How Shady Ships are Spoofing Their Locations with Fake GPS Coordinates (nytimes.com) 92
Slashdot reader artmancc writes: Like aircraft, many of the world's ocean-going vessels are required to have transponders that broadcast their location. The information is public and can be seen on websites such as AIS Marine Traffic. But according to an analysis reported in The New York Times , a maritime data company called Windward "has uncovered more than 500 cases of ships manipulating their satellite navigation systems to hide their locations."
The article, by Anatoly Kurmanaev, highlights the Cyprus-registered tanker Reliant, which was observed taking on oil at a Venezuelan refinery last December. At the same time, however, the ship was reporting its position as some 300 nautical miles (about 500 kilometers) away, "drifting innocuously off the coast of St. Lucia."
It's illegal (under international law), but the rapidly-growing practice lets ships circumvent international laws and sanctions, the Times reports, and "could transform how goods are moved around the world, with profound implications for the enforcement of international law, organized crime and global trade." Its use has included Chinese fishing fleets hiding operations in protected waters off South America, tankers concealing stops in Iranian oil ports, and container ships obfuscating journeys in the Middle East. A U.S. intelligence official, who discussed confidential government assessments on the condition of anonymity, said the deception tactic had already been used for weapons and drug smuggling. After originally discovering the deception near countries under sanction, Windward has since seen it spread as far as Australia and Antarctica.
"It's a new way for ships to transmit a completely different identity," said Matan Peled, a founder of Windward. "Things have unfolded at just an amazing and frightening speed...." The spread of AIS manipulation shows how easy it has become to subvert its underlying technology — the Global Positioning System, or GPS — which is used in everything from cellphones to power grids, said Dana Goward, a former senior U.S. Coast Guard official and the president of Resilient Navigation and Timing Foundation, a Virginia-based GPS policy group. "This shows just how vulnerable the system is," he said.
The article, by Anatoly Kurmanaev, highlights the Cyprus-registered tanker Reliant, which was observed taking on oil at a Venezuelan refinery last December. At the same time, however, the ship was reporting its position as some 300 nautical miles (about 500 kilometers) away, "drifting innocuously off the coast of St. Lucia."
It's illegal (under international law), but the rapidly-growing practice lets ships circumvent international laws and sanctions, the Times reports, and "could transform how goods are moved around the world, with profound implications for the enforcement of international law, organized crime and global trade." Its use has included Chinese fishing fleets hiding operations in protected waters off South America, tankers concealing stops in Iranian oil ports, and container ships obfuscating journeys in the Middle East. A U.S. intelligence official, who discussed confidential government assessments on the condition of anonymity, said the deception tactic had already been used for weapons and drug smuggling. After originally discovering the deception near countries under sanction, Windward has since seen it spread as far as Australia and Antarctica.
"It's a new way for ships to transmit a completely different identity," said Matan Peled, a founder of Windward. "Things have unfolded at just an amazing and frightening speed...." The spread of AIS manipulation shows how easy it has become to subvert its underlying technology — the Global Positioning System, or GPS — which is used in everything from cellphones to power grids, said Dana Goward, a former senior U.S. Coast Guard official and the president of Resilient Navigation and Timing Foundation, a Virginia-based GPS policy group. "This shows just how vulnerable the system is," he said.
Any rule needs enforcement.. (Score:2)
.. or people who want to do shady things will bypass it.
Re: (Score:2)
You know what the dire consequences would be for turning of GPS would be?
Well if the ship doesn't exist, then pirates have an excuse to attack "ghost ships" don't they?
Or you know, submarines could lay traps for ships seen by satellite but have turned their GPS off so they never make it out of port. Can't complain, they aren't supposed to be there. Page 1 of most scams is that criminals will never ask for help when they are doing something illegal because it will tip their hand to the entire scam.
Re: (Score:2)
I had trouble parsing "turning of" where you meant "turning off", but it still wasn't one of the jokes I was searching for. But I thought the story looked more promising for Funny... In the end, only three recognized attempts?
