Electrical information leakage channels

The causes of electrical information leakage channels can be:

1. Galvanic connections of TSPI connecting lines with VTSS lines and extraneous conductors

2. NPEMI (N-crosstalk) TSPI on VTSS connecting lines and foreign conductors

3. NPEMI on the power supply and grounding circuit

4. Leakage of information channels into the power supply and grounding circuits of the TSPI

That. interference in conductive elements is caused by electromagnetic radiation from TSPI and capacitive and inductive couplings between them.

VTSS connecting lines or extraneous conductors are like random antennas, when galvanically connected to which PEMIN reconnaissance equipment can intercept information signals induced into them.

Random antennas can be concentrated or distributed:

· concentrated random antennas are a compact technical device (for example, a telephone, a fire alarm sensor) connected to a line extending outside the controlled area;

· distributed random antennas include random antennas with distributed parameters (cables, wires, metal pipes and other conductive communications) extending beyond the controlled area.

The spaces around the TSPI, within which the level of the signal induced from the TSPI (informative) in concentrated antennas exceeds the permissible value, is called Zone 1. In distributed antennas - Zone 1".

Unlike Zones 2 size Zones 1 (1") depends on the level of spurious electromagnetic radiation from the PCI and on the length (!) of the random antenna.

Methods and means of suppressing electronic devices for intercepting speech information

Potential technical channels of information leakage (voice) are divided into:

Technical channels of information leakage	Special technical means used to intercept information
Direct acoustic (windows, doors, cracks, openings)	2. Specialized highly sensitive microphones installed in air ducts or adjacent rooms 3. Electronic devices for intercepting speech information with microphone-type sensors, subject to uncontrolled access to them by unauthorized persons 4. Listening to conversations conducted indoors without the use of technical means by unauthorized persons
Acoustic-vibration (through enclosing structures)	1. Electronic spetoscopes installed in an adjacent room 2. Electronic devices for intercepting speech information with contact-type sensors installed on engineering communications
Acousto-optical (through window glass)	Laser acoustic location systems located outside the short circuit
Acousto-electric (via VTSS connecting lines)	1. Special low-frequency amplifiers connected to the connecting lines of the VTSS, having a “microphone” effect 2. “High-frequency imposition” equipment connected to VTSS trunk lines
Acousto-electromagnetic (parametric)	1. Special radio receivers that intercept PEMI at the operating frequencies of high-frequency generators that are part of the VTSS 2. High-frequency irradiation equipment installed outside the short circuit

An effective way to protect speech information (from interception by technical means) is to suppress the receiving devices of these means with active electromagnetic receivers. More widely used means of suppression are microphone jammers, broadband electromagnetic field generators, cell phone jammers, broadband noise generators on the power supply network, and jammers for electronic interception devices connected to telephone lines.

Electromagnetic suppression devices, often called “dictaphone jammers,” are used to suppress voice recorders operating in recording mode. The principle of operation of these devices is based on the generation of powerful pulsed high-frequency noise signals; search signals emitted by directional antennas, acting on the elements of the electrical circuit of the recorder (in particular, low-frequency amplifiers), cause interference of noise signals in them. As a result, simultaneously with the information signal (speech), the detected noise signal is also recorded, which leads to significant distortion of the first one.

For noise generation of interference, the decimeter frequency range is used. The most commonly used frequencies are from 890 to 960 MHz. With a duration of the emitted pulse of several hundred milliseconds, the pulse power of the emitted interference ranges from 50 to 100-150 W.

The suppression zone of voice recorders depends on the power of the emitted interference signal, its type, the type of antenna used, as well as the design features of the voice recorder itself. Typically, the suppression zone is a sector with an angle from 30-60 to 80-120 degrees. The suppression range of voice recorders is largely determined by their design features.

The suppression range of voice recorders in a plastic case can be:

· analog voice recorders - 5-6 m;

· digital voice recorders - 4-5 m;

· analog voice recorders in a metal case - no more than 1.5 m;

· modern digital voice recorders in a metal case are practically not suppressed.

To suppress radio channels for transmitting information transmitted by electronic information interception devices, broadband electromagnetic field generators are used, their power is up to 60 Watts.

With an integral radiation power of 20 Watts in a frequency band of 500 MHz, the power emitted in the frequency band corresponds to the width of the spectrum of the laying signal. narrowband and wideband frequency modulation are quite sufficient to suppress embedded devices with radiation power of up to 50 milliwatts. However, this power is not enough to suppress cellular signals and embedded devices built on their basis. Therefore, special generators are used for these purposes, the noise of which is called cellular blockers.

Group I

Blockers are manually controlled jammers that provide the substitution of barrage interference in the frequency range of base stations of the corresponding standard (i.e., in the operating frequency range of cellular telephone receivers). Interference leads to disruption of control of the cell phone by the base station (loss of network) and, consequently, the impossibility of establishing communication and transmitting information.

Group II

In addition to the interference transmitter, they also have a special receiver that provides reception of signals in the frequency ranges of telephone transmitters of the corresponding standard. Considering that the entire cellular communication system operates in full duplex mode, a special receiver is used as a means of automatically controlling the jammer. When a signal is detected in one of the frequency ranges, the receiver issues a control signal to turn on the barrage transmitter of the corresponding frequency range. When the signal is lost, the receiver issues a control signal to turn off the interference signal of the corresponding range.

