Since the starting fourth dimension of the Snowden-revelations inward 2013, many people got the impression that the U.S. National Security Agency (NSA) mainly intercepts the communications of ordinary citizens. In reality, the NSA is business office of the Department of Defense too every bit such, a large business office of its chore is to collect information for tactical state of war machine purposes.
H5N1 adept example of the latter project comes from an internal NSA damage assessment report nigh the 2001 Hainan Island incident, inward which an EP-3E electronic surveillance aircraft collided amongst a Chinese fighter jet too had to brand an emergency landing on the Chinese isle of Hainan.
The written report was amid the Snowden-documents too published past times The Intercept on Apr 10. As volition hold upward shown here, it provides many details nigh both the interception too the encryption equipment aboard the EP-3E aircraft.
H5N1 Lockheed EP-3E electronic surveillance aircraft from the U.S. Navy
(photo: U.S. Navy - click to enlarge)
Damage assessment
The role of the written report was to review too assess the harm to cryptologic sources too methods too the reply of the U.S. SIGINT agencies to the crisis. The 2nd was to review too assess emergency devastation of classified cloth too the emergency procedures.
In general, harm to Communications Security (COMSEC) systems, similar cryptographic devices, keying cloth too encryption methodology, was considered low, mainly because cryptographic devices are designed inward anticipation of beingness lost or compromised.
For Signals Intelligence (SIGINT), the equipment to intercept communications too other signals every bit good every bit the results of these efforts, at that spot was an contrary approach: the supposition had been that sensitive SIGINT cloth would hold upward protected at all time, or destroyed earlier it was lost or compromised.
Because emergency devastation techniques didn't kept footstep amongst technology, especially where they oftentimes no longer reside inward hardware, but inward software. The Hainan incident revealed that existing devastation procedures were outdated too inadequate. Also, private too crew preparation appeared to hold upward deficient too lacked realism too context.
Nevertheless, harm inward the realm of tactical SIGINT was assessed to hold upward medium, which agency that the harm was recoverable amongst concerted effort.
The damaged EP-3E later it had landed on the Hainan island
(click to enlarge)
The EP-3E aircraft
The EP-3E aircraft is a modified version of the Lockheed P-3 Orion, which is a four-engine turboprop aircraft developed for the U.S. Navy too introduced inward the 1960s. The Platform Integration sectionalization of the state of war machine contractor L-3 converted several P-3Cs into the EP-3E, which is also known every bit ARIES (Airborne Reconnaissance Integrated Electronic System). The Navy has eleven EP-3Es, the terminal of which was delivered inward 1997.
The airplane mostly has a crew of 24, including linguists, cryptographers too technicians. The EP-3E that flew over the South PRC Sea carried an 18-member reconnaissance squad from the Navy, Marines, too Air Force, inward improver to a 6-member flying crew. The seat of their workstations tin give the axe hold upward seen inward this schematic from the harm assessment report:
(click to enlarge)
Other tactical SIGINT spy planes are the Boeing RC-135 COBRA BALL, COMBAT SENT or RIVET JOINT of the U.S. Air Force, the De Havilland RC-7 Airborne Reconnaissance Low (ARL) of the U.S. Army too the Beechcraft (R)C-12 Huron, which is used past times the Army, the Navy, the Air Force too the Marine Corps.
Together amongst other flying spying platforms similar drones too satellites, these planes contribute to what is called Overhead Collection. The NSA's other primary information channels are cable access, hacking operations, articulation NSA-CIA units too unusual partnerships.
COMINT equipment
COMINT stands for Communications Intelligence, which is information derived from the interception of unusual communications, either betwixt people or betwixt machines. Together, COMINT too ELINT (see below) are called SIGINT.
The COMINT collection organization onboard the EP-3E consisted of antiquated HF, VHF, too UHF receivers, a rudimentary dot distribution network, too narrowband cassette recorders. The COMINT collection organization used the ALD-9 antenna too processor package. In improver to installed equipment, 6 carry-on computers were onboard.