(How to fix the moderation? Flogging the dead horse, but perhaps (1) More moderators, (2) Less artificial scarcity of mod points, and (3) Searches for mixed moderation, especially in cases of humorous insights.)
Re: (Score:2)
Well, okay as an FP, though kind of vacuous... Anything's better than an AC filler.
But the story's topic is so rich for jokes. Bermuda triangle and Flying Dutchman ghost ship stuff... Or maybe a spinoff from that recent story about all the cabs getting sent to one location? What if they spoof their GPS into another ship's actual (or spoofed?) location?
Having said that, I don't have a better Subject to offer, and heaven forbid I come up with an actually funny joke. (Just ask my wife.)
Oh well. Always glad to encourage the censor trolls to show me where there buttons are.
Re: (Score:2)
Best enforcement would be "oops, you weren't there on the GPS tracker so we thought that the water was clear for our live ammo shooting exercise".
Re: (Score:2)
As tempting as it may be, some of those ships are oil tankers. Destroying them would cause very dangerous spills.
Re: Any rule needs enforcement.. (Score:2)
Seems more reasonable to assume they're pirates and confiscate them.
Re: (Score:2)
Seems more reasonable to assume they're pirates and confiscate them.
When it is done on behalf of a nation it is called privateering. You can even get a knighthood (and rich) for doing it.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Working as designed (Score:5, Informative)
Just to be clear, all of the "subvert technology" talk is sort of pointless. The AIS system is designed this way. AIS is using specific short wave frequency to send what amounts to clear text ASCII strings in packet form. These carry an individual ship identifier (MMSI number assigned globally) and a GPS position of the ship, as reported by the ship itself. The position is usually derived from a GPS receiver, but that is not a part of AIS system per-se, and it is both trivial and quite legal to provide the position in some other way (including entering it manually).
Not only that, but as this is a clear text broadcast on radiowaves - there is nothing preventing a ship from entering another ship's identifier, or simply turning off its AIS transmitter. The system has no provisions for authentication or authorization and really cannot (at a minimum - it can always be turned off). While having an AIS transmitter is mandatory for large commercial vessels due to various laws, there are no technological means in the protocol to enforce that.
In addition, some ships report position using a proprietary satellite tracking system. Again, there is nothing (other than the specific proprietary software interface) preventing the ship from keyeying in a position manually. This system is not considered mandatory (unlike the true AIS).
The only way to track ships in a way that does not rely on their goodwill/cooperation is to use some form of an active tracking, where each ship must carry a non-powered identification device (antenna resonator?) and is surveyed externally (by satellite?). Even that could be somewhat circumvented (cover the antenna or cut it off and throw overboard) but the stakes are higher, and it's something that could be readily verified. I don't see that becoming the case anytime soon though.
Re: (Score:1, Troll)
Re:Working as designed (Score:5, Insightful)
I’m struggling to find what’s Orwellian in this story. Enforcing international maritime laws is big brother now?
Falsifying your position in busy shipping lanes absolutely is a safety issue.
Re: (Score:2)
Enforcing international maritime laws is big brother now?
For some people enforcing any law is Orwellian / big brother -- especially when it's a law they're breaking.
Re: (Score:1, Insightful)
That's too easy. It shows you both have something to learn about privacy.
Car analogy? The registration plates are there to find you if you fuck up. "Who ran over this old lady then drove off?" They're not there to, say, track your every move. As is now happening with ubiquitous ANPR and massive databases with movement data. That's really repurposing the reason registration plates are there for. Same with, say, auto-toll transponders and putting receivers elsewhere to track so-equipped vehicles. They're the
Re: (Score:3)
That's too easy. It shows you both have something to learn about privacy.
Car analogy? The registration plates are there to find you if you fuck up. "Who ran over this old lady then drove off?" They're not there to, say, track your every move. As is now happening with ubiquitous ANPR and massive databases with movement data.
That argument might be true if license plates weren't passive devices. Ship tracking requires a signal to be broadcast. If you don't like that then maybe operating a cargo ship isn't for you.