III group

So-called “intelligent communication blockers”. Using GSM as an example: within a short time (approximately 300 µs), the blocker receiver detects the short-circuit radiation of a mobile phone entering the connection, calculates the frequency channel number and the time slot allocated to this phone. After calculating the time-frequency parameters of the detected mobile phone, the interference transmitter is tuned to a specific frequency channel in the frequency range of the base station and turns on the radiation at those points in time at which, in accordance with the GSM standard, the mobile phone receives a control channel signal from the base station. The blocking interval corresponds to the time the mobile phone establishes an incoming or outgoing connection and ranges from 0.8 to 1 second. Blocking is carried out by short pulses with a duration of 300 μs, following with a period of 4 ms. After the blocking interval expires, the connection is terminated, making incoming or outgoing calls, sending SMS is impossible, and the already established communication session is interrupted. At the same time, the phone is constantly being serviced by the network.

The emission from the jammer transmitter is strictly targeted, affecting a mobile phone located inside the established suppression zone, and does not interfere with the cellular network as a whole.

Thus, the difference between blockers of the third group and the second is that the generated interference is not a blocking frequency, but a targeted one, and the time of its emission is correlated with the operating time of the control channel from the base station.

As a rule, “smart” blockers are developed to suppress cellular telephone communications of the corresponding standard. However, there are blockers that combine several standards at once.

KHOREV Anatoly Anatolyevich, Doctor of Technical Sciences, Professor

TECHNICAL CHANNELS FOR LEAKAGE OF INFORMATION TRANSMITTED THROUGH COMMUNICATION CHANNELS

Technical channels for leakage of information transmitted via wired communication channels

Until now, telephone communication prevails among many types of electrical and radio communications, so the telephone channel is the main one on the basis of which narrowband and broadband channels for other types of communication are built.

On the transmitting side of the telephone channel, a microphone is used as a transmitter, which converts acoustic signals in the frequency band DF = 0.3 ... 3.4 kHz into electrical signals of the same frequencies. On the receiving side, the telephone channel ends with a telephone capsule (telephone), which converts electrical energy into acoustic signals in the frequency band DF = 0.3 ... 3.4 kHz.

Analog and discrete (digital) channels are used to transmit information.

An analog channel is more often called a voice frequency channel (TV channel). It is used for voice, email, data, telegraphy, fax, etc. The capacity of the PM channel is C x = 25 kbit/s.

A standard digital channel (SDC) with a capacity of C x = 64 kbit/s is designed primarily for real-time speech transmission, i.e. for ordinary telephony for the purpose of transmitting signals of frequencies 0.3 - 3.4 kHz.

In order to convert the frequency band 0.3 - 3.4 kHz (analog signal - speech) into a digital stream at a speed of 64 kbit/s, three operations are performed: sampling, quantization and encoding.

In modern multi-channel equipment, it is possible to create channels with a higher throughput than those of the TC and SSC channels. An increase in throughput is achieved by expanding the effectively transmitted frequency band. All channels use the same transmission line, so the end equipment must perform channel separation.

Among the possible methods of channel separation, two have become predominant - frequency and time. With the frequency method, each channel is allocated a certain section of the frequency range within the bandwidth of the communication line. Distinctive features of channels are the frequency bands they occupy within the overall bandwidth of the communication line. In the time division method, channels are connected to the communication line one by one, so that each channel is allocated a certain time interval during the total transmission time of the group signal. A distinctive feature of the channel in this case is the time it connects to the communication line.

Modern multichannel equipment is built on a group principle. When constructing terminal equipment, as a rule, multiple frequency conversion is used. The essence of multiple frequency conversion lies in the fact that in the transmitting part of the equipment the spectrum of each primary signal is converted several times before taking its place in the linear spectrum. The same multiple conversion, but in the reverse order, is carried out in the receiving part of the equipment.

Most types of multi-channel equipment are designed for a number of channels that are a multiple of twelve, and are completed from the corresponding number of standard 12-channel primary groups (PG). When forming the primary group, the spectrum of each of the twelve primary signals occupying the bands 0.3 - 3.4 kHz is transferred to the band 60 - 108 kHz using the corresponding carrier frequencies. The 12-channel group equipment is individual equipment for most types of multi-channel equipment. The total frequency band 60 - 108 kHz is fed further to the group transmission equipment.

Subsequent conversion stages are designed to create larger groups of channels: 60-channel (secondary) group (SG), 300-channel (tertiary) group (TG), etc. The frequency bands 60 - 108 kHz of each of the five primary groups are moved with the help of group frequency converters to the band of the 60-channel group corresponding to this group. Bandpass filters form a common VG frequency band of 312 - 552 kHz.

By analogy with VG, a 300-channel group scheme is constructed, occupying a band from 812 to 2044 kHz.

The basic data of multi-channel equipment with frequency division of channels are given in table. 1 .

The use of certain means to intercept information transmitted over telephone communication lines will be determined by the ability to access the communication line (Fig. 1).

To intercept information from different types of cables, different types of devices are used:

• for symmetrical high-frequency cables - devices with induction sensors;
• for coaxial high-frequency cables - direct (galvanic) connection devices;
• for low-frequency cables - devices for direct (galvanic) connection, as well as devices with induction sensors connected to one of the wires.

For example, to “collect” information from underwater armored cable communication lines in the 80s of the last century, a technical reconnaissance device of the “Kambala” type was used. This is a fairly complex electronic device with a nuclear (plutonium) power source designed for decades of operation.

