Electronic Surveillance Methods.

The Deep Operations Group team continues to introduce our subscribers to data collection and analysis methods.

Cellular Networks: Passive Location and Active Engagement

· Triangulation and Multilateration:
This is a basic physical principle. To maintain communication, a phone constantly exchanges signals with several cell towers. By measuring the Time Difference of Arrival (TDoA) and signal strength at different towers, it's possible to calculate the subscriber's coordinates with high accuracy. This does not require intervention in the phone but analyzes the operator's data.
· IMSI-Catchers (Stingray, DRTBox):
These devices are fake cell towers. They exploit a vulnerability in the mobile communication protocol: a phone set to automatically search for a network authenticates with the strongest "tower" in the area. The catcher, by impersonating an operator's network, forcibly compels phones within its range to connect to it and transmit their unique identifiers:
· IMSI (International Mobile Subscriber Identity) – the unique subscriber number.
· IMEI (International Mobile Equipment Identity) – the unique device number.
More advanced models can forcibly downgrade the encryption level of a call (A5/1 attack) for interception.

Wi-Fi and Bluetooth: Tracking by Digital Fingerprint

· MAC Address Analysis:
Every network adapter has a unique MAC address (Media Access Control). When the Wi-Fi or Bluetooth module is enabled, the device constantly listens to the airwaves, sending probe requests and "broadcasting" this address. Specialists place passive scanners in key locations (train stations, airports, public events) that capture these MAC addresses. This allows building "Movement Patterns" (the project team will publish a full post on this) of a specific device without the need to connect to any network.
· Forced Deauthentication:
For more aggressive surveillance, a "deauthentication" attack is used. Specialists can send fake data packets, forcibly disconnecting the target device from its current Wi-Fi network. After this, the device begins actively searching for a new network, again "broadcasting" its MAC address, which simplifies its detection and triangulation.

Satellite Reconnaissance (COMINT and SIGINT)

This is not just about photography. There is a class of satellites engaged in signal interception (SIGINT - Signals Intelligence), which includes COMINT (Communication Intelligence) – communication intelligence.

· Interception of Satellite Communications:
Specialized satellites can listen to specific frequency bands used for satellite telephony or data transmission between ground stations.
· Transmitter Geolocation:
By analyzing the signal from a powerful or unencrypted transmitter on the ground from several satellites, its location can be determined with high accuracy using a principle similar to triangulation, but on a global scale.

We've saved the best for the next post in this series as a dessert and will soon move on to open practice.

Join us.
Deep Operations Group