Re: (Score:2)
They don't exist for vehicles because vehicles pre-date such safety systems by a century. At the speeds a car drove back in the 1920's, you not only heard them coming, but you could get out of the way. By the 1940's that was no longer the case, and by the 1960's everyone owned a car.
Turning signals are about the only thing vehicles have that are used this way.
However we really should be tracking vehicles from the second they enter a public road. We all pay to use the roads regardless if we drive a car, bike
Re: (Score:2)
But Americans won't stand for that tracking, so it will likely never become a standard feature in cars.
You are welcome. Maybe this is why wherever you are from doesn't get to make such decisions?
Re: (Score:2)
Fog. Your 4d location for sale. The part Hollywood got wrong was how easy it is to get.
Re: (Score:1)
Re: Working as designed (Score:1)
It's "Orwellian" in that this is a clear example of taking a basic technical physical safety system meant for anti-collision and maybe some search and rescue work and using it for unrelated "political" goals. In this case that's various trade sanctions and fishing rights... and then complaining when people opt out of the original system.
it's akin to other safety systems like moderation: It starts out banning porn and snuff films. ok.
then "terrorism"
then "hate"
then "misinformation"
So now you've got a syst
Re: (Score:2)
using it for unrelated "political" goals. In this case that's various trade sanctions and fishing rights
What you describe is called a crime, not politics. You wouldn't be upset if someone started hunting on your property without permission? Oh that's just politics.
Re: (Score:2)
Authentication will be extremely difficult because you're talking about boats from all over the world - how would you coordinate handling and transmission of a current list of whatever you use to authenticate? After all, such a list is basically outdated the instant its published, and not all boats can be updated in real time.
It's the same as with things like ADS-B - you need everyone to be able to receive it, so you can't really encrypt it, and if you authenticate it, there's no way to reliably distribute
Re: (Score:2)
Encryption isn't the solution, a signed attested message is. Then, the signature can confirm "the location provided has come from an approved device, and that device has attested that it is correctly operating". That's standard hardware security module functionaility.
Having said that, overloading the receivers input with spoofed GPS location radio signals is trival, and costs a few hundred dollars for an SDR radio, and the free software https://github.com/osqzss/gps-... [github.com]
I used that in a factory test jig to t
Re: (Score:2)
Authentication will be extremely difficult because you're talking about boats from all over the world - how would you coordinate handling and transmission of a current list of whatever you use to authenticate? After all, such a list is basically outdated the instant its published, and not all boats can be updated in real time.
It really isn't difficult. Look at Apple cables and the Made for iPhone program. There are millions of accessories made under that program that are paying license fees to Apple so they can have a security chip in them to enable features. All you need to do to protect this data is say "Only data signed by a trusted certificate will be accepted as valid position data". And then you only allow a very small number of very trusted chipmakers to have the intermediate certificates required to generate those truste
Re: (Score:1)
Authentication will be extremely difficult because you're talking about boats from all over the world - how would you coordinate handling and transmission of a current list of whatever you use to authenticate? After all, such a list is basically outdated the instant its published, and not all boats can be updated in real time.
It's the same as with things like ADS-B - you need everyone to be able to receive it, so you can't really encrypt it, and if you authenticate it, there's no way to reliably distribute the information around.
So in the end, it's basically going to be cleartext anyways - any encryption is going to be known to everyone because everyone has to be able to send and receive AIS or ADS-B messages.
In the end, there's very little one can do. ADS-B can be enforced by various aviation organizations as it's required to be a part of air traffic control, but what they can do is limited. AIS is even more limited because only the coastal receives and coast guards can really enforce it, and there's a lot of water otherwise.
In the end, it's really more about safety than anything - if you're misreporting your AIS and someone crashes into you, then maybe you have some explaining to do because everyone else's AIS will have records showing that. And there are plenty of things out there without AIS - swimmers, paddlers, canoers, kayakers, and other small vessels aren't required to equip AIS. (Of course, it also relies on the fact that the other vessel can probably avoid other ships easily, but you'll also probably want to not swim in busy shipping lanes).