It was made in the form of a steel cylinder 5 m long and 1.2 m in diameter. Several tons of electronic equipment were installed in a hermetically sealed pipe to receive, amplify and demodulate signals taken from the cable. The intercepted conversations were recorded by 60 automatically operating tape recorders, which turned on when there was a signal and turned off when there was no signal. Each tape recorder was designed for 150 hours of recording. And the total volume of recordings of intercepted conversations could be about three thousand hours.

Table 1. Basic data of multi-channel frequency division equipment

Equipment type, cable/line	Linear frequency band, kHz	Two-way communication system used	Average length of the reinforcement section, km	Basics appointment
K-3600, coaxial	812 - 17600		3	Trunk connection
K-1920P, coaxial	312 - 8500	Single-way four-wire, single-cable	6	Trunk connection
K-300, coaxial; K-300R, coaxial	60 - 1300	Single-way four-wire, single-cable	6	Intrazone or trunk communication
K-1020R, coaxial;	312 - 6400	Single-way four-wire, single-cable	3	Distribution system (intraarea communication)
K-120, coaxial	60 - 552,		10	Intrazone communication
K-1020R, symmetrical	312 - 4636		3,2	Trunk connection
K-60P, symmetrical	12 - 252	Single-band four-wire, two-cable	10	Intrazone communication.
KRR-M, KAMA, symmetrical	12 - 248 312 - 548	Two-way two-wire, single-cable	13 2 – 7	Local communications, connecting lines between telephone exchanges
V-12-3, overhead line with non-ferrous metal wires	36 - 84 92 - 143	Two-way two-wire.	54	Rural connection

Rice. 1. Diagram of a telephone information transmission channel

By the time the film was used up, the underwater swimmer found the device using a hydroacoustic beacon installed on the container, removed the induction sensor and pre-amplifier from the cable and delivered the device to a specially equipped submarine, where the tape recorders were replaced, after which the device was again installed on the communication line.

The device's special sensitive induction sensors were capable of reading information from an underwater cable protected not only by insulation, but also by double armor made of steel tape and steel wire tightly wrapped around the cable. The signals from the sensors were amplified by a pre-antenna amplifier and then sent for demodulation, isolating individual conversations and recording them on a tape recorder. The system provided the ability to simultaneously record 60 conversations conducted over a cable communication line.

To intercept information from cable communication lines passing overland, American specialists developed the “Mole” device more than 20 years ago. It used the same principle as the “Kambala” device. Information from the cable was taken using a special sensor. To install it, wells were used through which the cable passes. The sensor in the well is mounted on a cable and, to make detection difficult, is pushed into the pipe leading the cable to the well. The information intercepted by the sensor was recorded on a magnetic disk of a special tape recorder. Once full, the disk is replaced with a new one. The device made it possible to record information transmitted simultaneously through 60 telephone channels. The duration of continuous recording of the conversation on a tape recorder was 115 hours.

Demodulation of intercepted conversations was carried out using special equipment in stationary conditions.

In order to simplify the task of finding a “Mole” device to replace disks, they were equipped with a radio beacon mounted in the device’s body. The agent, driving or passing in the area where the device was installed, asked him using his portable transmitter if everything was normal. If no one touched the device, the radio beacon transmitted the corresponding signal. In this case, the tape recorder disk was replaced.

One of the “Mole” devices was discovered on a cable communication line running along the highway approaching Moscow. More than ten similar devices, at the request of the Syrian side, were removed by Soviet specialists in Syria. All of them were camouflaged as local objects and mined to make them indestructible.

Interception of information from ordinary subscriber two-wire telephone lines can be carried out either by direct contact connection to the lines, or using simple small-sized inductive sensors connected to one of the wires of the subscriber line.

The fact of contact connection to the communication line is easy to detect. When connecting an induction sensor, the integrity of the cable braid is not damaged, the cable parameters do not change, and in this case it is almost impossible to detect the fact of connection to the line.

Information intercepted from a telephone line may be recorded on a tape recorder or transmitted over the air using microtransmitters, which are often called telephone bookmarks or telephone repeaters.

Phone bookmarks can be classified by type of design, installation location, power source, method of transmitting information and encoding it, control method, etc. (Fig. 2).

As a rule, they are made either in the form of a separate module, or are camouflaged as elements of a telephone set, for example, a capacitor, telephone or microphone capsules, telephone plug, socket, etc.

Phone bookmarks in the usual design have small sizes (volume from 1 cm 3 to 6 - 10 cm 3) and weight from 10 to 70 g. For example, the phone bookmark HKG-3122 has dimensions of 33x20x12 mm, and SIM-A64 - 8x6x20 mm.

Rice. 2. Classification of phone bookmarks

Phone bookmarks transmit intercepted information, as a rule, via a radio channel. Typically a telephone wire is used as an antenna.

To transmit information, the most commonly used are VHF (meter), UHF (decimeter) and GHz (GHz) wavelength ranges, wideband frequency (WFM) or narrowband (NFM) frequency modulation.

To increase secrecy, digital signals with phase or frequency keying are used; the transmitted information can be encoded using various methods.

The range of information transmission with a radiation power of 10 - 20 mW, depending on the type of modulation and the type of receiver used, can range from 200 to 600 m.

The transmission of information (radiation work) begins the moment the subscriber picks up the handset. However, there are bookmarks that record information into a digital storage device and transmit it upon command.

