All About SIGINT Signal Intelligence

All About SIGINT (Signal Intelligence)

After discussing Cell Investigation many people asked me about this signal such as signals on ships, planes, cell phones and others. Each has a role in SIGINT such as tracking aircraft, when and others. Therefore in this session I will discuss the signals used in SIGINT

AIS (Automatic Identification System)

AIS

AIS (Automatic Identification System) is a system used to identify and track the position of ships at sea. It transmits information such as a ship's identity, position, speed, and course through radio signals. AIS helps improve navigation safety by allowing ships and maritime authorities to communicate with each other and get information about the presence of other ships in their vicinity. This is especially useful in situations where visibility is limited or in congested waters

What's inside the AIS?

  • MMSI (Maritime Mobile Service Identity): A unique identification number for each vessel or AIS station

  • Position: Information about the latitude and longitude of the vessel

  • Speed: The speed of the vessel in knots

  • Direction: The ship's direction of travel in degrees, measured from north

  • Ship Type: A code indicating the type of vessel (e.g., tanker, passenger vessel, etc.)

  • Ship Name: The name registered for the vessel

  • Ship Size: Information about the length and width of the vessel

  • Ship Status: Indicates the status of the vessel, such as sailing, anchored, or stationary

  • Time: A timestamp indicating when the information was sent

  • IMO (International Maritime Organization)

IMO is an international organization responsible for regulating shipping and maritime safety. Every ship registered under the IMO is assigned a unique identification number known as an IMO number. This number consists of seven digits and does not change throughout the life of the ship. The IMO focuses on improving shipping safety, protecting the maritime environment, and increasing shipping efficiency

  • Call Sign

A call sign is a unique nickname given to a ship for radio communication purposes. It is used to identify the ship in communications between the ship and shore stations or between ships. Call signs usually consist of a combination of letters and numbers, and help ensure clear and efficient communication at sea

  • Vessel Type Vessel type refers to the category or type of vessel that exists, which helps in identifying its function and characteristics. Examples of vessel types include:

  • Tanker: Transports liquids, such as oil or chemicals

  • Passenger Vessel: Carries passengers, such as ferries or cruise ships

  • Cargo Ships: Transport goods and containers

  • Fishing Boats: Used to catch fish

  • Identifying vessel types is important for maritime traffic management and safety

  • Vessel Information

Vessel information includes various relevant data about the vessel, such as:

  • Vessel Name: The official registered name of the vessel

  • Size and Capacity: Length, width, and tonnage of the vessel

  • Year Built: Indicates the age of the vessel

  • Ship Status: Whether the vessel is under sail, at anchor, or under repair

This information is important for marine traffic management, voyage planning, and navigation safety

How its work?

AIS (Automatic Identification System) uses VHF (Very High Frequency) radio signals to transmit and receive information. Specifically, AIS operates on the following frequencies:

VHF Channel 87B (161.975 MHz) VHF Channel 88B (162.025 MHz)

These signals transmit messages automatically from ship to ship and to ground stations, with coding methods that allow information to be transmitted in digital form. AIS uses a modulation technique called Frequency Shift Keying (FSK) to ensure efficient and accurate data transmission

  • Data Collection

Ships are equipped with AIS devices that automatically collect data from the ship's navigation system, such as GPS. This data includes:

  • Position (latitude and longitude)

  • Speed and course of the vessel

  • Vessel identity (MMSI, vessel name, vessel type, etc.)

  • Vessel status (sailing, anchored, etc.)

