MONITORING, SCANNING, AND INTELLIGENCE GATHERING

This is a follow up on the article “Scanners – How to Use Them for Info” in the February issue of Survival Dispatch Insider.

Why?

If you have a preparedness mindset, then knowing what’s going on in your local area is important. Communications monitoring is one of the five intelligence essentials for community security. You should have already done some research to identify risks, hazards, gangs, resources, and critical infrastructure in your neighborhood. This is known as your area of action (AOA) in military terms. For information on how to identify these risks, hazards, resources, etc., you should take the Forward Observer’s Area Intelligence course.

This article will go over some of the basics of what, and how to gain signals intelligence (SIGINT), communications intelligence (COMINT), and electronics intelligence (ELINT).

Definitions

Area of Action (AOA) is a military term meaning the area of operation. In this context it’s your immediate community.

Signals Intelligence (SIGINT) is intelligence gathered by the interception of signals. SIGINT is a broad field and covers a number of sub-fields:

Communications Intelligence (COMINT) is the gathering of intelligence from the communications between people. Commonly from over the air communications but it can also be from tapping into telephone lines, which is illegal unless you have a warrant. In Amateur Radio there are other modes than voice which can be used. Such as digital messages in a number of different modes (such as PSK31, MT-64 and lots others) and morse code.

Electronic Intelligence (ELINT) is the analysis of the signal where voice or other data cannot be determined, such as when a signal is encrypted. In the military world this would include analysis of radar and other equipment emitting a signal. In the civilian environment many law enforcement agencies encrypt some, if not all of their radio channels (see more below). Direction finding can provide the location for the source of transmissions. This is one of many sub-hobbies in Amateur Radio.

Analog is the most common form of transmitting audio signals. Your standard AM and FM radio signals are in analog. If you have HD radio in your car that’s a digital signal (see below).

Digital audio is a processed signal where the audio is converted to data bits. A digital signal isn’t as susceptible to interference as analog and it tends to be cleaner. There are a number of digital signal formats, called codec. In a public safety radio system the first part of the digital signal contains information that includes the radio ID as well as the talk group the radio is on. This is similar to HD radio where the signal contains information about the music being played. This is then displayed on the radio. In older radio systems the format of the digital signal is proprietary. P25 standards were developed to provide interoperability (see more below).

Frequency is the specific frequency (usually in Mhz) that a transmission is on. There are a number of different sources to find out what frequencies an agency is transmitting on (see more below).

Channel is a name given to a frequency or pair of frequencies. A pair of frequencies are used when a repeater is used. One frequency is used to transmit on, the other to receive.

Repeater is used to take a weaker signal and repeat it so other users can hear. A repeater is usually on a hill, high tower, or other strategic location that will allow users to hear everyone’s transmissions.

Talk Group is a pseudo name for a channel in a trunked radio system. They’re usually named for the department that is using them, such as Fire 1, Fire 2, Police 1, etc. In most cases there are more named talk groups than available channels on a system (see trunking system below).

Trunking or Trunked Radio System is a computer controlled collection of repeaters to allow sharing of a limited number of channels between a group of users. There may be over 1,000 radio users on a system with 30 or more talk groups. One channel is used as a control which then communicates with all the radios that are turned on. Each radio has a unique ID assigned to it so the system knows what talk group each radio has selected. When a radio pushes the push-to-talk (PTT) button it signals the system to assign an available channel (repeater) and all the radios on that talk group are switched to that channel by the radio system. All this takes place in less than a second. Older trunked systems used analog signals but most have transitioned to digital.

P25 is a set of standards developed for public safety communications. It’s intent is so that radios made by different vendors will work on trunked systems made by different manufacturers. Most proprietary trunked systems are near end of life and are being replaced. Motorola and Harris are the two largest system manufacturers. The standards also address the method and process used to convert the signal to the digital format.

