Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/26/2019
06:30 PM
100%
0%

Russia Regularly Spoofs Regional GPS

The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.

A large-scale analysis of global positioning data has discovered widespread Russian spoofing over the past three years of the global navigation satellite system (GNSS) used by ships and autonomous vehicle systems to find their positions and safely chart courses, according to a new report.

The report — published by the Center for Advanced Defense (C4ADS), a nonprofit intelligence firm focused on worldwide security issues — found that at least 9,883 instances of spoofing occurred near sensitive areas in Russia and Crimea and during times when high-ranking officials, such as President Vladamir Putin, were present. In addition, the data showed that spoofing regularly occurred near Khmeimim Airbase in Syria during Russian operations there. 

The findings underscore the dangers of relying on global positioning data, such as that provided by the global positioning system and similar technology across the globe, because the service can be disrupted or co-opted to deliver false data, says one author of the C4ADS report, who asked not to be named because of the sensitivity of the topic.

"Having Russia exemplify the operational use of these technologies in a defensive and power-projecting capacity could serve as a guideline for illicit nonstate actors who are looking to profit off these vulnerabilities in GNSS systems," the author says. "Or it could also be used as a guideline for other nation-states to conduct these operations." 

The attacks highlight the vulnerability of satellite navigation systems and the fact that their disruption is far more widespread than originally thought. For at least a decade, a smattering of media reports covered the problems of ships near Russia having navigational difficulties. Ship crews have found that their navigational systems placed, for example, their position parked at an airport. In reality, such measures were designed to foil the GPS on autonomous drones, which typically are not allowed to fly near airports.

In 2011, Iran reportedly used GPS spoofing to capture a US drone. And in 2013, researchers at the University of Texas at Austin were able to build a device for less than $1,000 to spoof the position of a ship and cause it to change course

"The ship actually turned, and we could all feel it, but the chart display and the crew saw only a straight line," said Todd Humphreys, assistant professor of the department of aerospace engineering and engineering mechanics, at the time.

The C4ADS report is based on a year-long analysis of marine-vessel location data provided through the Automatic Identification System (AIS). The analysts found 9,883 instances of GNSS spoofing affecting more than 1,300 vessels since February 2016. While the analysis did not explicit focus on the activities of the Russian Federation, the trend quickly became clear once the C4ADS analysts started their analysis. 

"As we went along with the research project and found these large case of GNSS spoofing and disruption in Russia, Crimea, and Syria, it was hard to ignore what the common thread there was," the author says.

The analysts identified several trends in the ways that the GNSS, which encompasses all satellite-based positioning systems, was being attacked. Many of the victims of spoofing near Russia found their locations reported to be a single Russian airport; in other cases, especially near Crimea, two or more other airports were used as destinations.

In addition, the researchers also found significant activity around military and security areas. Overall, the spoofing activity appears indiscriminate — it did not target specific ships, drones, or receivers, but every device in a specific area.

C4ADS hopes that the research will cause private technology firms and navigation-system manufacturers to prepare for such attacks in the future and develop countermeasures. The low cost of GPS spoofing equipment — less than $350, according to C4ADS — could lead to regular denial-of-service and spoofing attacks against civilian targets, the firm said. 

"The Russian Federation has a comparative advantage in the targeted use and development of GNSS spoofing capabilities," C4ADS states. "However, the low cost, commercial availability, and ease of deployment of these technologies will empower not only states, but also insurgents, terrorists and criminals in a wide range of destabilizing state-sponsored and non-state illicit networks." 

Moreover, the analyst firm likely only detected a fraction of the activity and impact of GNSS spoofing, the report states. Recent news reports suggests that independent groups already are developing their own capabilities. Just this month, at least seven car manufacturers at the Geneva Motor Show found their navigation systems showing the wrong position and time.

"These technologies could be a blueprint for other actors or nation-states to conduct these activities," C4ADS's author says.

