SIGINT (Signals Intelligence) is the activity of intercepting and analysing enemy electromagnetic emissions. This chapter describes the doctrine, why every friendly transmission is exposed, and the defensive discipline that follows. It does NOT contain intercept, decryption or offensive procedures.
The three SIGINT components
SIGINT breaks into three sub-disciplines, each with specific effect on units in the line.
| Component | Function |
|---|---|
| COMINT (Communications Intelligence) | Intercept of voice, data, messaging communications |
| ELINT (Electronic Intelligence) | Intercept of non-comms emissions (radar, datalinks, drone telemetry) |
| FISINT (Foreign Instrumentation SIGINT) | Intercept of telemetry, test datalinks, instrumentation signals |
Even a friendly drone in flight emits ELINT to the enemy. Even a weather station transmits FISINT. Anything radiating in spectrum is observable.
Why every transmission is exposed
The idea that "my signal is too weak / my band is unusual / I speak dialect" is the first doctrinal error. A modern SIGINT net does not work like a human ear.
- Sensitivity: modern SDR receivers capture wideband signals continuously, even at -120 dBm
- Spectrum: the whole usable spectrum (3 kHz - 40 GHz) is listened simultaneously
- Memory: captured traffic is stored and analysed in post-processing, not necessarily live
- Triangulation: three receivers produce a metric fix on any emission > 6 seconds
- Pattern analysis: recurring callsigns, hours, sequences profiled without decrypting content
- Crowdsourcing: in Ukraine, amateur SDR operators contribute to the pool
SIGINT output products
SIGINT output is not a "decrypted message". It is more often a package of indicators feeding targeting or intelligence analysis.
| Output | Operational use |
|---|---|
| Transmitter MGRS grid | Artillery / drone targeting (kill chain 2-15 min) |
| Friendly net profile | Order of battle, command-control structure |
| Pattern of life | Activity hours, rotations, unit habits |
| Personal identification | Voice recognition, voice biometrics of commanders |
| Operational state | Tone, urgency, traffic surge = imminent operation |
| Equipment | System identification from electromagnetic fingerprint |
Encryption: what it protects, what it does not
Encryption is a partial tool. Understanding its limits is fundamental to avoid false security.
- Protects: message content (if cipher is robust and well-implemented)
- Does NOT protect: existence of the transmission (emission detectable)
- Does NOT protect: transmission duration (useful for DF)
- Does NOT protect: frequency (analysable for system ID)
- Does NOT protect: transmitter position (DF on any EM wave)
- Does NOT protect: pattern of life (hours, exchange frequencies)
The question is not "will the enemy understand what I said?" but "will the enemy know I transmitted, from where and for how long?". The answer is almost always yes.
Derived defensive discipline
- ALWAYS assume listening: every PTT is an observed event
- Brevity: transmissions < 6 seconds when possible, < 15 seconds for reports
- Move after long transmission: relocate within 60 seconds if a transmission exceeded 10 seconds
- No proper names, no operational intent in clear, no friendly positions
- PACE plan: channel redundancy to avoid forcing a compromised channel
- Electromagnetic silence preparing a sensitive operation
- Never transmit from a fixed exposed position — always covered or mobile
- Language discipline: Russian or Ukrainian hides nothing, both sides have bilinguals
Phones, smartphones, apps
The smartphone is a SIGINT device against its carrier. Even off, it can be problematic in certain contexts.
- GSM / 4G: IDs IMEI and SIM, geolocates via cell tower triangulation
- Active Wi-Fi: broadcasts MAC and probes for known nets (reveals movement history)
- Bluetooth: discoverable as a unique device in beacon
- Social apps: EXIF metadata, photo geolocation, posting patterns
- Russian Leer-3 system (with Orlan-10 drone): intercepts tactical GSM and injects SMS
- Field rule: smartphone in airplane mode + powered off + Faraday bag in forward zone
Encrypted apps protect content, NOT device identification or cellular geolocation. On the Russo-Ukrainian front, smartphone use is a documented cause of targeted strikes on friendly positions.
Common mistakes
- Thinking encryption = full security
- Long transmissions because "we're far from the front" (Murmansk-BN listens hundreds of km away)
- Smartphone in forward zone even "just to check the map"
- Selfies / video in uniform at operational positions (automatic geolocation)
- Trusting "rarely used frequencies" — SDR receivers cover everything continuously
- Discussing operational intent on voice call even if encrypted
Lessons learned Ukraine
Publicly documented cases: command posts revealed by smartphone use, targeted casualties from unencrypted Baofeng intercept, artillery rounds 5-10 minutes after a long unencrypted transmission. Operationally, every forward unit operates assuming enemy SIGINT is continuous, high-quality, and directly linked to fires units. Veteran synthesis: 'If you transmit, they see you. If they see you, they count you. If they count you, they hit you.' The answer is not to stop transmitting — it is to transmit badly for the enemy: short, encrypted where possible, from a mobile position, with content discipline.