On May 15, 2018, under a sunny sky, Russian President Vladimir Putin drove a bright-orange truck in a convoy of construction vehicles for the opening of the Kerch Strait Bridge from Russia to Crimea. At 11 miles long, it is now the longest bridge in Europe or Russia.
As Putin drove across the bridge, something weird happened. The satellite navigation systems in the control rooms of more than 24 ships anchored nearby suddenly started displaying false information about their location. Their GPS systems told their captains they were anchored more than 65 kilometers away — on land, at the Anapa Airport.
This was not a random glitch, according to the Center for Advanced Defense Studies, a security think tank known as C4ADS. It was a deliberate plan to make it difficult for anyone nearby to track or navigate around the presence of Putin, it said.
‘All critical national infrastructures rely on GNSS to some extent’ — and the Russians have started hacking it
The Russians have started hacking into the global navigation satellite system on a mass scale to confuse thousands of ships and airplanes about where they are, a study of false GNSS signals by C4ADS found.
Putin driving two construction workers across the Kerch Strait Bridge.
GNSS comprises the constellation of international satellites that orbit Earth. The US’s Global Positioning System, China’s BeiDou, Russia’s Glonass, and Europe’s Galileo program are all part of GNSS.
Your phone, law enforcement, shipping, airlines, and power stations — anything dependent on GPS time and location synchronization — are all vulnerable to GNSS hacking. A 2017 report commissioned by the UK Space Agency said that “all critical national infrastructures rely on GNSS to some extent, with Communications, Emergency Services, Finance, and Transport identified as particularly intensive users.” An attack that disabled GNSS in Britain would cost about £1 billion every day the system was down, the report said.
The jamming, blocking, or spoofing of GNSS signals by the Russian government is “more indiscriminate and persistent, larger in scope, and more geographically diverse than previous public reporting suggested,” said a recent Weekly Intelligence Summary from Digital Shadows, a cybersecurity-monitoring service.
This diagram shows GPS signals for a ship jumping between the accurate location at sea and a false location at a nearby airport.
Nearly 10,000 incidents of ships being sent bad location data
The C4ADS study found that:
- 1,311 civilian ships have been affected.
- 9,883 incidents were reported or detected.
Until the past couple of years, C4ADS thought the Russians used GNSS jamming or spoofing mostly to disguise Putin’s whereabouts.
For instance, a large area over Cape Idokopas, near Gelendzhik on the Black Sea coast of Russia, appears to be within a permanent GNSS-spoofing zone. The cape, believed to be Putin’s summer home, or dacha, contains a vast and lavish private residence — “a large Italianate palace, several helicopter pads, an amphitheatre, and a small port,” C4ADS said. It is the only private home in Russia that enjoys the same level of airspace protection and GNSS interference as the Kremlin.
C4ADS thinks Putin’s summer home is protected by a permanent GNSS-spoofing zone.
‘Russian forces had developed mobile GNSS jamming units to provide protection for the Russian president’
“The geographical placement of the spoofing incidents closely aligns with places where Vladimir Putin was making overseas and domestic visits, suggesting that Russian forces had developed mobile GNSS jamming units to provide protection for the Russian president,” Digital Shadows said. “The incidents also align with the locations of Russian military and government resources. Although in some areas the motive was likely to restrict access to or obstruct foreign military.”
Ships sailing near Gelendzhik have reported receiving bogus navigation data on their satellite systems.
“In June 2017, the captain of the merchant vessel Atria provided direct evidence of GNSS spoofing activities off the coast of Gelendzhik, Russia, when the vessel’s on-board navigation systems indicated it was located in the middle of the Gelendzhik Airport, about 20km away. More than two dozen other vessels reported similar disruptions in the region on that day,” C4ADS said.
An million superyacht was sent off course by a device the size of a briefcase
Most of the incidents were recorded in Crimea, the Black Sea, Syria, and Russia.
Perhaps more disturbingly, GNSS-spoofing equipment is available to almost anyone for just a few hundred dollars.
“In the summer of 2013, a research team from The University of Texas at Austin successfully hijacked the GPS navigation systems onboard an million superyacht using a ,000 device the size of a small briefcase,” C4ADS said. “The experimental attack forced the ship’s navigation systems to relay false positioning information to the vessel’s captain, who subsequently made slight course corrections to keep the ship seemingly on track.”
Since then, the cost of a GNSS-spoofing device has fallen to about 0, C4ADS said, and some people have used them to cheat at “Pokémon Go.”
This article originally appeared on Business Insider. Follow @BusinessInsider on Twitter.