TECHNICAL CHANNELS OF INFORMATION LEAKAGE TRANSMITTED VIA COMMUNICATION CHANNELS.

TECHNICAL CHANNELS OF LEAKAGE OF INFORMATION TRANSMITTED VIA COMMUNICATION CHANNELS..

TECHNICAL CHANNELS OF INFORMATION LEAKAGE TRANSMITTED VIA COMMUNICATION CHANNELS

Technical channels of information leakage transmitted via wired communication channels

Until now, telephone communication has prevailed among many types of electronic and radio communication, therefore the telephone channel is the main one, on the basis of which narrowband and broadband channels for other types of communication are built.

On the transmitting side of the telephone channel, a microphone is used as a transmitter, which converts acoustic signals in the frequency band DF = 0.3 … 3.4 kHz into electrical signals of the same frequencies. On the receiving side, the telephone channel ends with a telephone capsule (telephone), which converts electrical energy into acoustic signals in the frequency band DF = 0.3 … 3.4 kHz.

Analog and discrete (digital) channels are used to transmit information.

The analog channel is more often called the voice frequency channel (TV channel). It is used to transmit speech, e-mail, data, telegraphy, facsimile communication, etc. The throughput of the TV channel is Cx = 25 kbit/s [3].

The standard digital channel (SDC) with a capacity of Cx = 64 kbit/s is designed primarily for the transmission of speech in real time, i.e. for conventional telephony for the purpose of transmitting signals with frequencies of 0.3 — 3.4 kHz [3].

To convert the frequency band of 0.3 — 3.4 kHz (analog signal — speech) into a digital stream with a speed of 64 kbit/s, three operations are performed: sampling, quantization and coding.

Modern multi-channel equipment has the ability to create channels with higher throughput than TC and CCS channels. The throughput increase is achieved by expanding the effectively transmitted frequency band. All channels use one transmission line, so the terminal part of the equipment must perform channel separation.

Among the possible methods of channel division, two are predominantly used — frequency and time [3]. With the frequency method, each channel is allocated a certain section of the frequency range within the bandwidth of the communication line. The distinctive features of the channels are the frequency bands they occupy within the total bandwidth of the communication line. With the time method of division, the channels are connected to the communication line in turn, so that each channel is allocated a certain time interval during the total time of transmission of the group signal. The distinctive feature of the channel in this case is the time of its connection to the communication line.

Modern multichannel equipment is built on the group principle. When building terminal equipment, as a rule, multiple frequency conversion is used [3]. The essence of multiple frequency conversion is that in the transmitting part of the equipment, the spectrum of each primary signal is converted several times before taking its place in the linear spectrum. The same multiple conversion, but in the opposite order, is carried out in the receiving part of the equipment.

Most types of multichannel equipment are designed for a number of channels that is a multiple of twelve and are equipped with a corresponding number of standard 12-channel primary groups (PG). When forming a primary group, the spectrum of each of the twelve primary signals occupying bands of 0.3 — 3.4 kHz is transferred to a band of 60 — 108 kHz using the corresponding carrier frequencies. The equipment of the 12-channel group is individual equipment for most types of multichannel equipment. The total frequency band of 60 — 108 kHz is then fed to the group transmission equipment [3].

The subsequent stages of conversion are intended to create larger groups of channels: a 60-channel (secondary) group (SG), a 300-channel (tertiary) group (TG), etc. The frequency bands of 60 — 108 kHz of each of the five primary groups are moved to the corresponding band of the 60-channel group using group frequency converters. Bandpass filters form a common SG frequency band of 312 — 552 kHz [3].

By analogy with the SG, a 300-channel group circuit is constructed, occupying a band from 812 to 2044 kHz [3].

The main data of the multichannel equipment with frequency division of channels are given in Table. 1 [3].

The use of certain means for intercepting information transmitted over telephone lines will be determined by the possibility of access to the communication line (Fig. 1).

To intercept information from different types of cables, different types of devices are used:

• for symmetrical high-frequency cables — devices with inductive sensors;
• for coaxial high-frequency cables — devices for direct (galvanic) connection;
• for low-frequency cables — devices for direct (galvanic) connection, as well as devices with inductive sensors connected to one of the wires.

