1998-01-17 - Locating radio receivers

Header Data

From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
To: cypherpunks@toad.com
Message Hash: 4d5f6d5e429e677c0901458538000f6c5d976d11ed5e983cbedb0e4979ecd2a8
Message ID: <E0xtbs7-0004Rk-00@heaton.cl.cam.ac.uk>
Reply To: <19980116220255.3116.qmail@nym.alias.net>
UTC Datetime: 1998-01-17 17:27:41 UTC
Raw Date: Sun, 18 Jan 1998 01:27:41 +0800

Raw message

From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
Date: Sun, 18 Jan 1998 01:27:41 +0800
To: cypherpunks@toad.com
Subject: Locating radio receivers
In-Reply-To: <19980116220255.3116.qmail@nym.alias.net>
Message-ID: <E0xtbs7-0004Rk-00@heaton.cl.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Kay Ping wrote on 1998-01-16 22:02 UTC:
> Radio links are perfect for hiding the location of receivers.

Actually, this is only true for extremely carefully shielded military
receivers and not for normal radios. Every receiver contains a local
oscillator to bring the signal down to intermediate frequency (IF), which
is emitting EM waves itself. In addition, the IF signal is emitted
as well.

As Peter Wright reported in his autobiography, British counterintelligence
(MI5) used vans and planes already in the 1950s to detect spys while
they received radio communication messages from Moscow and to protocol,
which frequency bands the embassies were monitoring (operation RAFTER).
Efficient receiver detection is an active process: You send out short
bursts of a wideband jamming signal and try to find the downtransformed
intermediate frequency equivalent of your burst in the compromising
emanations of the receiver. This way, you get not only the location of
the receiver, but also the precise frequency to which it is tuned.

Locating radio receivers within a radius of many hundred meters this way
was already state of the art in the spook community over 40 years ago,
so you can safely assume that with digital signal processing, the
performance parameters of modern systems have been increased
significantly. Sending out spread-spectrum style pseudo-noise signals
in the active probing bursts could give you in modern receiver detectors
a considerable signal gain.

Markus

-- 
Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK
email: mkuhn at acm.org,  home page: <http://www.cl.cam.ac.uk/~mgk25/>







Thread