Telephone bookmarks can be installed: in the telephone body, handset or telephone jack, as well as directly in the telephone line path.

The ability to install a telephone bookmark directly into the telephone line is important, since to intercept a telephone conversation there is no need to enter the room where one of the subscribers is located. Telephone bookmarks can be installed either in the telephone line path to the distribution box, located, as a rule, on the same floor as the room where the controlled device is installed, or in the telephone line path from the distribution box to the distribution panel of the building, usually located on the ground floor or in basement of the building.

Telephone bookmarks can be installed in series in the break of one of the telephone wires, in parallel or through an inductive sensor.

When switched on in series, the bookmark is powered from the telephone line, which ensures unlimited operating time. However, a serial connection is quite easy to detect by changing the line parameters and, in particular, the voltage drop. In some cases, a serial connection with voltage drop compensation is used, but the implementation of this requires an additional power source.

Telephone bookmarks with parallel connection to the line can be powered either from the telephone line or from autonomous power sources. The higher the input resistance of the bookmark, the more insignificant the change in the line parameters and the more difficult it is to detect. It is especially difficult to detect a plug connected to the line through a high-resistance adapter with a resistance of more than 18 - 20 MOhm. However, such a bookmark must have autonomous power supply.

Along with a contact connection, contactless retrieval of information from a telephone line is also possible. For these purposes, bookmarks with miniature induction sensors are used. Such bookmarks are powered by autonomous power sources and it is almost impossible to establish the fact of their connection to the line even with the most modern means, since the line parameters do not change when connected.

When powered from a telephone line, the operating time of the bookmark is not limited. When using autonomous power sources, the operating time of the bookmark ranges from several tens of hours to several weeks. For example, the 4300-TTX-MR telephone radio bookmark, installed in a handset, with a radiation power of 15 mW and using a PX28L battery, provides operating time from 3 to 12 weeks.

Methods of using telephone bookmarks are determined by the ability to access the room where the controlled telephone is installed.

If it is possible to enter the premises even for a short time, the bookmark can be installed in the telephone body, handset, etc. Moreover, this requires from 10 - 15 seconds to several minutes. For example, replacing a regular microphone capsule with a similar one, but with a telephone bookmark installed in it, takes no more than 10 seconds. Moreover, it is impossible to distinguish them visually.

Phone bookmarks, made in the form of separate elements of a telephone circuit, are soldered into the circuit instead of similar elements or are disguised among them. The most commonly used bookmarks are made in the form of various types of capacitors. Installation of such devices takes several minutes and is usually carried out during troubleshooting or preventative maintenance of a telephone set.

It is possible that a bookmark can be installed on a telephone before it arrives at an institution or enterprise.

If access to the controlled premises is impossible, bookmarks are installed either directly in the telephone line path, or in distribution boxes and panels, usually in such a way that their visual detection is difficult.

The smaller the bookmark, the easier it is to disguise it. However, small bookmarks in some cases do not provide the required information transmission range. Therefore, to increase the range of information transmission, special repeaters are used, installed, as a rule, in hard-to-reach places or in a car within the range of the bookmark.

To intercept fax transmissions, special complexes such as 4600-FAX-INT, 4605-FAX-INT, etc. are used. .

A typical system for intercepting fax transmissions is located in a standard briefcase, can be powered either from AC power or from built-in batteries, is connected to the line via a high-resistance adapter, so it is almost impossible to determine the fact of connection, allows you to automatically recognize voice and fax messages, record transmitted messages, has high noise immunity and adapts to changes in line parameters and information transmission speed. The system allows you to continuously monitor the reception and transmission of several faxes.

Registration of intercepted messages can be carried out in several forms:

• line-by-line registration in real time;
• line-by-line printing with simultaneous recording to a storage device;
• printing recorded information to output devices;
• recording information into a storage device without printing.

In addition to recording intercepted messages, such a system records service information about the nature of transmitted messages, non-standard fax operating modes, searches and cryptography methods (techniques).

The system software allows you to simulate a fax machine receiver with advanced capabilities for visual analysis of recorded signals and setting demodulation parameters in cases where automatic demodulation is unsatisfactory.

Technical channels for leaking information transmitted via radio communication channels

One of the most common methods of transmitting large amounts of information over long distances is multi-channel radio communication using radio relay lines and space communication systems. Radio relay communication is communication using intermediate amplifiers-repeaters. The routes of multichannel radio relay lines, as a rule, are laid near highways to facilitate servicing of remote repeaters, which are located at dominant heights, masts, etc. In space communication systems, information is transmitted through relay satellites located in geostationary and high elliptical orbits.

The global strategy for the modern development of radio communications is the creation of international and global public radio networks based on the widespread use of mobile radio communications.

The dominant position in the mobile radio market today is occupied by:

• departmental (local, autonomous) systems with communication channels strictly assigned to subscribers;
• trunking radio communication systems with free access for subscribers to a common frequency resource;
• cellular mobile radiotelephone communication systems with spatially separated frequency reuse;
• personal radio call systems (PRC) - paging;
• Cordless Telephony systems.

Fixed-channel communications systems have been used by government and commercial organizations, law enforcement, emergency services and other services for a long time. They can use both simplex and duplex communication channels, analog and digital methods of masking messages, and have high efficiency in establishing communication.

The main frequency ranges for networks with assigned channels: 100 - 200, 340 - 375, 400 - 520 MHz.