How many countries are ships registered in? If you exclude Panama, how many are left? So the answer is tie it to their insurance. Also, we're talking about commercal vessles, not Jeff Bezos yacht.
Re:Working as designed (Score:5, Interesting)
So Class A transponders must have their own internal GPS receiver to operate as the SOTDMA transmission system requires the precise timing signal to work. The regulations that cover these transponders in turn require that the transmitted position be fed to a Class A transponder from the ship’s navigation system. The firmware on the transponder is supposed to sanity check that provided position against its internal receiver, and refuse to transmit if they’re more than x meters different (I think 300m).
It’s pretty clear that these ships are running hacked transponders. However, it’s not hard to sanity check the data. The range of an AIS transmission is about 40 nautical miles at most. If you’re receiving a position that is more than that away from the receiver, you can pretty much consider it to be bogus.
Re: (Score:2)
Re: Working as designed (Score:2)
Yep. Then you get into the fun that is AIS for warships. All the rules go out the window. A warship can reprogram its MMSI at will, can transmit bogus positions, encrypt the data, all sorts of fun things. If you look at the west coast of Vancouver Island, youâ(TM)ll often see âoeFisheries Researchâ ships moving around at 20 knots. They arenâ(TM)t.
Re: (Score:1)
> The range of an AIS transmission is about 40 nautical miles at most. If youâ(TM)re receiving a position that is more than that away from the receiver, you can pretty much consider it to be bogus.
At sea, yes. On land (for inland shipping) and maybe near the coast there are AIS base stations that can relay AIS messages. Still there is a limit on the amount of hops and it's still shouldn't be too hard to filter for obviously bogus positions.
Re: (Score:2)
The only way to track ships in a way that does not rely on their goodwill/cooperation is to use some form of an active tracking, where each ship must carry a non-powered identification device (antenna resonator?) and is surveyed externally (by satellite?).
With sufficient optical coverage you wouldn't need any equipment on the ship at all - the satellite constellation could simply identify the overhead silhouette, at least to the ship class - and could keep track of where each vessel had been such that it could disambiguate between sister ships in different locations.
Re: (Score:2)
Re: (Score:2)
High resolution satellite images come from low earth orbit satellites, which necessarily have a small horizon, so tracking is intermediate at best, and why warships can plot courses which avoid satellite coverage if they need to.
Re:Working as designed (Score:5, Insightful)
Not 100% reliable, since you can't assume 24/7 coverage at sufficient resolution and and the correct wavelengths to deal with the weather in a given area; but between the ship itself and the wake they show up just fine when you do photograph an area; and they aren't blazingly fast so computing the potential movement during the times you don't have an eye on them is reasonably productive(and trivial, if you just draw a circle of the appropriate radius; more accurate if you've got information on currents and meteorological conditions).
As with most inferential attacks, this also gets more powerful if you have other datasets to cross-reference it against: if a ship needs to stop lying on AIS, say, they run the risk of being either correlated with non-AIS detections of their earlier position via satellite or radar or of introducing a 'jump' in their position that cannot be reconciled with their actual maximum speed and/or the ships that weren't detected in a given area during the time they would have had to be travelling there for the route to work out. There's also observational data from ports and ships considered reliable(own and allied ports and coast guards, commercial observers in ports suspected of operating on a see-no-evil basis but not sufficiently hostile that such observers run a serious risk of getting shot for spying, own or friendly merchant ships given inducements for voluntary data sharing); and finally outright just sending someone to take a look if you care so much about it.
