AOH :: HOPP.TXT|
New FBI Attempts at Secure Communication
NEW FBI ATTEMPTS AT SECURE COMMUNICATION
COPYRIGHT (C) 1991 BY FULL DISCLOSURE. ALL RIGHTS RESERVED.
The FBI has spent many millions of dollars attempting to obtain secure
communications by various voice encryption methods, with limited success.
The GAO Report of March 8, 1988, ``FBI Voice Privacy, Cost, Status, and
Future Direction'' provides much insight into the difficulties the FBI has
had establishing a secure communications system.
The FBI's original estimate for establishing a digial voice protection system
was $79.3 million.
The March 8th report indicates that ``[b]ecause the FBI's estimated savings
cited in the table are very preliminary and are not supported by formal field
surveys or other documentation, we continue to believe that the $204.4
million and the latest $205.8 million estimate for the nationwide voice
privacy program appear to be unrealistic.''
A big part of the major cost overrun was a lack of technological review of
what they were getting into.
``Our Feburary 1987 report explains that the technological impact of range
loss on the DVP system was one factor that increased the FBI cost estimates
from $79.3 million to $204.4 million. In the report, we say that `the FBI
recognized in its 1979 to 1981 research that the communications range of DVP
technology was less than the range of the old, unsecure system, but it did
not consider the impact of this reduction.' The FBI says that this statement
is `totally in error because we did recognize range loss and did consider its
``In a follow-up discussion, a key FBI official who is knowledgable about the
voice privacy cost estimate process told us that the FBI did not consider
range loss in the $79.3 million estimate and emphasized that an engineering
consultant firm developed the estimate as part of a comparison of analog
versus digital voice privacy technologies. According to this official, range
loss was not serious considered until the FBI prepared the $132.4 million
estimate. The FBI says that its methodology for developing the $132.4 million
estimate included doubled the number of repeaters to compensate for the DVP
However, a 1984 from the Deputy Assistant Director, Technical Services
Division, the following range loss problems were described: ``The Motorola
DVP/DES [Data Encryption Standard] system has a loss in range as a penalty
for the effectiveness of the digital voice privacy. Experience in the six
cities has demonstrated that to equal the existing geographic coverage, there
is an 80%-100% increase in so called fixed station equipment (e.g. repeaters,
cross band sites, and backbone equipment).''
Much of the FBI's difficults seems to be from a lack of proper management.
According to the GAO report, ``[d]uring our review, we could not find any
evidence that a long range plan for the nationwide DVP program had been
prepared, and FBI officials confirmed that a written plan did not exist. The
FBI contends that it was not feasable to prepare a formal plan for the DVP
program, within time and manpower constraints. In follow-up discussions about
their response to our report, FBI official emphasized that DVP is a threat
driven system and told us that it was a management decision to go full speed
ahead rather than plan.
Now, the FBI is trying to solve the problem with frequency hopping radios.
According to Daniel Miller, Contracting Officer for the FBI, 45 PH-26
(portable frequency hopping radios) and 20 MH-26 (mobile frequency hopping
radios) along with numerous accessories, including 2 repeaters were purchased
on September 24, 1990.
These radios are not FCC approved radio equipment and the FBI has a
sole-source contract for them with Transcrypt International, Inc., 1440
Buckingham Dr, Lincoln, NE 68506, Phone: (402) 483-2961, Fax: (402) 435-6780,
According to Transcrypt's brochure, ``encryption insures that no outside
party can understand radio transmissions, an encrypted radio signal has a
very distinctive sound; and with the right equipment, it can be jammed,
intercepted, or the source located.''
Transcrypt refused to provide Full Disclosure with pricing information and
that information was not available from the Government by press time. The
going rate for this type of equipment, however is said to be approximately
$10,000 per radio. Transcrypt will only sell the radio within the United
States to law enforcement agencies.
Even though their brochure claims that both the public and private sectors
outside the United States have the need for this type of secure
communications (no mention is made that the private sector within the United
States has such needs), a company spokesman seemed skeptical that the State
Department would approve the radios for export.
The idea behind frequency hopping radios is that rather than transmitting
constantly on one frequency, the frequency is changed many times per second
in a pseudo-random fashion. These radios switch from 12 to 50 times per
second, between any channels in a programmable window of the 148-174Mhz band.