The use of public mobile radio communication networks (trunking, cellular) is currently recognized as the most optimal, since they provide subscribers with a greater variety of services (from the formation of dispatch communications for individual services to automatic access to subscribers of city and long-distance telephone networks), and also allow for a sharp increase in network bandwidth. In these networks, any subscriber has the right to access any unoccupied network channel and is subject only to queuing discipline.

The term “trunking” is understood as a method of equal access of network subscribers to a common dedicated channel bundle, in which a specific channel is assigned individually for each communication session. Depending on the load distribution in the system, communication between individual subscribers in such a network is carried out mainly through a special transceiver base station. The range of a base station in urban conditions, depending on the frequency range of the network, the location and power of the base and subscriber stations, ranges from 8 to 50 km.

The most widely used trunked radio communication systems are presented in Table. 2.

The main consumers of trunking communication services are law enforcement agencies, emergency call services, armed forces, security services of private companies, customs, municipal authorities, security and escort services, banks and collection services, airports, energy substations, construction companies, hospitals, forestries, transport companies, railways, industrial enterprises.

Cellular radiotelephone communications occupy a special place among public communication networks. The cellular principle of network topology with frequency reuse has largely solved the problem of frequency resource shortage and is currently the main one in the created public mobile communication systems.

Table 2. Characteristics of trunked radio communication systems

System (standard)	Name of characteristics
	Frequency bands, MHz	Channel bandwidth, kHz, (channel spacing)	Number of channels (including control channels)	Note
Altai	337 - 341 301- 305	25	180	Analog
Smartrunk	146 - 174 403 - 470	150/250	16	Single zone Analog
MRI 1327	146 - 174 300 - 380 400 - 520	12,5/25	24	Multi-zone Analog Digital control
EDACS	30 - 300 800-900	25/30 12,5	20	Analogue (speech) FM Digital (speech, data)
TETRA	380 - 400	25	200	Digital (TDMA) p/4 DQPSK

The structure of cellular networks is a collection of small service areas adjacent to each other and having different communication frequencies, which can cover vast territories. Since the radius of one such zone (cell, cell) does not, as a rule, exceed several kilometers, in cells that are not directly adjacent to each other, it is possible to reuse the same frequencies without mutual interference.

Each cell houses a stationary (base) transceiver radio station, which is connected by wire to the central station of the network. The number of frequency channels in the network usually does not exceed 7 - 10, and one of them is organizational. The transition of subscribers from one zone to another does not involve any changes in equipment. When a subscriber crosses the zone boundary, he is automatically given another free frequency belonging to the new cell.

The main technical characteristics of cellular communication systems are presented in table. 3.

Table 3. Main technical characteristics of cellular communication systems

System (standard)	Name of characteristics
	Frequency bands, MHz	Channel bandwidth, kHz	Maximum power, W	Number of channels	Signal class, modulation type
NMT-450	453 – 457.5 (PS) 463 – 467.5 (BS)	25	50 (BS) 15 (PS)	180	16KOF3EJN
AMPS	825 – 845 (PS) 870 – 890 (BS)	30	45(BS) 12 (PS)	666	30KOF3E
D-AMPS	825 – 845 (PS) 870 – 890 (BS)	30	-	832	30KOG7WDT p/4 DQPSK
GSM	890 – 915 (PS) 935 – 960 (BS)	200	300 (BS)	124	200KF7W GMSK
DCS-1800	1710 – 1785 (PS) 1805 –1880 (BS)	200	<1 Вт (ПС)	374	200KF7W GMSK
IS-95	825 – 850 (PS) 870 – 894 (BS)	1250	50 (BS) 6 (PS)	55 per carrier	1M25B1W QPSK (BS), OQPSK(PS)

Note: MS – mobile station, BS – base station.

The NMT-450 and GSM standards are adopted as federal standards, and AMPS/D-AMPS is aimed at regional use. The DCS-1800 standard is promising.

The NMT-450 standard uses a duplex frequency spacing of 10 MHz. Using a frequency grid of 25 kHz, the system provides 180 communication channels. Cell radius is 15 - 40 km.

All service signals in the NMT system are digital and are transmitted at 1200/1800 bps FFSK (Fast Frequency Shift Keying).

Cellular systems based on the NMT standard are used in Moscow, St. Petersburg and other regions of the country.

The AMPS cellular communication system operates in the range 825 - 890 MHz and has 666 duplex channels with a channel width of 30 kHz. The system uses antennas with a radiation pattern width of 120°, installed in the corners of the cells. Cell radii 2 - 13 km.

In Russia, systems according to the AMPS standard are installed in more than 40 cities (Arkhangelsk, Astrakhan, Vladivostok, Vladimir, Voronezh, Murmansk, Nizhny Novgorod, etc.). However, experts believe that in large cities AMPS will gradually be replaced by digital standards. For example, in Moscow, in the ranges above 450 MHz, only digital standards are now used.

The D-AMPS digital system using TDMA multiple access technology is currently the most widespread digital cellular system in the world. The digital standard has a frequency channel width of 30 kHz. The D-AMPS standard has been adopted as a regional standard. Systems have been created according to this standard in Moscow, Omsk, Irkutsk, and Orenburg.

The GSM standard is closely related to all modern digital network standards, primarily ISDN (Integrated Services Digital Network) and IN (Intelligent Network).

