Brushbeater Signals Intelligence Course Review

Theodore Roosevelt once said that a man’s duty in life is to do what you can with what you have where you are. Nowadays, it is tempting to ignore the inherent call to action in the first part of this directive, and instead focus on all the things you could do if only you had this one item or if only you were around people who were as locked on and motivated as yourself. Unfortunately, conditions are never optimal and so nothing ever quite gets done. The pile of gear gets bigger but the skillset and motivation to run it just isn’t there.

Balancing possessions and capabilities is a difficult proposition for most of us. There is a lot of marketing and media that goes into convincing us we are incomplete unless we own the latest thing. We’ve been convinced that effort is unnecessary, automation trumps skill, and what we possess defines our worth. Naturally this is all bullshit, static over signal, but there’s a lot of static out there.

Of late, I’d found my own possession vs. skill ratio was getting a bit out of proportion and required recalibration. A few years back, a few unlooked-for adventures without cellphone service while hiking in the Blueridge had motivated me to begin looking into radios. I was never particularly interested in radios as a hobby, but while considering a PACE plan for future hikes the utility of having one was quite apparent. At the time, I didn’t know the first thing about radios, but after about three years of reading and listening to Brushbeater, Radio Contra and Notarubicon, I had acquired a smattering of knowledge and a pile of gear, to include a half-dozen Baofengs, an old Radio Shack scanner, a QYT CB, a Tiny SA Ultra, and a pair of TD-H3 GMRS radios to go along with my recently acquired GMRS license. I could enter frequencies and adjust squelch and had a vague idea of how to use the spectrum analyzer to find transmissions, but there were large gaps in my knowledge of how to get the most out of the equipment. I figured it was probably time to bite the bullet, shell out the cash, and take a class.

I missed the RTO course in August, but listening to Matt’s podcasts on the use of electronic warfare in Ukraine had really sparked my interest in taking his Signals Intelligence course and so this past Friday morning I arrived at the GC with a cup of coffee, a pen, and a notebook ready to learn. It was a large class, about 25 men or so, all seated in a classroom that was filled to capacity. At the front of the room were a pair of large well used whiteboards and a topo map of the area. Matt began the period of instruction with an explanation of the difference between intelligence and raw information, defining intelligence as “collected vetted information refined into a decision making product.” This was the start of a long discussion about the weaponization of Facebook and Twitter during the Arab Spring and Maidan Square riots and how over reliance on unvetted open-source information or OSINT leaves the individual/masses vulnerable to manipulation through social media algorithms.

We next learned how to derive actionable intelligence from raw information through F3EAD: Find, Fix, Finish, Exploit, Assess, Disseminate. Using this method, the first step is to create a baseline in order to find and identify anything that breaks the baseline. Once we have identified these anomalies we begin to get a solid fix on them for targeting. To finish the target, we begin to introduce stimuli and observe how the target reacts. The information we gather from these observations will be used during the exploitation phase to decide how best to interdict the target while circumventing or disrupting their capabilities. We then assess the operation and identify what the positive and negative outcomes were, and then disseminate best practices for future operations from the lessons learned from these outcomes.

After discussing the F3EAD method, we broke into three groups and using this method we began our first prac-app; a spectrum search to create a signals baseline for the area. Our directive was to gather as much information as we could on anything that broke squelch between 26 and 1000Mhz. With a couple Tiny SA’s, a CB, a scanner, and a handful of Baofengs, our group began searching the spectrum for signals and soon had about a dozen pages of notes on frequencies, transmission times, call signs and descriptions of traffic. After about an hour we returned to the classroom to compare notes with the other groups on what we had found in our spectrum search. Of particular note were a couple of continuous digital transmissions in the mid 400Mhz range, a weak square form signal about 8Mhz wide in the same area and continuous traffic in Spanish on the CB radio emergency channel.

Using online resources such as radioreference.com and sigIDwiki.com we began researching information from our spectrum search notes and soon found out that the digital signal we had heard were from the local emergency services and the weak square form signal may have been a water meter signal. Neither of these websites were much help identifying what was going on with the constant Spanish traffic on Ch.9, but reviewing the notes we had taken, it appeared that the channel was being used like a morning show on a radio station, with announcements of birthdays, items being listed for sale, and what at one point sounded like an auction.