The COMINT equipment was mostly unclassified amongst the exception of 2 carry-on computers, a SCARAB estimator containing the LUNCHBOX PROFORMA processor too a laptop containing MARTES analysis tools. All information on these 2 systems was considered compromised.
Although other planes inward the military’s spy fleet had latterly undergone a major surveillance equipment upgrade, the airplane that ended upward inward Chinese hands was 2 weeks away from getting one, too then the equipment was erstwhile too outdated too a lot of it didn’t move properly.
SCARAB computer
The SCARAB is a portable estimator device that contained the LUNCHBOX processor, which uses software to physical care for forty worldwide PROFORMA signals, some teleprinter too pager signals, datalink signals for the HUNTER too PREDATOR drones, too the Joint Air to Surface Stand Off Missile (JASSM) datalink. Additionally, the SCARAB estimator contained the XBIT Signals Analysis software for fleck manipulation too BLACKMAGIC demodulation software.
The SCARAB estimator containing the LUNCHBOX processor for PROFORMA data
(photo: EP-3E incident written report - click to enlarge)
PROFORMA is the codename for digital command too command information communications that relay information too instructions to too from radar systems, weapon systems (like surface-to-air missiles, anti-aircraft artillery, fighter aircraft), too command centers.
Exploitation of this information provides U.S. too allied warfighters nearly instantaneous situational awareness information from a target country's radar systems. This information supplements U.S. sensor systems spell providing insight into the target country’s determination process.
Several working aides aboard the EP-3E provided details nigh Russian-designed PROFORMA signals used past times North Korea, Russia, Vietnam, too perhaps China. This cloth detailed the association of signals to specific weapon systems. PRC was known to utilization 2 of the signals resident inward the LUNCHBOX processor.
For the 2001 mission over the South PRC Sea, the Science too Technology (S&T) Operator aboard the EP-3E was tasked to collect too physical care for PROFORMA signals perhaps associated amongst Chinese SA-10 surface-to-air missiles too Chinese short-range air navigation.
MARTES laptop
Besides the SCARAB computer, at that spot was also a Tadpole Ultrabook IIi laptop, which contained the MARTES software tools, the RASIN Manual, the RASIN Manual Working Aid too the Telegraphic Codes Manual.
RASIN stands for Radio Signals Notation too is the COMINT Signal Classification System for classifying too reporting a broad multifariousness of signals amongst their associated parametrics too characteristics. Together, the RASIN manual too the aforementioned files provided a comprehensive overview of how U.S. news exploits an adversary’s dot environment.
The Tadpole Ultrabook IIi laptop amongst MARTES software tools
(photo: EP-3E incident written report - click to enlarge)
MARTES is the call of a laid upward of software tools for collecting, analyzing, too processing signals. H5N1 novel version of MARTES is released simply about every 6 months, too it is mostly divided into COMINT, FISINT too ELINT tools.
H5N1 portable, digital player/recorder used to collect the signals analyzed past times MARTES contained a tape of 45 minutes of enciphered too unenciphered Chinese Navy communications. The unenciphered portions carried phonation communication segments that identified Chinese communicants.
The compromise of the largely tactical COMINT documentation was rated medium. The most sensitive too damaging documentation contained detailed collection requirements against Chinese state of war machine datalink too microwave signals. The tasking information included frequencies, information rates, dish sizes, too target communicants.
Also compromised was the mightiness of the U.S. to collect Chinese submarine dot transmissions too brand subsequent vessel correlations. This compromise could prompt the Chinese to modify that particular signal.
ELINT equipment
ELINT stands for Electronic Intelligence too comprises the technical too news information obtained from the intercept too analysis of noncommunication, electromagnetic radiations.
