UNCLASSIFIED
RELEASABLE TO RVNAF AND FWMAF
HEADQUARTERS
UNITED STATES MILITARY ASSISTANCE COMMAND,
VIETNAM APO 90222
MACJ3-052 8 March 1970
SUBJECT: Vietnam Lessons Learned No. 79: Enemy Exploitation of Allied Tactical Communications
SEE DISTRIBUTION
1. Attached for information is a Lessons Learned from recent experiences in the Republic of Vietnam (RVN).
2. This information may be of value for direct application to training or to reinforce, review, or revise existing doctrine based on experiences in the RVN.
3. Comments or question concerning this document, or requests for changes or additions in the distribution of Lessons Learned, should be addressed to, this HQ, ATTN: MACJ3-052. Lessons Learned published prior to 1969 may be obtained from the Administrator, Defense Documentation Center, ATTN: SDC - TCA , Cameron Station, Alexandria, VA 22314.
FOR THE COMMANDER:
4 Incl
1.Lessons Learned No. 79
2.Distribution
3.Index of Lessons Learned
4.Index of Combat Experiences
TABLE OF CONTENTS
PAGE
1.INTRODUCTION
1
2.PURPOSE
1
3.BACKGROUND
1
4.CURRENT VC/NVA COMMUNICATION INTELLIGENCE ACTIVITY
1
5.CONCLUSIONS
3
6.LESSONS LEARNED
3
7.ANNEX A
A-l
VIETNAM LESSONS LEARNED NO 79
1. (C) INTRODUCTION.
Several salient lessons learned on communications cover and deception are contained in Counterinsurgency Lesson Learned NO. 64, dated 15 September 1967, and Combat Experiences 2-69, dated 29 July 1969, published by Headquarters, United States Military Assistance Command, Vietnam. While the major topic of discussion of these two publications is the enemy and friendly employment of communication techniques as a means to deceive and misguide the adversary, many references are made therein to the importance of sound communications security practices.2. (C) PURPOSE.
This lessons learned is devoted entirely to the subject of communications security. It adds strong emphasis to the need for sound and secure communication techniques strict circuit discipline; and meticulous adherence to existing communications regulations, procedures, and practices. The continued disregard for approved communications techniques and the failure to use approved codes is constantly providing the enemy with timely intelligence which can be exploited to foil allied operations.3.(C) BACKGROUND.
a. Prior to and throughout 1965 the enemy in Vietnam concentrated his communications intercept activities on Vietnamese Air Force and civil communications.Concurrent with the US build-up the enemy instituted an intensive training program designed to produce the large number of English linguists necessary to exploit successfully US communications. As a result, English linguists are now integral to many Viet Cong (VC) and North Vietnamese Army (NVA) combat units.
b. Through interrogation reports and the analysis of captured enemy documents it was known that the VC/NVA were primarily interested in plain language and brevity-coded voice communications. Heavy emphasis was placed on the intercept of forward air controller, artillery spotter and press communications. The VC/NVA were also known to engage in the crypto-analysis of low level codes, authorized and unauthorized, and demonstrated a respectable degree of success in jamming, imitative communications deception, and traffic analysis.
4. (C) CURRENT VC/NVA COMMUNICATIONS INTELLIGENCE ACTIVITY.
Although the VC/NVA Communication Intelligence (COMINT) effort has been evident for some time, only limited information on their intercept successes was available. Today the seriousness of this threat can be fully comprehended since there is proof of the enemy's COMINT effort and the success the VC/NVA are achieving in the exploitation of US and allied communications.a. On 20 December 1969 an enemy camp in the III Corps Tactical Zone was overrun by US forces. Interrogation of the prisoners taken and-analysis of the equipment and documents captured revealed that the personnel were from a radio intercept element known to the VC/NVA as a technical reconnaissance unit. While individuals and separate pieces of equipment have been captured in the past, this was the first unit to be captured virtually intact. The mission bf this unit was to intercept and analyze the voice and Morse code communications of US and allied units in their area. Documents captured included over 1400 hand-copied voice transmissions inter- cepted from allied nets, two booklets containing biographical data of the unit's personnel, booklets containing sample frequency and call sign allocations with unit identifications and various booklets containing instructions on methods of intercept and exploitable weaknesses in US and allied communications. All of this COMINT activity was accomplished with the following equipment:
Two PRC-25's and one PRC-7'7,
One Chinese Communist (CHICOM) R-139 Receiver,
One homemade receiver and transmitter,
Seven Sony transistor radios,
And one Panasonic receiver.
