November 1, 2016

Military Intelligence Against Chinese Submarines and Traffic Analysis

Prior US intelligence gathering eg. of China’s Hainan Island Yulin/Sanya nuclear submarine naval base (above) can be (or is) very useful. (Photo courtesy mapsecrets via).

Military Intelligence Against Submarine Operations
Signals intelligence gathering by (sub or satellite) and sonar signature gathering by USNS Impeccable can act as a basis for further analysis of changing Chinese actions. This is in a low level confrontation scenario or a time of crisis (which may be a medium level shooting war). 
For example discerning a rise in traffic levels that are typical of an Type 094 SSBN or Type 093 SSNs putting to sea at unusual times may make interception by a US SSN or distant "tailing" easier. That a Chinese SSBN or SSN might put to sea at an unusual time would also say something about the Chinese political and military structures' state of mind (useful strategic intelligence).
Traffic analysis is a basic part of signals intelligence, and can be a source of information about the intentions and actions of the target. Representative patterns include:
·      Frequent (shore or satellite to submarine) communications — can denote planning

·      Rapid, short communications between naval command elements — can denote readjustments 

·      A lack of communication — can indicate a lack of activity, or completion of a finalized plan

·      Who talks to whom (eg. political leaders to admirals) can imply weapons-release or withdrawal
         by a submarine, and 

·      Who talks when — can indicate which stations are active in connection with events, which
         implies something about the information being passed and perhaps something about the
         personnel/access of those associated with some stations

This is the process intercepting and (real time computer) examination of messages to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted.

In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence, counter-intelligence, or pattern-of-life analysis, and is a concern in computer security.

Traffic analysis tasks are supported by dedicated computer software programs and supercomputers. Advanced traffic analysis techniques may include various forms of social network analysis.

Telephone exchanges are computer based as, of course, are servers. In computer security traffic analysis can involve an attacker gaining important information by monitoring the frequency and timing of network packets.

A timing attack on the SSH protocol can use timing information to deduce information about passwords since, during interactive session, SSH transmits each keystroke as a message.  The time between keystroke messages can be studied using hidden Markov models. A timing attack might recover passwords fifty times faster than a brute force attack.

Chinese sailors at Yulin Naval Base on Hainan Island should look over their shoulders - as they are being watched (by friend and foe) in so many ways.



Ztev Konrad said...

I understand they use 'data diodes' to close off a ultra secure network from outside servers.

data diodes wwere developed further in the 1990s by Australia's Defence Science and Technology Organisation (DSTO) in the 1990s ...

Peter Coates said...

Hi Ztev

Data diodes may have been useful for a few years in providing some security, that is until the full security weaknesses of thumb-drive-USB ports on PCs and laptops began to be exploited.

By using thumb drives (USB sticks) traitors such as Snowden and Manning simply downloaded 100,000s (to millions of) highly classified page equivalents from theoretically secure Intranet databases. Also the thumbdrives can inject nasty malwares, like Flame or new variaties of Stuxnet, into "secure" Intranets.

For the latest prolific Traitor Downloader see Harold Thomas Martin III, arrested by the FBI for illegally removing classified material equivalent to 500 MILLION pages. Martin III, 51, served as a US Navy officer for over a decade, acquiring TS clearance and specialized in "cyber security" (like Snowden, sadly).

Like Snowden Mr Martin III spent much time as a contractor for Booz Allen Hamilton...and like Snowden Russian speakers may have been the ultimate beneficiaries/paymasters of a "patriotic-for civil liberties" act of Treason.

Martin's unmasking has been oddly under-reported in the media's campaign for Hillary Election. The FBI has also under-reported it. Like thee FBI under-reported the Islamic Terrorist explosions in the New York area a few weeks ago... see

Submarine Matters will follow the Martin III (or is that the Civil Liberties Poster-Boy Traitor III case) blow-by-blow.



Ztev Konrad said...

Yes an inside mole is a difficult problem, but downloading data can be fixed by hardware without optical drives or USB ports. It seems funny that it could still be an issue when back in the days of floppy disks, moles would use them, putting data on the hidden reserved tracks for damaged sectors.
I was more referring to the suggestion that military computer networks can be watched for traffic analysis. Even when I worked for a major US computer software firm back in the late 90s-CSC who did major US defence business. I worked on the commercial side but to send an email to a customer in the same city meant it was first routed to a single exit point in Virginia on what used what used to be called leased lines. It was clear even nearly 20 years ago their internal networks were isolated largely from the city you were in. At the time their world wide workforce was some 100,000 or so.