  • Signal Transmission

The AIS device then packages the collected data into messages and sends them over VHF (Very High Frequency) radio waves at regular intervals. These signals may include different information depending on the situation, but are usually sent every few seconds or minutes

  • Signal Reception

Other vessels within range, as well as monitoring stations on land, are equipped with AIS devices that can receive the signals. Each vessel can receive information from other vessels, allowing them to “see” the position, speed, and course of adjacent vessels

  • Data Processing

Once the data is received, the AIS device on the ship or monitoring station processes and displays the information. Users can view the information on the screen, which usually shows a map with the positions of other vessels, identity information, and status

  • Real-Time Updates

The information received is constantly updated in real-time. If the vessel changes course or speed, the AIS device will transmit new data, so users always have the most up-to-date information about the vessels around them

  • Safety and Efficiency

With AIS, ships can avoid collisions with other vessels, especially in congested waters. It also allows maritime authorities to monitor marine traffic, manage safety, and detect suspicious activity

Example Case

Search by IMO

Detail info about ship

History and detail about ship

Url : SC ENTERPRISE LIX

Need to know

You need a VHF antenna in search of when to pick up radio signals

  • You must know the IMO and MMSI numbers

  • You must know the ship's name

  • You must know the place where the ship is docked

  • You need must know the ship name or brand, photo or logo

This is for use in when searches

ADS-B (Automatic Dependent Surveillance-Broadcast)

ADS-B (Automatic Dependent Surveillance-Broadcast) is a monitoring system used in aviation to automatically track the position of an aircraft. It transmits information about the aircraft's position, speed, and direction at regular intervals via radio signals

Unlike traditional monitoring systems that rely on radar, ADSB utilizes data from satellite navigation systems (such as GPS) to determine the position of the aircraft. This information is then broadcast to other aircraft and to ground control stations. ADSB enhances flight safety by allowing aircraft and air controllers to have better visibility of the air traffic around them

What is aircraft registration number?

An aircraft registration number is a unique code assigned to each registered aircraft. This number serves to identify the aircraft in aviation and monitoring systems. Here are some important points about the registration number:

  1. Format

In many countries, registration numbers usually follow a specific format. For example, in the United States, registration numbers begin with the letter "N" followed by a combination of numbers and letters (e.g., N12345). In other countries, the format may differ (for example, in Indonesia, it starts with "PK")

  1. Identification Function

Registration numbers are used to identify aircraft in various contexts, including radio communications, flight tracking and ownership registration

  1. Owner Information

Registration numbers are also linked to aircraft owner information, flight history and other technical details

  1. Important for Security

Registration numbers help in monitoring and ensuring aircraft compliance with aviation and security regulations

  1. Registration

The aircraft must be registered with the relevant civil aviation authority in the country where it operates, and the registration number will be recorded in an official document

How its work?

The information contained in an ADS-B broadcast includes:

  • Position: Highly accurate geographic coordinates, determined by GPS

  • Speed: The speed of the aircraft, both horizontal and vertical

  • Identity: Flight call, tail number, and other information that identifies the aircraft

  • Altitude: The altitude of the aircraft above sea level

  • Heading: The direction in which the aircraft is facing

  • Additional information: Depending on the type of aircraft and equipment used, additional information such as airspeed, outside air temperature, and aircraft system status may also be transmitted

What's inside the ADS-B?

  • Reg

Reg stands for Registration. It refers to the registration number of the aircraft. This registration number is unique to each aircraft and serves as its official identity. Similar to a vehicle licence plate number, this registration number can be used to track the ownership of the aircraft and its technical data

  • DB Flags

DB Flags stands for Database Flags. This is a collection of flags that provide additional information about the aircraft data being tracked. These flags can indicate various things, such as:

  • Data source: Whether the data was obtained from the ADS-B transponder directly, or from another database

  • Data accuracy: How accurate the position data and other information displayed is

  • Aircraft status: Whether the aircraft is in flight, on the ground, or in another condition

  • Type

Type refers to the type of aircraft. It indicates the model or type of aircraft being tracked. This information is useful for identifying the aircraft type, size, and capabilities

  • Type Desc

Type Desc stands for Type Description, this is a more detailed description of the aircraft type. This description can include information such as the full aircraft model name, manufacturer, and variants

  • Squawk

Squawk is a four-digit transponder code transmitted by an aircraft. This code is used to identify the aircraft on secondary radar. Squawk can be altered by air traffic controllers to identify specific aircraft or to give instructions to pilots

  • Callsign

A callsign is a unique identifier assigned to a radio station, airplane, ship, or other communications entity