The PRC-25 and PRC-77 receivers gave the team the capability of intercepting the frequency modulated (PM) radios used by US tactical units. The CHICOM R-139 receiver is capable of in- tercepting the GRC series of radios. The homemade receiver and transmitter, while compatible with some US equipment, was probably used by the unit for internal communications.
b. Included in the booty were several bags of antenna parts and long wire antennae cut to specific frequencies to increase sensitivity. Power was obtained through commercial batteries wired both in parallel and in series to attain the desired voltages. All of the equipment was in excellent operating condition and the workmanship reflected in the homemade receiver and transmitter was of very high.quality. With this equipment the unit had the capability of monitoring virtually all non-secure voice and Manual Morse communications used by US and allied tactical units.
c. Among the documents captured were booklets containing extensive instructions on proper intercept techniques and detailed analysis of the communications procedures of several allied units. They explain in detail such things as procedures used in assigning callwords and suffixes, and the importance of these items in maintaining order of battle information and continuity in their intercept effort. The enemy author points out that in many cases call signs and call words do not change, or that when call words do change, suffixes and frequencies do not. Numerous pages and diagrams list past and present call signs and suffixes of US units.
5.(C) CONCLUSIONS:
a. The preceding paragraphs indicate the seriousness of the threat caused by the VC/NVA COMINT effort. There is little doubt that the personnel employed in this effort are well qualified, well equipped, and possess the necessary documentation to analyze allied cormnunications on the spot, in the minimum amount of time. The relay of intercepted information to enemy units in the field is done expeditiously by land line communications, radio, or courier.
b. Also indicated herein are the specific areas of weakness of allied forces most commonly exploited by VC/NVA COMINT units. Some of those cited are not new and have been addressed before. However, continuous employment of unauthorized codes, lack of proper communication discipline, and disregard of existing regulations, directives and specified procedures continue to provide the enemy with valuable and extremely timely intelligence information.
6.(C) LESSONS LEARNED.
a. Allied units continue to make extensive use of locally produced, unauthorized codes which the enemy has no difficulty in breaking.
b. Allied units continue to transmit in the clear such items as:
(1) Artillery harassment and interdiction fires schedules.
(2) Ambush sites.
(3) Casualty reports.
(4) Fire support requests.
c. Call signs and frequencies are not changed periodically and when changed, some suffixes, frequencies, or other component items are retained.
d. Some allied units fail to use proper authentication when in a deception environment.
e. There is a general lack of:
(1) Proper circuit discipline.
(2) Adequate pre-operation communications security (COMSEC) planning.
(3) Maximum use of available secure communications equipment.
(4) Realization by various personnel of the vulnerability of electromagnetic and wire transmissions to enemy interception.
f. Allied forces continue to underestimate the enemy's capabilities in the field of communications intelligence.
ANNEX A
FOREWORD
This annex reproduces excerpts from translated enemy documents. These translations are contained in the Combined Document Exploitation Center, (CDEC), Vietnam, report Number TIR RVN 06-70. Described in considerable detail therein are instructions provided to VC/NVA intercept operators and analysts. All paragraphs in this annex are classified CONFIDENTIAL.
American Technical Information
"It has been suggested that a number of documents compiled on American technical information (except that of the 1st and 25th Divs) be typed and sent to the units.
US Armored Cavalry Regiment
Through monitoring and analysis over a period of time, we have become experienced with regard to intercept of and collecting information from the regimental net. Because of this, we are able to maintain daily continuity. There are many deficiencies, but there is still enough information to be given out for reference.
I General Concept
The Regiment is an independent regiment directly subordinate to IIFF'V. The enemy uses the Regiment as a mobile strike force to search out and destroy our bases. Since the spring of 1968 until now, they have suffered many crushing blows, expending much military strength in both men and vehicles. Despite increased attacks, the enemy has not stopped attempts to cope with us in their methods of communicating. Therefore, we must increase our intercept effort in order to gain good information.
II Specific Aspects
The Regiment is a mobile unit that travels primarily by M113 and M41.
