6 April 1998: Add State Dept. comment on topic
and link to FAS page on
the Lourdes, Cuba SIGINT facility
Date: Sun, 16 Feb 1997 23:49:52 -0500 (EST)
From: Dave Emery <die@pig.die.com>
To: cypherpunks@toad.com
Dave Emery
die@die.com
Weston, Mass.
> I found this on The New American web page. ?
> GRU Snooping Continues. The interception, taping, and publication of a conference call between Newt Gingrich and other congressional leaders demonstrates the susceptibility of microwave-transmitted electronic communications to eavesdropping. A growing number of intracity phone calls, e-mail, and faxes, as well as nearly all long-distance calls, are carried via microwave. But it's not just itinerant Democratic Party activists with police scanners who can listen in on microwave communications.
This is complete horse pucky. Microwave is less and less and less used for long distance communications in the US. Very little traffic now flows over microwave links - fiber has so much higher capacity and better data error characteristics that it has nearly completely taken over long distance telephone and data communications.
A typical microwave link can carry 45 or maybe 130 megabits per second maximum per rf channel and maybe has 6 rf channels in use at a time maximum whilst current fibers carry 1.5 Gigabits per fiber and can be upgraded to 3.0 Gigabits easily and way more than 10 Gbs with current WDM technology. Typical installed fiber routes have around 30 or more fibers just because it is as easy to install that many as one.
The remaining active microwave links are primarily used as backup for fiber routes and may not be carrying live traffic at all. Virtually every route that used to be microwave has now had one or more fiber routes installed to replace it and if it hasn't they are planned or being installed now. At the best there are a few remote places where installing fiber is impractical that still communicate with the world on microwave links and there are a few microwave systems still in service to carry certain vital national survival and security traffic where they provide redundancy.
Also, essentially all current common carrier microwave is now digital rather than fm-fdm-ssb. These high capacity and bit rate 64-QAM or 256-QAM signals are significantly harder to intercept and demodulate and demultiplex than the FM signals used until the late 80's were. This is especially true of reception from sites that see only marginal scattered signals rather than the direct beam, as digital radio tends to not work at all with marginal signals rather than being just noisy.
I think that probably less than 1% of US long distance public telephone and data communications currently travel by microwave at any point in their journey compared to more than 68% at the peak of microwave usage in the early 1980's. And this figure is dropping steadily over time as more and more fiber is put in service.
> As the Center for Security Policy (CSP) points out, the GRU - the Main Intelligence Directorate of the General Staff of the Russian Armed Forces - maintains signals intelligence ("sigint") facilities in Lourdes, Cuba, and Cam Ranh Bay in Vietnam which are capable of intercepting nearly all microwaved communication across the continental United States as well as the Atlantic and Pacific.
This is not entirely true. Intercepting microwave signals from over the horizon is not possible except under truly extraordinary propagation conditions and then only for brief periods of time with gigantic antennas and from relatively nearby places. And the resultant scattered signal is of very poor quality and getting usable high bit rate data out of such scatter signals, as would be required to intercept common carrier traffic, is not easily possible.
At the very best the Lourdes facility might possibly be able to see occasional microwave scatter traffic from southern Florida and the Caribbean on very good days. This is hardly traffic from the entire continental US and one can be very sure that the NSA and other agencies responsible for thinking about US communications security have long ago arranged in cooperation with the long distance carriers to ensure that nothing of any great use was showing up.
There are two categories of microwave traffic those facilities can intercept - domestic and international satellite traffic from US satellites with footprints that cover the Caribbean and whatever radio traffic is intercepted by Russian low orbit ferret satellites as they pass over North America and by high orbit monitoring satellites parked over the western hemisphere.
Very little public point to point telephone and data traffic between points in the US is currently transmitted via satellite. Fiber is so much cheaper and better in quality that the carriers gave up satellite transmission of domestic traffic some years ago. There are some compelling reasons for this - the long 240 ms delay in transmitting traffic via geosynchronous satellite is very noticeable to many humans in the give and take of conversations, and without special protocol provisions many data communications systems give horrible throughput over links with that long a delay as well as giving unacceptably long echo delays in interactive applications. And satellite bandwidths are even less than terrestrial microwave bandwidths and compared to the vast amount of fiber now in service are just a tiny fraction of the total.
Domestic communications satellites are primarily used for point to multi-point traffic such as credit card authorization systems for gas stations and stores and distribution of video to TV stations and cable companies, and broadcasts of data to large numbers of receivers. It is rarely cheaper and more cost effective to put point to point traffic on communications satellites. And most of what is there is traffic sent by private users of one sort or another such as large companies and government agencies - much of which is securely encrypted if sensitive. And that which is not encrypted is readily accessible to anyone with the right commonly available equipment and a vanilla satellite dish of the sort there are literally millions and millions of scattered throughout the US, Canada and Mexico - the potential threat from this source dwarfs what the Russians might do with the information (and is readily controlled by link encryption).