  • Aircraft Information

Aircraft information is a general term that includes all data related to the aircraft being tracked. In addition to the information mentioned above, aircraft information may also include:

  • Altitude: The height of the aircraft above sea level

  • Speed: The speed of the aircraft

  • Heading: The direction of the aircraft

  • Position: Geographical coordinates of the aircraft

  • Time: The last time the data was updated

The radio wave frequency commonly used in ADS-B systems is 1090 MHz

Need to know

  • You know the type of aircraft

  • You need to know the registration number of the aircraft

  • You need to know the flight code

  • You need to know the location and time

  • You know the destination of the airplane from Departure to Arrival

  • You need to know the brand this plane or photo or logo company

Study Case

From the picture above is the callsign or flight number of the aircraft

Aircraft type

Reg number

Table airplane registration

Airplane information search

Searching data flight record you can also check detail log and export in kml or kmz

Telco Signal and Cellular

Signals in Telecommunications

  1. Half-Duplex

Half-duplex is a communication mode in which data can be sent and received, but not simultaneously. That is, devices in the network can take turns to send and receive signals, but cannot do so at the same time. Example:

Walkie-talkie: Users must press a button to speak, and they must release it to listen

Radio: Radio stations can transmit information, but listeners cannot transmit information back at the same time

  1. Full-Duplex

Full-duplex is a communication mode where data can be sent and received simultaneously. It allows two devices to communicate with each other without waiting. Example:

Telephone: Two people can talk and hear simultaneously without interruption

  1. Simplex

Simplex is a mode where data can only be sent in one direction. There is no ability to receive data. Example:

Television: Broadcast from the station to the viewer, but the viewer cannot transmit the signal back

  1. Networking on Half-Duplex Signals

In a networking context, half-duplex mode is often used in systems where two directions of communication are required, but not necessarily simultaneous. Here are some characteristics and applications of half-duplex networks:

Bandwidth Savings: Since only one direction is active at a time, half-duplex can save network bandwidth

Simple Usage: Often used in simpler communication systems such as two-way radios

LAN Networks: Some local networks (LANs) use half-duplex mode, especially in older devices, such as hubs

Pro and Cons

Pro

  • Simple and easier to implement

  • Reduced chances of data collisions as only one direction is active at a time

Cons

  • Slower communication speed compared to full-duplex as devices have to take turns in transmitting data

  • Inefficient for applications that require simultaneous communication

Signal Type

  1. Voice Signals

Voice signals are a type of signal used to transmit voice conversations between users. In mobile networks, voice signals are encoded and transmitted via radio waves

  1. Data Signal

Used to transfer digital data, such as text, images, and videos. In mobile networks, this includes services such as internet browsing, streaming, and messaging

  1. Control Signals

Control signals regulate communication between mobile devices and base stations. These include signals for authentication, call setup, and network management

  1. Radio Signals

Signals transmitted via radio waves at various frequencies. These signals cover all types of mobile communications, from GSM to LTE and NR

  1. Modulation Signal

The process by which information is inserted into the carrier wave. Some commonly used modulation techniques are:

  • QAM (Quadrature Amplitude Modulation): Used in LTE to increase data capacity

  • PSK (Phase Shift Keying): Often used in digital communication systems

  1. Cell Selection Signal

A signal that assists mobile devices in selecting the best cell to connect to, based on signal strength and quality

  1. Hand-over Signal

A signal used when a device moves from one cell to another, ensuring the connection is maintained without interruption

  1. Synchronisation Signal

Signals that help mobile devices to synchronise time and frequency with the network, essential for efficient communication

  1. Signal Latency

The time it takes for a signal to travel from one point to another in the network. Low latency is important for real-time applications such as video calls or gaming

  1. Signal Interference

Unwanted signals that can interfere with communications. This interference can come from external sources or from other devices in the network

Terms in Signalling

You can find this term in telco cell mapper or sellular telecommunication. See the readme for resouces about cell mapper

  1. BSIC

BSIC (Base Station Identity Code) A code used in GSM systems to identify a cell or base station. BSIC helps the mobile phone in selecting the right cell when connecting to the network