Their most recent area of operation was the Southeast Region made up of National Highway 13, north and south of Interprovincial Highway 13, the LAI KHE area , and east of LAI KHE (XUAN KHAN-XUAN LOC). Officers (operations, in command of aircraft, or moving troops) have a strange tone of voice, but they do not speak too fast.
Messages are primarily concerned with vehicles (VTR, AVOP or CHECK POINT).
Because the Regiment operates independently of roads, they usually use landmarks or a PO (POINT OF ORIGIN) from which they use LEFT, RIGHT, UP, and DOWN to designate position.
An important part of an armored unit's mission is to protect and escort convoys.
III Methods of search and development of the net
The enemy, in an attempt to cope with our efforts, changes Call Sign Suffixes (C/SS) and frequencies more and more every day. The task of search and discovery of C/SS and frequencies therefore, is a very important matter. The enemy changes C/SS and frequencies at the beginning of the month and sometimes changes twice a month. Often we must rely on characteristics, model messages, etc. For example, if the enemy conceals a frequency change, and we wish to know the frequency, we must rely on operational characteristics, model messages, and type and area of operations.
A. Operational characteristics
Usually, the Regiment is very active and there are many exchanges, especially involving operations officers, commanders, etc, during normal times as well as during attacks. These exchanges are a little strange, but unlike other units such as the 1st and 25th Infantry Divisions, they are not very fast. Periods of interference have little effect on our intercept: officers of the higher echelons and the operations center, when in communication with sub- ordinate officers or units, report calmly and carefully even during an attack when the level of work increases.
B. Sample messages
Generally speaking, the Regiment does not have a standard message format except for B52 and artillery reports.
Examples:
B52 report
BADMAN 96 - ALL STATIONS - HEAVY ARTILLERY WARNING AT COORDINATES XT 400800 ON THE 345/44 BIEN HOA TACAN. ALL A/C AVCID BY 10 NAUTICAL MILES FROM NOW UNTIL 1210H. ALL STATIONS ACKNOWLEDGE IN TURN.
Ariillery report
BADMAN 96 - ALL STATIONS - ARTILLERY WARNING FIRING FROM LEAR TO GRID XU 725115. MAX SHORT 230 FEET, 190 DEGREES; MAX RANGE 12 - 5 12m.
Postiion or sighting report
BADMAN 92 - BADMAN 96 - MY 18 ELEMENT LOCATION FROM PO ANG DOWN 1.6 RIGHT 2.5.
THEY ARE SEARCHING THE AREA AND FOUND A BASECAMP CONSISTING OF 20 BUNKERS 5 x 8 WITH OVERHEAD COVER. 2NS TRAILS SHOWING HEAVY RECENT USE.
I HAVE GOT REPORT THAT 1 VC BATTS LOCATION IN RADIUS 700m GRID XU 8405 . RED 2 AND ARTILLERY ARE CHECKING THE AREA AT THIS TIME.
Because activity is near highways, a message often contains VTR (VEHICLE TANK RECOVERY), AVOP (ARMORED VEHICLE OPERATION), CP (CHECK POINT) or PO UP, DOWN, LEFT, RIGHT.
A few conclusions
From analyzing the enemy over the past months (April - July), we have developed a few rules regarding frequencies, C/SS, and the suffix system used by the Regiment and its battalions and companies.
Frequencies
Although the enemy often changes frequencies, they only rotate a number of set frequencies as demonstrated.
C/SS and suffix system
Pay attention to the monthly suffix system of the Regiment and identifying the COs or operations officers relying on their characteristics and their relationships on the net. The suffix system of the Regiment is the same as that of the battalions. -In order to Identify units, take the CO's suffix together with the number, in order, of the unit (as demonstrated above).
Note: Besides this, in order to identify the suffix system, we must rely on message content, area of activity and continuity.
A point worthy of note is that the battalions have separate C/SS for the Regiment and battalion nets. Example:
BADMAN 93 - 3d Bn
BADMAN 38 - 3d Bn CO on Regt's frequency
The Cos are also like this.
V Extraction of information
If we want to produce good information; that is, be good reporters, we must first of all be good collectors.
