by Unknown
166
Advanced Criminal Investigations and Intelligence Operations
it, is easier. Visa, MasterCard, and American Express have started producing payment cards that use a computer chip to speed transactions and make it
more difficult to compromise than a magstripe.
Credit and ATM card skimming is on the rise worldwide. It relies on
data-reading electronics to copy the magnetic stripe information from your credit card or debit card. It can capture both your credit card number and the PIN at restaurants, gas pumps, ATM machines, and almost anywhere where
cards are used. ATMs are vulnerable for the same reasons that gas pumps
are. They are exposed and unattended.
An identity thief or skimmer merely needs to place an electronic mag-
netic strip reader over the existing ATM card slot or a point of sale device.
When you slide your card in, the skimming device reads it first, and then the actual card reader does, at which point the transaction proceeds as
expected. Now a skimmer has an exact copy of your card data. Older
card-skimming devices required data harvesting thieves to return and
collect the information periodically, exposing them to risk of discovery.
But newer skimmers can transmit data to thieves by either short-range
Bluetooth or by GSM cellular. This enables the thieves, who may be sitting in a car nearby or in a building on the other side of the planet, to capture the account numbers live as the account holder makes a purchase or a
withdrawal.
Collecting credit card data is a relatively simple matter of capturing
the account number. But debit cards are even more desirable to thieves
because the bad guys can plunder a bank account quickly and completely
without the account holders realizing what is happening. The card networks monitor credit card usage and have rigorous risk- and fraud-prevention
policies in place, whereas debit cards are linked directly to a bank account, though obtaining the PIN associated with a debit card is somewhat more
difficult.
The most common high-tech ways to steal PINs are with tiny cameras
mounted within a fish-eye mirror or with an electronic mesh overlaid on the keyboard. But data harvesting thieves have found a less obvious and risky way to steal PINs. PINs may be four or six digits long. When you key in your PIN, software at the ATM or point of sale automatically converts it into a one-way algorithm called a hash. Then, if someone captures the data steam, they will see only the resulting hash value, not the original four or six digits.
By itself, a hashed PIN is a useless string of numbers. You can’t type in the hashed PIN as it appears on your debit card or within a database inside a bank network, because those digits will be converted into yet another value.
Instead, you have to find a way to generate that hash value.
Data harvesting attackers located the PIN data in a data breach, analyzed and decrypted the algorithm used, and generated a table of all the possible four- and six-digit PIN codes that the algorithm might produce, called a
Emanations Intelligence
167
rainbow table in cryptography. Thieves do not have to match a PIN exactly, only the four or six digits that would produce the same hash value.
In a related story in Rhode Island, magnetic keyboards were used to turn on the pumps at a closed gas station. This illustrates the constant innovation of high-tech thieves in our ever-increasingly high-tech society.
RFID
RFID is a wireless noncontact system that uses radio-frequency electromagnetic fields to transfer data from tags attached to objects, for automatic identification and tracking. Some tags require no battery and are powered and read at short ranges via magnetic fields (electromagnetic induction). Others use a local power source and emit radio waves (electromagnetic radiation at radio frequencies). Unlike a barcode, the tag does not need to be within line of sight of the reader and may be embedded in the tracked object. The tag contains electronically stored information that can be read from several feet away.
Active RFID tags also have the potential to function as low-cost remote sensors that broadcast telemetry back to a base station. Applications of
tagometry data could include sensing of road conditions by implanted bea-
cons, weather reports, and noise-level monitoring.
Passive RFID tags can also report sensor data, for example, the Wireless Identification and Sensing Platform is a passive tag that reports temperature, acceleration, and capacitance to commercial Gen2 RFID readers:
• Low-frequency (LF 125–134.2 and 140–148.5 kHz) (LowFID) tags
and high-frequency (HF 13.56 MHz) (HighFID) tags can be used
globally without a license.
• Ultrahigh-frequency (UHF 868–928 MHz) (Ultra-HighFID
[UHFID]) tags cannot be used globally as there is no single global
standard.
See Table 9.1 and Figures 9.5 and 9.6, RFID tag frequencies and readers.
Other Frequencies
Other frequencies of interest include invisible fence and dog training collar frequencies:
• Invisible fence frequencies—7.5–10.8 kHz with a 30 Hz modulation
frequency.
• Training collar frequencies—216.0, 433.825, 915.0 MHz.
168
Advanced Criminal Investigations and Intelligence Operations
Table 9.1 RFID Tag Frequencies
Band
Range
Data Speed
Remarks
Tag Cost
120–150 kHz (LF)
10 cm
Low
Animal identification
$1
and factory data
collection
13.56 MHz (HF)
1 m
Low to
Smart cards
$0.50
moderate
(MIFARE, ISO/IEC
14443)
433 MHz (UHF)
1–100 m
Moderate
Defense applications
$5
(active tags)
865–868 MHz
1–2 m
Moderate
EAN, various
$0.15 (passive
(Europe)
to high
standards
tags)
902–928 MHz
(North America)
UHF
2450–5800 MHz
1–2 m
High
802.11 WLAN,
$25 (active
(microwave)
Bluetooth standards
tags)
3.1–10 GHz
Up to
High
requires semiactive
$5 projected
(microwave)
200 m
or active tags
Figure 9.5 Intermec RFID scanners and tags.