For example, in the 1980s, a reconnaissance device of the “Flounder” type was used to “receive” information from underwater armored cable communication lines [1]. This is a fairly complex electronic device with a nuclear (plutonium) power source designed for decades of operation.

It was made in the form of a steel cylinder 5 m long and 1.2 m in diameter [1]. Several tons of electronic equipment for receiving, amplifying and demodulating signals taken from the cable were mounted in a hermetically sealed tube. Recording of intercepted conversations was carried out by 60 automatically operating tape recorders, which were switched on when a signal was present and switched off when it was absent. Each tape recorder was designed for 150 hours of recording. And the total recording volume of intercepted conversations could be about three thousand hours.

Table 1. Basic data of multichannel equipment with frequency division multiplexing

Fig. 1. Diagram of a telephone channel for transmitting information

 By the time the film was used up, the underwater swimmer found the device using the hydroacoustic beacon installed on the container, removed the induction sensor and preamplifier from the cable and delivered the device to a specially equipped submarine, where the tape recorders were replaced, after which the device was reinstalled on the communication line.

The device's special sensitive induction sensors were capable of reading information from an underwater cable protected not only by insulation but also by double armor made of steel tape and steel wire tightly wrapped around the cable. The signals from the sensors were amplified by a preliminary antenna amplifier and then sent for demodulation, isolation of individual conversations, and recording them on a tape recorder. The system provided the ability to simultaneously record 60 conversations conducted over a cable communication line [1].

To intercept information from cable communication lines running overland, American specialists developed the “Mole” device more than 20 years ago [1]. It used the same principle as the “Flounder” device. Information was collected from the cable using a special sensor [1]. It was installed in manholes through which the cable passed. The sensor in the manhole is attached to the cable and, to make detection more difficult, is pushed into the pipe that leads the cable to the manhole. The information intercepted by the sensor was recorded on the magnetic disk of a special tape recorder. After filling, the disk is replaced with a new one. The device made it possible to record information transmitted simultaneously over 60 telephone channels. The duration of continuous recording of a conversation on a tape recorder was 115 hours [1].

Demodulation of intercepted conversations was carried out using special equipment in stationary conditions.

In order to simplify the task of finding the “Mole” device for replacing disks, they were equipped with a radio beacon mounted in the device’s body. An agent, driving or passing in the area where the device was installed, would ask it with his portable transmitter if everything was OK. If no one had touched the device, the radio beacon would transmit a corresponding signal. In this case, the tape recorder’s disk would be replaced.

One of the “Mole” devices was found on a cable communication line running along the highway approaching Moscow. More than ten similar devices were removed by Soviet specialists in Syria at the request of the Syrian side. All of them were camouflaged as local objects and mined to make them unretrievable [1].

Interception of information from ordinary subscriber two-wire telephone lines can be carried out either by direct contact connection to the lines, or by using simple small-sized inductive sensors connected to one of the wires of the subscriber line.

The fact of contact connection to the communication line is easy to detect. When connecting an induction sensor, the integrity of the cable braid is not damaged, the cable parameters do not change and it is practically impossible to detect the fact of connection to the line in this case.

Information intercepted from the telephone line can be recorded on a tape recorder or transmitted via a radio channel using microtransmitters, which are often called telephone bugs or telephone repeaters.

Telephone bugs can be classified by type of execution, installation location, power source, method of information transmission and encoding, control method, etc. (Fig. 2).

They are usually made either as a separate module or camouflaged as elements of a telephone set, for example, a capacitor, telephone or microphone capsules, telephone plug, socket, etc.

Telephone bugs in the usual design have small dimensions (volume from 1 cm3 to 6 — 10 cm3) and weight from 10 to 70 g. For example, the HKG-3122 telephone bug has dimensions of 33x20x12 mm, and SIM-A64 — 8x6x20 mm [5, 6].

Fig. 2. Classification of telephone bugs

 Telephone bugs usually transmit intercepted information via a radio channel. A telephone wire is usually used as an antenna.