  1. PCI (Physical Cell Identity)

PCI (Physical Cell Identity) Used in LTE and NR (5G) to physically identify the cell. PCI helps prevent interference between cells

  1. PSC (Primary Scrambling Code)

PSC (Primary Scrambling Code) Used in UMTS to identify cells, helps in the signal filtering process

  1. Tower Search

The process by which a mobile device searches for nearby base stations to get a signal and connect to the network. During this search, the device will scan and select the cell with the best signal quality

  1. What is a Band

"Band" refers to the frequency range used for radio signal transmission. Each network technology (GSM, LTE, etc.) uses a specific band for communication

  1. Network

In this context, "network" refers to the mobile communications network that connects mobile devices through an infrastructure of base stations, cables, and data processing systems

  1. GSM (Global System for Mobile Communications)

GSM (Global System for Mobile Communications) One of the most commonly used standards for mobile communications worldwide. GSM operates in specific frequencies and enables basic voice and data services

  1. UMTS (Universal Mobile Telecommunications System)

The third generation (3G) of mobile networks, UMTS offers higher data rates than GSM and supports multimedia services such as video calling

  1. CDMA (Code Division Multiple Access)

An access technique that allows multiple users to share the same frequency using unique codes. CDMA is used in some mobile networks and offers better spectrum efficiency

  1. LTE (Long Term Evolution)

The fourth generation (4G) of mobile networks, LTE offers significantly higher data speeds and lower latency compared to previous generations. LTE supports a wide range of services, including high-quality video streaming

  1. NR (New Radio)

A technology used in 5G networks. NR is designed to increase capacity and speed, and support more and faster connections for connected devices

Case Study

https://wiki.wireshark.org/VoIP_calls

https://github.com/Jieyab89/OSINT-Cheat-sheet/wiki/Cell-Investigations

https://www.p1sec.com/blog/presenting-qcsuper-a-tool-for-capturing-your-2g-3g-4g-air-traffic-on-qualcomm-based-phones

GSM or Signal Pentesting?

Hmmmm I can't talk about this in detail, and there are legal restrictions and laws. Its hard to do

Wireless Fidelit Signal

Wi-Fi is a wireless networking technology that allows devices to connect and communicate with the internet or local networks without using cables. Wi-Fi uses radio waves to transmit data between devices

Components of a Wi-Fi Network

  • Access Point (AP) A device that provides a wireless connection for other devices, such as a router. Access points connect devices to wired networks

  • Router a device that directs data traffic between a local network (LAN) and the internet. Wi-Fi routers combine the functions of routers and access points

  • Client Devices devices that connect to Wi-Fi networks, such as laptops, smartphones, tablets, and IoT devices

Frequency

Frequency: Wi-Fi operates at two main frequencies, 2.4 GHz and 5 GHz. The 2.4 GHz frequency has longer range but lower speed, while 5 GHz offers higher speed but shorter range

Standards: Some common Wi-Fi standards include:

  • 802.11b: Speeds up to 11 Mbps (2.4 GHz)

  • 802.11g: Speeds up to 54 Mbps (2.4 GHz)

  • 802.11n: Up to 600 Mbps (2.4 GHz and 5 GHz)

  • 802.11ac: Speeds of up to several Gbps (5 GHz)

  • 802.11ax (Wi-Fi 6): Further improvements in speed, efficiency, and capacity

Wi-Fi Network Security

  • WEP (Wired Equivalent Privacy): An early encryption method that is now considered insecure

  • WPA (Wi-Fi Protected Access): A more secure encryption method than WEP

  • WPA2: An upgrade from WPA with a stronger encryption algorithm

  • WPA3: The latest standard that offers better security and protection against attacks

Case Study

Trace SSID with Wigle

Other

OSINT: Tracking the Suspect's Precise Location Using Wigle.net

Where data come from in Wigle?

The data on Wigle.net comes from the contributions of (open source) users who scan Wi-Fi networks using the Wigle app. Users collect information such as SSID, signal strength, and location when they connect or scan a network

Wifi Pentesting

Evil Twin

Evil twin is a cyberattack that utilizes fake Wi-Fi networks to masquerade as official Wi-Fi networks in public places. The attacker creates a Wi-Fi access point that looks similar to the official network, such as the same name or SSID (Service Set Identifier), so users connect to the fake network without realizing it.

