Sigintos A Linux Distro For Signal Intelligence

Intelligence Technolgy Exellence Divion Sgnal Protocol Department Signals Intelligence Operation System Basics and it’s Key features and utilization.

June 2021

CHAPTER 1 FUNDAMENTALS Incredibly fast changes are taking place in the world of technology, especially in information and communication technologies. Products and systems are being developed and used rapidly. Considering the growth of technology and language terms, definitions in signal intelligence and SIGINTOS I will try to list some of them that we must know while using signal intelligence operating system and apply it in different areas. Analysis: A process in the production step of the intelligence cycle in which intelligence information is subjected to systematic examination in order to identify significant facts and derive conclusions. Atomic SIGINT Data Format: The metadata that gets generated for almost every internet communication session that is collected through NSA's passive SIGINT systems. Bulk collection: The collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants like specific identifiers, selection terms, etc. Call Detail Record (CDR): Telephony Metadata include comprehensive communications routing information, specifically, originating and terminating telephone number, International Mobile Subscriber Identity (IMSI) number, Mobile Subscriber Integrated Services Digital Network Number (MSISDN), International Mobile station Equipment Identity (IMEI) number, also trunk identifier, telephone calling card numbers, and the time and duration of call. Telephony metadata does NOT include substantive content of any communication, or the name, address, or financial information about a subscriber or customer.* Case notation: All intercepted signals get a case notation which is an alphanumeric value that identifies the link or the network that is being intercepted.

Close Access collection: The targeting, collection, and/or processing of unintentional emanations from information processing equipment. Also: a program to develop special unique sensors and systems to collect unintentional emanations

and/or signals from information processing equipment to exploit TEMPEST vulnerabilities. Codeword: A word used with a classification to indicate that the material was derived through a sensitive source or method, constitutes a particular type of sensitive compartmented information, or is accorded a limited distribution

Collect: In SIGINT, when used generically, to search, acquire, monitor, and record electromagnetic emissions. Contrast with intercept. Note: Collection implies the keeping and using of the material collected. Intercept, on the other hand, is not limited until and unless it becomes collection. Collection: Acquisition of information or intelligence information, and the processing of the information into a form more suitable for the production of intelligence. Collection manager (CM) - An individual with responsibility for the timely and efficient tasking of organic collection resources and the development of requirements for theater and national assets that could satisfy specific information needs in support of the mission.* Community of Interest: A collaborative group of users within a mission enclave who exchange information in pursuit of their shared goals, interests, missions, or business processes and who therefore must have a shared vocabulary for the information they exchange Computer Network Attack: Efforts to manipulate, disrupt, deny, damage or destroy information resident in computers and computer networks, or the computers and networks themselves. Computer Network Defense: Efforts to defend against the Computer Network Operations of others, especially directed against US and allied computers and networks.

Computer Network Exploitation: Efforts to collect intelligence and enable operations to gather data from target or adversary automated information systems (AIS) or networks.

Computer Network Operations: Term that comprises Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND) collectively. Contact Chaining: A process by which computer algorithms automatically identify the telephone numbers or e-mail addresses that a particular number or e-mail address has been in contact with, or has attempted to contact. The algorithms not only identify the first contacts made by the seed number or address, but also the further contacts made by the first tier, and so on. Corporate Partner Access: Access to communication systems through cooperation with corporate partners like commercial telecommunication companies and internet service providers. Correlated selector: A communications address, or selector, is considered correlated with other communications addresses when each additional address is shown to identify the same communicant(s) as the original address.* Cryptology: The art and science of making codes/ciphers and breaking them. Cryptology breaks out into two disciplines: Cryptography (making or using codes/ciphers) and Cryptanalysis (breaking codes/ciphers). Development: Finding new things, like new targets (Target Development) and new collection methods (SIGINT Development). Dialed Number Recognition: The process of extracting dialed telephone numbers from the transmitted information present in a telephone signaling system. The dialed numbers are looked up in a "directory", which contains the phone numbers of persons from whom an analyst might gain intelligence information. If the extracted number "hits" in the directory, the associated conversation is recorded. Digital Network Intelligence: An analytic term, replacing Computer-to-Computer, referring to SIGINT derived from the "digital network" which is commonly identified today with the Internet, but for the purposes of SIGINT includes both the Public Internet as well as private digital networks. Direction Finding (DF): The process of determining the azimuth of an emitter by the use of a direction finder.