Even international communications from the US are less and less routed via satellite as high capacity fiber trans-ocean cables are installed. I have seen numbers on the order of less than 10% satellite transmission of international traffic and as new optical amplifier cables are installed (which one can assume the UK/USA partners such as the US NSA get the entire bitstream from) this number is also plunging. And most international satellite communications can be monitored from the other end and do not have to be monitored from near the US.
As a point of fact I would be more concerned that Russian submarines have tapped the trans-Atlantic and trans-Pacific cables somewhere than that the Russians pick up satellite communications. One hopes that the bitstreams on those cables are really securely link encrypted - doing so would seem to be a no-brainer - but I have never seen any reference to this being the practice.
What capabilities Russian sigint satellites still have in the post USSR era of economic collapse where Russia has not been able to launch a single imaging spy satellite for several months and has no usable ones in orbit, according to a recent NY Times story, is not clear. Russian satellites have generally had a much shorter useful life in orbit than US satellites do and Russia and the Russian space program has been pretty poor and disorganized for the last several years. At best such sigint satellites could conceivably be used to monitor some few domestic microwave links that happened to put a usable signal in the direction of the satellite and were far enough away from other transmitters on the same frequency to be separated by antenna directivity enough to stand out. While a satellite in geosynchronous orbit could see all of North America, it is pretty certain that it could see only a rather small fraction of modern digital microwave links well enough to recover traffic from them. And it is absolutely certain that the capacity of the satellite to intercept and relay traffic is only a few microwave links simultaneously at most. This is hardly everything or more than a small piece in fact.
It has been reported that Russian sigint satellites use laser optical links back to Lourdes rather than the Ka and higher frequency band microwave links that US equivalents have used to pass the signals they intercept, but one suspects that the relevant US agencies have probably used whatever means were necessary to find these links and determine what US traffic is being monitored and ensure that that anything truly important was routed by fiber instead.
In any case, the value of Lourdes is primarily as a base for intercepting US satellite communications and as a convenient place to put a ground station for sigint and ferret satellites where satellite to satellite relay is not required to get the signals back to a ground station. If Lourdes were shut down most of the sigint functions of these satellites could be operated from Russia using satellite to satellite communications of one sort or another. The only major loss would be the ability to intercept certain domestic communications satellite signals which use focused beams and not readily intercepted from other places where the Russians may have space to put antennas. And one suspects that the Russians could probably do most of this interception from covert sites under cover as legitimate satellite installations in the US and Canada or other Caribbean or Central American countries.
In any case it is certainly not true that Lourdes can intercept a significant fraction of US telecommunications simply because most US telecommunications do not any longer travel via microwave radio. Lourdes undoubtably can intercept enough useful stuff to justify continuing its operation, but this is partly because of blind US government policy on encryption rather than anything else. This especially applies to cellular communications which can be intercepted from satellites (and of course by anyone with a scanner or modified cell-phone as well). How well even satellites with large 100 or 200 foot dishes do at intercepting the dense network of US and other cellular systems with hundreds of transmitters going at once on the same frequency in the area of the footprint of the satellite receive antenna at 800 mhz I do not know. And tracking and identifying calls of interest when the satellite can intercept only some cells on some cell-sites reliably must be fairly hard.
In any event the US operates several sigint satellites of much more advanced design and capability than Russia and has for many more years than the Russians have. And it is widely reported that the US has worldwide ground monitoring stations listening to essentially all communications satellites in the Clarke orbit and probably any that aren't that could possibly carry useful traffic. Our capabilities and technology and expenditure in this area is well beyond anyone else's.
Furthermore, according to the CSP, "it is believed that both the Russians and the Cubans are developing capabilities at Lourdes to conduct information warfare (IW). Such a capability would permit these facilities to be employed not only to intercept information [but also to] make it possible for Moscow or Havana to manipulate telecommunicated information so as to deny the American people and their government vital services or otherwise work against U.S. interests."
There may be some capability to jam US commercial communications satellites which for the most part have not any kind of protection against such jamming. Vital US military communications satellites do. Successfully conducting man-in-the-middle attacks on terrestrial microwave communications from Clarke orbit is difficult at the very very best and probably essentially impossible simply because of the 240 ms delay involved and the enormous difficulty of successfully interjecting the right kind of signal into a microwave link that uses highly directional antennas and modulation techniques that are amplitude sensitive such as QAM. And one can certainly assume that the US is carefully watching Russian sigint satellites at all times and would certainly know immediately if they started radiating enough signal to disrupt or spoof US communications systems.