Combat experience has taught us to produce timely and accurate information with each person working as a good reporter of information collected on short wave by PRC25. We must be able to discern enemy activity; gauge its level by being aware of the situation, by skilled map reading, and by improving our skills; take sufficient notes; accept hardships; and react quickly to changes in enemy posture.
Points to aid in the extraction of information
Echelon of the unit(Bn and Co)
Period of time
Key points of interest
Composition
General information
Operational characteristics
Area of operations
A marked increase in traffic
Changes in deployment in the news
VI Conclusion
Presented above is a small amount of technical knowledge we have concerning the Regiment. Although there is much lacking, we have presented it to give all of us a frame of reference for more and better technical analysis of this unit.
Awaiting your contributions
15Aug 69
Technical Information on a US Cavalry Division, Air Mobile (AM)
We are going to introduce a few recent (May - Jul 69) technical characteristics of the Division to allow you to gain experience in this area.
I C/SS and frequencies
Since the Division began operating in III CTZ (the end of Oct 68) until now, they have hardly changed C/SS and frequencies. However, there are units that are exceptions, such as 5/7.
During our offensive phases, when we attacked units of the Division, they attempted to cope with our intercept mostly by continually changing frequencies, concealing the changes in the context of messages, and by changing the C/SS of 5/7. These changes had special characteristics that must be noted.
C/SS of all Bdes, Bns, and Cos did not change basically. They remained as before (with the exception of 5/7), and the C/SS suffix system did not change. Before the summer campaign, 5/7 changed their Bn and Co C/SS but did not change their suffix system. On 11 May 69, 5/7 changed their C/SS as follows:
BALTIC TYRANT -- 5/7
CANTEEN -- A Co
LACKING LINGER -- B Co
RAIDER -- C Co
LADY LAND -- D Co
TURKY BATMAN -- E Co
At the beginning of Jun 69, 5/7 changed back to its previous C/SS and the Cos changed to C/SS that A, B, and C Cos used in March and D Co used before March. During this period, sometimes old and sometimes new C/SS were used. Here are 5/7’s C/SS from this period (Jul 69):
FAST FLANKER -- 5/7
KING FISHER -- A Co
HUNGRY-FALCON -- B Co
EAGER HAWK -- C Co
ROUGH RIDER -- D Co
READY RAIDER -- E Co (used before March)
A possible reason for the C/SS change was that 5/7 was being frequently attacked and they changed suddenly but later had to change back because the signal personnel were making many mistakes with the new C/SS. Furthermore, changing C/SS in a unit with many elements like the Division will create difficulties for the signal personnel and perhaps they will concentrate on observing message texts and changing frequencies.
In order to cope with our control of their frequencies, the Division changes frequencies without following a set pattern like the 1st and 25th US Inf Div. They change suddenly to make us lose the signal - they did this especially during the summer campaign - sometimes 2 or 3 times a day. They use duplex frequencies at the brigade level (2d and 3d Bde) and for all the other units subordinate to the Division such as the 1/9 Air Recon and the Aviation Group. One characteristic we must te aware of at the time of frequency change for the companies, battalions and brigades is that they will change to the new frequencies for a while and then change back to the former one. We must be aware of this to be efficient because, if they change continually, we will be confused by other units' frequencies aa will encounter difficulties.
In order to maintain continuity during frequency changes, we must be aware of the former frequency while searching for the new one in case they switch back and, while searching, check frequencies that they have used before. If there are enough operators and equipment, a separate cell should be assigned to search as long as their absence from work does not hamper normal operations. We have just discovered a relatively successful means for determining beforehand when battalions will change frequencies and a rapid method for finding them again. Besides the method of redistribution of men and equipment as described above, we can rely on information taken from communication on the net of the Aviation Group. In the Aviation Group's messages concerning air transport operations for any battalion, they include information concerning the frequencies to be used with these battalions for the following day. The battalion also passes information concerning frequencies presently in use. Although the Aviation Group only passes designators, if the frequency designator that we are hearing on the battalion's net differs from the frequency designator we hear on the Aviation Group's net we know that the next day they will change frequencies. If we hear the old designator we merely return to the old frequency and know that this is the same battalion. If we hear new designators, then we search until we find the new designator and know that this is the new frequency for the battalion.