The GSM standard uses narrowband Time Division Multiple Access (TDMA). The TDMA frame structure contains 8 time positions on each of the 124 carriers.

To protect against errors in radio channels when transmitting information messages, block and convolutional coding with interleaving is used. Increasing the efficiency of coding and interleaving at low speeds of movement of mobile stations is achieved by slow switching of operating frequencies (SFH) during a communication session at a speed of 217 hops per second.

To combat interference fading of received signals caused by multipath propagation of radio waves in urban conditions, communication equipment uses equalizers that ensure equalization of pulse signals with a standard deviation of the delay time of up to 16 μs. The synchronization system is designed to compensate for the absolute signal delay time of up to 233 μs, which corresponds to a maximum communication range or maximum cell radius of 35 km.

The GSM standard selects Gaussian minimum shift keying (GMSK) with a normalized bandwidth of 0.3. Frequency Shift Keying Index - 0.5. With these parameters, the radiation level in the adjacent channel will not exceed -60 dB.

Speech processing is carried out within the framework of the adopted system of discontinuous transmission of speech (DTX), which ensures that the transmitter is turned on only when a speech signal is present and the transmitter is turned off during pauses and at the end of a conversation. A speech codec with regular pulse excitation/long-term prediction and linear predicative predictive coding (RPE/LTP-LPC codec) was selected as a speech converting device. The overall speech signal conversion speed is 13 kbit/s.

The GSM standard achieves a high degree of security for message transmission; messages are encrypted using the public key encryption algorithm (RSA).

The DCS-1800 system operates in the 1800 MHz band. The core of the DCS-1800 standard consists of more than 60 GSM standard specifications. The standard is designed for cells with a radius of about 0.5 km in dense urban areas and up to 8 km in rural areas.

The IS-95 standard is a cellular communication system standard based on CDMA Code Division Multiple Access. Security of information transmission is a property of CDMA technology, so operators of these networks do not require special message encryption equipment. The CDMA system is built using the direct frequency spread method based on the use of 64 types of sequences formed according to the law of Walsh functions.

The standard uses separate processing of reflected signals arriving with different delays and their subsequent weight summation, which significantly reduces the negative impact of the multipath phenomenon.

The IS-95 CDMA system in the 800 MHz band is the only operational cellular communication system with code division technology. It is planned to use its version for the 1900 MHz range.

Personal radio calling (paging) provides wireless one-way transmission of alphanumeric or audio information of a limited volume within the service area. The frequency range of paging systems is from 80 to 930 MHz.

Currently, in our country, the most widely used protocols for use in personal calling systems (paging systems) are POCSAG (Post Office Standardization Advisory Group), ERMES (European Radio Message System) and FLEX (Table 4). All these protocols are analog-to-digital. The main class of signals used is 16KOF1D.

Table 4. Main characteristics of paging systems

When transmitting POCSAG messages, two-level frequency modulation is used with a maximum frequency deviation of 4.5 kHz.

The FLEX protocol is characterized by high data transfer speed and, therefore, high throughput. At 1600 bps, two-level frequency modulation (FM) is used, at 6400 bps, four-level FM is used. The frequency deviation value in both cases is 4.8 kHz.

For the operation of paging systems using the ERMES protocol, a single frequency range (or part of it) 169.4 - 169.8 MHz is allocated, in which 16 operating channels are organized with a frequency spacing of 25 kHz. The data transfer rate is 6.25 kbit/s.

Cordless telephone systems (WPT) at the initial stage of their development were intended mainly to replace the handset cord with a wireless radio communication line in order to provide greater mobility to the subscriber. Further development of this type of communication, especially the transition to digital methods of information processing, significantly expanded the scope of application of BPT.

In analog-type BPT systems, most often used in residential premises and small institutions, personal-use BPTs are used, consisting of a base station (BS) connected to the city telephone network and a portable radiotelephone (PTA). When using BPT in large companies as an internal means of communication, branched networks of low-power radiotelephones are organized, the operating principle of which is similar to cellular networks. These systems mainly use digital signal processing methods to provide stronger encryption of transmitted messages.

Both analog and digital cordless telephones operate in full duplex mode on multiple channels, with channel selection performed automatically from unused channels. The range of certified radio transmitters (radiation power does not exceed 10 mW) of the BPT, depending on the type of equipment and operating conditions, is 25 - 200 m.

The power of uncertified BPT transmitters can be 0.35 - 1.2 W or more, while their range can range from several kilometers to several tens of kilometers.

List of frequency bands allocated for BPT subject to a maximum output power limitation of 10 mW and on a secondary basis, i.e. without any guarantee of ether purity are presented in Table 5.

Table 5. List of frequency bands allocated for wireless phones with power up to 10 mW

Standard	Frequency range, MHz
CT-0R	30 – 31/39 – 40
CT-1R	814 – 815/904 – 905
CT-2R	864 – 868,2
DECT	1880 – 1900

In fact, analog BPTs in Russia operate in the following main frequency ranges:

26.3125 - 26.4875 MHz/41.3125 - 41.4875 MHz;
30.075 - 30.300 MHz/39.775 - 40.000 MHz;
31.0125 - 31.3375 MHz/39.9125 - 40.2375 MHz;
31.025 - 31.250 MHz/39.925 - 40.150 MHz;
31.0375 - 31.2375 MHz/39.9375 - 40.1375 MHz;
31.075 - 30.300 MHz/39.775 - 39.975 MHz;
30.175 - 30.275 MHz/39.875 - 39.975 MHz;
30.175 - 30.300 MHz/39.875 - 40.000 MHz;
307.5 - 308.0 MHz/343.5 - 344.0 MHz;
46.610 - 46.930 MHz/49.670 - 49.990 MHz;
254 MHz/380 MHz; 263 – 267 MHz/393 – 397 MHz;
264 MHz/390 MHz; 268 MHz/394 MHz;
307.5 – 308.0 MHz/343.5 – 344.0 MHz;
380 – 400 MHz/250 – 270 MHz;
814 – 815 MHz/904 – 905 MHz;
885.0125 - 886.9875 MHz/930.0125 - 931.9875 MHz;
902 – 928 MHz/902 – 928 MHz;
959.0125 - 959.9875 MHz/914.0125 - 914.9875 MHz.

Digital BPTs use the following main frequency ranges: 804 - 868 MHz; 866 - 962 MHz; 1880 - 1990 MHz.

To intercept information transmitted using radio relay and space communication systems, radio reconnaissance means are used, and to intercept conversations conducted using cellular phones, special complexes for intercepting cellular communication systems are used.

Modern interception systems for cellular communication systems can provide (depending on the configuration) monitoring of control (calling) channels of up to 21 cells simultaneously, and allow monitoring and recording telephone conversations of 10 or more selected subscribers.

The complexes are produced in three types: “pocket” (in the form of a cell phone), mobile (in the form of a compact unit, a PC “Notebook” type and an antenna) and stationary (in the form of a desktop unit).

In addition to registering controlled conversations, the complexes can be equipped (depending on the standard) with some additional functions: monitoring conversations on a given number, “scanning” phones and intercepting incoming communications from a controlled subscriber.

For the “pocket” option, it is possible to control the conversations of one subscriber within the cell coverage area; for mobile - simultaneous monitoring and recording of conversations of one (several) subscribers in the coverage area of ​​​​several cells and it is possible to maintain a database of monitored cells; for the stationary option - it is possible to simultaneously monitor and record conversations of more than ten subscribers throughout the entire cellular network and maintain an expanded database.

The phone “scanning” function is used to secretly determine the phone number and service parameters of a phone.

If you use the function of intercepting incoming communications of a controlled phone, it is possible to intercept all incoming calls from a specified subscriber.

Main functions of the complex:

• decoding the service channel to identify the mobile phone number on which the conversation is taking place;
• listening directly to a telephone conversation;
• the ability to simultaneously control the frequency of the base station and the frequency of the mobile handset, that is, ensuring stable audibility of both interlocutors;
• the ability to simultaneously control both incoming and outgoing calls;
• monitoring frequency changes and conversation support when a subscriber moves from cell to cell;
• control of several cells from one point;
• recording telephone conversations using sound recording equipment in automatic mode;
• recording on the hard drive of mobile phone numbers that carried out conversations throughout the entire cellular communication system, indicating the date and time.

During the operation of the complex, the monitor displays:

• numbers of all telephones called on all cells of the system;
• phone numbers that communicated in the cell to which the control channel is configured, as well as service information.

Hardware and software systems are also used to intercept paging messages. The standard complex includes:

• modified scanning receiver;
• PC with an input signal conversion device;
• software.

The complex allows you to solve the following main tasks:

• receive and decode text and digital messages transmitted in radio paging communication systems, save all received messages on the hard drive in an archive file;
• filter the general flow of messages, select data addressed to one or a number of specific subscribers using a priori known or experimentally determined cap codes, promptly change the parameters of the list of observed subscribers;
• carry out Russification of the entire input stream of messages or those addressed only to specific subscribers included in the list of monitored ones;
• process the output data files in any text editor with the implementation of the standard search function for the entered string of characters and printing the necessary data on the printer.

While the program is running, the following is displayed on the monitor screen:

• messages received via one of the active channels (the number of the displayed channel is entered by the operator from the keyboard without interrupting the program);
• current time of day and date;
• time and date of receipt of each selected message, its serial number, as well as the identifier of the corresponding selection attribute.

To decode intercepted messages hidden by encryption equipment, special devices are used (for example, 640-SCRD-INT). Such devices decode and restore with high quality in real time conversations closed by ZAS equipment.

Radio reconnaissance equipment and special systems for intercepting cellular communication systems are in service with special services of leading foreign countries and provide interception and decoding of messages transmitted using any communication systems, including the GSM standard.

To intercept telephone conversations conducted using analog UPTs, as well as cellular communication systems using analog signals, conventional scanning receivers can be used; the characteristics of some of them are given in Table. 6.