For information transmission, the most commonly used wavelength ranges are VHF (meter), UHF (decimeter) and GHz (GHz) frequency broadband (WFM) or narrowband (NFM) modulation.

To increase secrecy, digital signals with phase or frequency manipulation are used, the transmitted information can be encoded using various methods.

The range of information transmission with a radiation power of 10 — 20 mW, depending on the type of modulation and the type of receiver used, can be from 200 to 600 m.

Information transmission (radiation work) begins when the subscriber picks up the phone. However, there are bugs that record information in a digital storage device and transmit it on command.

Telephone bugs can be installed: in the body of the telephone set, the telephone handset or the telephone socket, as well as directly in the telephone line [4].

The ability to install a telephone bug directly in a telephone line is important, since in order to intercept a telephone conversation there is no need to enter the premises where one of the subscribers is located. Telephone bugs can be installed either in the telephone line path to the distribution box, which is usually located on the same floor as the room where the monitored device is installed, or in the telephone line path from the distribution box to the building's distribution board, which is usually located on the first floor or in the basement of the building.

Telephone bugs can be installed in series in the gap of one of the telephone wires, in parallel or through an inductive sensor.

When connected in series, the bug is powered from the telephone line, which ensures unlimited operating time. However, a bug with a series connection is quite easy to detect due to changes in the line parameters and, in particular, the voltage drop. In some cases, a series connection with voltage drop compensation is used, but this requires an additional power source.

Telephone bugs with a parallel connection to the line can be powered either from the telephone line or from autonomous power sources. The higher the input resistance of the bug, the less significant the change in the line parameters and the more difficult it is to detect. It is especially difficult to detect a bug connected to the line via a high-resistance adapter with a resistance of more than 18 — 20 MOhm. However, such a bug must have an autonomous power supply.

Along with contact connection, contactless data retrieval from a telephone line is also possible. For these purposes, bugs with miniature inductive sensors are used. Such bugs are powered by autonomous power sources and it is practically impossible to establish the fact of their connection to the line even by the most modern means, since the line parameters do not change when connected.

When powered from a telephone line, the operating time of the bug is unlimited. When using autonomous power sources, the operating time of the bug is from several dozen hours to several weeks. For example, the 4300-TTX-MR telephone radio bug, installed in a telephone handset, with a radiation power of 15 mW and using a PX28L power source, provides an operating time of 3 to 12 weeks [4].

The methods of using telephone bugs are determined by the ability to access the room where the monitored telephone is installed.

If it is possible to penetrate the premises even for a short time, the bug can be installed in the body of a telephone set, telephone handset, etc. Moreover, this requires from 10 — 15 seconds to several minutes. For example, replacing a regular microphone capsule with a similar one, but with a telephone bug installed in it, takes no more than 10 seconds. Moreover, it is impossible to distinguish them visually.

Telephone bugs, made in the form of separate elements of the telephone set circuit, are soldered into the circuit instead of similar elements or are disguised among them. The most frequently used bugs are made in the form of various types of capacitors. It takes several minutes to install such devices and the installation is usually carried out when troubleshooting or performing preventive maintenance of the telephone set.

It is possible to install a bug in a telephone set even before it arrives at an institution or enterprise.

If access to the controlled premises is impossible, bugs are installed either directly in the telephone line path or in distribution boxes and panels, usually in such a way that their visual detection is difficult.

The smaller the bug, the easier it is to disguise. However, small bugs in some cases do not provide the required range of information transmission. Therefore, to increase the range of information transmission, special repeaters are used, usually installed in hard-to-reach places or in a car within the radius of the bug.

Special complexes such as 4600-FAX-INT, 4605-FAX-INT, etc. are used to intercept fax transmissions [4].

A typical fax interception system is placed in a standard briefcase, can be powered either by an AC network or by built-in batteries, is connected to the line via a high-resistance adapter, so it is almost impossible to determine the fact of connection, allows automatic recognition of voice and fax messages, records transmitted messages, has high noise immunity and adapts to changes in line parameters and data transfer speed. The system allows continuous monitoring of the reception and transmission of several faxes.