The mobility management entity (MME): which presents a key control node for the LTE access network, manages UE access network and mobility, as well as establishing the bearer path for UE's. ... The MME also controls mobility between LTE and 2G/3G access networks Intelligence: The collection, processing, integration, analysis, evaluation and interpretation of information. Metadata: The dialing, routing, addressing, or signaling information associated with a communication, which excludes any content, such as information about the substance, purport or meaning of the communication also called events. The two principal subsets are telephony metadata and electronic communications or internet metadata National intelligence: All intelligence that pertains to more than one agency and involves threats to the United States, its people, property, or interests; the development, proliferation, or use of weapons of mass destruction; or any other matter bearing on United States national or homeland security. Search: Search is the process which finds and assigns meaningful names to energy events in the RF spectrum. This can range from a very general type of search (e.g., any RF signals that are detected) to very tightly defined searches (e.g., a certain ELINT emitter). There are three modes of search – manual, interactive, and automatic; and two search techniques – general and directed –within each mode. Signals Intelligence (SIGINT): Intelligence information comprising, either individually or in combination, all Communications Intelligence (COMINT), Electronics Intelligence (ELINT), and Foreign Instrumentation Signals Intelligence (FISINT). Telephony metadata: These include the telephone number of the calling party, the number of the called party, as well as the date, time and duration of the call.* Later, also the IMEI and IMSI numbers were included. Traffic Analysis: The cryptologic discipline that develops information from communications about the composition and operation of communications structures and the organizations they serve. The process involves the study of traffic and related materials and the reconstruction of communications plans to produce signals intelligence.

Upstream: Interception of communications as they transit through (fiber-optic) backbone cables and other related infrastructures of internet and telephony networks.

GUTI (globally unique temporary id): is a worldwide unique identity that points to a specific subscriber context in a specific mme. the s-tmsi

is unique within a particular area of a single network.

2. SIGNALS INTELLIGENCE OPERATION SYSTEM SIGINTOS as the name suggests, SIGINT is an improved Linux distribution for Signal Intelligence. This distribution is based on Ubuntu Linux. It has its own software called SIGINTOS. With this software, many SIGINT operations can be performed via a single graphical interface. Hardware and software installation problems faced by many people interested in signal processing are completely eliminated with SigintOS. HACKRF, BLADERF, USRP RTL-SDR.

2.1 ABOUT SIGINTOS DEVELOPER Murat ŞİŞMAN who developed SIGINTOS distribution; He worked as a volunteer in Linux localization projects for many years. As a result of his interest in Linux and cyber security, he prepared SIGINTOS distribution for his own use and made it available for everyone who is interested and interested in this field. Since 2008, he has carried out individual and corporate projects in the field of Mobile Application Development and he gives trainings to many banks and corporate companies on this subject. it has made application has been developed with Unity3D Volkicar the games as users are actively used by over 2 million throughout Turkey. He owns the Linux distribution called SigintOS for Signal

Intelligence. He teaches Signal Intelligence, Mobile Security and Espionage and also works in the field of Crypto Coins. He is currently the C4ISR System Engineering Manager in a private company operating in the Defens.

2.2 SIGINTOS quality issues based on the creator They wright in their official website that SIGINTOS is to very well executed, with a built in GUI that grants easy access to the some common sigint tools like an FM and GPS transmitter, a jammer, a GSM base station search tool and an IMSI catcher. SigintOS also has various other preinstalled programs such as GNU Radio, gr-gsm, YatesBTS, wireshark and GQRX. The OS also teases an LTE search and LTE decoder which to access requires that you get in contact with the creators, presumably for a licencing fee. Regarding an LTE IMSI catcher they write:

2.3 LTE IMSI Catchers Due to the nature of LTE base stations, the capture of IMSI numbers seems impossible. LTE stations use GUTI to communicate with users instead of IMSI. The GUTI contains the temporary IMSI number called TMSI. This allows the operator to find out who is at the corresponding LTE station who is authorized to query TMSI information. According to SIGINTOS documentation they answer that they can find the GUTI number.

Fig 1 SigintOS: A Linux Distro for Signal Intelligence

3. SIGINTOS-TOOLS It is a special software that contains many components: FM Transmitter, GPS Transmitter, GSM Search, IMSI Catcher and Jammer.

3.1 HOW TO INSTALL SIGINTOS ON HARDDISK? We can install SIGINTOS on your hard disk by following the steps below. Step 1Uninstall ubiquity software sudo apt-get remove ubiquity Rebuilding the ubiquity software sudo apt-get installs ubiquity ubiquity-frontend N.B SIGINTOS works live on DVD or USB Device.

3.2 SIGINTOS in our view We try to install sigintos in our hardsik and also try to use it live in USB device, but it has limitations.  When we try to scan cells, it scans only small number of cells.  Neither Wire-shark nor wireshark(GTK+) can’t capture any form of wired or wireless traffics.  If we install SIGINTOS in our hard disk instead of use it in live bootable usb device, we can’t lock it by password. They prepare it only to use by their own passwords. It’s unacceptable due to our security issues.