JUSTIFICATION AND OVERVIEW:
In the modern operating environment, the vast majority of individuals, vehicles, and devices emit traceable signals across cellular, Wi-Fi, and Bluetooth Low Energy (BTLE) protocols.
These emissions offer a powerful source of intelligence—when collected ethically, securely, and in line with operational constraints. However, high-end SIGINT solutions are often cost-prohibitive, over-engineered for tactical needs, or subject to export restrictions.
This course—IMSI, Wi-Fi, and BTLE Collection with Commercial Off-the-Shelf (COTS) Kit—focuses on enabling operational units, law enforcement, military teams, and technical surveillance professionals to build and deploy flexible, discreet, and rapidly configurable collection platforms using legally available hardware.
By combining low-cost SDRs, mini-computers, antennas, and open-source software, students learn how to conduct lawful monitoring of RF environments for situational awareness, intelligence development, or support to broadersurveillance operations.
The course emphasises practical deployment and covert operation. It includes real-world field scenarios where collection must be quick, portable, and disposable, while maintaining forensic soundness and operator security. Devices covered include Raspberry Pi, ESP32, BladeRF, Ubertooth, SDRs (HackRF, RTL-SDR), and Wi-Fi/BLE sniffers—all configured for actionable collection in austere or hostile environments.
BOTTOM LINE UP FRONT:
This course teaches students to collect and analyse cellular (IMSI/TMSI), Wi-Fi (MAC/SSID), and Bluetooth LE identifiers using legally available hardware and open-source software. It focuses on real-world field use, covert deployment, and actionable intelligence collection with minimal signature and maximum flexibility.
CONDITIONS OF ENTRY:
Course is restricted to vetted personnel from government, military, law enforcement, or authorised technical surveillance roles. Participants must have completed basic radio theory or signal collection training (or equivalent experience). Host organisations must confirm legal collection authority or jurisdictional compliance before enrollment.
INDICATIVE COURSE CONTENT:
Module 1: RF Theory for Tactical Collection
• Understanding identifiers: IMSI, TMSI, MAC addresses, BD_ADDR
• Cellular (2G–5G), Wi-Fi (2.4/5GHz), and Bluetooth (Classic & LE) spectrum breakdown
• Active vs. passive collection methodologies
Module 2: Hardware Assembly & Configuration
• Setting up Raspberry Pi, ESP32, and SDR platforms
• Antennas, filters, power control, and tactical concealment
• Data storage, encryption, and exfiltration strategies
Module 3: Cellular Collection (IMSI/TMSI)
• Passive sniffing of paging requests and broadcast channels
• Identifying IMSIs, TMSIs, and tower behavior
• Using SDRs (e.g., HackRF) and open-source LTE sniffers (e.g., srsLTE, GR-GSM).
Module 4: Wi-Fi & BLE Surveillance
• Capturing MAC addresses, SSIDs, and probe requests.
• Correlating Wi-Fi traffic to known devices and access points.
• Using ESP32, Ubertooth, and BLE sniffers for tracking movement and presence.
Module 5: Covert Deployment & Field Operations
• Low-profile concealment techniques (e.g., inside power banks, car dashboards).
• Operating in high-density signal environments (urban, transport, events).
• Deploying for short-term, unattended, or mobile collection.
Module 5: Covert Deployment & Field Operations
• Cross-referencing identifiers with time, location, and pattern-of-life.
• Using passive collection for device watchlisting or subject association.
• Exporting structured data for intelligence teams or wider ops.
Module 6: Covert Field Deployment Scenario
• Planning and deploying a collection mission against a simulated target.
• Capturing, storing, and reporting RF data from a mobile or fixed site.
• Post-mission debrief: what was detected, missed, and how to optimise.