Registration of intercepted messages can be carried out in several ways:

• line-by-line registration in real time;
• line-by-line printing with simultaneous recording to a storage device;
• printing recorded information to output devices;
• recording information to a storage device without printing.

In addition to recording intercepted messages, such a system records service information about the nature of transmitted messages, non-standard fax operating modes, searches and cryptographic methods (techniques) [4].

The system software allows modeling a fax machine receiver with advanced capabilities for visual analysis of recorded signals and setting demodulation parameters in cases where automatic demodulation is unsatisfactory.

Technical channels for leakage of information transmitted via radio communication channels

One of the most common methods of transmitting large amounts of information over long distances is multi-channel radio communication using radio relay lines and space communication systems. Radio relay communication is communication using intermediate amplifiers-repeaters. Multi-channel radio relay lines are usually laid near highways to facilitate the maintenance of remote repeaters, which are located at dominant heights, masts, etc. In space communication systems, information is transmitted via repeater satellites located in geostationary and high elliptical orbits.

The global strategy for the modern development of radio communications is the creation of international and global public radio networks based on the widespread use of mobile radio communications.

The dominant position in the mobile radio communications market today is occupied by [3]:

• departmental (local, autonomous) systems with communication channels rigidly assigned to subscribers;
• trunking radio communication systems with free access of subscribers to a common frequency resource;
• cellular mobile radiotelephone communication systems with spatially distributed frequency reuse;
• personal radio call systems (PRPS) — paging;
• cordless telephone systems (Cordless Telephony).

Communication systems with fixed channels have been used by government and commercial organizations, law enforcement agencies, emergency services and other services for a long time. They can use both simplex and duplex communication channels, analog and digital methods of masking messages, and have high communication efficiency.

The main frequency ranges for networks with fixed channels: 100 — 200, 340 — 375, 400 — 520 MHz [3].

The most optimal at present is the use of public mobile radio networks (trunking, cellular), since they provide subscribers with a greater variety of services (from the formation of dispatch communications of individual services to automatic access to subscribers of city and long-distance telephone networks), and also allow a sharp increase in network capacity. In these networks, any subscriber has the right to access any unoccupied network channel and is subject only to the discipline of mass service.

The term “trunking” refers to a method of equal access of network subscribers to a common dedicated channel bundle, in which a specific channel is assigned to each communication session individually. Depending on the load distribution in the system, communication between individual subscribers in such a network is carried out mainly through a special receiving and transmitting base station. The radius of the base station in urban conditions, depending on the frequency range of the network, the location and power of the base and subscriber stations, ranges from 8 to 50 km [3].

The most widely used trunking radio communication systems are presented in Table 2 [2].

The main consumers of trunking communication services are law enforcement agencies, emergency services, armed forces, private security services, customs, municipal authorities, security and escort services, banks and collection services, airports, power substations, construction companies, hospitals, forestry, transport companies, railways, industrial enterprises.

Cellular radiotelephone communication occupies a special place among public communication networks [3]. The cellular principle of network topology with frequency reuse has largely solved the problem of frequency resource shortage and is currently the main one in the public mobile communication systems being created.

Table 2. Characteristics of trunking radio communication systems

The structure of cellular networks is a set of small service zones adjacent to each other and having different communication frequencies, which can cover vast territories. Since the radius of one such zone (cell) does not exceed, as a rule, several kilometers, in cells that are not directly adjacent to each other, it is possible to reuse the same frequencies without mutual interference.

Each cell contains a stationary (base) radio transceiver, which is connected by wire to the central station of the network. The number of frequency channels in the network usually does not exceed 7 — 10, and one of them is organizational. The transition of subscribers from one zone to another is not associated with any restructuring of the equipment. When a subscriber crosses the zone boundary, he is automatically provided with another free frequency belonging to the new cell.

The main technical characteristics of cellular communication systems are presented in Table 3 [2].

Table 3. Main technical characteristics of cellular communication systems

Note: MS – mobile station, BS – base station.

 The NMT-450 and GSM standards have been adopted as federal standards, while AMPS/D-AMPS is intended for regional use. The DCS-1800 standard is promising [2].