The window size is programmable between 100Khz and 1.6Mhz. Therefore, if the
window size was set to 1.6Mhz and the window was located at 165.000mhz, the
transmissions would occur only on frequencys between 165.000mhz and
Therefore, with a standard scanner one would not notice the existence of such
transmission, nor be able to pin point them. Monitoring one of the
frequencies it used in its hopping sequence would result only in a burst of
noise 1/12 to 1/50 of a second in duration.
Another brochure from Transcrypt quotes from Communications Africa a claim
that ``there are very few countries in which the equipment and expertise are
available to try to break these systems.''
Finally, the FBI has a solution to is desire for secure communications or
does it? The first glimpse to a line of attack is in the same brochure that
quotes from Communications Africa. It explains how other (in use) frequencies
in an urban environment gives the transmissions extra cover. Any kind of
transmission made in an urban environment gets extra cover from all the other
The fact that the transmissions need or gain from having ``cover'' indicates
that they are not invisible.
Technical sources suggested the following as a method of detecting use of
frequency hopping radios in the area. Hook a cable ready TV set to an
appropriate antenna and tune it to the federal band (160-172mhz). Cable
channels G, H and I. Each channel will display a 5mhz spectrum of the federal
band. The complete frequency range of the radio would be cable channels A
through I and 7.
The sources indicated that operation of a frequency hopping radio in the area
will show a distinct pattern on the screen. To test this theory, Full
Disclosure hooked up a low power programable RF oscillator to switch
frequencies 15 times per second in the 160mhz range and powering the unit on
showed a distinct change (unique unsynchronized horizontal lines) in the
display on a TV set tuned to that frequency.
Because of the narrow window the units use, after locating the frequency of
the window, jamming the unit could be accomplished with a wide bandwidth
transmitter. (1.6mhz isn't real wide, compared to a 5mhz video transmitter).
If a little used portion of the VHF band was selected for operation by the
frequency hopping radios, jamming could be accomplished with little
interference to other transmissions.
There is some dispute over the effectiveness of using a spectrum analyzer to
spot the use of frequency hopping radios. One technical source aptly pointed
out ``why worry about whether a spectrum analyzer works when a $100 TV set
As with any new surveillance technology, there is a gap between its
introduction and the availablity of countermeasures. Unlike spread spectrum
radios that switch frequencies over the entire RF spectrum, frequency hopping
radios operate in a very small window making detection, jamming, and
direction finding a much simpler task.
The following are selected specifications for the PH-26 and MH-26 radios.
Figures in ()'s are for the MH-26 when different.
Frequency Programming Range: 148-174MHz. Frequency stability: .0005%.
Frequency spacing: 5, 6.25, 12.5, 15, 25 or 30KHz. Transmitter: Power Output:
1 or 5 watts (30 watts). Modulation: FM. Receiver: Sensitivity 12 db. Sinad:
.25uv. Selectivity @30Khz: 70 db. Audio Output: 500mw (5 watts). Frequency
Agil Mode: Number of channels: 4096. Frequency series: Pseudorandom (PR).
Dwell time: 20 to 100 milliseconds. Synchronization: Continuous digital.
The above is reprinted from Full Disclosure Newspaper. Subscribe today and
get interesting articles like the above, plus more... pictures, graphics,
advertisement, and more articles. Full Disclosure is your source for
information on the leading edge of surveillance technology. Print the
following form, or supply the information on a plain piece of paper:
Please start my subscription to Full Disclosure for:
[ ] Sample issue, $2.00
[ ] 12 issue subscription, $18.00
[ ] 24 issue subscription, $29.95
With 24 issue susbcription include free one of the following:
[ ] Directory of Electronic Surveillance Equipment Suppliers
[ ] Citizen's Guide on How to Use the Freedom of Info/Privacy Acts
[ ] Maximizing PC Performance
Also available separately:
[ ] Directory of Electronic Surveillance Equipment Suppliers, $6.00
[ ] Citizen's Guide on How to Use the Freedom of Info/Privacy Acts, $5.00
[ ] Maximizing PC Performance, $6.00
Illinois residences, add 6.5% sales tax on above 3 items.
Enclosed is payment in the form of:
[ ] Check/Money order, [ ] Visa, [ ] Mastercard
Card no:___________________________________ Exp date:_______
(required for credit card orders)
Return to: Full Disclosure, Box 903, Libertyville, Illinois 60048
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to firstname.lastname@example.org.