This article, based on products from SWS Security, was
published in Business 02 magazine in November 2001
Weapons of the Secret War
How the shadowy science of signals intelligence, honed in the drug wars, can help us fight terrorism.
By Paul Kaihla, November 2001 Issue
The target never had a clue that he was in imminent danger. A high-ranking member of a Kashmiri terrorist group implicated in the World Trade Center attack, he had every reason to believe he had eluded the manhunt. He was lying low in a nondescript safe house on the outskirts of Peshawar in Pakistan's Khyber Pass region. He steered clear of phones and kept to himself. His sole contact with his global ring was through wireless e-mail transmitted by a high-frequency radio running on only eight flashlight batteries. Using that low- powered signal to send messages of only a few words at a time -- keeping transmissions to short bursts -- he was impossible to trace.
Or so he thought.
What the terrorist couldn't know was that signals intelligence operatives had been on his trail for months. His communications network relied on a base station hundreds of miles away in the Afghan desert; that device had been spotted by a robotic spy plane, a U.S. Air Force Predator, that was mapping radio traffic along the mountainous Afghan-Pakistani border from an altitude of 25,000 feet. Thereafter, each radio message he sent brought his fate closer, the final one pinpointed by members of the U.S. antiterrorism unit, Delta Force, who were sweeping his outpost with handheld direction finders. They staked out the house with local commandos and waited. When their man stepped out for some air, they made a visual confirmation and radioed the kill order to a Pakistani sniper team. From a quarter-mile away, a shooter took out the target with a single .50-caliber bullet.
In the shadowy war against the architects of the Sept. 11 atrocity, this is how victory may look. If you think it all sounds too much like a Tom Clancy novel to be true, you're mistaken: The hypothetical scenario above parallels almost exactly the real-life demise on Dec. 2, 1993, of public enemy number one in the U.S. war on drugs, Pablo Escobar. That manhunt ended in Medellmn, of course, not Peshawar, and the infinite justice was administered by Colombian, not Pakistani, commandos. Still, members of the U.S. intelligence community and military say the drug cartel raids of the 1990s are a model for antiterror strategists today. In both campaigns, U.S. special forces advise indigenous troops, who do the actual dirty work. And in both cases, American signals intelligence technology plays a crucial role.
Broadly speaking, signals intelligence (sigint) is the interception, exploitation, and jamming of electronic communication, whether it's radiated through the atmosphere and sea or through fixed lines like the telephone grid. In its 21st-century American application, it is a multibillion-dollar enterprise designed to eavesdrop on the conversations and data traffic of U.S. adversaries anywhere in the world. (However, the law prohibits blanket electronic monitoring of U.S. residents, one reason perhaps that intelligence agencies missed the hundreds of e-mails the Sept. 11 hijackers exchanged with each other from personal computers and public library kiosks.) The listening posts in this worldwide surveillance network range from simple radio antennas wired into sophisticated receivers to P-3 Orion spy planes operated by the U.S. Navy and Customs Service to nuclear submarines like the USS Jimmy Carter, which can sit on the ocean floor for weeks at a time tapping undersea fiber-optic cables. The network even extends into space, where at least eight geosynchronous spy satellites vacuum up radio and other waves emanating from earth, beam the captured data to receivers on various continents, and then relay them to the mecca of sigint, the Fort Meade, Md., headquarters of the National Security Agency (NSA). Some of the above listening points feed data into the computers of a Cold War-inspired intelligence cooperative called Echelon, maintained by the United States, Canada, Britain, Australia, and New Zealand.
Behind the octopuslike network of listening posts is a technological arsenal that would stretch the imagination of Silicon Valley's best engineers. There are instruments known as spectrum analyzers, which are like MRI-scanners for all electromagnetic signals in an area. They not only can find a radio transmitter hidden in the mountains but will tell you its energy source. Data-mining software can comb through hundreds of millions of intercepted e-mail messages, faxes, and phone calls in a matter of minutes to find a single hot-button sequence -- say, the fax number of a suspected terrorist. Most mind-boggling of all is a system that can pick a single voice out of thousands of cell-phone conversations in an area, even if the speaker is constantly switching phones to avoid interception.
At the controls of all of this high-tech gear are specialists who number only a few hundred in the United States and perhaps only 2,000 in the entire world. Not surprisingly, they aren't particularly chatty about their occupation, but it's clear that they're in greater demand than ever. One of the handful of private contractors in the group (most are on the government payroll) told Business 2.0 that he was hired by a three-letter government agency the day of the attacks on New York and Washington, and has worked practically around the clock since. Of his latest assignment, all he will say is "I have to fly somewhere for this job tomorrow, and it won't be on a civilian aircraft."
Steve Uhrig is another private sigint contractor, a onetime "spook" with U.S. Naval Intelligence who is now one of the most respected surveillance and technical countermeasure specialists in the world. In other words, he installs bugs and wiretaps, as well as conducts sweeps for them, and designs "black boxes" of spy gear for clients that have ranged from the NSA and the CIA to Tom Clancy himself. (Uhrig spent the summer wiring the author's 440-acre Maryland compound with state-of-the-art surveillance and security gear.) He has not yet been tapped for the war effort. But to the extent that the campaign against the Colombian drug cartels was a rehearsal for the coming showdown with terrorists, Uhrig has a unique perspective on how the new conflict might shape up. After all, the Colombian army is by far his largest customer. Among the surveillance systems he has set up in Colombia is a network of 100 "beeper busters," computer-driven receivers with decoders that can filter both pager numbers and content of interest to authorities in real time. Now the instant a suspected trafficker or money launderer receives a pager message, Colombian army intelligence has a copy of it.
