A small pyrotechnic charge is ignited to “trace” fired rounds
Back in 2011 the US Army announced it was researching how to replace the high-visibility tracer rounds with something only they could see.
Tracer rounds today are used primarily with fully automatic firearms; they give off a “large flame behind them during flight allowing observers, including the target, to see where the tracer was fired from. With non-combustible tracers, only the rear of the bullet is emitting light directly at the shooter which greatly reduces the ability of others to determine the shooter’s location. This increases survivability of our forces,” explained Daniel De Bonis, a materials engineer in ARL’s Weapons and Materials Research Directorate.
He said creating a non-combustible, low observable tracer (LOT) round solution, would eliminate the pyrotechnic material that give traditional combustible rounds their ‘fireworks-like effect.’
USSOCOM is seeking 7.62mm x 51 NATO spotting rounds to replace tracers for adjusting machine gun fire, both day and night, producing a flash and /or smoke signature visible at 800m-1200m. Current tracers allow gunners to observe the trajectory of the rounds and make aiming corrections without observing the impact of the rounds fired and without using the sights of the weapon. However, these rounds give away the gunners position, burn out before the maximum range of the machine gun and draws enemy fire. Replacing tracers with marking or spotting pyrotechnic rounds enables the gunner to directly control the impact on to the target, shows target coverage, and does not disclose the shooters location. This will increase the accuracy of machine gun fire, save ammunition, and increase gunner survivability.
Survival is a trade-off. The shooter has to see, yet not reveal themselves. It’s a tall order to make targeting work from one side’s view only when we’re talking about high rate of powerful weapon fire. Disclosure of information about the position of a soldier, and their need to see where they are aiming, is tough to reconcile with the simple fact that a high power weapon firing at a fast rate will be oozing a lot of data into a dark night.
Image: Hensinger, April 1970: “An entire Army base versus a lone Viet Cong”
Too often the news focuses on the attacks that succeed and not enough on those that fail. We should balance. There are several lessons to be learned from the most recent al Shabab suicide bomb attacks that failed in Somalia.
Let me back up a step first. This isn’t exactly history, but I find it hard to believe half a decade has passed since I was warning about social fitness networks in the cloud, such as Strava.
They immediately seemed to me a dangerous surveillance system with serious confidentiality risks.
To be fair, given closed networks with data ownership and the person generating given reasonable boundaries, I also made a point how heatmaps could be safely used like any performance monitoring tools.
However, we’ve been talking about the realities of securing big data for nearly a decade here, which tends to mean at public services scale where confidentiality is not well protected let alone understood.
On that level I was warning directly about cloud services being in a position to destroy privacy for thirsty valuation-focused executives who were giving little to no thought about the consequences to the entire information market when trust collapses.
Please excuse the snark here, but my point was we fast were approaching total information awareness. I was giving a lot of talks about the risks at this point with maps like these:
All of this is background to the fact that Strava was instrumental in leaking Joint Special Operations Command (JSOC) presence. JSOC likely was unintentionally giving away their secrets so that Strava could generate heatmaps of people jogging around a military airfield in Baledogle, Somalia used for drones (also by 2015 it was disclosed by FP).
Somali government and AMISOM sources confirmed the existence of a second clandestine American cell in Baledogle, the site of an abandoned Cold War-era Air Force base in Somalia’s sun-blasted Lower Shabelle region. These sources estimated that between 30 and 40 U.S. personnel are stationed there, also carrying out counterterrorism operations that include operating drones.
Unlike parsing heart rate and body temp to pinpoint someone in San Francisco, however, Americans running in Somalia kind of stood out the minute their Strava data uploaded.
Even a view from space could reveal Americans wearing their surveillance devices in Somalia (white dot)
See what I mean?
Again to be fair, I was doing some of this publicly in 2014 to other countries as well:
this is fun. finding a lot more geotags for tweets in north korea than cars on the road pic.twitter.com/24h9mEzW8v
Why is this so significant in today’s news? Reuters is quoting sources who give credit to failed suicide attack planners for having good intelligence about American movements on that base.
The attack showed al Shabaab maintains a good intelligence network and can mount complex operations, said Hussein Sheikh-Ali, a former national security adviser and founder of the Mogadishu-based security think-tank the Hiraal Institute.
The attack hit a part of the base that houses U.S. special forces, who supervise Somali forces on operations, he said.
“It implies they have a high intelligence and a degree of capability just to get close to that place,” he told Reuters.
I’m not going to argue against the source, just qualify that good intelligence network might in fact mean someone has a browser and Internet connection to monitor US soldier Strava data that is not being protected by the service provider or that service provider’s service providers.
The point remains that the attack failed completely. Not only did the dual suicide bombers cause zero casualties — blowing up selves at outer perimeter defense system — their entire terror team of 10 was killed.
Somali state news agency SONNA reported that all the militants who took part in the assault had been killed.
“In response to this attack and in self-defense, U.S. Africa Command conducted two airstrikes and used small arms fire targeting al Shabaab terrorists,” a U.S. military statement said.
Some secrets still are safe for that perimeter to have worked.
Interesting also is the qualification of self-defense in this event. It suggests the attackers were pursued outside the defense perimeter to be engaged and eliminated. That’s not yet been reported, it’s just a guess based on the qualified statement.
If you think my warnings in 2014 were accurate, even foreshadowing, I mention the defense perimeter angle here because of its relationship with recent domestic “hunt” legislation that in a very remote sense (pun not intended) could be abused to authorize drone strikes as self-defense almost anywhere.
AIMED AT PROTECTING UPSTATE NEW YORK SCHOOLS FROM MALICIOUS RANSOMWARE.
The SB315 list of authorized tasks for a DHS hunt and response team is as follows:
“(A) assistance to asset owners and operators in restoring services following a cyber incident;
“(B) identification and analysis of cybersecurity risk and unauthorized cyber activity;
“(C) mitigation strategies to prevent, deter, and protect against cybersecurity risks;
“(D) recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks, and other recommendations, as appropriate; and
“(E) such other capabilities as the Secretary determines appropriate.
Call me pedantic but using the word hunt in the title (as in kill, typically in reference to the 2011 Lockheed Martin militaristic model for response) seems a bit over the top.
…special operations forces have honed their ability to conduct manhunts, adopting a new targeting system known as “find, fix, finish, exploit, analyze, and disseminate.” They have adopted a flatter organizational structure and collaborated more closely with intelligence agencies, allowing special operations to move at “the speed of war”…
The hunt model was lauded as a form of authorization, streamlining towards smaller secretive teams trusted with quick and lethal capabilities “over the fence” as Harvard lawyers infamously had envisioned decades ago.
And thus the information security industry naturally became susceptible to this military mindset, adopting hunt language not least of all because USAF veterans were landing jobs in civilian security firms and bringing a killer vocabulary along.
As ominous as the militant “kill” steps sound to unleash upon an upstate New York school, in computer software terms they remain basically incident response activities. Probably they could have fit easily under a public-private Computer Emergency Readiness Team (CERT) expansion without invoking “hunt” authorization.
It does seem possible “E” leaves the door open for much broader remit including active defense and hack back for hunt teams to go after attackers, though, at “the speed of” cyberwar.
Another Echo company (Army 160th) already has kind of established that reputation.
So maybe I’m underestimating what is going to be done by DHS here, and hunt will become an operative word for kill chains even inside schools where kids are meant to be learning and experimenting.
What DHS “echo company” could look like, as they hunt in US schools for ransomware.
a blog about the poetry of information security, since 1995