Special Characteristics of Air Warning Nets
- In the important areas - areas of troop concentration or areas where there is a large military operation - there are usually large artillery bases. The mission of these bases is to give fire support to units on operation or to units in contact. Thus, the mission of establishing air warning nets is of utmost importance. These air warning nets report to units active in their area and to aircraft carrying troops or wounded, dropping flares, etc.where there will be artillery, chemical, and B52 attacks so that they will avoid the appropriate areas to avoid accidental casualties. Following these nets closely, we can exploit their coordination with infantry nets to gain intelligence on the activities of units, FSBs. LZs, and air recon for units on operation. We can also gain complementary information on infantry nets which, through analysis, can alleviate the many intelligence problems encountered during times of change in the war when the mission and characteristics of the enemy change. Recently the enemy has caused us many difficulties in intercept. If information from auxiliary nets is not combined with other sources, problems in exploitation will be created. Intercept often does not satisfy tactical intelligence requirements.
In the present situation, as stated above, it is necessary to gain experience in collecting information on enemy activity from auxiliary nets. In doing this, we will improve our intercept and analysis effort.
Technical information on air warning nets
A. Operational characteristics
One characteristic of the regional air warning nets (e.g. TAY NINH, DAU TIENG, BIEN HOA, SAIGON, QUAN LOI, etc) is that they are easy to intercept. They have fast exchanges but it is easy to get information. Usually air warning nets take the names of their regions for C/SS and the other elements of the net take the names of aircraft.
These nets have not changed since we began intercepting them (1967, 68, 69).
B. C/SS derivation
Generally speaking, C/SS derivation for regional air nets is simple.
The main C/SS are usually the place names of the unit's location and the word "ARTILLERY". For example: QUAN LOI ARTILLERY, TAY NINH ARTILLERY. Besides these main C/SS, there are many C/SS for aircraft in the region, FSBs, LZs, and place names used by the aircraft.
C. B52 Strike Report
The coordinates for a B52 strike are usually reported 10 to 15, and sometimes 20 minutes, prior to the strike (you must be aware that the coordinates given are for the general area - they are not exact). Before, exact information was given in B52 reports but now, in an attempt to cope with us, only the area is reported and even the time period is not always correct - sometimes it is and sometimes it's not.
D. Exploitation of artillery fire and air strike information
Combat units near the enemy are able to exploit tactical information concerning artillery and air strikes to avoid them. They also can gain information in other ways through analysis. Example:
If artillery is seen firing continuously into one area and we combine this with information from other nets, we might be able to determine that the enemy is about to insert troops or sweep because they usually clear such an area.
Through research, we might be able to figure out by trigonometry and geometry all the firing units. Example:
If we know the coordinates of the strike, the range of fire, and the degree of fire, we can figure out the point of origin.
Sidelight: If you consider the method of artillery fire, you will be able to get quick and concrete results.
E. Other angles of exploitation of information
Besides the areas mentioned above, there is other negligence of the enemy. We can exploit a number of coordinates of LZ and FSBs used for infantry units active on this net.
An additional source of information can verify intelligence. For example, if an aircraft is going (C/SS MEDIEVAL 21) from some point to a position at coordinates 6405 to carry wounded at 0900 hours and another net (for exsmple, the 3d Air Trans. Bde) reports that there is an aircraft (C/SS MEDIEVAL 21) carrying wounded for one of its units in contact with the enemy at an unknown point, we can combine the two pieces of information and determine that the 3d Bde is in contact at grid 6405.
Above is one specific example. Besides this, we can analyze areas of enemy activity, areas of contact, recon aircraft, fighters, support aircraft, etc. We can determine where the enemy has discovered us , if they are reacting in force or not, and whether ox not our plans have been compromised, especially during a high point when there is much activity.
Generally speaking, in-depth analysis of information gleaned from the air warning nets yields very useful information concerning the enemy's secret tactics.