By connecting to these fake Wi-Fi networks, users do not realize that their data will pass through a server controlled by the attacker. The attacker can monitor, steal, or even modify the data transmitted by the user through the fake network. Some examples of data misuse by attackers after successfully connecting to the evil twin network:

  • Stealing account credentials

Attackers can steal passwords, usernames, and other account information entered by users while accessing websites or online applications

  • Monitoring online activity

Attackers can monitor data sent and received by users, including emails, messages, and other personal information

  • Committing financial fraud

Attackers can use the stolen information to commit financial fraud, such as making illegal transactions in the user's bank account

  • Infecting devices

Attackers can infect users' devices with malware or viruses through fake Wi-Fi networks

Brute Force Attack

A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations' systems and networks.

Jammer

A signal jammer is a device that blocks or interferes with radio signals, such as cellular, Wi-Fi, GPS, or Bluetooth signals. It works by emitting radio signals that can disrupt or prevent the reception of desired signals. How a Signal Jammer Works:

  • Emits Radio Signals

The signal jammer emits the same or similar radio signal as the signal you want to block

  • Disrupts Reception

The radio signals emitted by the jammer will interfere or even prevent the receiving device from recognizing the signals it is supposed to

Example:

A cellular signal jammer can prevent cell phones from receiving signals from BTS towers

Types of Signal Jammer:

  • Cellular Signal Jammer: Targets cellular signals (GSM, CDMA, 2G, 3G, 4G)

  • Wi-Fi Jammer: Blocks Wi-Fi signals

  • GPS Jammer: Interferes with GPS signals

  • Bluetooth Jammer: Blocks Bluetooth signals

Uses of Signal Jammer:

  • Secret Meeting Security. Ensures no communication can be heard outside the confidential meeting

  • VIP Area Security. Prevents interference of certain signals in important areas

  • Research and Testing. Assists researchers in conducting communication network testing

SSID Spam

SSID Spam is a term for attacks against Wi-Fi networks that involve sending a large number of fake network names (SSIDs) to confuse and annoy users or devices trying to connect

DNS Spoofing

DNS spoofing, also known as DNS cache poisoning, is a type of cyberattack where an attacker manipulates the Domain Name System (DNS) to redirect users to a fake website. This is often done to steal login credentials or personal information. How it works:

  • DNS and IP Addresses

The DNS translates domain names (like "www.example.com") into IP addresses that computers use to communicate

  • Exploiting DNS Servers

Attackers exploit vulnerabilities in DNS servers, replacing legitimate IP addresses with their own

  • Redirecting Users

When a user tries to visit a legitimate website, they are unknowingly redirected to the attacker's fake site

  • Collecting Information:

Once on the fake site, users may be prompted to enter login credentials, which the attacker can then steal

Examples of DNS Spoofing:

A user typing "www.bank.com" is redirected to a fake bank website that looks similar but redirects them to a login page that steals their credentials

A user visiting a website that is known to be safe may be redirected to a malicious site due to a DNS cache being poisoned. An attacker can use DNS spoofing to redirect users to a site that installs malware or hijacks their device

MITM

Man-in-the-Middle (MITM) attacks are a type of cyberattack where an attacker surreptitiously intercepts communications between two parties believing they are communicating directly with each other,. The attacker can intercept, alter, or even mimic the conversation, similar to someone intercepting communications between two people

And other attacks, mostly attack you must be on the same network

Wifi Pentesting Hardware

*Other harwdware pentesting you can chaining the attack

Tips

You need to spend money to make monitoring tools such as ships and planes or if you are lazy to make them you can subscribe to platforms such as ADSB aircraft tracking or AIS tracker and HLR lookup as well as other platform tools used, I recommend buying existing and trusted ones to save time

Reff

PreviousAll About OSINT Matters Things in OSINTNextCell Investigations

Last updated