The NMT-450 standard uses a duplex frequency spacing of 10 MHz. Using a frequency grid of 25 kHz, the system provides 180 communication channels. The cell radius is 15 — 40 km [2].

All service signals in the NMT system are digital and are transmitted at a rate of 1200/1800 bit/s FFSK (Fast Frequency Shift Keying).

Cellular systems based on the NMT standard are used in Moscow, St. Petersburg and other regions of the country.

The AMPS standard cellular system operates in the 825 — 890 MHz range and has 666 duplex channels with a channel width of 30 kHz. The system uses antennas with a 120° beamwidth installed in the corners of the cells. The cell radii are 2 — 13 km [2].

In Russia, AMPS systems have been installed in more than 40 cities (Arkhangelsk, Astrakhan, Vladivostok, Vladimir, Voronezh, Murmansk, Nizhny Novgorod, etc.). However, experts believe that AMPS will gradually be replaced by digital standards in large cities. For example, in Moscow, only digital standards are now used in ranges above 450 MHz.

The D-AMPS digital system using TDMA multiple access technology is currently the most widespread digital cellular system in the world. The digital standard has a frequency channel width of 30 kHz. The D-AMPS standard has been adopted as a regional standard. Systems in Moscow, Omsk, Irkutsk, and Orenburg have been created according to this standard.

The GSM standard is closely related to all modern digital network standards, primarily ISDN (Integrated Services Digital Network) and IN (Intelligent Network).

The GSM standard uses narrowband time-division multiple access (TDMA). The TDMA frame structure contains 8 time slots on each of the 124 carriers [2].

To protect against errors in radio channels when transmitting information messages, block and convolutional coding with interleaving is used. Increased efficiency of coding and interleaving at low speeds of mobile stations is achieved by slow switching of operating frequencies (SFH) during a communication session at a rate of 217 hops per second [2].

To combat interference fading of received signals caused by multipath propagation of radio waves in urban conditions, equalizers are used in communication equipment, ensuring the alignment of pulse signals with a standard deviation of the delay time of up to 16 μs. The synchronization system is designed to compensate for the absolute delay time of signals up to 233 μs, which corresponds to the maximum communication range or the maximum cell radius of 35 km [2].

The GSM standard uses Gaussian minimum shift keying (GMSK) with a normalized bandwidth of 0.3. The frequency manipulation index is 0.5. With these parameters, the radiation level in the adjacent channel will not exceed -60 dB.

Speech processing is performed within the framework of the adopted discontinuous speech transmission (DTX) system, which ensures that the transmitter is switched on only when a speech signal is present and that the transmitter is switched off during pauses and at the end of a conversation. A speech codec with regular pulse excitation/long-term prediction and linear predictive coding with prediction (RPE/LTP-LPC — codec) was selected as a speech-converting device. The total speech signal conversion rate is 13 kbit/s [2].

The GSM standard achieves a high degree of message security, and messages are encrypted using the open-key encryption algorithm (RSA).

The DCS-1800 system operates in the 1800 MHz range. The core of the DCS-1800 standard is made up of more than 60 GSM standard specifications [2]. The standard is designed for cells with a radius of about 0.5 km in dense urban areas and up to 8 km in rural areas.

The IS-95 standard is a standard for a cellular communication system based on the CDMA code division multiple access method. The security of information transmission is a property of CDMA technology, so operators of these networks do not need special equipment for encryption of messages. The CDMA system is built using the method of direct frequency spectrum expansion based on the use of 64 types of sequences formed according to the law of Walsh functions [2].

The standard uses separate processing of reflected signals arriving with different delays, and their subsequent weight summation, which significantly reduces the negative impact of the multipath phenomenon.

The IS-95 CDMA system in the 800 MHz band is the only operational code division multiplexing system [2]. A 1900 MHz version is planned.

Paging provides wireless one-way transmission of limited alphanumeric or audio information within a service area. The frequency range of paging systems is from 80 to 930 MHz [3].

Currently, the most widely used protocols in our country for use in personal call systems (paging systems) are POCSAG (Post Office Standardization Advisory Group), ERMES (European Radio Message System) and FLEX (Table 4) [2]. All of these protocols are analog-digital. The main class of signals used is 16KOF1D.

