• Expertise
    • Sectors
    • About EWS
      • Join us
      • Corporate brochures
    • News
    • Contact Us

    Using OSINT to track the proliferation of RCIED switches

    Using OSINT to track the proliferation of RCIED switches
    Dave Ruddock, Chief Technology Officer

    Dave Ruddock, Chief Technology Officer looks at the proliferation of RCIED switches and how OSINT can be used to track them.

    Dave Ruddock, Chief Technology Officer looks at the proliferation of RCIED switches and how OSINT can be used to track their use.

    Over a socially distanced cup of coffee in our COVID-safe office, members of the EWS team were ruminating on the success and apparent proliferation of the AlphaFire firework remote as a preferred RCIED switch. Most made a reasonable attempt at guessing when it was first used but it was much more difficult to try and list the countries where it had been seen.

    During a brief, brain-boosting chocolate biscuit pause, there then followed one of those age-old “What have let myself in for?” moments when one of the team (no-names, no pack-drill) piped in: Would it be possible to trace the usage and proliferation of the switch throughout the world? The gauntlet was thrown down.

    AlphaFire remotes recovered at the arrest of a university scientist in Krakow, planning a Breivik inspired VBIED attack in November 2012

    AlphaFire remotes recovered at the arrest of a university scientist in Krakow, planning a Breivik inspired VBIED attack in November 2012

    The truth is that without access to nationally sensitive exploitation data, it is a tall ask to track switch usage in this way, so I turned to our Open Source Threat Database (OSTD) to aid me in my search.

    In most open-source descriptions, the make and models of switches are rarely given, so consequently we are heavily reliant on our experience and knowledge to identify component parts and items that have been photographed. This is a task that can be quite onerous when photographs have often been shrunk to fit the publishing medium, however we take a ‘human-in-the-loop’ approach to gathering OSINT over other datamining options to critically monitor information available in the public domain, which also allows us to ascertain overall trends and themes.

    AlphaFire firework remotes in Barkhan District, Pakistan (August 2016)

    AlphaFire firework remotes in Barkhan District, Pakistan (August 2016)

    Following the initiated VBIED in Oslo, Norway in July 2011 by Anders Breivik, his manifesto entitled “2083 – A European Declaration of Independence” was released on the Internet during his shooting spree on the island of Utoya which killed 69 people. The 1518-page manifesto was very comprehensive and included tactics, instructions for making explosives and recommended the AlphaFire firework 1Q remote as a moderately difficult RCIED trigger.

    Interrogation of the OSTD showed that in the years following, there were several right-wing extremist arrests across Europe where the AlphaFire were recovered along with other extremist right-wing material, including in Poland and the Czech Republic. According to the OSTD events history, these were the first open-source recorded uses of the AlphaFire but since then their use has proliferated.

    From the initial introduction of the AlphaFire in 2012, the technology has appeared in Israel (where various firework remotes are one the preferred switches) and in Pakistan in 2014.

    Use of the AlphaFire Firework Remote in Turkey, Iraq, and Syria over time

    Use of the AlphaFire Firework Remote in Turkey, Iraq, and Syria over time

    Since the Kurdistan Workers Party (PKK) first used the AlphaFire firework remotely in Sirnak Province, Turkey in 2015, it has steadily proliferated throughout various Turkish provinces over the ensuing years. When the Kurdish rebels crossed into Iraq and Syria, they took the technology with them and, as can be seen in map above, its usage has steadily grown becoming most prolific in Northern Iraq (Erbil) in 2020.

    Naturally, it was easy to link the incidents in Poland and the Czech Republic to the Breivik manifesto, but it is difficult to prove the hypothesis that it was the genesis for the broader proliferation of this technology.

    The OSINT in the OSTD allows us to see a clear Pakistan-Afghanistan connection, as is the Kurdish links to Iraq, Syria and Turkey, but it does not necessarily explain Italy and Israel.

    Two complete boxes of 12 Alpha Fires with their associate remote controls recovered in a PKK arms cache in Sirnak, Turkey in October 2015

    Two complete boxes of 12 Alpha Fires with their associate remote controls recovered in a PKK arms cache in Sirnak, Turkey in October 2015


    TRACING RCIED SWITCH USAGE ACROSS THE GLOBE USING OSINT

    As the threats we face in today’s world become increasingly complex and constantly evolve, we need to utilise every intelligence source available to us to continue to counter the threat presented by the ever-evolving tactics of state actors. Information Advantage and Information Superiority are key now and will play an even bigger part of all operations in the future, be they asymmetric or near-peer.
    OSINT is now recognized for its value as a rich, unclassified knowledge base, especially when it is collated alongside other information, processed and validated, analysed and finally disseminated to become ‘actionable’ or ‘exploitable’ from which an informed response can be made.
    EWS is proud to utilise the skills and experience of its DKEs to support the development of electronic warfare capability, helping it evolve into a formidable force protection asset for our military and civilian services. Expert analysis of Publicly Accessed Information (PAI) plays a key part of this process.
    Online demonstrations and trial logins are available for the OSTD so you can see for yourself how OSINT can help provide actionable intelligence assisting in the identification of current and future threats.
    Demonstrations and trial logins for the Open Source Threat Database are free of charge, so please contact Troy Phillips in the first instance to discuss your OSINT requirements.
    Share

    Related posts

    EWS hosts second CEMA ISR Industry Engagement and Networking Day
    13th May 2022

    EWS hosts second East Midlands CEMA/ISR Industry Engagement and Networking Day


    Read more
    How open source intelligence data can add value when actionable intelligence is needed
    26th April 2022

    How open source intelligence data can add value when actionable intelligence is needed


    Read more
    EWS celebrates its 13th birthday
    8th March 2022

    Happy 13th birthday to EWS Ltd. – definitely a lucky number for this successful Lincolnshire-based consultancy


    Read more

    EW SOLUTIONS LIMITED:

    Our domain knowledge experts partner globally with governments, defence, security, justice and corporate entities to identify key requirements, define specifications, design practical solutions, source reliable equipment and deliver customised training to meet operational demands.

    COPYRIGHT:

    © 2020 – 2022 EW Solutions Limited  |  All rights reserved  |  Site by GIGER MEDIA
    Site managed by Tailored Marketing Solutions

    AFFILIATIONS:

    Cyber Essentials

     

    INFORMATION:

    • Cookie Policy
    • Privacy Policy
    • GDPR