We finished day one with a discussion of how to conduct a point search and the importance of active listening when trying to fix a target. A point search occurs once a baseline has been established and action indicators that violate the baseline single out certain signals for more detailed examination. Active listening is a major component of conducting a point search and it is how we gather information on the target. By listening to their transmissions, we are trying to identify their callsigns and hierarchy, ascertain their level of training, discern whether they are masking their training level and figure out what kind of threat they pose. Once this information has been gathered, we can begin to consider how best to exploit them and circumvent or disrupt their capabilities.

The next morning class continued with further discussion on how to conduct a point search, using examples from traffic we had intercepted the day before. We discussed how hierarchy can be established not just through callsigns but also through listening for tells in who is saying what to whom over the air. For instance, it could be inferred that the guy making the announcements on the Spanish CB channel the day before was most likely at the top of the hierarchy in his community.

We then discussed the importance of identifying the Signals Operating Instructions (SOI) of the target we’re trying to fix. If the target has some level of sophistication, they will most likely be implementing a PACE plan in their SOI and have alternate and contingent frequencies to transmit on in addition to their primary frequency. They may also be implementing a dual band arrangement to transmit and receive in different bandwidths, with one individual transmitting on a UHF frequency and receiving on a VHF frequency and his associate doing the reverse. All of these details would be entered into the SOI attached to the particular target and this information would be used to help plan how best to exploit the target later on

The next period of instruction was on using Radio Direction finding to geolocate a target through triangulation. All radio frequencies have a Point of Origin (POO) and by using multiple listening posts each equipped with a compass, a receiver, and a directional antenna, it is possible to get a line of bearing (LOB) on the target and from the intersections of multiple LOBs plot on a map where the point of origin is. We spent the rest of the afternoon building and testing Yagi directional antennas and rounded out the day with a prac-app using everything we had learned to attempt to geolocate an opfor team that was transmitting from somewhere in the training area.

The final day of class started with a brief discussion of CB radio and a period of instruction on how to construct a Yagi antenna tuned to the Citizen Bands center frequency of 27 MHz. Since CB radio is part of the HF band, the size of the antenna we built was considerably larger than the antennas we had built for UHF and VHF. It was so large in fact, that we couldn’t easily use a boom and the finished product looked more like a few rows of tomato trellis’s in a garden than an antenna. We used electric fence wire and plastic fence posts to make the antenna and the longest element was around eighteen feet from end to end.

Directly after this we went right into the culmination exercise of the course. The class once again split into three groups, one opfor and two sigint team. One of the sigint teams was stationary at the classroom while the other was roving to allow for acquiring multiple lines of bearing on any transmissions the opfor team sent out. The exercise was conducted as a round-robin with each group having the opportunity to cycle through all three roles. All methods of communication were open and the opfors responded with a plethora of creative ways to skirt detection. The first team tasked out most of its men to create junk transmissions on CB, UHF and VHF while their actual traffic was being sent by data burst at the busiest point of distraction. The second team made use of a VHF frequency out of the range of most of the radios in service with the sigint teams, transmitting around 220Mhz with a jailbroke AR-152. The final team focused its main effort on intercepting the sigint teams’ traffic with the intent of spoofing and confusing comms between the sigint teams and using the confusion as cover to send their own transmissions.

We indexed a little after 2:30 Sunday afternoon and conducted a debrief and analysis of the final exercise. With a handshake, Matt presented us with our Resistor patches and brought the class to a close. His final admonition was to remind us that technology is in perpetuity, but techniques are timeless. Thinking on these words it occurred to me that when I came to the course technology was all I had, and it was technology that I didn’t fully grasp how to use. At the end of the course, not only did I have a far better understanding of how to use the technology I possessed, I also had acquired a familiarity with certain universal techniques that could be applied to a wider range of disciplines and tools. My capability and confidence to do what I could had grown considerably since the start of the course two days before and I felt my possessions vs. skill ratio had been restored to an acceptable balance. All in all, it was an engaging, informative and well-run course and I am looking forward to attending the RTO and Advanced RTO course at the first opportunity.