December 7, 2016

Intelligence Vulnerabilities of Submariner Social Media Use

Social media activities of submariners and other employees who work at the SSBN Base at Kings Bay, Georgia, USA, need monitoring.
---

The telephone exchange closest to Kings Bay (on Base or at Jacksonville?) needs network, technical defences to thwart efforts by Chinese and Russian intelligence attempting to organise traffic analysis or even in-clear connections. Also see map.
---

Michael Glynn has written an interesting, long, article “Information Management In Next Generation Anti-Submarine Warfare” for Center for International Maritime Security (CIMSEC). Here I focus on a fragment below:

Under “Operations Analysis” Michael writes about WWII, Cold War and future use of operations analysis for ASW purposes. This includes:

"ASW forces of tomorrow will have to rediscover the value of operations analysis and apply these efforts at the operational and tactical levels. ASW task forces will be equipped with all-source intelligence fusion centers. Cueing information will flow from traditional means such as the Integrated Undersea Surveillance System, signals intelligence, and novel means assisted by big data analytics. Methods as unusual as monitoring the social media or Internet activity of adversary crew members and their families may provide indications that a submarine is getting underway." 

PETE'S COMMENTS

I've bolded "Methods as unusual as monitoring the social media or Internet activity of adversary crew members and their families may provide indications that a submarine is getting underway."

If I put my (ficticious) Chinese or Russian cyber-intelligence hat on I see rich pickings by tieing in my advanced software and big budget to fully exploit possibilities that Twitter, Google and Facebook use offers. 


For both China and Russia the ability to use much locally developed internet software/hardware and adapt "Silicon Valley" commercial software can increase the chances of exploitation. Cyber defenders may be a little nervous to what extent the basically Moscow headquartered Kaspersky Lab anti-virus multinational safeguards Western secrets against Russian intelligence exploitation. If I were in Russia's NSA equivalent I wouldn't hesitate to lean on Russia companies with access. 

-  in another direction the federal Australian and US Governments are hyper-sensitive about the perceived security risks of integrating software and hardware of China's massive Huawei computer-telecommunications equipement provider.


-  Chinese or Russian cyber-intelligence may utilise algorithms and databases alert them when known daughters or girlfriends of known US, UK, German or Australian submariners Tweet or update their Facebook account that "Dad or Fred is away at sea again".

-  Young submariners who already have an internationally identified Twitter or (especially) Facebook social media profile may reveal that they have a compromising lifestyle (cheating on a spouse?) that could be exploited by the "right" approach of Chinese or Russian intelligence agencies one day, even if years later.


-  current of former submariners (who might also be Chinese linguists) may need to steer clear of  Confucius Institutes (fronts?)

-  A more traditional signals intelligence approach to track SMS, mobile voice and landline voice would be to establish connections directly or indirectly through a phone company employee with the telephone exchange that it closest to a submarine base. Suitable targets may be an exchange closest to:

-  Kings Bay Georgia, US, SSBN Base, (see photo and map above) or

-  if a Russian, gain access to the exchange closest to Germany's major Eckernförde Naval Base where Germany's Type 212A 1st Submarine Squadron is based. Gaining a traffic analysis connection (no need to decrypt) to DHO38 might attract the odd Russian.

-  in Australia the naval facilities at the Port of Darwin may be vulnerable because a Chinese company now owns the port (for 99 years).

Good Western human and technical security to guard against rapidly developing social media and exchange vulnerabilities is an increasing need.

Pete

6 comments:

Josh said...

@Pete

Having worked for Pfizer at their home campus of Groton/New London on a couple of occasions for a couple of years over 15 years ago, you wouldn't need to do anything that complicated if all you wanted to know was when a sub came or went. I fully expect that back then and now there's at least a couple guys with a cam (now adays it would be web cam; this was early 2000 and might have to be something more elaborate) who just real time it to whoever when a boat goes down the river. They were clearly visible from the two story plate glass windows in the main lunch hall in the now defunct New London office building. You can also clearly tell the difference between an LA and Seawolf/CT/Peanut farmer by the hydrodynamics in front of the sail. Groton doesn't, or least didn't, host any boomers, but I assume the size would make classification clear. I've also witnessed an LA leaving Pearl just looking out my aircraft window on my flight to Honolulu, which in that particularly clear water was site to behold.

This isn't to minimize the threat of crewmen giving up information online and I'm sure there are other details that could be gleaned and that intelligence gathering efforts are focused on them, but the bare bones comings and goings of boats have always been readily accessible. Where they end up for how long has always been the harder trick, even for Russian nukes working picket outside the 12 mile limit.

Cheers,
Josh

MHalblaub said...

Dear Pete,
The risk is less to get Information about when the submarine will leave the port. The risk is to detect individual sailers and get in contact with them.

Regards,
MHalblaub

Peter Coates said...

Hi Josh

The other ways you mention of recording US sub activity from Naval Base exit to US sub's broader patrol is covered off in

the articles http://cimsec.org/information-management-next-generation-anti-submarine-warfar/25614

"...ASW task forces will be equipped with all-source intelligence fusion centers."

I would say if Russian intelligence is focussing on activity out of Bangor Naval Base, Washington State, then Russian NSA, GRU military intel, Russian Navy Intel and perhaps SVR, will all interact to fusee all intel sources, eg:

- GEO and low Earth Orbiting satellites:
- Russian undersea node or array SOSUS/IUSS planted off the coast of Washington State
- Russian SSNs or SSKs off the coast or more distant
- Internet and broader telecommunications monitoring
- CCTV (as you say)
- SVR via Bangor employees, submarine spotting "nerds" and SVR (or GRU) recruited US submariners.
- etc

Regards

Pete

Peter Coates said...

Hi MHalblaub

Yes. While Russian or Chinese satellites might well provide the strongest evidence that US, Australian or German subs have left port they don't reveal submariner's thoughts.

Indeed social media, phonecalls, private emails or SMS can reveal the identity, state of mind/thoughts and vulnerabilities of individual submariners or key port employees*. Also reveal (through IP and phone numbers) where they live (easily bug-able** off base). This can then be exploited eventually by Russian or Chinese intelligence.

* Sailor/submariner identities and activities of Australian subs and US warships temporarally operating out of the Port of Darwin in Australia will be a Chinese intelligence cinch. This is because a Chinese company is already running the port. Chinese money bought this sensitive access.

** plant listening device in home or car http://www.advanced-intelligence.com/infinity.html or tap exchange

Regards

Pete

Anonymous said...

Pete,
US telephony network is not that advanced. Down South, especially in Florida, there are a large number of exchanges still running analog telephony switches (they were just too reliable). Those cannot be hacked.
KQN

Anonymous said...

Thanks for the info KQN

Damn! If Russian illegals or their agents are really determined then they can look to pre-1980 practices. eg. wall bugs (off-base housing), car bugs or old fashioned phone taps of the near phone line or phone itself may be necessary.

If you've watched "The Americans"[1] (illegals and their agents) or Walker Spy Ring [2] then illegals or their debriefing base employees may be the go [3](off base or stealing codes).

[1] https://en.wikipedia.org/wiki/The_Americans_(2013_TV_series)

[2] https://en.wikipedia.org/wiki/John_Anthony_Walker

[3] Employees would no longer be motivated by ideology/communisms, probably by money.