The ELINT systems onboard the EP-3E included a disparate collection of antennas, dot distribution networks, wideband too narrowband receivers, recorders, too processing too display equipment. The mass of these systems were off-the-shelf devices that, although designed for the ELINT mission, contained no specially sensitive technologies.
The organization that were of a specific trouble organization later the Hainan incident included the AN/ULQ-16 too the AN/ALQ-108. The AN/ULQ-16 is a computerized pulse processor used to brand detailed timing measurements of radar signals. The AN/ALQ-108 is an enemy IFF (Identify Friend or Foe) enquiry system, which is used to actively too passively exploit early on Soviet IFF too make extension signals.
Emergency devastation of the ELINT equipment during the Hainan incident was largely ineffective. The crew zeroized (deleted) all memories too erased all mission data, but the rugged structure of critical components too lack of devastation tools prevented adequate destruction.
Communications equipment
For internal communications, the EP-3E uses the the Digital Communications Management System (DCMS). All operational crew positions have got access to the DCMS amongst headsets or through their helmets, amongst the exception of personnel inward the galley too observers inward the flying station. Communication paths betwixt crew members are divided into diverse good networks.
For communications amongst the exterior world, at that spot are numerous radios onboard, which connect to a multifariousness of radio networks. Short-range communications are conducted using both obviously phonation too secure VHF too UHF radios. When the aircraft is on a mission for Sensitive Reconnaissance Operations (SRO), long-range communications amongst NSA too state of war machine functioning centers are conducted via HF radio too over secure UHF satellite networks.
Radio/satellite transceivers
The EP-3E was equipped amongst the next radio transmitter/receivers (transceivers):
- Two AN/ARC-94 HF radios for long-range communication. One (HF-1) is configured for secure modem communications too is encrypted using a KG-84C encryption device. The other (HF-2) is configured for phonation communications too tin give the axe hold upward encrypted using a KYV-5 encryption device.
- Three AN/ARC-206 radios for UHF line-of-sight communications. UHF-1 too UHF-2 are controlled past times the Senior Evaluator (SEVAL) too are configured for phonation communications. Both tin give the axe hold upward encrypted using KY-58 encryption devices. H5N1 tertiary AN/ARC-206 radio is configured for line-of-sight datalink operations.
- Two AN/ARC-182 radios for VHF or UHF line-of-sight communications. Both are controlled from the flying station too are configured for phonation communications. Both tin give the axe hold upward encrypted using KY-58 encryption devices. The command units for these radios have got a switch setting allowing an slowly too immediate alter to emergency frequencies.
- One LST-5 satellite radio for secure UHF phonation satellite communications. The radio tin give the axe solely hold upward controlled locally at its location is inward an avionics bay within the aircraft cabin. It is encrypted using a KY-58 encryption device.
- The OL-390 Digital Communications Group too its associated UHF radio are used for secure satellite modem communications. The radio is controlled past times the secure communications operator too is encrypted using a KG-84A encryption device. Because this radio shares distribution too antenna equipment amongst the LST-5, simultaneous transmission using both radios is non possible.
Encryption devices
For securing phonation too information communications, the EP-3E had xvi encryption devices onboard, of the next types:
- The KY-58, which is used for phonation too information encryption at xvi Kb/sec over AM/FM, VHF too UHF radio too satellite channels. The device tin give the axe hold upward used for information upward to the classification flat TOP SECRET. It accepts keys from the trouble solid unit of measurement of Common Fill Devices too also incorporates remote keying. The production of the KY-58, which is business office of the VINSON family, was completed inward 1993.
H5N1 KY-58 encryption device
(photo via jproc.ca - click to enlarge)
- The KG-84, which is used for information encryption at 64 Kb/sec over radio too satellite channels. The KG-84 tin give the axe hold upward used for communications upward to the flat of TOP SECRET, depending on the key-set that is loaded, too is fully complient amongst NSA TEMPEST standards. Like similar encryption devices, the KG-84 tin give the axe hold upward controlled either locally, or remotely (for example from the cockpit) through a Remote Control Unit (RCU).