Digital Mobile Radio (DMR) is another digital and signal standard. It’s used in commercial radio applications as well as Amateur Radio. Only newer scanners are capable of decoding DMR signals. Some listings list DMR systems as TRBO or MotoTRBO.

Digital Smart Technologies for Amateur Radio (D-STAR) is another digital signal format. It’s only found in Amateur Radio and at this time there are no scanners on the market that can read D-STAR transmissions.

Encryption is used in public safety applications. Federal agencies are mandated to use encryption. Local, county, and state law enforcement agencies typically only use encryption for specialized units such as SWAT, gang, and drug units due to costs. There are a number of difference types of encryption, with AES-256 being the current standard. Older versions have been successfully broken with modern computer software but may still be in use in older public safety systems. All radios must have the same encryption key. Encryption can be compromised by failing to follow good practice. Scanners cannot decrypt an encrypted transmission.

Continuous Tone-Coded Squelch System (CTCSS) is a sub-audible tone that can be added to an analog frequency to help reduce interference from other users. In most cases it’s used to eliminate interference getting into a repeater system. It’s commonly called PL. CTCSS doesn’t provide any privacy, and when scanning it’s not necessary to listen to transmissions.

Digital Coded Squelch (DCS) is a digital version of CTCSS that puts a continuous stream of digital data on the transmitted signal. It’s not necessary to program into a scanner to listen to the transmissions.

Network Access Code (NAC) is used similarly to CTCSS and DCS but on a digital system.

Amateur Radio (Service) (aka ‘ham’) is a license radio service under Part 97 of the Code of Federal Regulations, FCC Rules. Operators take an exam and get a call sign assigned by the FCC. There are three levels consisting of Technician, General, and Amateur Extra (usually just called Extra). Morse code is no longer a requirement for a license. For more information on obtaining your license see this article. If you live in Colorado see Patriot VE Team on Facebook for free classes and testing. For free testing in other parts of the US go to www.LaurelVEC.com.

Radio Frequency Sources

There are a number of ways to locate the radio systems and frequencies with the most user friendly one being RadioReference.com. You can search by county or agency.

You’re more likely to find a trunked radio system in urban areas. Entries for trunked systems will identify the type of system, the operating frequencies, and many of the talk groups. In large cities also look for a Federal interoperable system or frequencies.

Also search the national agency frequencies. Federal, or FEMA, task forces such as the Urban Search and Rescue (USAR) units carry encrypted radios. Some of the common Federal frequencies may be in use. They’re intended for interoperable communications between Federal and local agencies so aren’t usually encrypted (see NIFOG below). National Red Cross frequencies can be found on this page but you’ll probably have to search the state or city page to find local frequencies they may be using.

Remember the information listed is provided by people who listen to the system so there could be talk groups that aren’t commonly used and therefore not listed. Depending on the system there could be public safety and many of the local county or city departments on it. Rural areas may still be using analog repeaters.

Another useful resource is the National Interoperable Field Operations Guide (NIFOG). This contains national interoperable frequencies in various bands. These are intended to allow local, state, and Federal agencies to communicate.

While Radio Reference does list some Amateur Radio frequencies, a more complete list can be found at RepeaterBook.com. Search the web for local ham clubs and they’ll list frequencies of repeaters they maintain. You should also search for your local Amateur Radio Emergency Services (ARES) and to find a copy of their communications plan. This will list repeaters and simplex frequencies that they’ll use to support local emergency management in a crisis.

Amateur Radio has access to a large spectrum of frequencies in many bands (see amateur band plan). Scanners will receive the common VHF (2 meter) and UHF (70cm) amateur frequencies but not their HF (shortwave) allocation. Long range communications into and out of the disaster area are done on HF frequencies during major disasters . Other than voice communications, Amateur Radio is known for its ability to pass messages in digital formats. There are a number of different digital formats hams can use. Just like with voice there are many different parts of the frequency spectrum. Research your local ARES group for some of the frequencies they use for digital communications. A free software program called Fldigi is used by hams to send and receive digital messages. You can download it and simply set it to use the microphone on your computer. It will decipher any message it hears over your scanner if it’s in the right mode. Commonly on the VHF frequencies the MT-64 format is used.