• Automobile door lock and starter remote frequencies are covered in
automobile locks.
• Garage door frequencies (see Table 9.2 Garage Door Opener
Frequencies).
Remote Electromagnetic Sensors
Magnetic sensors can detect objects composed of ferrous metals (containing iron), such as equipment or vehicles. Magnetic intrusion detection systems (MAGID) can detect vehicles from 60 to 80 feet away and personnel from 10
to 15 feet away. They can transmit warnings up to 1000–2000 yards away or further, suing buried cable transmission lines. They are used for perimeter security or for surveillance in an area of operation.
Emanations Intelligence
169
Figure 9.6 Motorola RFID scanners–readers.
Table 9.2 Garage Door Opener Frequencies
Color of Programming Button
(on Chamberlain
Dates
System
Manufactured Units)
1984–2004
8–12 DIP Switch on 300–400 MHz
White, gray, or yellow button
with red LED
1993–1997
Billion Code on 390 MHz
Green button with green or
red LED
1997–present
Security+ {rolling code} on
Orange or red button with
390 MHz
amber LED
2005–present
Security+ {rolling code} on
Purple button with amber LED
315 MHz
2011–present
Security+ 2.0 {rolling code} on
Yellow button with amber LED
310, 315, and 390 MHz
and yellow antenna wires
Seismic sensors detect vibrations and can be used to detect earthquakes, atomic energy tests, and, on a smaller scale, intrusion into security perimeters or areas of operational surveillance. Disposable seismic intrusion detector systems can remain in place for 7–60 days, until the batteries expire, and can detect vehicles from 100 yards and personnel up to 30 yards away. The U.S. Army’s Patrol Seismic Intrusion Device (PSID) can detect movement up
170
Advanced Criminal Investigations and Intelligence Operations
to 130 yards away and transmit warnings up to 21,000 yards away. They are affected by background clutter or the natural vibrations of the earth surface.
Acoustic sensors are basically mics that detect sounds up to 300–400 feet away and transmit them back to receivers. Acoustic buoys can be hidden, can be suspended from tree foliage, and are concealed in other manners.
Disturbance sensors transmit warnings when moved or stepped on, interrupting the electric current. They are also concealed or disguised as natural objects in the area.
IR sensors monitor changes in heat or temperature to detect intrusion, usually in areas 50 × 100 feet.
The AN/TRS-2 is the platoon early warning system ( PEWS) (Figure 9.7) and was used throughout the 1980s (operating approximately between 139.250
and 141.100 MHz). These systems will detect either seismic or magnetic disturbances within 10 m of the transmitter detector and report to the receiver up to 1500 m away with either a P for personnel intrusion or C for vehicle intrusion, along with the transmitter’s ID for the location of the intrusion. The receiver will cache alerts received (with the most recent first) and has an audio alert tone that can be enabled or disabled. It can also be hardwired to the transmitters. All components use standard 9 V batteries (each transmitter takes one and the receiver takes two). Each transmitter detector is programmed with an area code and an ID code (1–5). The receiver can monitor up to 10 transmitter detectors in each of up to 8 areas. It can only monitor 1 area of up to 10 detector transmitters at a time and is switch selectable on the receiver.
Figure 9.7 The AN/TRS-2 PEWS.
Emanations Intelligence
171
Figure 9.8 The AN/PRS-9 BAIS or PEWD II.
The AN/TRS-2 PEWS was replaced by the AN/PRS-9 battlefield
anti-intrusion system (BAIS), or platoon early warning device (PEWD II)
(Figure 9.8) is the U.S. Army’s standard unattended physical security system, providing early warning, intrusion detection, and threat classification at the platoon and higher levels. It is both a seismic and an acoustic detection system, which can be supplemented by IR and magnetic sensors.
The AN/GSQ-159 is a disposable seismic intrusion detection system and
the AN/GSQ-160 is an electromagnetic detection system, both used by the
military. The DT-515/GSQ is another detection device that has been used.
The PEWS was in wider use and the BAIS/PEWD II is the current standard
and state of the art.
Explosives Trace Detectors (Vapor Detectors)
Explosives trace detectors (ETDs) (vapor detectors) are security equipment able to detect explosives of small magnitude, using ion mobility spectrometry, thermo-redox technologies, and chemiluminescence and amplifying fluorescent polymer. The detection can be done by sniffing vapors as in an explosive vapor detector or by sampling traces of particulates or by utilizing both methods depending on the scenario. Most explosive detectors in the market today can detect both vapors and particles of explosives. Devices similar to ETDs are also used to detect narcotics. The equipment is often used in airports and other high-security areas considered susceptible to acts of unlawful interference. These are related flammable gas and vapor detection systems (see Figure 9.9.).
172
Advanced Criminal Investigations and Intelligence Operations
Figure 9.9 Thermo-redox detector ( sniffer) Sintrex/IDS EVD-3000.
Imagery Intelligence
10
Imagery and remote sensing are the use of technology that ranges from simple film and digital cameras, to IR (night vision) and thermal imaging, to satellite images and mapping. Looking through the keyhole, as satellite imagery is often called, has made great advances since the days of the Cuban missile crisis when film canisters had to be retrieved, developed, analyzed, interpreted, and distributed. Ground imagery includes photography, IR imaging and
viewing (such as forward-looking IR or FLIR), thermal imaging and viewing, and radar. Satellite imagery and remote sensing include aerial photography, mapping and geological data, digital data, radar, and meteorological and cli-matological images and data.
Before satellites, aerial photography was the source of high-level imagery.
Film, rather than digital photos or real-time video, was the state of the art in intelligence imagery (Figures 10.1 through 10.9).
Night Vision Devices
Night vision technology consists of two major types: light amplification imaging (or intensification) and thermal imaging (IR) (Figure 10.10).
Most commercially available night vision products are light-amplifying devices. This technology takes the small amount of light from the surrounding area (moonlight, starlight, or streetlights) and converts the protons that make up the light energy into electrons or electrical energy. The electrons are then directed through a thin disk that can be as small as a quarter. This disk has millions of channels through which the electrons pass. As the electrons pass through the channels, they bounce around, and when they strike the
walls of the channels, they release even more electrons. By turning the light energy into electrical energy, the technology is in a position to increase the amount of electrical energy. The increased amount of electrons bounces off a phosphor screen and turn them back into protons or visible light energy (Foster, 2005, pp. 324–325).
Thermal imaging devices work by using the upper portion of the IR light spectrum. This portion of the light spectrum is emitted as heat instead of as light, so the hotter an object is, the more heat it will radiate. This radiated heat can be seen as IR light. Thermal imagers take the IR light that is emitted 173
174
Advanced Criminal Investigations and Intelligence Operations
Figure 10.1 Japanese aerial photograph of Battleship Row in Pearl Harbor on December 7, 1941.
Figure 10.2 Satellite (NASA). (Available at http://en.wikipedia.org/wiki/File:2001_
mars_odyssey_wizja.jpg.)
Imagery Intelligence
175
Figure 10.3 Cuban missile crisis: August 29, 1962, U-2 photograph showing no construction at San Cristobal.
Figure 10.4 Cuban missile crisis: September 26, 1962, U-2 photograph showing surface-to-surface cruise missile (named Kennel by the United States and FKR in Soviet plans) launch area at Banes.
176
Advanced Criminal Investigations and Intelligence Operations
Figure 10.5 Cuban missile crisis: October 23, 1962, U.S. Navy low-level photograph of San Cristobal MRBM site No. 1 (mission led by Commander William Ecker).
Figure 10.6 USGS satellite photo. (Landsat data, acquired by the U.S. Geological Sur
vey on March 20, 2011, shows the Sendai, Japan region. (Available at http://
www.usgs.gov/blogs/features/2011/03/28/preliminary-magnitude-8-9-near-the-east-coast-of-japan/.)
Imagery Intelligence
177
Figure 10.7 The seals of the NGA and the NRO.
Preinspection material removal
Amiriyah Serum and Vaccine Institute
25 Nov 2002
Main building
Laboratory
building
Increased vehicle
activity
Figure 10.8 Serum and Vaccine Institute in Al-A’amiriya, Iraq, as imaged by a U.S. reconnaissance satellite in November 2002.
by objects and focus it on an array of IR light detectors. These detectors are used to create a thermogram or a temperature pattern image. The thermal
imager takes the information from the thermogram and converts it into electrical data. These data impulses are sent to a microprocessor that creates an image for display. Thermal imagers are significantly more complex than light amplification devices (Foster, 2005, p. 325).
178
Advanced Criminal Investigations and Intelligence Operations
Turkmen
Tu
istan
ta
Caspia
sp n se
ia
a
Iran
Iraq
Kuwait
Ku
Persian Gulf
Saudi Arabi
Sa
a
udi Arabi
100 km
Figure 10.9 Satellite image of Kuwait dust storm April 13, 2012 (NASA).
(Available at http://www.ncdc.noaa.gov/sotc/hazards/.)
(a)
(b)
Figure 10.10 Night vision devices. NVG-500 double-tube night vision goggle (a).
AN/PVS-7B third-generation monotube goggles (b).
Satellite Imagery
Satel ite imagery and remote sensing (detecting something from a distance) are complex applications of several scientific and technological disciplines, including orbital mechanics, physics, and optics. It involves the application of how light reacts with the target package, how the image is received, and how the data are manipulated and interpreted (Hough, 1991, p. 37).