Yes, more expensive than just taking an AIS dataset and having some Treasury GIS guys crunch up a report from the comfort of their office; but (except for very high value/very hot stuff that gets the disposable narco-sub treatment, is very carefully mixed with legitimate goods by competent smugglers, or which travels by diplomatic bag) the mere presence of bulk cargo ships and tankers, and the ports that serve them, is hard to hide; and there are few restrictions on RF or optical inspection of ships in international waters(or within national waters but from international waters). Something like the Venezuelan oil smuggling? Venezuela has a limited number of oil terminals(and apparently Jose Terminal accounts for the bulk of traffic), and those aren't something you build overnight or without being noticed; plus they all dump you into the Caribbean, which offers a handy mix of jurisdictions such that more or less anyone who isn't a total pariah state can find a friendly dock in the vicinity if they don't want to use a long-endurance blue water navy for the job of just keeping an eye on shipping. If the feds actually care there isn't an awful lot something with the radar signature of an oil tanker could do to avoid being observed going in and coming back out of one of the terminals and, approached closely enough to verify visual details and buoyancy changes consistent with having loaded or unloaded cargo. This will presumably get even harder to avoid as time goes on and drones with adequate range and good cameras become cheaper and more common, and partially autonomous operation of ships(to avoid the drag on endurance that having a crew eating food and getting bored causes) becomes more viable.
Probably the bigger question is the 'and what are you going to do about it?' aspect. Even with today's rather haphazard enforcement you get periodic reports like this one(sometimes generalist, sometimes from specifically interested groups trying to protect fisheries or displeased at the flouting of a specific sanction); but unless getting caught is actually an expensive risk it doesn't really matter. There doesn't seem to be a lot of appetite for measures like cracking open the shell companies and going after the operators; or forbidding a ship caught flouting the rules from doing business in reputable ports from then on; or just plain boarding and seizing the thing. If there were, even a fairly leaky detection system would be a lot scarier.
Re: (Score:1)
AIS is not exactly ASCII clear text. Your point still stands since there is no encryption at all going on, but I thought I'd mention some details for who might be interested.
AIS messages are broadcasted as binary data from which you can extract the different pieces of data according to the specification for each message type (of which there are about two dozen not including regional extensions): first 6 bits for the message type, next 2 bits for a repeat indicator, then 30 bits for the MMSI of the sender, a
Fake transponder codes (Score:4, Funny)
Re: (Score:2)
Only attempt at funny so far? But the transponder is more of an IFF thing...
Still, if I ever had the mod point to give, I'd be generous with Funny in hopes of encouraging more attempts.
Requoted against a censor sock puppet. Not worth the requoting, but if it upset the troll so much...
Re: (Score:2)
Re: Article is forgetting??? (Score:2)
Why,and how to stop it. (Score:5, Funny)
1) To avoid sanctions. The US has placed some sanctions on Venezuelan oil, which is why the ship was pretending to not be there while it was taking on oil. Similarly, russian yachts do not want to let people know where they are.
2) Avoid pirates. While ship piracy has mostly vanished (due to law enforcement going to the places where ships were taken to and taking the ships back), it does still exist.
3) Avoid James Bond. That SOB keeps showing up at every single ship based plan to take over the world.
Re: (Score:3)
Left out how to stop this:
Make it legal to confiscate any ship that does this and do some spot checking with satellites. If a ship is not where it is supposed to be, confiscate it the next time it does show up.
Re: (Score:3, Insightful)
Re: (Score:2)
Legal according to whom? Which country's laws? ...
The laws of the waters you are operating in
Re: (Score:3)
Legal according to whom? Which country's laws? The laws of the waters you are operating in ...
The waters where this is being done are either waters where it is the LOCAL GOVERNMENT who wants the skulduggery happening (e.g. sanctioned countries wanting to sell their oil, and not wanting people to know which ships are there filling up with it), or international waters where the rules of engagement are much more complicated. A US military vessel, for instance, can't just randomly stop any ship it wants to in international waters.
Re: (Score:3, Insightful)
I presume it would be enough to deny them entry into ports and/or deny them insurance. No need to confiscate them right away. That is Russian airplanes and tankers are dealt with now.
Also, broadcasting false location should be interpreted as lying to insurance company and traffic authorities
Re: (Score:3)
AIS does not transmit future maneuvers. It transmits current heading, speed, and rate of turn in addition to position and vessel static data.
