Ships fooled in GPS spoofing attack suggest Russian cyberweapon

New Scientist:

Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals.

On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32 kilometres inland, at Gelendzhik Airport.

After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces – signals from the automatic identification system used to track vessels – placed them all at the same airport. At least 20 ships were affected.

While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – a spoofing attack that has long been warned of but never been seen in the wild.

Until now, the biggest worry for GPS has been it can be jammed by masking the GPS satellite signal with noise. While this can cause chaos, it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. “Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last, former president of the UK’s Royal Institute of Navigation.

Todd Humphreys, of the University of Texas at Austin, has been warning of the coming danger of GPS spoofing for many years. In 2013, he showed how a superyacht with state-of-the-art navigation could be lured off-course by GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much like during the controlled attacks my team conducted,” says Humphreys.