èƵ

GPS cyberattack falsely placed UK warship near Russian naval base

An international vessel-tracking system appears to show UK destroyer HMS Defender travel to within a few kilometres of a Russian naval base even though a web cam feed shows it was docked at Odessa, Ukraine
HMS Defender (front) and HNMLS Eversten (rear) moored in Odessa, Ukraine on 18 June
Konstantin Sazonchik/ITAR-TASS News Agency/Alamy

The recent naval dispute between Russia and the UK in the Black Sea may have involved a cyberattack as well as conventional weaponry, an analysis of vessel tracking data has found.

Yesterday, Russia claimed to have fired “” at the UK Royal Navy destroyer HMS Defender for being inside “Russian waters”, although the UK Ministry of Defence at the Defender or that the ship was in such waters. The event took place off the coast of Crimea, Ukraine, which is disputed territory.

But last week, on 19 June, an international vessel-tracking system appeared to show HMS Defender and the Royal Netherlands Navy’s HNLMS Evertsen travel across the Black Sea to sail within a few kilometres of a Russian naval base at Sevastopol.

This would have been a provocative act, but the voyage never actually happened – both ships remained docked at Odessa, Ukraine, as confirmed by a live web cam feed. The tracking readings seem to have been faked, in a possible cyberattack.

The readings in question come from the Automatic Identification System (AIS), which is required on all ships by international law. It transmits position data from the vessels’ GPS along with an ID and other details at regular intervals. But GPS can be fooled by a transmitter imitating a GPS satellite and sending false information, which would in turn result in incorrect AIS tracks.

A previous false AIS incident took place in the Black Sea in 2017. On that occasion, at least 20 merchant vessels showed locations 32 kilometres inland at Gelendzhik Airport.

This time, the spoofing is more subtle, and only seems to have affected two vessels. Rather than being instantly teleported to a false location, their co-ordinates were changed gradually to mimic normal travel, suggesting a deliberate attempt to mislead.

“HMS Defender was alongside [moored] in Odessa at the time of the alleged AIS track.  Why this occurred would be a question for the originator of the track imagery,” says commander A. J. Stevens of the Royal Navy.

at the Resilient Navigation and Timing Foundation in Virginia speculates that the GPS spoofing could have been done by Russia.

“It took a lot of effort to do this,” says Goward. It may be intended to show shows that Russia is a force to be reckoned with, and that mariners cannot rely upon the US-operated GPS system, he says.

at the University of Texas at Austin says the tracks could have been generated by GPS spoofing, or from a fake AIS transmitter.

“AIS messages don’t carry a digital signature, so there is no way to authenticate a message as having come from the ship claimed,” says Humphreys. “This means it’s easy to gin up a fake AIS signal purporting to be the Royal Navy’s HMS Defender and broadcast it around the Black Sea with some provocative-looking tracks. “

Humphreys says he has seen AIS fakery before, but never for a warship. He too suggests that the most likely source is Russian disinformation – to sow confusion.

H. I. Sutton at USNI News, who , says AIS is an important source of open-source information about ship movements, and sometimes the only way of telling where a vessel is.

“In this case, we were able to use other open-source intelligence, public webcams, to disprove the AIS tracks. But this would not always be the case,” says Sutton.

Spoofing could be used to make a ship run aground on a reef or sandbank, or collide with another vessel. Alternatively, someone could use fake tracks to support claims that a boat wasn’t fishing in a prohibited area. But the military context of this incident is worrying, given heightened tensions.

“This kind of thing could easily lead to a shooting war by making things more confusing in a crisis,” says Goward. “NATO ships conduct ‘freedom of navigation’ patrols by sailing through disputed waters. Sometimes they come close to agreed-upon territorial seas on purpose. Something like this could cause an incident that could escalate out of control.”

The Russian and Dutch defence ministries didn’t respond to a request for comment.

Topics: cyberattacks