Russia spoofed AIS data to fake British warship's course days before Crimea guns showdown

Great powers clash while the rest of us sigh and tut at data feed meddling

Russia was back up to its age-old spoofing of GPS tracks earlier this week before a showdown between British destroyer HMS Defender and coastguard ships near occupied Crimea in the Black Sea.

Yesterday Defender briefly sailed through Ukrainian waters, triggering the Russian Navy and coastguard into sending patrol boats and anti-shipping aircraft to buzz the British warship in a fruitless effort to divert her away from occupied Crimea's waters.

Russia invaded Ukraine in 2014 and has occupied parts of the region, mostly in the Crimean peninsula, ever since. The UK and other NATO allies do not recognise Crimea as enemy-held territory so Defender was sailing through an ally's waters – and doing so through a published traffic separation scheme (similar to the TSS in the English Channel), as Defence Secretary Ben Wallace confirmed this afternoon.*

Yet, among yesterday's drama and tension, Russia had previously spoofed maritime Automatic Identification System (AIS) signals to show Defender and her Dutch flotilla mate HNLMS Evertsen as sailing straight for the Russian naval base in Sevastopol, southwest Crimea. Neither warship was doing that: while Russia was claiming NATO warships were threatening Russia, both vessels were captured on live webcams in another Ukrainian port.

The latest batch of AIS fiddling took place on 17 June, according to naval analyst HI Sutton, writing for the US Naval Institute's blog: "Despite the AIS track, there is clear evidence that the two warships did not leave Odessa."

This week's tensions should remind the world that Russia has no compunction about interfering with widely available tech systems.

Open-source intelligence expert Steffan Watkins told The Register: "From a technical perspective, the receivers that were collecting the AIS transmissions (VHF, limited to line of sight) HI Sutton reported were in Chornomorsk, Crimea, quite near where [HMS Defender] would sail yesterday. A nefarious RF transmitter nearby, in a vehicle, ship, or stationary location, remotely controlled, or not, seems most likely to have been the source; that's a lot of options, but these days the sort of transmitter needed could fit in a backpack, if not a purse."

AIS works on an honesty-based system, at its simplest. The all-but-mandatory system (ships below 300 tons are exempt) works through each ship at sea broadcasting its GPS coordinates. Other ships receive those signals and assemble them onto display screens mounted on the vessel's bridge for crew to monitor, usually as part of an integrated ECDIS system. It's an insecure system insofar as vulns exist that allow spoofing of AIS data, as first revealed almost a decade ago. Shore stations can also receive and rebroadcast AIS signals, amplifying them – and providing a vector for the unscrupulous to insert their own preferred data.

As those revelations suggested, AIS tampering is far from new. The US Centre for Advanced Warfare, a think-tank, warned in 2019 that Russian tampering with GPS location systems revealed efforts to develop "a comparative advantage in the targeted use and development of GNSS spoofing capabilities to achieve tactical and strategic objectives."

Watkins explained that if Russia's forces were broadcasting false AIS tracks, evidence of that might have been picked up by NATO observers, saying: "Multiple AIS providers collected the bogus AIS transmissions, so we know it was not a cyber attack injecting data onto any one database. Since the attacker was transmitting VHF over the air, there is a possibility that an American SIGINT collection platform captured, or even triangulated, the source of the transmissions."

AIS spoofing is similar to GPS spoofing in that broadcasting false data can mislead the wider world. Back in 2018, researchers built a GPS-spoofing unit out of a Raspberry Pi, transmitting false location data to confuse a targeted car's satnav.

This proof-of-concept unit using consumer-grade, readily available equipment merely spells out what nation states such as Russia (and the West, naturally) have been toying with for years. Western GPS spoofing is a fact of life in the Eastern Mediterranean, as frustrated airline pilots and air traffic controllers know all too well, and the effects of AIS spoofing are very similar for those who depend on public datafeeds to keep up with the world around them.

For now, though, the decades-old game of "tweaking the bear's tail" continues – and doubtless both East and West will keep on tampering with AIS and GPS feeds whenever it suits them to do so. ®


*Wallace's statement downplays the Russian coastguard's firing of guns near HMS Defender and refers to it as "a live fire gunnery exercise… astern" [behind] the British ship.

Accounts from both the Daily Mail (linked above) and the BBC, both of which have correspondents embedded aboard the ship, revealed that the Russian coastguard boats were firing guns near the British warship. Not directly at the Defender, but after repeatedly demanding she change course away from Ukrainian waters.

Similar topics

Narrower topics

Other stories you might like

  • VMware claims 'bare-metal' performance from virtualized Nvidia GPUs
    Is... is that why Broadcom wants to buy it?

    The future of high-performance computing will be virtualized, VMware's Uday Kurkure has told The Register.

    Kurkure, the lead engineer for VMware's performance engineering team, has spent the past five years working on ways to virtualize machine-learning workloads running on accelerators. Earlier this month his team reported "near or better than bare-metal performance" for Bidirectional Encoder Representations from Transformers (BERT) and Mask R-CNN — two popular machine-learning workloads — running on virtualized GPUs (vGPU) connected using Nvidia's NVLink interconnect.

    NVLink enables compute and memory resources to be shared across up to four GPUs over a high-bandwidth mesh fabric operating at 6.25GB/s per lane compared to PCIe 4.0's 2.5GB/s. The interconnect enabled Kurkure's team to pool 160GB of GPU memory from the Dell PowerEdge system's four 40GB Nvidia A100 SXM GPUs.

    Continue reading
  • Nvidia promises annual datacenter product updates across CPU, GPU, and DPU
    Arm one year, x86 the next, and always faster than a certain chip shop that still can't ship even one standalone GPU

    Computex Nvidia's push deeper into enterprise computing will see its practice of introducing a new GPU architecture every two years brought to its CPUs and data processing units (DPUs, aka SmartNICs).

    Speaking on the company's pre-recorded keynote released to coincide with the Computex exhibition in Taiwan this week, senior vice president for hardware engineering Brian Kelleher spoke of the company's "reputation for unmatched execution on silicon." That's language that needs to be considered in the context of Intel, an Nvidia rival, again delaying a planned entry to the discrete GPU market.

    "We will extend our execution excellence and give each of our chip architectures a two-year rhythm," Kelleher added.

    Continue reading
  • Now Amazon puts 'creepy' AI cameras in UK delivery vans
    Big Bezos is watching you

    Amazon is reportedly installing AI-powered cameras in delivery vans to keep tabs on its drivers in the UK.

    The technology was first deployed, with numerous errors that reportedly denied drivers' bonuses after malfunctions, in the US. Last year, the internet giant produced a corporate video detailing how the cameras monitor drivers' driving behavior for safety reasons. The same system is now apparently being rolled out to vehicles in the UK. 

    Multiple camera lenses are placed under the front mirror. One is directed at the person behind the wheel, one is facing the road, and two are located on either side to provide a wider view. The cameras are monitored by software built by Netradyne, a computer-vision startup focused on driver safety. This code uses machine-learning algorithms to figure out what's going on in and around the vehicle.

    Continue reading

Biting the hand that feeds IT © 1998–2022