From: milne_v@hotmail.com (milne_v) Newsgroups: alt.mindcontrol Subject: [TSCM-L] Our friendly neighborhood sniper Date: 14 Oct 2002 15:04:56 -0700 Organization: http://groups.google.com/ Lines: 81 Message-ID: NNTP-Posting-Host: 24.215.29.66 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1034633096 22800 127.0.0.1 (14 Oct 2002 22:04:56 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 14 Oct 2002 22:04:56 GMT Path: rsl2.rslnet.net!cyclone.bc.net!newsfeed.stanford.edu!postnews1.google.com!not-for-mail Xref: rsl2.rslnet.net alt.mindcontrol:3393 Re: [TSCM-L] Our friendly neighborhood sniper - some observations On Sat, Oct 12, 2002 at 09:18:26PM -0400, Steve Uhrig wrote: > This matter refers to the sniper operating in the MD suburbs of DC > and in the Northern VA area. Eight deaths as I write this. > > Upon doing an independent analysis over the last few days, I happened > to notice the fact that EACH county or jurisdiction where a shooting > took place was an area NOT covered by a digital public safety radio > system. > > Digital radio systems cannot be monitored by scanners or anyone > without extensive authorized knowledge of the communications system. > In other words, monitoring is not possible realistically in those > jurisdictions. Some areas in Fairfax County, for example, do have > arrangements to allow the press and others approved by the police > dept to purchase their own digital radio and have it programmed to > monitor only certain general dispatch services (talkgroups). > Your information is very interesting and matches what I myself have speculated but not known as I don't live down there... However I think you may exaggerate the difficulty of obtaining access to unencrypted APCo-25 (and even EDACS) public safety digital radio systems. Quite a few serious hobbyists and media types have programmed radios purchased on eBay or via auctions or hamfests to monitor digital systems. And apparently the correct hacks to the Motorola RSS software to do so without formal access to "system key" file encryption information are in fairly wide circulation, both among legitimate users (dealers and others who have purchased it from Motorola) and bootleg. Obtaining the relevant trunking information required such as the system ID and active talkgroups can be readily done with a PC and a scanner by monitoring the control channel with available PC based public domain data dumping software. And far more important than the fact a few dedicated hobbyists and media types have purchased and programmed commercial radios to use in receive only mode to monitor systems, is the soon to be available family of digital capable scanners. Uniden is about to start shipping two - a portable and a mobile type and AOR is about to start shipping an adapter for their high end receivers that decodes the APCO-25 data stream. Others may soon follow. And these of course will follow ALL non-encrypted talk groups on the systems... Obviously no one who lacks inside information could ever determine encryption keys for encrypted talkgroups (in less than many centuries of trying with very fast hardware), but monitoring digital traffic on non encrypted talk groups hardly requires "extensive authorized knowledge of the communication system". APCO 25 is documented and published and radios that will decode the basic modulation have been sold to and by the public for years. And it hardly is impossible for smart members of the public with no authorized connection to law enforcement at all to figure out a way of programming a radio to listen to a system whose frequencies, talk groups and other information they already know. Nor have those with software skills ignored the possibility of decoding APCO-25 on a PC connected to the discriminator of a scanner. On the other hand, of course, I will grant you that the skill and determination required to obtain access to the digital traffic prior to the public availability of digital capable scanners is perhaps an order of magnitude or two greater than what is required to monitor analog fm based public safety radio systems with a scanner purchased at Radio Shack. But certainly not something that requires extensive AUTHORIZED knowledge, or something outside the ken of smart members of the general public, perhaps including someone like terrorists or a smart but deranged sniper. I might close with the observation that to this observer (who is an engineer, not a LEA type) the sniper attacks look like an Al Qaeda distraction and deception operation intended to tie up law enforcement and the public in the DC area whilst the real bastards drive the yellow or blue truck with the nuke or 20 tons of ANFO or whatever right into DC unmolested. I hope LEAs have thought of this possiblity.... -- Dave Emery N1PRE, die@d... DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18 http://groups.yahoo.com/group/TSCM-L/message/6385