DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
(U) Follow the 'Honey'
FROM:
Corporate Communications, Meade Operations Center (F74)
Run Date: 06/23/2008
(TS//SI//REL) Thanks to some creative targeting and persistence, a group of Cryptologic
Support Team analysts from SID were able to identify and track down the perpetrators of a
deadly attack on the unit they support, providing information which led to the capture of three of
them. One particularly elusive individual, a major weapons supplier and IED manufacturer who
practiced good OPSEC , was finally located by tracking his wife's movements via her cell phone.
(TS//SI//REL) On 30 April, an EFP 1 attack on a 1st Brigade, 4th Infantry Division (1-4 ID)
vehicle killed two U.S. soldiers (a Company Commander and driver) in southwest Baghdad.
Within 20 minutes of the attack, Cryptologic Support Team 7 2 had identified the four individuals
responsible, from their intercepted cell phone calls celebrating this "victory." Two of these
individuals were apprehended seven days later, and while this was very satisfying, everyone
involved really wanted to nab
the cell's mastermind.
(S//REL) Cryptologic Support Team 7 ( CST-7) personnel: (left to right) PO2
(USN), SrA
(USAF), Capt
(USAF), PO2
(USCG),
SrA
(USAF), SrA
(USAF)
(TS//SI//REL)
had been responsible for the deaths of many Americans and was
number 3 on the Brigade Combat Team's target list. One problem the CST faced in locating him
was that
was very OPSEC-savvy, and known to take his cell phone completely apart when
he went home to prevent our tracking him on it. Another problem was that, although he worked
in CST-7's area of operations, he lived up north in Shula -- an area where U.S. forces don't
operate.
(TS//SI//REL) CST analysts had analyzed his pattern of life 3 for three weeks to identify
locations for a potential ambush, without luck. Then, on the weekend of 9 May, they noticed his
wife's cell phone active in their area--not in Shula, where she had always been. They tracked
her phone for two days with SHARPFOCUS-2 4 , and posited probable locations where she might
be, based on the data. On Sunday the team approached the responsible battalion with their
information and made a case for taking action based on the SIGINT findings. Typically, the
battalions do not want to action a target without support from two direction-finding airborne
assets, so the analysts had to sell the idea. Shortly after the battalion agreed and drafted a
CONOP 5 to carry out the plan, the CST watched her cell phone travel back north to Shula, via
the RT-RG GEO-T tool 6 !
(TS//SI//REL) Although this was a disappointment, it led the team to believe that
and his family might spend their weekends in the southern Baghdad area. Sure enough, the
following weekend his wife's cell phone was noted active in the south -- so they notified the
battalion. They tracked her phone all day and gave their assessment: an operation should be
conducted late at night when the family is home, so that a SIGINT Terminal Guidance (STG)
Team 7 could watch both
and his wife's handsets. The following night the combat team
raided the location identified by the RT-RG 8 tools, the STG team locked onto the wife's cell
phone selector for confirmation, and they captured their target. In addition to the satisfaction of
catching those responsible for the 30 April attack, the team received an intercepted phone call
from a regional insurgent commander saying, "these captures have broken my back."
(TS//SI//REL) This operational success demonstrates the value of well-trained, embedded
analysts, as well as the combined work of the entire Enterprise (RT-RG tools, SHARPFOCUS-2
support from TAO's Remote Operations Center and NSOC , STG teams from the 704th MI
Brigade, etc.). The team's responsiveness within minutes of the attack drove follow-on
operations, leading to the capture of the perpetrators and several associates. This particular
victory was also due to CST-7's ability to convince military leadership to have confidence in the
SIGINT tools in the absence of confirmation by other military systems, and to the analysts'
creativity in tracking wives and girlfriends as the targets increase their security precautions.
(S//REL) Note: the location where
was visiting.
was captured was his sister's house, where his family
(U) Notes:
1. (U) Explosively formed penetrators (EFPs) are the most deadly form of IED. (See related
article .)
2. (C//REL) Cryptologic Support Team 7 (CST-7) is staffed by SID personnel (pictured above)
who deployed to Iraq in late March and assumed mission in early April. They support the 1-4 ID
at Forward Operating Base Falcon, in southern Baghdad.
3. (U//FOUO) "Pattern of life" refers to a target's behavioral signature or routine activities,
locations, etc.
4. (TS//SI//REL) SHARPFOCUS-2 is a GSM "macro geolocation tool" that provides starting points
for hunts against handsets operating within certain Iraqi networks, narrowing down a target's
location.
5. (U) CONOP = Concept of operations
6 (TS//SI//REL) GEO-T is an RT-RG tool that allows the analyst to watch targets of interest in
near real time and visually displays them in a geospatial environment.
7. (TS//SI//REL) SIGINT Terminal Guidance systems exploit targets' personal communications
by replicating a GSM cell tower, compelling nearby GSM handsets to interact with it, and
gathering the handset's selector data. (See related article .)
8. (U//FOUO) RT-RG is a suite of tools that enable the tactical SIGINT analyst to optimally
access extremely large volumes of data in near real-time and leverage this data for targeting.
"(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet
without the consent of S0121 (DL sid_comms)."
DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108