Table 6. Characteristics of scanning receivers

Name of characteristics	Index (type)
	AR-5000	EB-200 “Miniport”	AR-8200 MK3
Manufacturer	A.O.R	ROHDE & SCHWARZ	A.O.R
Frequency range, MHz	0,01 – 3000	0,01 – 3000	0,10 – 3000
Types of modulation	AM, FM, LSB, USB, CW	AM, FM, LSB, USB, CW, Pulse	AM, FM, LSB, USB, CW
Sensitivity at signal-to-noise ratio 10 dB, µV	AM: 0.36 – 0.56 FM: 0.2 – 1.25 SSB: 0.14 – 0.25	AM: 1.0 – 1.5 FM: 0.3 – 0.5	AM: 0.70 – 2.50 FM: 0.35 – 2.50 SSB: 0.30 – 1.50
Selectivity at -6 dB, kHz	3; 6; 15; 40; 110; 220	0,15; 0,3; 0,6; 1,5; 2,5; 6; 9; 15; 30; 120; 150	SSB/NAM: 3 kHz AM/SFM: 9 kHz NFM: 12 kHz WFM: 150 kHz
Frequency tuning step, kHz	1 Hz to 1 MHz	10 Hz to 10 kHz
Number of memory channels	100 in 10 jars	1000	50 in 20 banks
Scanning speed, channel/s	50	Synth setup time 3 µs	37.42 with auto-tuning mode turned off, 10 kHz sampling step, 2 ms turn-off time
Receiver outputs	Headphones, IBM PC	Headphones. Built-in panoramic indicator from 150 kHz to 2 MHz. Digital IF output. IF 10.7 MHz. IBM PC	Headphones.
Power, V	DC 12 (external)	Battery (4h) DC (10 – 30 V external) power supply	4xAA batteries or 12V D.C. external source
Dimensions, mm	204x77x240	210x88x270	61x143x39
Weight, kg	3,5	5,5	0,340

Literature

1. Brusnitsin N.A. Openness and espionage. M.: Voenizdat, 1991, 56 p.
2. Loginov N.A. Current issues of radio monitoring in the Russian Federation. M.: Radio and communications, 200, 240 p.
3. Petrakov A.V., Lagutin V.S. Protection of subscriber teletraffic: Textbook. allowance. 3rd ed., corrected and expanded. M.: Radio and communication, 2004, 504 p.
4. Covert audio intercept. Volume ont: Catalog. – USA: Serveillance Technology Group (STG), 1993. – 32 p.
5. Discrete surveillance. Navelties: Catalog. – Germany: Helling, 1996. – 13 p.
6. Drahtlose Audioubertragungs – Systeme: Catalog. – Germany: Hildenbrand - Elektronic, 1996 – 25 p.

Today we will tell our readers about what methods of information leakage exist, how ill-wishers can take possession of your personal data.

Unauthorized transfer of sensitive or personal information to third parties is called a data leakage channel. If any type of technical means is used during the transfer of materials, the leakage channel in this case is called technical. It may include a material medium, a signal medium, and a recording or recording device. In this article, we will present you with several leading channel diagrams through which information leakage can occur.

Leakage channels differ in the physical principle of operation:

• radio-electronic;
• optical channels;
• vibroacoustic;
• acoustic.

It is known that the channel of information leakage can not only be natural, but also formed artificially

Let's consider each type separately.

• Acoustic

The propagation medium of signals in the acoustic channel of information leakage is air; the information signal is transmitted by sound, which, through the mechanical vibration of particles, is captured by the hearing organs. The human ear recognizes vibrations with a frequency of 16-20000 Hz. To summarize, we can determine that the source of the acoustic leakage channel is the vocal cords, speakers, and other vibrating bodies.

To intercept such information, specialists have created ultra-sensitive microphones that are built into objects, devices that are regularly used, or can be directed from the outside.

• Vibroacoustic

The distribution of sound vibrations along technical communications or building structures is a vibroacoustic channel, the principle of operation of which is quite simple. The sound source creates a sound wave, it spreads in the air and has an impact on objects and building structures located in the room that is being controlled. Then the wave, gradually attenuating, is distributed over the material from which the interior and structural elements are made. The rate of wave attenuation depends on the characteristics of the material.

Items with a high density allow sound to travel further than items with low material densities. The walls of buildings have a finite thickness, so a passing sound wave with a strong signal reaches the outside of the structure. Thus, recording such micro-oscillations allows attackers from outside to register them and turn them into sound, which is recorded on special equipment. To read the received information, a special vibration sensor is used (its operating principle is the same as that of a stethoscope) installed on an enclosing structure or communications system.

The main component of a stethoscope is a piezoelectric crystal; it rests tightly against the surface and intercepts mechanical vibrations, converting them into an electrical signal. To hear what is happening behind a wall or fence, you need to amplify the signal and send it to a speaker or loudspeaker.

Attenuation of vibration signals on enclosing structures

Average integral level of vibration noise

• Radioelectronic

In the case of a radioelectronic data leakage channel, the carriers are electric, magnetic and electromagnetic fields, as well as electricity conducted by a metal wire. This type of channel is often used to transmit data captured by a microphone, which is transmitted to special receivers. A similar principle of operation is characteristic of many bugs and radio stethoscopes. The cause of the leak may be a radio-electronic channel, any means of communication, a mobile phone or a radio station.

A serious threat is posed by modern office equipment, or rather, not the devices themselves, but their electromagnetic radiation, which appears as a side effect during the information processing process. Thus, by placing a special radio receiver and a laptop computer near a desktop computer or laptop, he will be able to record all the actions and data that were processed by the machine, and can subsequently perform it with accuracy. Radio-electronic channels also include telephone lines, wired communications, energy saving networks, etc.

• Optic

And the last leakage channel we will consider is optical. In this channel, the source and signal of information is the observation object itself.

Light rays that carry information about what an object looks like are reflected rays from itself, or from another external source. There are several ways to obtain optical information, namely:

1. visual observation;
2. use of visible and IR range;
3. photography and video filming.

Free space, fiber optic lines - the propagation medium for the optical signal of information leakage.

Technical department specialist: Tishchenko Sergey Dmitrievich