Russia 'spoofing' GPS on vast scale to stop drones from approaching Putin, report says

The spoofing poses a potential danger to aviation and maritime safety and underscores Russia's growing prowess in electronic warfare, a new report says.
Image: The Crimean Bridge across the Kerch Strait on Nov. 26, 2018.
The Crimean Bridge across the Kerch Strait on Nov. 26, 2018.Sergei Malgavko / TASS via Getty Images file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
SUBSCRIBE
By Dan De Luce

Russia manipulates global navigation systems by sending out false location data to civilian ships or other users on a vast scale, in an apparent attempt to prevent drones from approaching President Vladimir Putin or to safeguard sensitive sites at home and abroad, according to a report released Tuesday.

Although Russia's mimicking or "spoofing" of GPS signals has been exposed previously, new research by the U.S.-based nonprofit C4ADS shows that Moscow's trickery is more pervasive and indiscriminate than previously reported.

Since February 2016, Russia engaged in 9,883 cases of suspected spoofing of satellite navigation systems, including in the country's far north, east, the Crimean Peninsula and in Syria, the report said. The deception affected 1,311 civilian vessel navigation systems, including those belonging to civilian Russian ships.

"We demonstrate that these activities are much larger in scope, more diverse in geography, and longer in duration than any public reporting suggests to date," said the C4ADS report, which was based on publicly available data.

The spoofing poses a potential danger to aviation and maritime safety and underscores Russia's growing prowess in electronic warfare, the report said. The findings also raise the possibility that terrorists, criminals or insurgents could inflict grave harm by using similar methods, according to the report.

In the Black Sea, civilian ships over the past three years reported receiving false location data on their navigation systems, that sometimes placed their vessels inland at an airport. Much of the spoofing appeared to be designed to prevent drones from entering restricted airspace, but civilian ships sailing nearby often get caught in the "spillover" from the deception measures, the report said.

Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.

The report found a close correlation between movements of the Russian president and GPS spoofing events. The manipulation of satellite navigation systems often coincided with the president's visits to remote locations and then stopped afterward, suggesting the Russian Federal Protective Service sometimes operates mobile systems to counter possible drone flights in the area, it said.

The report by C4ADS, which specializes in data analysis related to global conflict and security issues, identified spoofing activities twice at the Kerch Strait, which is the site of a new bridge linking Crimea — annexed by Russia in 2014 — and the Russian mainland. The spoofing cases coincided with Putin's visits in September 2016 and May 2018. On both days, vessels near the Kerch port reported receiving false positioning data on their navigation systems. In 2016, captains received data placing their ships at Simferopol Airport, about 200 kilometers away in Crimea, the report said. For the 2018 visit, at least 24 vessels anchored nearby reported receiving false navigation data that located their ships at the Anapa airport 65 kilometers away.

The report found spoofing often occurred near government buildings where there was prohibited airspace. But heavy spoofing activity was found off the Black Sea coast around Gelendzhik, even though there are no official government buildings in the area. The report found that the spoofing was likely coming from a location that has a line of sight for most of the area, at a luxurious residence at Cape Idokopas, southeast of Gelendzhik. A Russian businessman has alleged the palatial compound, which has helicopter pads and a small port, was built for Putin. But the Kremlin has denied the Russian president has any link to the residence.

In Syria, the spoofing mimics a signal from a GPS satellite, while failing to provide any valid location for the end user, according to the report. The deception appeared to be aimed at blocking enemy drones from flying over the Khmeimim airbase, a crucial hub for Russian forces in Syria, it said.

The authors of the report, collaborating with the University of Texas at Austin, used a GPS receiver onboard the International Space Station to record and eventually pinpoint a spoofing transmitter at the Khmeimim airbase. The base is home to sophisticated Russian military hardware, including S-400 surface-to-air missile batteries, Pantsir-S1 anti-aircraft systems and Su-57 stealth fighter jets.

The University of Texas researchers "determined that the spoofing signals would be upwards of 500 times stronger than authentic GNSS (global navigation satellite systems) for aircraft flying within line of sight of the transmitter, presenting a direct safety threat to commercial aviation in range of the transmissions," it said.

The Russian airbase has come under air attack by drones, according to Moscow. On January 5, 2018, 13 drones armed with explosives reportedly targeted the base. The Russian Ministry of Defense said seven drones were shot down and six were forced to land at "assigned coordinates." The account suggested Russian electronic warfare systems were able to manipulate the navigation systems on the drone aircraft. It was not clear who had deployed the drones to hit the Russian base.

NBC News previously reported in April 2018 that Russian forces had begun jamming the GPS signals for some U.S. military drones in Syria.

Experts distinguish between jamming, which amounts to creating electronic noise to disrupt GPS services, and spoofing, which involves deceiving and manipulating a satellite navigation system to provide false data.

In recent years, ships have reported GPS interference in the Eastern Mediterranean Sea, with Russia suspected of conducting electronic jamming to shield its forces in Syria fighting for the regime of Bashar al-Assad. But the interference may well be the result of spoofing, the report said. Ships posting about GPS problems to the U.S. Coast Guard Navigation Center reported having seemingly authentic satellite signals but could not receive any valid positioning information, echoing the spoofing events in Syria near the Russian airbase.

Hacking into a satellite navigation network used to require special equipment that cost tens of thousands of dollars. But now the gear is inexpensive, portable and the software code is open-source, according to the report.

"We were able to purchase all the equipment required for this activity for less than 350 dollars," said an expert from C4ADS, who spoke on condition of anonymity to avoid reprisals from the Russian government.

Some of the Russian hacking of global navigation systems could be in violation of the United Nations International Telecommunications Union regulations, which bans harmful radio frequency interference, the report said.

Titled "Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria," the report resulted from a year-long investigation based on ship tracking data, other global navigation information, satellite imagery, social media posts and publicly available data, according to C4ADS.