Amateur Radio has a number of digital voice modes that it can use. D-STAR and DMR are two of the most common ones. Local repeaters can be connected with both these systems to other similar repeaters all over the world. As mentioned previously, scanners won’t decode D-STAR transmission but newer ones will decode DMR signals.

You’ll want to research how many D-STAR repeaters are in your area and if they’re used for emergency communications. If so, you might want to invest in a D-STAR capable radio so you can monitor emergency communications. Currently Icom is the only manufacturer of mobile D-STAR compatible radios. Current models (ID-4100A) are around $450. However, the older model ID-880 may be found on eBay or similar sites for less than $300. Both Icom and Kenwood make handheld D-STAR capable radio. The easiest way to program these radios with D-STAR information is with RT Systems software.

There are a number of different DMR networks, the most common and rapidly growing is Brandmeister. Brandmeister has a dashboard and from there you can search for repeaters as well as hotspots, which is a small transmitter that someone has at their house connected to the network. It’s also possible to listen to the audio on any repeater and on any of the thousands of talk groups. If you have a local Amateur Radio DMR repeater you’ll only hear a talk group that a user has connected to. If you want the ability to listen to any talk group, especially the state or national emergency ones, then invest in an openSPOT and a DMR capable handheld radio. The openSPOT is a digital radio that connects through your internet to the DMR network. This is subject to you having power and an internet connection as with the use of scanner apps.

Some states or areas have closed networks In addition to the DMR repeaters. These aren’t connected to other parts of the country. Colorado has a very large and robust DMR network that currently includes about 27 repeaters. Wyoming also has a closed network. It’s not possible to listen to these closed networks other than with a scanner or radio in range of one of the repeaters. Many of these closed systems are used in emergencies to support local and state emergency management. Some very reliable and well supported DMR radios are made by Connect Systems. Local ham clubs that operate DMR repeaters usually provide programming assistance.

The National Oceanic and Atmospheric Administration (NOAA) operates continuous weather information on seven VHF frequencies. Every scanner has these built in and will usually find the strongest radio signal near you. Check the NOAA site as it will provide you the correct one for your area. This is important as the NOAA frequencies are used to transmit special alerts, warnings, and watches. They are specific to your area by utilizing Specific Area Message Encoding (SAME). These are specific header codes that indicate the area and the nature of the warning.

If you have a weather radio or in most scanners you can program it to only open the frequency when one of the SAME codes is received. Otherwise you’ll be listening to the weather report repeat continually. Some of the SAME codes are programmed to also set off an alarm in your scanner. This same system is used for the Emergency Alert System (EAS) messages. These codes are used for a number of other emergencies and disasters. In each area there is a designated primary radio station that has equipment to receive the EAS messages. Then they pass them on to other participating stations for broadcasting.

If you’re near a body of water you may want to listen to some marine channels. VHF marine channels are referred to by their number. Marine channel 16 is a calling frequency, and once contact is established you switch to another channel. The U.S. Coast Guard monitors Ch. 16 but also operates on channels 21A, 22A, and 23A. In addition to the VHF marine channels there are a number of marine frequencies in the MF and HF bands.

There are a lot of digital communications in the HF bands, especially military and Federal agencies such as the Coast Guard and Customs and Immigration. During disasters Amateur Radio operators provide communications into and out of the area using HF frequencies. Also in the HF bands you’ll find continuity communications capabilities such as the National Communications System Shared HF Resources (SHARES) program. If you search “HF frequencies” in radioreference.com you’ll see a number of lists (below the [Ad] links) for USAF, HF Military, HF Maritime, USCG, and a number of other lists. A web search will also find numerous lists of HF frequencies put together by other monitoring enthusiasts. As mentioned before, print these lists and keep in a binder/notebook.