KG-84C (left) too a KG-84A (right) encryption devices
(photo: EP-3E incident written report - click to enlarge)
- The KYV-5, which is used for phonation or information encryption over HF, VHF too UHF radio too satellite channels. The KYV-5 is a relatively small-scale communications safety module which is attached to a larger CV-3591 converter, together forming a TACTERM unit. The device is business office of the Advanced Narrowband Digital Voice Terminal (ANDVT) family.
H5N1 KYV-5 encryption device attached to a CV-3591 converter
(photo via jproc.ca - click to enlarge)
The harm assessment written report isn't clear nigh whether the Chinese removed these encryption devices from the airplane earlier giving it dorsum to the US. The particular equipment had previously been compromised, though non straight to China, too the written report also mentions that components of for example the KG-84 had also been available through sites similar eBay.
Cryptographic materials
Beside the KY-58, KG-84 too KYV-5 encryption devices, the EP-3E also carries KYK-13 too KOI-18 electronic fill upward devices, a KL-43 off-line encryption device, too a Global Positioning System (GPS) unit.
The EP-3E that landed on the Hainan isle also carried keying too other cryptographic materials for its diverse secure devices, including Top Secret keying cloth inward canisters, entire codebooks, too telephone telephone sign lists. In all, this was much to a greater extent than than what was needed for the mission: nearly a month's worth of keying cloth too codebook pages that were non scheduled to drib dead effective until good later the scheduled landing.
Instead, the utilization of an electronic telephone commutation loading device such every bit the CYZ-10 Data Transfer Device (DTD) could have got eliminated the risk of hardcopy keying cloth compromise. These devices tin give the axe concord multiple keys, charge multiple devices, too are easily zeroized.
During the Hainan incident, most cryptographic keys too codebooks had been jettisoned past times the plane's crew, but the remaining cloth was considered compromised. However, all the encryption keys (except for the worldwide GPS key) were replaced past times novel ones within fifteen hours of the EP-3E's emergency landing.
H5N1 COMSEC Material System (CMS) box containing cryptographic keying material
(photo: EP-3E incident report)
Radio networks
The radio equipment onboard the EP-3E conntected to the next networks:
- The Global High Frequency System (GHFS), which is a worldwide network of highpower HF stations that provides air/ground HF command too command radio communications betwixt the world agencies too U.S. state of war machine aircraft. The GHFS network supports Sensitive Reconnaissance Operations aircraft past times passing encoded advisory atmospheric condition (NICKELBACK), seat reports too administrative traffic. As of Oct 1, 2002, the network was renamed into High Frequency Global Communications System (HFGCS).
- The Pacific Tributary Network (PTN), which is a UHF secure phonation satellite network that provides COMINT advisory back upward too threat alarm to deployed U.S. too allied forces. Network participants include the Pacific Reconnaissance Operations Center (PACROC), which provides coordination too flying next to SRO aircraft, the NSA's Kunia Regional SIGINT Operations Center (KRSOC) on Hawaii too the National Security Operations Center (NSOC) at Fort Meade.
- The SENSOR PACER network, which is a UHF secure depression data-rate digital satellite network that provides time-sensitive SIGINT reporting, COMINT advisory support, threat warning, too administrative traffic back upward to Sensitive Reconnaissance Operations platforms worldwide. Network participants include KRSOC too the Tactical SIGINT Interaction Center at Kadena AB, Okinawa (TSIC-K).
- The SIERRA ONE Early Warning network, which is a UHF secure phonation satellite network utilized past times fifth too seventh Fleet Orion P-3's too EP-3E's for tactical reporting too coordination. Network participants include all PACOM Tactical Support Centers (TSC) too CTF 57/72, Kami Seya, Japan.
Tidak ada komentar:
Posting Komentar