DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
(S//SI//REL) From the Sandbox to Mexico: Applying Wartime
Tactical Techniques to Strategic Missions
FROM: SSgt
USMC, SIGINT Geospatial Analyst, ICN Texas,
Southern Arc (SARC) Target Development Branch (FTS2F13),
and the Office of International Crime & Narcotics at NSAW
Run Date: 10/15/2009
(S//SI//REL) Intelligence Analysts: Here's a story illustrating how geospatial metadata analysis
can prove useful against a strategic target, such as counter-narcotics.
(S//SI//REL)Almost everyone has seen the comical commercials about how
the world would work if it were run by people with push-to-talk phones.
Simple, quick and to the point. That is exactly why drug cartels love the
Nextel phone (shown). You can make a phone call, radio someone quickly or have a group
conference, all with one phone. With the majority of the NSAT SARC targets in Mexico using the
Nextel De Mexico services, especially the direct-connect or push-to-talk function, it was
imperative that capabilities be developed to fully exploit this cellular format.
(S//SI//REL)Targeting users of Nextel de Mexico is not an easy task. Any SIGINT Geospatial
Analyst (SGA) who has spent time in the desert is accustomed to having vast amounts of
metadata readily available to them. That is not the case with the narcotics target set in Mexico.
This is primarily due to limited collection access for Mexico, much less where our targets are
actually located. Also, since the iDEN cellular format is not prevalent outside of the Western
hemisphere, there is much less information as to how the technology actually works.
(S//SI//REL) With the requirements identified, NSA Texas analysts set out to answer the
problem in a unique way. Two SGAs with deployment experience put the iDEN collection system
to work. Using collected data from the GPS embedded in the Nextel towers enabled physical
mapping of the network. The SARC Target Development (TD) Branch did considerable research
and acquired additional information on Mexican iDEN/Nextel tower data with physical and logical
information for the entire network throughout Mexico. Shortly after receiving the network data,
additional iDEN collection boxes were purchased and installed at BIRDBATH (border collection)
front-end sites, completing and enhancing the iDEN collection capability along the Texas/Mexico
border. In December 2008, HUMINT provided additional physical and logical information for the
entire country of Mexico's Nextel service. This new network information, combined with the
extended collection system coverage, allowed analysts to review metadata and determine more
specific operating locations of their targets.
(U) Collection Improvements?
(S//SI//REL) It was soon discovered that there were unexpected issues with the collection
system and database that were impeding analysis. The system was not properly associating
selectors with the cell IDs collected by the system. Analysts worked closely with the local
support team to understand the selectors and metadata collected by the system. The support
team served as a liaison between analysts and developers to come up with new ways to easily
search and identify selectors. In March 2009, a new database was introduced which allows
analysts to search across collection sites through a single interface. As a result, analysts can now
quickly and reliably research a number, perform a true pattern-of-life analysis, and refine the
location of the targets of interest.
(S//SI//REL) To test the system, the team was provided with a single target selector and asked
to perform a 30-day pattern-of-life analysis to determine the target's commonly visited
locations. This led to the identification of additional targets associated with the teams initial
target of interest, thus expanding the network for exploitation. It was also discovered that the
targets were buying phones in blocks of 2, 4, or more with a one-up numbering sequence. These
discoveries and the pattern-of-life analysis resulted in an IGRAM which shared the results of the
analysis with our customers and partners.
(U) So What?
(S//SI//REL) Another story of an SGA doing good work? The "so what?" of the story is two-fold.
By placing experienced analysts with unmatched initiative and dedication in a situation where
almost nothing was known about a technology, they were able to break the technology down to
understand selection criteria, amass much of the necessary data, apply techniques to develop a
network and the right tools in order to provide target analysts and customer with a better
understanding of the targets' activities and actionable intelligence products.
(S//SI//REL) One specific success was the publication of an IGRAM that included the individual
associated with one of the Mexican Cartel death squads, known to be hired by the Vicente
Carrillo Fuentes (shown) Organization (VCFO) and who is responsible for a large share of the
deaths in Ciudad Juarez, Mexico. The IGRAM has led to a new initiative: NSAT analysts working
with customers and focusing more on locating targets by applying SGA techniques, along with
communication internals, and providing a more complete intelligence picture. Customers were
able to take the information in the IGRAM and focus their efforts to a specific area in which the
target was active. As a result, they have now changed their Information Needs to reflect the
necessity of geospatial reference information related to their targets.
(C//SI//REL) This is a perfect example of taking techniques developed
in one environment and applying them in other targeting situations.
This effort has clearly demonstrated that well-honed analytic techniques can
be applied against a disparate set of data and still result in useful and
actionable foreign intelligence information supporting the needs and
operations of a variety of customers.
"(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet
without the consent of S0121 (DL sid_comms)."
DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108