Another interesting note is that there is now a company offering global HF communications for customers. Http://www.globalhf.net/ seems to be a new company with around 276 FCC licensed frequencies. They’re offering continuity capabilities in the case of satellite communications being unavailable. Obviously it’s not easy to find out who their customers are but if you have HF capabilities it might be interesting to see what kinds of communications are being passed. Their customers might include critical infrastructure such as power and other utilities.

Your AOA

You will need to identify the resources and assets in your area that use radios. The obvious ones are your local police, fire, and emergency medical services. Others can include:

• Water company
• Electrical company
• Public works
• Airlines & companies that provide ground support such as fuel and ground handling
• Air traffic control
• Airports, not forgetting uncontrolled airports (as they usually have a frequency assigned)
• Amateur Radio, to include Amateur Radio Emergency Services
• Red Cross
• Salvation Army
• NOAA
• Federal agencies (although many will be encrypted)
• Local Community Emergency Response Teams (CERT) (may be using FRS, GMRS, and/or ham frequencies)
• Neighborhood watch (may be using FRS or GMRS)
• School – Security and BASE units

Scanner Selection

Local Radio Systems

There are numerous scanners available, handheld or desk/mobile configurations. Rather than provide a review of multiple scanners, I recommend the Home Patrol II scanner. It has high reviews from all who have used it. Most scanners require the user to program in the frequencies and systems you want to listen to. The Home Patrol II uses your zip code or it’s built in GPS to select from it’s database. This makes set up and using very easy. The Home Patrol II will work with all trunked systems on the market as well as DMR and conventional analog transmissions. It will also run on regular batteries so you should make sure to keep a stock of both regular alkaline as well as rechargeable. Make sure you have the means to recharge them by solar power.

Software Defined Radio (SDR)

A SDR is a dongle that you use with your computer and connects to an antenna. I don’t have much experience with these. The one I’ve seen comes highly recommended from NooElec. These allow you to listen to a wide range of frequencies.

Strange Messages

While scanning the HF bands you might come across stations transmitting a series of numbers in groups. These are numbers stations and were common in World War II as well as the Cold War. A transmitter in a friendly country transmits the numbers which can be heard over a regular AM radio to an agent. Only the agent that the message is intended for has the ability to decrypt the message by using a one-time pad (OTP). The page with that particular cypher is only used once then destroyed. By doing this it’s impossible to determine who the message is for and it cannot be broken.

You’ve probably heard the term Emergency Action Messages (EAM) from any modern war movies. The US Military operates the High Frequency Global Communication’s System (HF-GCS). During the Cold War Strategic Air Command (SAC) maintained an airborne command plane nicknamed “Looking Glass” and B-52 bombers were in the air 24/7. During this time it was possible to hear regular transmissions on the HF-GCS. While it’s still in use today, transmissions are less frequent.

In addition to sending EAM’s, the HF-GCS sends high priority messages known as Skyking or Foxtrot Broadcasts. The message is in a different format to EAM’s and starts; “Skyking skyking do not answer..”

When listening to HF-GCS transmissions you may hear an echo. This is because the HF GCS has transmitters all over the world to ensure global communications. With the recent news that the USAF is considering putting the B-52’s on 24/7 alert again there may be more traffic on these frequencies.

Deciding what to buy will depend on your assessment of what radio transmissions you want to monitor.

What to Listen To

What to listen to is determined by your situation. For general day-to-day you might want to listen to police dispatch that covers your neighborhood. You’ll want to research what, if any, 10-codes or other codes your local and state police departments use. It will probably take some time for you to understand what they’re saying, and figure out the call signs assigned to different units. Take notes in a notebook, don’t rely on a computer file or document as you might not have access if the power is out for an extended time. You should also do this for other agencies and organizations in your AOA. As you do so, create a battle map (see more below).

In the case of a winter storm you might want to listen to public works or other agencies responsible for snow ploughing to determine what roads are passable or not. Depending on the area this could be your city or county or the state.