Technical Characteristics of the RVN
I Introduction
All RVN units have US military advisors. Alongside RVN communications nets are US military advisory nets. There was a time when, due to personnel shortages, we did not give appropriate stress to the monitoring of these US advisory nets. During the Third Phase General Offensive and Uprising, we ran , across several of these advisory nets to the general preparedness force. At this time we began to monitor these nets and began extracting intelligence which we could collate with the intelligence gained by the detachment monitoring RVN shortwave communications in the field. In general, the quality of the advisory nets is good. They provide quite a bit of intelligence on RVN activities, especially during combined US/RVN operations. The intelligence passed over the advisory nets gives a fairly complete picture of the enemy's combat activities and plans. We are tasked with developing our mission, with fulfilling the urgent needs of the Revolution in this present phase and with gaining a completely accurate understanding of the activities of US forces in our area. Therefore, it is of utmost importance that we compile an amount of technical data so that we can gain a thorough understanding of the RVN forces by exploiting the US advisory nets, Faced with these requirements, we have drawn from our practical experience in order to present a number of technical characteristics of the US advisory nets So that we could state our opinions and exchange our technical experience on these nets as suggested above.
II Technical information on RVR airborne advisory nets
In the Third Phase General Offensive and Uprising, the key theater of operations in III CTZ was the TAY NINH theater of operations. The enemy assembled a large force and moved it up there to defend the region. The forces which were active in this key theater of operations were 2 brigades of the US 25th Infantry Division (Tropic Lightning)and 7 battalions of RVN general preparedness forces (consisting of RVN airborne forces and marines). Of particular interest in regard to technical characteristics of the RVN airborne forces is that from Oct 68 until Jun 69 they did not change their Call Sign Suffix (C/SS). Their C/SS is RED HAT. This fact helped our intercept operators recover the advisory net of the RVN airborne forces.
There are also several special characteristics in regard to mannerisms, work procedures and message content of the advisory nets of the RVN airborne forces which are very easy to recognize if we compare their operating procedures, message content and methods of coping with our intercept efforts with the same information from other US Army infantry and air nets. We have had this information since General Aggression and Uprising Phase, Phase I. During the period from TET 1968 until the present (Jul 69), the US has increased its attempts to cope with our intercept of their communications. In the nets of the 1st Cav Div (AM), the 1st US Inf Div. the 25th US Inf Dlv (Tropic Lightning), the 11th ACR, etc, the enemy has continuously changed frequencies, C/S9 and system of suffixes. In addition to this. they have begun to encrypt coordinates which has greatly hampered our extraction of tactical intelligence from intercept. Unlike US infantry nets, the RVN airborne advisory nets never change C/SS, their operating procedures are relatively easy to recognize and their messages are sent in the clear and are easy to receive. Usually when they have contact with our forces they use the advisory nets to request US infantry or artillery support, dustoff, airstrikes or to suggest a coordinated operation. Contents: The messages they send are easy.to under- stand, they do not encrypt coordinates which is very advantageous for us because by relating this Information to the intelligence gained by our nets monitoring the RVN general. preparedness forces we can very easily make unit identification and can coordinate to gather intelligence for HQ so they can provide timely and accurate leadership. Nevertheless, exploiting the RVN airborne advisory net is not all that easy. There are times when they do change frequencies and we often lose much time searching for the new frequencies because the RVN airborne advisory net frequencies are not used regularly; that is, hourly reports every day. There are a few sections whose nets are very similar to those of other units. Usually the RVN airborne advisory nets only come up when it is necessary to request support from surrounding US units when the RVN airborne forces have contact with our forces which they can not handle. This fact causes us no little difficulty. Naturally, by monitoring US military advisory nets we can not gather sufficient intelligence on RVN Airborne activities. In order to gain intelligence on developments of specific activities and on RVN airborne combat operation plans, we must rely on intelligence and on the RVN nets. On this basis, the intelligence gained from the advisory nets has the function of supplementing our intelligence so that it is accurate and complete.
REFERENCES
1.Headquarters, 101st Radio Research Company letter IAPV1O1/OPNS, dated 30 December 1969 and briefing notes attached thereto.
2.Commander, United States Military Assistance Command, Vietnam message VMAC, Cite 123/69, DTG 30124OZ DEC 69.
3.MACV Combat Experiences 2-69: Tactical Cover and Deception; published by Headquarters, United States Military Assistance Command, Vietnam; dated 29 July 1969.
4.Vietnam Lessons Learned No. 64: Imitative Communications Deception; published by Headquarters, United States Military Assistance Command, Vietnam, dated 15 September 1967.
5.Combined Document Exploitation Center, Saigon Report Number TIR RVN 06-70, dated 25 January 1970, Originator: MACVJ2/ TAREX Vietnam, Subject: Project TOUCHDOWN.