Re: (Score:2)
It does transmit future maneuvers on large vessels. That is one of the main points of having it on large vessels in water ways.
Re: (Score:2)
I think the spot checking with satellites is going to grow as more imaging satellites go into orbit. There are already dozens with public imagery available. Within the next few years, that may grow to hundreds, such that near-real-time tracking of ships will be possible by coordinating AIS reports with imagery and applying a little machine learning. A ship that reports a position a few miles off of its actual location could just be a positioning error, but if the AIS reporting and the visible track continue
Re: (Score:2)
Sure, make it part of international maritime law.
Only problem is, don't expect everyone to sign up to it.
Re: (Score:2)
1) sink ships breaking sanctions Also known as piracy of the high seas, see letters de marque
2) sink pirates According to whose definition? If Putin says the US is embargoed, do we sink our own ships?
3) you can't do anything about James Bond. Suck it up. He's the British Chuck Norris.Chuck Norris is uncultured. Bond is effete drinking what amounts to a watered down martini and using a PPK.
4. I am back to teach you dumb little commies about the real world That would seem to be a mildly amusing conceit on you
Re: (Score:2)
Re: (Score:1)
Jfc, you're in what, third grade?
Do you also say things like, "bounces off of me and sticks to you!!!"?
You're not even smart enough to be embarrassed.
Re: (Score:2)
Re: (Score:1)
You: "I know you are but what am I?"
You should check the AC box next time to avoid further embarrassment.
Re: (Score:2)
Re: (Score:2)
There's always some one that will fail to address the issues brought up, preferring instead to distract from the fact they posted yet again more arrant nonsense.
Re: (Score:1)
Ooooh now you think you brought up actual issues! Lol!
Such as Putin says we are embargoed so we have to sink our own ships. Lmao, ok yeah that's such a real issue in the real world of adults discussing things for real. Right. That's such a serious problem.
Nice try but no. Just stop. Move on.
And you hate James Bond so there's no help for you.
Re: (Score:1)
In regions of Asia and Africa, piracy is still a huge deal.
Especially "stealing" from oil tankers or hijacking Yachts.
Sink them. (Score:4, Funny)
The obvious solution is to sink boats that aren't where they aren't meant to be.
Re: (Score:2)
Re: (Score:2)
Quick fix (Score:2)
"Oops! Sorry, we didn't know you were there when we started testing our live torpedoes on a 'special training mission'!"
Re: (Score:2)
An empty patch of ocean (according to the transponders). Time for some live fire drills [youtube.com].
Bad vs. Worse (Score:1)
"It's illegal (under international law)..."
Yeah. Well, so is piracy (as in the ship-attacking and boarding kind), but we seem to barely be doing fuck-all about that problem, so part of me certainly understands the "problem" of GPS spoofing.
Kind of falls into the No-Shit-Sherlock category of The-Fuck-Did-You-Expect department.
Not just for ships (Score:2)
Coming soon to cars and drones "near" you!
Umm,radar? (Score:2)
Surely ships dont simply rely on other ships GPS coords being correct? Dont they have an old school radar backup to avoid collisions?
Why was Venezuela sanctioned? (Score:2)
Very old news (Score:2)
Pokemon Go (Score:2)
I used to do fake my GPS corrdinate on my phone so I can play Pokemon Go.
Dutch Trawlers also cheat (Score:2)
Nothing new here - this issue pre-dates AIS (Score:2)
The POC was demonstrated on a piece of commercial equipment (no names - given the time that has passed it would not be fair) where the device internally used a 3rd party GPS module rather than a solution integrated into the main PCB. It was trivial to unscrew the lid, tap into this connection and manipulate/substitute the legitimate NMEA data with a modified version. This resulted in my backyard clotheslin
systems (Score:2)
"This shows just how vulnerable the system is," he said.
Which system? The one where ships voluntarily report their own position? Yeah, that comes as a total surprise that someone would think of messing with that to hide their illicit operations. Being a criminal is one thing, but hiding it ? - oh the humanity.
In summary (Score:2)
Interesting piracy ventures (Score:2)