There may be traffic on a police channel when the power goes out if it was because of an accident. If a larger area is involved, your electric utility company channel might have some information on.

Normally you wouldn’t monitor a talk group that is encrypted as there won’t be any useful information. As mentioned above, the digital signal contains information about the radio including it’s ID. If you monitor the local SWAT talk group and you suddenly see an increase in radio traffic (ELINT) it may indicate a situation is occurring. Note down ID’s to determine how many radio users (i.e., officers) are involved. The same applies for Federal agencies, monitor over time to gain a knowledge of the normal day-to-day volume of transmissions and who they are. If you see sudden changes it may indicate something is going on.

Previously we discussed HF communications and how to listen to them. For local events you’re not going to gain any information from HF communications. However, if there is a wide scale/large area event HF communications may provide you information that isn’t available locally.

Where Are They?

With communications on conventional frequencies rather than a trunked system, it may be possible to determine where the transmission is coming from. By having several people listening in different areas of town and using directional antennas it’s possible to get a bearing from each location. Then you can triangulate. In most normal situations, transmissions are so short that it’s not possible to triangulate on a daily basis. With a repeater you need to listen to the input frequency or the one the mobile is transmitting from. With a trunked system it’s almost impossible, especially if it’s a multi-site system. This is because one transmission is repeated on all the sites simultaneously.

What To Do With The Information

Firstly, you should create a battle map. This is a local map where you plot events, units assigned, and their call signs. This will help you develop a pattern of the call signs of units, police, and fire districts/response areas.

Battle mapping a parade or protest or some other event going on in your area is especially important. This will keep you advised of road closures or the way a crowd is moving, etc.

As mentioned earlier, monitoring encrypted talk groups won’t provide you any audio. However, you can battle map the ID’s of radios transmitting. Sudden increases in the number of radios transmitting, or a sudden stop, might indicate a raid of some kind.

Having a local community preparedness or neighborhood watch group is a good way to keep your neighborhood safe. Creating communications capabilities between each other that don’t rely on cell phones should be a priority. There are a number of articles in the February issue to get you started on getting your ham license.

The Amateur Redoubt Radio Operators Network (AmRRON) is a network of ham radio operators that have a preparedness mindset. AmRRON has regular nets for practice at both the local and on HF frequencies. They also utilize Fldigi to send formatted messages with an application that integrates the form into the software. By sending reports to other groups it may help to paint a picture of something larger going on.

The SPOT is a concise report of essential information. The format of the information uses SALUTE:

• Size (Platoon? Battalion? # of Vehicles? # of Persons)
• Activity (Convoy, Checkpoint, Patrol, Cordon, Training, Interrogation, Relocating/Evacuating Citizens, Etc.)
• Location (GPS/Grid Coord, Address, Road Name/#, Direction, Proximity to Landmarks, Nearest Town, Etc.)
• Unit (Domestic/Foreign, Police, Military, Branch, Guard/Reserve, Unit Designation, Civ Supt, Volunteer, Etc.)
• Time & Date (Date/Time Group: YYMMDD 24hr-Time eg. 20131117 0930 Mtn/Pcfc/Zulu, Etc.)
• Equipment (Weapons, Equipment, Supplies, Vehicles, Armor, Etc.)

While AmRRON does have an online form to submit a SPOT report, you should locate members in your area. Integrate your SIGINT with the ability to send a SPOT report over the air.

The ability to communicate has been increasingly important to war, peace, and our public safety services since the invention of morse code. As a society, we have become so attached to our communication devices that you see people driving while on their cell phones or texting. We even see people crossing the street and walking around on their cell phones totally oblivious of what is going on around them. Even to the level where it sometimes has disastrous consequences. We’re connected 24/7 and cannot be without our cell phones. Being situationally aware is essential if you want to keep yourself, your family, and your community safe. Those who can continue to communicate in a crisis will have a huge advantage over all the people hooked on their cellphones.