Of course all sigint yields information such as passwords and encryption keys and spectral signatures of speakers and call addressing and routing information (traffic analysis) that can be used to good advantage in later active man-in-the-middle attacks. And one can certainly assume that the Russians and many other governments including the US have spent considerable effort developing active penetration and disruption capability. It has even been reported that the US has been using this to force network traffic to be routed in Europe via facilities the US can monitor.
> According to former GRU Colonel Stanislav Lunev, "The strategic significance of the Lourdes facility has grown dramatically since the secret order from Russian Federation President [Boris Yeltsin] of 7 February 1996 demanding that the Russian intelligence community step up the theft of American and other Western economic and trade secrets. It currently represents a very formidable and ominous threat to U.S. national security as well as the American economy and infrastructure."> Yet the Clinton Administration insists that it is in America's interest to allow the GRU to continue its eavesdropping on the U.S. In congressional testimony delivered on March 16, 1995, Assistant Secretary of State for Inter-American Affairs Alexander Watson asserted that pressuring Russia to discontinue sigint activities in Cuba "could limit our ability to promote reform and stability in Russia" as it could "be seen by the Russians as interfering with the exercise of their right under the START Treaty to monitor compliance with the agreement...."
And of course if we pressure them and other governments to abandon sigint operations they can and will start to do the same to us. And ours are greater in magnitude and productivity than theirs.
> As with so many other issues, the Clintonites and the Soviets are reading from the same page regarding the Cuban sigint facility. Izvestia reported last November 30th that the U.S. "does not object in principle to the continuing existence of the electronic center in Cuba...."
One can make the argument that sigint for national security purposes is stabilizing and not altogether a bad thing. Many of us who are at least dimly aware of the technology fear its potential in the hands of a future fascist police state greatly, but one suspects that the Russians do not use the information effectively to damage US interests. After all we are the top economic and military power in the world and they are nearly in third world status economically and have a rapidly deteriorating military. Perhaps the greatest risk from their Soviet era sigint capabilities is that information will leak from starved intelligence agency employees and officials to the Russian criminal mafias and benefit organized crime. There is certainly potential there for mischief, especially considering that a good amount of criminally useful information flows unencrypted over radio communications in the US.
If I was in the US government and thinking about the threat of the Russian sigint capability I would be pushing for more use of encryption in domestic commercial communications and especially such things as cell-phones and wireless data systems. Universal link encryption with secure ciphers of such radio based communications systems should not impact lawful interception of communications one iota since the government can always request wiretaps using their spiffy new digital telephony tapping capability. The carriers would always have access to the unencrypted traffic after all and could forward it to the government. And many of us think that end-to-end encryption of traffic is a better choice in the long run than no encryption, even if it locks out the government (and everyone else) from easily, and in large quantities, fishing through traffic. One supposes that the government will always be able to obtain most traffic it wants badly enough, through cryptanalysis, TEMPEST, rubber hose cryptanalysis, black bag jobs, bugging, and the perfidy of informants of one sort or another, and of course most of all - carelessness and ignorance about INFOSEC and bugs and configuration problems in software.
But I would also be mindful that the Russians have decreasing intelligence capability to monitor US intentions and perhaps allowing them some access will keep them from developing paranoid fears of US intentions. The Russians probably still have a few working ICBMs after all...
In any case enough of these speculations. Perhaps a semi-retired telecommunications/computer engineer such as myself with access only to public information gets the picture completely wrong. And perhaps not. I do know it is definitely and without a doubt not true that more and more domestic communications flow over microwave point to point radio, however. And I think that anyone propagating that myth deserves a correction.
Dave Emery
die@die.com
Weston, Mass.
Date: Fri, 3 Apr 1998 17:01:31 CST From: "U.S. Dept of State Listserver" <U09885@UICVM.UIC.EDU> Subject: 980403 U.S. State Dept. Press Briefing Transcript #41 To: DOSBRIEF@LISTSERV.UIC.EDU DEPARTMENT OF STATE DAILY PRESS BRIEFING [Excerpt] Friday, April 3, 1998 Briefer: James P. Rubin CUBA 1 Russia Monitoring Facility at Lourdes in Cuba QUESTION: Have you seen the story about the Russians supposedly using the listening post in Cuba to glean information about American battle plans and so forth? MR. RUBIN: We are well aware of the Russian signal intelligence facility at Lourdes, Cuba. Like our own SIGINT facilities, it is used to collect military information, including information used in verifying arms control agreements. Because of the sensitive nature of such activities, we will not comment publicly on the degree to which we do or do not perceive Lourdes as a threat.