The Escobar takedown shows how U.S. sigint can work with local forces to eliminate bad guys. In 1993 the CIA and a covert U.S. Army unit called Centra Spike spent months in Colombia monitoring Escobar's communications from both the ground and the air, finally pinpointing his location when he made a call from his cell phone. Colombian special forces commandos gunned down the Medellmn cartel leader as he ran barefoot across the rooftop of an apartment building.
Sigint's work against the cocaine cartels evolved into a game of high-tech cat-and-mouse, especially after Escobar's death taught traffickers the vulnerability of cell phones. One of the cartels' countermeasures is to "roll" cell phones to confuse wiretappers. Using scanners, they steal the identities of innocent bystanders' mobile phones and program the "cloned" numbers into their own handsets for a few days at a time. Authorities can't keep track of what phone numbers they should be tapping.
In response, authorities deployed a remarkable surveillance technology that operates over Colombia from spy planes. It uses a series of devices called IF-to-tape converters ("IF" stands for "intermediate frequency"), in conjunction with directional antennas, receivers, and wide-band recorders, to scoop up the major bands across the entire cellular spectrum. Loaded with the proper gear, one aircraft can record all of the cell traffic in a major city by circling it at a high altitude and exploiting the powerful microwave signals that form a handshake between cell sites in wireless networks. Back at the plane's base, a computer extracts audio files of actual conversations from the captured signals. The audio files are then filtered with sophisticated voice recognition software, allowing intelligence analysts to identify all of a suspect's conversations by his voice, no matter how many times he rolls his phones.
According to Uhrig, those kinds of vacuum cleaner technologies will not be as effective against Middle Eastern terrorists. For one thing, Afghanistan has no cellular service. For another, this year's successful prosecution of four terrorists implicated in the 1998 bombings of U.S. embassies in Africa relied heavily on NSA intercepts of cellular and satellite phone calls between terrorist leader Osama bin Laden and his al Qaeda network. All too aware that its phones were compromised, al Qaeda has reportedly curtailed its use of phones.
Sigint operatives will adapt by trying to move in closer to bin Laden. That delicate and dangerous task is the forte of an unacknowledged U.S. intelligence agency bearing the innocuous name of Special Collections Service (SCS). The agency, housed in Beltsville, Md., a short freeway ride from NSA headquarters, is jointly staffed by the NSA and the CIA. Operating under cover from U.S. embassies around the world, the agency is known for Mission Impossible-style operations -- most famously, hiding bugs on pigeons that perched on windowsills of the Soviet embassy in Washington, D.C. The SCS is currently working overtime, experts have told Business 2.0, eavesdropping on government communications in Middle East capitals and, where possible, setting up listening posts around figures close to bin Laden's network. "They'll be trying to build a case to show the Taliban's support for al Qaeda," says a retired U.S. special operations colonel who is still involved with the military.
If bin Laden or other suspects try to blend into a densely populated city, they might choose to talk on a radio frequency that they will "snuggle" next to a powerful signal like a local television transmitter. "If you're sweeping the area for a radio, you'll miss it unless you know exactly what you're looking for," says Uhrig, who was the technical consultant for the film Enemy of the State. "A receiver will lock on to the big transmitter." In that case, electronic espionage agents would likely do their hunting with a spectrum analyzer. This device shows a picture on a monitor of all signals, big and small, and can break them down into their component parts much like a chemical analysis of your drinking water.
If, as seems more likely, bin Laden remains holed up in his mountain hideouts, Uhrig surmises that the terrorist leader may use a low-powered high-frequency radio network, whose signals would be drowned in background noise such as that emitted by electronic car ignitions. But sigint doesn't need to capture a whole conversation to make life very tenuous for the broadcaster. In a manhunt, in fact, all it really needs to do is ascertain the coordinates of a target. Modern direction finders can get a bearing on a radio or a cell phone even if they capture a signal lasting as little as 20 milliseconds. In that scenario, a target may meet his end not with a sniper's bullet but with something much louder. Out in the Afghan mountains, says a high-ranking officer formerly in charge of counter-drug operations and surveillance in South America, "there is no reason to put our troops in danger and do a SWAT-style hard takedown. You would just put a high-tech weapon on him -- send a Tomahawk into his cave with a laser detonator."
No one in the military or intelligence communities thinks it will be easy to locate -- let alone stamp out -- the organizations responsible for the attacks on the nation's largest city and its capital. But no criminals in history have had so much electronic weaponry arrayed against them as bin Laden and his cohorts do today. "If bin Laden has anything that creates an RF signal, his ass is grass," says the private sigint specialist who was contracted for the manhunt. "If our boy has any brains at all, the only thing he has on him is his handy Kalishnikov and a copy of the Koran."
Paul Kaihla is a senior writer for Business 2.0.