Table 4. Main characteristics of paging systems

POCSAG messages are transmitted using two-level frequency modulation with a maximum frequency deviation of 4.5 kHz [2].

The FLEX protocol is characterized by a high data rate and, therefore, high throughput. At a rate of 1600 bps, two-level frequency modulation (FM) is used, at a rate of 6400 bps, four-level FM is used. The frequency deviation in both cases is 4.8 kHz [2].

For the operation of paging systems according to the ERMES protocol, a single frequency range (or part of it) of 169.4 — 169.8 MHz is allocated, in which 16 working channels with a frequency spacing of 25 kHz are organized. The data transfer rate is 6.25 kbit/s [2].

Wireless telephone systems (WTS) at the initial stage of their development were intended mainly to replace the telephone handset cord with a wireless radio line in order to provide greater subscriber mobility. Further development of this type of communication, especially the transition to digital methods of information processing, significantly expanded the scope of application of WTS [3].

In analog-type BPT systems, most often used in residential premises and small institutions, BPTs for individual use are used, consisting of a base station (BS) connected to the city telephone network, and a portable radiotelephone apparatus (PRA) [3]. When BPTs are used in large companies as an intra-institutional means of communication, branched networks of low-power radiotelephones are organized, the operating principle of which is similar to cellular networks. These systems mainly use digital methods of signal processing, providing more secure encryption of transmitted messages.

Both analog and digital cordless phones operate in duplex mode on several channels, and the channel is selected automatically from among the unoccupied ones. The range of certified radio transmitters (radiation power does not exceed 10 mW) BPT, depending on the type of equipment and operating conditions, is 25 — 200 m.

The power of uncertified BPT transmitters can be 0.35 — 1.2 W or more, while their range can be from several kilometers to several tens of kilometers.

The list of frequency bands allocated for BPT on the condition of limiting the maximum output power to 10 mW and on a secondary basis, i.e. without any guarantees of air purity are presented in Table 5.

Table 5. List of frequency bands allocated for wireless telephones with a power of up to 10 mW

In fact, analog BPTs in Russia operate in the following main frequency ranges:

26.3125 — 26.4875 MHz/41.3125 — 41.4875 MHz;
30.075 — 30.300 MHz/39.775 — 40.000 MHz;
31.0125 — 31.3375 MHz/39.9125 — 40.2375 MHz;
31,025 — 31.250 MHz/39.925 — 40.150 MHz;
31.0375 — 31.2375 MHz/39.9375 — 40.1375 MHz;
31,075 — 30.300 MHz/39.775 — 39.975 MHz;
30,175 — 30.275 MHz/39.875 — 39.975 MHz;
30,175 — 30.300 MHz/39.875 — 40,000 MHz;
307.5 — 308.0 MHz/343.5 — 344.0 MHz;
46,610 — 46.930 MHz/49.670 — 49.990 MHz;
254 MHz/380 MHz; 263 – 267 MHz/393 – 397 MHz;
264 MHz/390 MHz; 268 MHz/394 MHz;
307.5 – 308.0 MHz/343.5 – 344.0 MHz;
380 – 400 MHz/250 – 270 MHz;
814 — 815 MHz/904 — 905 MHz;
885.0125 — 886.9875 MHz/930.0125 — 931.9875 MHz;
902 — 928 MHz/902 — 928 MHz;
959.0125 — 959.9875 MHz/914, 0125 — 914.9875 MHz.

Digital BPTs use the following main frequency ranges: 804 — 868 MHz; 866 — 962 MHz; 1880 — 1990 MHz.

To intercept information transmitted using radio relay and space communication systems, radio intelligence tools are used, and to intercept conversations conducted using cellular telephones, special cellular communication system interception complexes are used.

Modern cellular communication system interception complexes can provide (depending on the configuration) monitoring of control (call) channels of up to 21 cells simultaneously, and allow monitoring and recording telephone conversations of 10 or more selected subscriptions.