Related Content

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
EdwardThirlwall
50%
50%
EdwardThirlwall,
User Rank: Apprentice
4/24/2019 | 2:33:00 AM
Spoof to protect
I think it is indeed necessary for spoofing of satellite positioning to be done especially when world leaders are concerned. Anyone could be spying on them to undertake even the most fatal of a mission like an assasination for instance. Thus, a spoof might help protect the leader.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/27/2019 | 3:49:42 PM
Re: One more thing to fix in an automated world
Spot on - and it was a $0.75 accounting error.  The story of his research and search for the hacker, who turned out in Germany, is a great read but also a security fable of epic size.  
timwessels
100%
0%
timwessels,
User Rank: Strategist
3/27/2019 | 2:05:28 PM
Re: One more thing to fix in an automated world
Yes, Clifford Stoll is an astronomer who was working as a systems administrator at Lawrence Berkeley National Laboratory (LBNL) when he noticed a small accounting error on someone's computer account. This intrusion into LBNL's systems led to a lengthy investigation of how it happened, which eventually resulted in the arrest of a German national who was a KGB agent. They were using modems back then, and the LBNL systems were likely running BSD Unix. Clifford Stoll wrote the book "The Cuckoo's Egg" in 1986 which I read many years ago. The book is the story of his investigation of the intrusion and how the intruder was tracked down. Tim Berners-Lee is credited with the "invention" of the World Wide Web. He wrote a Web client and server in 1990 when he was working at CERN in Switzerland. He also developed specifications for URLs, HTTP, and HTML.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/27/2019 | 12:29:45 PM
Re: One more thing to fix in an automated world
If I remember correctly, the Internet grew out of HTML coding applied to the Darpanet - a connection service between military systems (mainframes) in bases to guard against nuclear attack.  Now in the book THE CUCKOOs EGG, it was documented that hackers, even then, were breaking into the mainframe systems through, of all things, MITRE in Virginia.  Talk about history turning on it's head!!!!!
timwessels
100%
0%
timwessels,
User Rank: Strategist
3/27/2019 | 10:39:30 AM
One more thing to fix in an automated world
Well, GPS is now a potential target for shipping, airplanes, and probably driverless cars. The Russians appear to be using it to defend military installations from attack or field testing it for an attack against the west. The equipment and presumably the knowledge of how to do it will become easily acquired by anyone interested in using it. GPS systems will likely be hardened against this kind of spoofing, but until then add GPS spoofing to the list of threats to living in the 21st century where the "blessings" of technology are widely deployed with insufficient security by the people who make them. When the "Internet" was being invented back in the 1970s, no one thought about security because they were trying to make it work among a small network of nodes. We can see how the lack of an Internet with "baked in" security now requires people to spend billions of dollars annually to keep bad things from happening because they are connected to the Internet.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/27/2019 | 10:12:49 AM
Re: Lead us not into temptation
Reached popular thought some years ago when used as plot device for two Bond films - FOR YOUR EYES ONLY and more significantly in TOMORROW NEVER DIES which centered on a GPS - alteration device used by the villain and initiate a war.  
BrianN060
100%
0%
BrianN060,
User Rank: Ninja
3/27/2019 | 1:56:27 AM
Lead us not into temptation
Thank you Robert, for the fine article.  Had not heard several of the GPS spoofing examples you site.  As with so many things, we have been persuaded to trust automated systems to our peril.  Part of the danger is that the skill sets which could be used to verify or override suspect automated system indications or actions are no longer considered worthwhile; so are no longer taught or sought, or thought necessary.  

What really scares me is the idea that many of the examples of GPS spoofing, and other attempts to compromise automated systems, are just proof of concept experimentation - so that they can extrapolate to the effectiveness of a full scale assault.  
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12293
PUBLISHED: 2019-05-23
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
CVE-2018-7201
PUBLISHED: 2019-05-22
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
CVE-2018-7803
PUBLISHED: 2019-05-22
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack...
CVE-2018-7844
PUBLISHED: 2019-05-22
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
CVE-2018-7853
PUBLISHED: 2019-05-22
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus