From: Eric Blossom <eb@comsec.com>
To: Markus.Kuhn@cl.cam.ac.uk
Message Hash: 40540270a95c1bf7037f31ff78fc31d40df73b28e08a3be90407bafaaad6f0d0
Message ID: <199801192155.NAA00465@comsec.com>
Reply To: <E0xtbs7-0004Rk-00@heaton.cl.cam.ac.uk>
UTC Datetime: 1998-01-19 22:42:42 UTC
Raw Date: Tue, 20 Jan 1998 06:42:42 +0800
From: Eric Blossom <eb@comsec.com>
Date: Tue, 20 Jan 1998 06:42:42 +0800
To: Markus.Kuhn@cl.cam.ac.uk
Subject: Re: Locating radio receivers
In-Reply-To: <E0xtbs7-0004Rk-00@heaton.cl.cam.ac.uk>
Message-ID: <199801192155.NAA00465@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain
> Kay Ping wrote on 1998-01-16 22:02 UTC:
> > Radio links are perfect for hiding the location of receivers.
>
> Actually, this is only true for extremely carefully shielded military
> receivers and not for normal radios. Every receiver contains a local
> oscillator to bring the signal down to intermediate frequency (IF), which
> is emitting EM waves itself. In addition, the IF signal is emitted
> as well.
>
> As Peter Wright reported in his autobiography, British counterintelligence
> (MI5) used vans and planes already in the 1950s to detect spys while
> they received radio communication messages from Moscow and to protocol,
> which frequency bands the embassies were monitoring (operation RAFTER).
> Efficient receiver detection is an active process: You send out short
> bursts of a wideband jamming signal and try to find the downtransformed
> intermediate frequency equivalent of your burst in the compromising
> emanations of the receiver. This way, you get not only the location of
> the receiver, but also the precise frequency to which it is tuned.
>
> Locating radio receivers within a radius of many hundred meters this way
> was already state of the art in the spook community over 40 years ago,
> so you can safely assume that with digital signal processing, the
> performance parameters of modern systems have been increased
> significantly. Sending out spread-spectrum style pseudo-noise signals
> in the active probing bursts could give you in modern receiver detectors
> a considerable signal gain.
>
> Markus
Hi,
I talked to some RF guys about the RAFTER attack about a year ago.
Their opinion was that since modern receivers have GaAs FET mixers,
they don't leak the LO or IF out the antenna like the old fashioned
inductor based mixers did.
This should be trivial to confirm with a spectrum analyzer.
Eric
Return to December 1998
Return to “Steve Schear <schear@lvcm.com>”