Technical aspects of Electronic Counter Surveillance

Detection of radio signals in Electronic Counter-Surveillance

Understanding radio signals

The radio waves section of the electromagnetic spectrum is defined as from 3 KHz to 300GHz. There wave length is shorter with increased frequency. The aerial used or transmission and reception should match the radio frequency, for example the full wave aerial length of a 3 KHz transmission is about 2.5 miles and that of a 300 GHz transmission is 1.9 inches. In practice fractions of the wave length such as 1/2 and 1/4 wave aerials are often used for convenience although certain losses can result.

People often describe the radio spectrum as DC to visible light (3 KHz to visible light)

Practical use of the radio spectrum for bugging devices is between 50 and 1200 MHz centred around 400MHz. Above 1200 MHz, bugs need more power and their signal is less able to travel round corners unless without significant reflection of the signal happening. The higher the frequency the less the signal can bend. At 2000 MHz it is, in theory, impractical to use a “standard bug” This is due to the greater power need at these frequencies, the limited range and the almost straight line effect needed to receive it. See images below to understand where radio waves are in the electro-magnetic spectrum. See following two images below:-

EMS-Spectrum-Electronic-Counter-Surveillance

Depending on the frequency of the radio waves they will travel in a different way. Radio waves (low frequencies as in medium and short wave bands, below 30 MHz which are shown below in black and reflect off the ionosphere, shown in brown. This is called Sky wave propagation. Most long-distance shortwave (high frequency) radio communication is between 3 and 30 MHz is a result of sky wave propagation. Amateur radio operators, who are limited to lower transmitter power than broadcast stations, have taken advantage of sky wave for long distance (or “DX”) communication often use these frequencies.

HF & UHF signals Counter Surveillance Security

VHF frequencies do not reflect off the ionosphere hence it is line-of- sight communication only. The frequency bands which are normally used for bugs are therefore nearly always FM (frequency modulated) and in the VHF and UHF band which is 30-3000 MHZ. These radio signals do not bend much and the distance a signal travels from the transmitter is based on the line of sight, the air attenuation and the signal strength. The drawing below shows the theoretical maximum line of sight of a VHF radio signal.

http://www.templepan.com/wp-content/uploads/2014/09/VHF-Signal-propagation-Counter-Surveillance-Management

As already referred to the best penetration and distance for radio transmission is around 400MHz and therefore some bugs maybe tuned to this frequency – but not all!

Aerials:

In a perfect world and for the best communication, the receiver and transmitter should have an aerial length to match the frequency. To find a bug by direction finding one can use a Log Periodic aerial (looks like a triangle) as this is a very directional aerial and one can see the signal strength increase on the receiver’s display when the aerial is directed towards the bug.

Modulation:

Modulation is the information (speech or music) added to the carrier wave. The carrier wave itself carries no information. There are many different types of modulating the carrier wave but explained below are the differences between only Amplitude Modulation and Frequency modulation as these are the most basic forms modulation. Digital modulation and its many forms is a totally different ball game. Spread spectrum and frequency hopping modulations are also complex and are very briefly mentioned below.

An FM signal, the frequency itself is expanded (widened) by modulation. With an AM signal the strength (amplitude) of the signal is increased by modulation and the signal always stays on the exact frequency.

See diagram below, where to upper image is AM and the lower image FM

Frequency Modulation Detector Electronic Surveillance

The picture above shows an AM signal on the top portion and an FM signal on the bottom. AM increases power with modulation, FM increases the bandwidth with modulation so uses more spectrum.

normal narrow band signal spike electronic counter surveillance

The picture above shows a ‘normal’ narrow band signal spike with a Spread Spectrum signal beneath the noise level.