The complexes are available in three types: “pocket” (in the form of a cell phone), mobile (in the form of a compact unit, a personal computer of the “Notebook” type and an antenna) and stationary (in the form of a desktop unit).

In addition to recording controlled conversations, the complexes can be equipped (depending on the standard) with some additional functions: monitoring conversations on a given number, “scanning” telephones and intercepting incoming communications of the controlled subscriber.

For the “pocket” version, it is possible to monitor conversations of one subscriber in the coverage area of ​​a cell; for the mobile version, it is possible to simultaneously monitor and record conversations of one (several) subscribers in the coverage area of ​​several cells, and it is possible to maintain a database of the monitored cells; for the stationary version, it is possible to simultaneously monitor and record conversations of more than ten subscribers in the entire cellular network, and maintain an extended database.

The “scanning” function of phones is used to covertly determine the phone number and service parameters of a phone.

When using the interception function of incoming calls of a monitored phone, it is possible to intercept all incoming calls of a specified subscriber.

The main functions of the complex:

• decoding the service channel to identify the mobile phone number on which the conversation is being conducted;
• wiretapping the phone conversation itself;
• the ability to simultaneously monitor the base station frequency and the mobile handset frequency, i.e. ensuring stable audibility of both interlocutors;
• the ability to simultaneously monitor both incoming and outgoing calls;
• monitoring frequency changes and supporting conversations when the subscriber moves from cell to cell;
• monitoring several cells from one point;
• recording telephone conversations using sound recording equipment in automatic mode;
• recording on the hard disk the numbers of mobile phones that made calls in the entire cellular communication system with the date and time.

During the operation of the complex, the monitor displays:

• the numbers of all phones called on all cells of the system;
• the numbers of phones that contacted the cell to which the control channel is configured, as well as service information.

The hardware and software complexes are also used to intercept paging messages. The typical complex includes:

• modified scanning receiver;
• PC with input signal conversion device;
• software.

The complex allows solving the following main tasks:

• receive and decode text and digital messages transmitted in radio paging systems, save all received messages on the hard disk in an archive file;
• filter the general flow of messages, select data addressed to one or a number of specific subscribers by a priori known or experimentally determined cap codes, promptly change the parameters of the list of monitored subscribers;
• carry out Russification of the entire input flow of messages or addressed only to specific subscribers included in the list of monitored;
• process output data files in any text editor with the implementation of the standard search function by the entered string of characters and printing the necessary data on the printer.

While the program is running, the following is displayed on the monitor screen:

• messages received via one of the active channels (the number of the displayed channel is entered by the operator from the keyboard without interrupting the program);
• the current time of day and date;
• the time and date of receipt of each selected message, its serial number, and the identifier of the corresponding selection feature.

Special devices (for example, 640-SCRD-INT) are used to decode intercepted messages, closed by encryption equipment. Such devices decode and restore with high quality in real time the conversations, closed by ZAS equipment [4].

Radio reconnaissance equipment and special systems for intercepting cellular communication systems are in service with the special services of leading foreign countries and ensure the interception and decoding of messages transmitted using any communication systems, including the GSM standard.

To intercept telephone conversations conducted using analog BPTs, as well as cellular communication systems using analog signals, conventional scanning receivers can be used, the characteristics of some of them are given in Table 6.

Table 6. Characteristics of scanning receivers

Literature

1. Brusnitsyn N.A. Openness and Espionage. Moscow: Voenizdat, 1991, 56 p.
2. Loginov N.A. Current Issues of Radio Control in the Russian Federation. M.: Radio i svyaz, 200, 240 p.
3. Petrakov A.V., Lagutin V.S. Protection of subscriber teletraffic: Study guide. 3rd ed., revised and supplemented. M.: Radio i svyaz, 2004, 504 p.
4. Covert audio intercept. Volume ont: Catalog. – USA: Serveillance Technology Group (STG), 1993. – 32 p.
5. Discrete surveillance. Navelties: Catalog. – Germany: Helling, 1996. – 13 p.
6. Drahtlose Audioubertragungs – Systeme: Catalog. – Germany: Hildenbrand — Elektronic, 1996 – 25 p.