DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U) Follow the 'Honey' FROM: Corporate Communications, Meade Operations Center (F74) Run Date: 06/23/2008 (TS//SI//REL) Thanks to some creative targeting and persistence, a group of Cryptologic Support Team analysts from SID were able to identify and track down the perpetrators of a deadly attack on the unit they support, providing information which led to the capture of three of them. One particularly elusive individual, a major weapons supplier and IED manufacturer who practiced good OPSEC , was finally located by tracking his wife's movements via her cell phone. (TS//SI//REL) On 30 April, an EFP 1 attack on a 1st Brigade, 4th Infantry Division (1-4 ID) vehicle killed two U.S. soldiers (a Company Commander and driver) in southwest Baghdad. Within 20 minutes of the attack, Cryptologic Support Team 7 2 had identified the four individuals responsible, from their intercepted cell phone calls celebrating this "victory." Two of these individuals were apprehended seven days later, and while this was very satisfying, everyone involved really wanted to nab the cell's mastermind. (S//REL) Cryptologic Support Team 7 ( CST-7) personnel: (left to right) PO2 (USN), SrA (USAF), Capt (USAF), PO2 (USCG), SrA (USAF), SrA (USAF) (TS//SI//REL) had been responsible for the deaths of many Americans and was number 3 on the Brigade Combat Team's target list. One problem the CST faced in locating him was that was very OPSEC-savvy, and known to take his cell phone completely apart when he went home to prevent our tracking him on it. Another problem was that, although he worked in CST-7's area of operations, he lived up north in Shula -- an area where U.S. forces don't operate. (TS//SI//REL) CST analysts had analyzed his pattern of life 3 for three weeks to identify locations for a potential ambush, without luck. Then, on the weekend of 9 May, they noticed his wife's cell phone active in their area--not in Shula, where she had always been. They tracked her phone for two days with SHARPFOCUS-2 4 , and posited probable locations where she might be, based on the data. On Sunday the team approached the responsible battalion with their information and made a case for taking action based on the SIGINT findings. Typically, the battalions do not want to action a target without support from two direction-finding airborne assets, so the analysts had to sell the idea. Shortly after the battalion agreed and drafted a CONOP 5 to carry out the plan, the CST watched her cell phone travel back north to Shula, via the RT-RG GEO-T tool 6 ! (TS//SI//REL) Although this was a disappointment, it led the team to believe that and his family might spend their weekends in the southern Baghdad area. Sure enough, the following weekend his wife's cell phone was noted active in the south -- so they notified the battalion. They tracked her phone all day and gave their assessment: an operation should be conducted late at night when the family is home, so that a SIGINT Terminal Guidance (STG) Team 7 could watch both and his wife's handsets. The following night the combat team raided the location identified by the RT-RG 8 tools, the STG team locked onto the wife's cell phone selector for confirmation, and they captured their target. In addition to the satisfaction of catching those responsible for the 30 April attack, the team received an intercepted phone call from a regional insurgent commander saying, "these captures have broken my back."

(TS//SI//REL) This operational success demonstrates the value of well-trained, embedded analysts, as well as the combined work of the entire Enterprise (RT-RG tools, SHARPFOCUS-2 support from TAO's Remote Operations Center and NSOC , STG teams from the 704th MI Brigade, etc.). The team's responsiveness within minutes of the attack drove follow-on operations, leading to the capture of the perpetrators and several associates. This particular victory was also due to CST-7's ability to convince military leadership to have confidence in the SIGINT tools in the absence of confirmation by other military systems, and to the analysts' creativity in tracking wives and girlfriends as the targets increase their security precautions. (S//REL) Note: the location where was visiting. was captured was his sister's house, where his family (U) Notes: 1. (U) Explosively formed penetrators (EFPs) are the most deadly form of IED. (See related article .) 2. (C//REL) Cryptologic Support Team 7 (CST-7) is staffed by SID personnel (pictured above) who deployed to Iraq in late March and assumed mission in early April. They support the 1-4 ID at Forward Operating Base Falcon, in southern Baghdad. 3. (U//FOUO) "Pattern of life" refers to a target's behavioral signature or routine activities, locations, etc. 4. (TS//SI//REL) SHARPFOCUS-2 is a GSM "macro geolocation tool" that provides starting points for hunts against handsets operating within certain Iraqi networks, narrowing down a target's location. 5. (U) CONOP = Concept of operations 6 (TS//SI//REL) GEO-T is an RT-RG tool that allows the analyst to watch targets of interest in near real time and visually displays them in a geospatial environment. 7. (TS//SI//REL) SIGINT Terminal Guidance systems exploit targets' personal communications by replicating a GSM cell tower, compelling nearby GSM handsets to interact with it, and gathering the handset's selector data. (See related article .) 8. (U//FOUO) RT-RG is a suite of tools that enable the tactical SIGINT analyst to optimally access extremely large volumes of data in near real-time and leverage this data for targeting. "(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet without the consent of S0121 (DL sid_comms)." DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108