This spread spectrum signal is therefore very difficult to detect

Appendix of some general radio terms

Wi-Fi and Bluetooth signals and some ISM (see appendix) signals are between 2.400 GHz and 2.4835 GHz – rapid clicks on CW (Carrier Wave) and mush on FM (Frequency Modulation). Signal is 22 MHz wide. Uses Direct Sequence Spread Spectrum (DSSS) modulation. See picture below. There are 14 channels each spaced 22 MHz wide.

Wi-Fi signal pictorial pattern below:

WiFi Signal Pattern Electronic Counter Surveillance

Frequency hopping and Direct Sequence Spread Spectrum graphically explained:

Frequency Hopping Electronic Counter Surveillance

General notes on radio transmissions.

Mobile phone signals

If a receiver’s aerial is close enough to the phone signal then it will display a clear spread spectrum pattern on screen around somewhere between 890-915 MHz (see picture below)

Detection of mobile phone in use

Picture shows plot of mobile phone in use

UK Mobile phone bands

Basically use these 3 radio bands. 890–915 MHz, 1850–1910 MHz, 2100 MHz

1G is analogue – 60% of world still uses this

2G,3G,4G all digital and use very complex types of digital Spread spectrum and frequency hopping techniques. See brief explanations of modulation types below.

Spread Spectrum: (DSSS only) uses 20-254 times the normal bandwidth of narrow band transmissions. Ultra wide bandwidth but very low power over many frequencies so is almost undetectable

Spread Spectrum (FHSS and DSSS) There are two main types of Spread Spectrum and they both always need a code or “Pseudo Random Number” to operate and to decode (called de-spreading) at the receiver end.

The advantages of Spread Spectrum Transmissions is reduced multipath fading and the transmission can co-exist without being “seen” with other transmissions on same frequency band. Cannot be jammed easily. The signal is very difficult to Jam, intercept detect or demodulate

Frequency hopping transmits on up to a 100 different frequencies across approx 5 MHz and the signal only staying on each frequency for . second or maybe only 1/100 second.

Multi-path fading – when the RF energy from the transmitter is reflected from different objects and arrives at the receiver at different times. This causes fading of signal.

ISM Band Industrial, Scientific and Medical band. Covers mainly 915MHz and 2.4GHz bands (area) but does

include all of the following frequencies 6, 13, 26, 40, 433, 866, 902, 915 MHz and 2.4, 5.7, 211, 61,122 &

244 GHz. Microwave ovens are in the ISM band as they operate at 2.45 GHz

DAB Radio 1.5MHz bandwidth between 217.5 – 230 MHz. This is 7 blocks of 1.5MHz

wide and is therefore Direct Sequence Spread Spectrum.

DECT Digitally Enhanced Cordless Communication – 1881.792– 1897.344 MHz and 2.4GHz. Can be SS too.

TETRA Terrestrial Trunked Radio. Is a digital system of handheld units used commercially

12.5 KHz bandwidth and can be spread spectrum of some type.

TEMPEST is a code name (no meaning in the name) referring to investigations into unintentional intelligence (i.e.

Radio signals emanating from computer screens or computers or other data storage equipment. There is no meaning in the name TEMPEST

Mobile radio terms

GPRS: General packet radio service

EDGE: Enhanced data GSM evolution 2.59 service

3G Faster than EDGE or 2G – good for video

4G LTE 4thGeneration – Long Term Evolution

CDMA: Code Division Multiple Access (coded chopping) like everyone talking at once but all speaking a different language

TDMA: Time division multiple access (time chopping)

FDMA: Frequency division multiple access (frequency separation)

UTMS: Universal mode telecoms service – 3G with wide (W)CDMA which stretches signal on 2100MHz it suffers greater attenuation due to higher frequency. 900MHz better for range i.e. lower frequency.

FHSS Frequency Hopping Spread Spectrum

DSSS Sounds like rapid clicks from speaker and power meter moves rapidly on receiver

Uses Spreading and De-spreading Code, as mentioned above, is used for Spread Spectrum transmissions

Templepan Security Systems Ltd www.templepan.com 

Copyright Templepan Security Systems Ltd