Adrian:
Alex, thanks for agreeing to this interview, to break the ice I was wondering if you could start by telling us a bit about yourself?
Alex: Thanks for inviting me along today Adrian. My father was a diplomat with an interest in economics, energy markets and Critical Infrastructure. My childhood was spent in St Petersburg with overseas tours with my parents in Ottawa, Cape Town and London. At school in St Petersburg, I attended Young Pioneers and DOSSAF where I developed an interest in scuba diving. Whilst my father was serving with the Russian Trade Delegation in London I attended St Aloysius College, the other side of Highgate Hill, taking my GCSEs. I returned to Russia for a brief period of military service.
In 1998 I was fortunate to win a place to study PPE at SOAS in London, I graduated in 2001 and returned home to join the Russian Foreign Service in 2001 just before 9/11.
Adrian: That's helpful insight Alex. My friend SO2 Optimism has an interest in the area you know as Radio Electronic Combat, I was wondering if you could tell us something about this?
Alex: You should understand Adrian that this is not really my core business, my seniority is such that I have oversight of a small team here that looks at the tactical level. I’m sure you appreciate that I have to look at this in the round. To meet the many requirements placed on us here in UK I have to help our head office set their priorities between strategic IMINT and SIGINT and at my seniority, oversight of some long term HUMINT cases here. Much of this work, is before my time, from the Cold War, but I’m sure you understand the importance of continuity in Intelligence work? We do have some lengthy case files, some of our old friends here should have retired long ago.
Adrian: That's fascinating, I was wondering if you could indulge me and let me know a bit about REC at the tactical level, as you see it from your position of seniority?
Alex: My main interest Adrian is at the strategic level, the RECs team here in London work primarily against your tiny army and air force. We call them the Tactical Team. My interest lies in where they are able to talent-spot individuals and infrastructure with strategic potential. We are conscious that the West sometimes talks about concepts of the Deep, Close and Rear battle, and early entry vs formal mobilisation, we have to be more fluid. I’m conscious that we are supporting not only strategic assets planning to strike UK, to protect our motherland, but also collecting intelligence to support our forces who may be confronted by the British Military in the Baltic or Mediterranean littorals.
The COVID lockdown has changed a lot for the Tactical Team. About 10 years ago they picked up and old Hi-Lux pick up with an RF transparent canopy. They keep this in a lock-up out towards Hungerford, that’s a hangover from when the Americans were at Greenham Common. The Hi-Lux is typically fitted out with an Israeli IMSI Grabber, a Pineapple and laptop or two and a commercial spectrum analyser and some commercial software radios (SDRs). The vehicle has a video camera front and rear running through Platesmart, its not 100% accurate, but they tell me its good enough The equipment in the vehicle can be operated remotely over 4G if there is good connectivity or Wi-Fi where there is line of sight. With the right antenna at the control end, we have controlled the Hi-Lux from 15km away.
The SDRs are used to fingerprint military radios in aircraft and with land forces. When working an airfield the Tactical Team will generally use Flight Radar to cross-refer with the fingerprints that the SDR picks up. For aircrew and special forces, this is where the IMSI grabber comes in to play. By correlating the phones that switch off, or move away, just before an aircraft starts to move and transmit we identify users of intelligence interest. Similarly, at general aviation terminals like Luton, Northolt, Farnborough and Battersea heliport we pick up individuals of military, political and economic interest. When a submarine sails from the Clyde and a phone disappears from the network for a few months we similarly join the dots there.
Our own military put a lot of pressure on our tactical team to look at British ISR and strike assets, from time to time they travel up to Waddington and Marham, where they used to be able to blend in as plane spotters. Perhaps worth mentioning that they have some sort of radar warning receiver that they use close to airfields as well. They recon they can not only fingerprint radars by type, but sometimes even the actual platform. I understand they used to look for the Army’s counter-battery radar, but they don’t actually believe the British have a real capability here. The ARRC at Innsworth is also of regular interest, the international mobile numbers often travel abroad with UK numbers giving us some interesting traffic analysis results.
I have to say that I am also under pressure from the Northern Fleet to increase our coverage of the UK and Norwegian P8 maritime surveillance capability. The joint UK / Norwegian maintenance and repair organisation there is of growing interest to us. Its what you call “bare-arsed” up there, but we are looking to see what we access we could gain under commercial cover from Aberdeen. As you probably know we try to keep a trawler on station off the Clyde, off Dorset and Hampshire and a third in the North Sea. I can't say too much but one or all of these can sometimes triangulate with fixed sites in London and Edinburgh.
Adrian: Well that’s fascinating Alex, but could you give us any examples of how this translates into tactical intelligence?
Alex: Sure Adrian, I would hope that fingerprinting radios and radars on aircraft or with ground forces at their home base would create an association with a particular unit. When one of these emitters turns up somewhere else in the world we can rapidly make an association.
The presence of mobile phones is another layer on the sponge cake. Sports Tracker and Strava provide us with a useful tool to track where service personnel typically exercise. Imagine if you would a phone associated with Hereford or Poole, turning up as a group at Brize Norton, Heathrow or Gatwick, and all switching off or disappearing at the same time. That's one indicator, when they all turn up together downrange we just join the dots with another one of our tactical teams.
From a Wi-Fi perspective at places like Solstice Park on the A303 it's possible to hoover up the mac addresses of phones using the Wi Fi at Costa and McDonalds. This can sometimes expose email addresses, even contacts sometimes passwords as well. Running time-stamped content from the dash cams though Platesmart allows us to match people’s cars to their phones and their tablets. This can give us access to their online persona giving us the opportunity to further identify them for intelligence or other “business” purposes.
If one of these units were to turn up in another part of the world, all this baseline data would provide Russian forces and our allies valuable indicators and warnings.
In 2016 you may recall Russia hacked a Ukraine artillery calculating app on Android? This allowed the hackers to geo-locate the device on the Ukrainian gun-line and initiate counter-battery fire. It's not my area of expertise but Im sure there would be other ways of phishing personal devices of the British Military during “peacetime” to get them to offer geo-location services.
That when they deploy, but don’t forget what they leave behind. In some cases, we have collected names, phone numbers, emails and addresses of relatives and loved ones they have left behind. We would use these to de-stabilise and intimidate families, inflicting pressure on those deployed from the home front. This is, after all the age of hybrid war.
Adrian: Alex, on behalf of your readers could I offer many thanks for your time today and for your valuable insights. I realise you are a busy man and have other meetings to get to. Adieu until next time!