Monthly Archives: December 2012

Iranian AIS “spoofing”?

Leave a reply

Recent reports (here, here and here) say that Iranian tankers are transmitting “false” AIS data in order to try to evade sanctions on trade. Reading the press reports, it’s kind of confusing what is actually being “spoofed” and whether they are even referring to AIS. This article from Reuters (linked through the always-informative gCaptain) says “AIS” but the description is more appropriate to LRIT: “sending incorrect satellite signals that confuse global tracking systems” and “Large vessels must transmit their identity and location to other ships and coastal authorities using an automatic satellite communication system.”  There’s a bit of confusion in the article beyond what actual tracking system is being used. One quote implies the ship’s GPS can falsify its identity: “a ship could get its Global Positioning System (GPS) to give false data, including pretending to be another vessel.” GPS only provides position data, not identity. It is either the AIS equipment or LRIT system on board that provides identity (which as correctly noted in the article is input by the crew and can be fairly easily altered). The article includes a false statement: “However, another piece of identification data, the IMO [number], can’t be changed, and that, too, is sent with every message on position, which enabled vessel-tracking experts to detect that signals came from two different ships.” The IMO number can indeed be changed in the AIS static and voyage-related message (not the position report, which doesn’t include the IMO number). So it’s just as “spoofable” as the MMSI, vessel name, dimensions and all the other information that is manually entered in the AIS.

This article uses the term “AIS” and says “…Iranian tankers [are] sending false AIS signals and somehow being in two places at the same time” but there is little more information. If “being in the same place at the same time” due to duplicate MMSIs being transmitted is suspicious behavior, then there are a lot of suspicious vessels out there. Many vessels are transmitting bogus MMSIs in their AIS messages, unintentionally either through laziness (entering “123456789,” “111111111” or something else rather than the actual MMSI), honest mistake (transposing or forgetting to enter digits), or a fault with the AIS equipment itself (the infamous 1193046 is the default MMSI for a certain type of unit that is reset when the unit is power cycled.).

Both of these articles are written from the perspective of external (i.e. shore-based) systems that collect data and create vessel tracks. From nearby vessels it is not a huge safety issue (except if vessels are attempting to hail each other to make passing arrangements and one of the vessels’ name is falsified). It is also readily apparent the information is incorrect when the vessels are in sight.

To a certain extent, this incident validates an argument made in the early days of Maritime Domain Awareness (MDA). Many were arguing that LRIT, AIS and other tracking measures were redundant and that only one or two capabilities should be focused upon. Others argued that with multiple systems, there was more opportunity for “bad guys” to make errors – e.g., “spoof” an incorrect MMSI but neglect to change the IMO number to match it (as appears to be the case here). This actually makes detecting spoofing easier, as such anomalies would stand out (unless of course it’s so complicated that every vessel, legitimate or not, can’t help but make mistakes).

In any event it is clear that AIS is no panacea, and that those unfamiliar with the technology and its use can easily misunderstand the implications of incorrect data – whether intentionally transmitted or otherwise. It’s good to see that the potential “spoofing” was detected and there ought to be additional efforts dedicated to analysis of AIS data – in conjunction with other information – to detect problems, sinister or otherwise. Finally, as AIS technology matures and “next generation” AIS is developed, security and data integrity need to be addressed, as Kurt Schwehr has noted. I hope to look into this some more in future blog posts.

Week in Review – 03-09 December 2012

Leave a reply

Main focus and events this past week:

  • 03 Dec 12: CMTS e-Nav IAT chairman’s meeting – discussed upcoming meetings and efforts following e-Navigation 2012 conference
  • 04 Dec 12:(1)  NTSB GIS conference – interesting gathering to present uses of GIS in transportation safety in all modes. Unfortunately missed Maritime portion on Wednesday morning; but hope to catch up through archived webcast. (2) LOMA coordination and governance meeting.
  • 05 Dec 12: Federal Initiative for Navigation Data Enhancement (FINDE) meeting – Regular meeting of interagency group working to harmonize Government navigation data standards. Promising reports on efforts, including prototype establishment of industry reporting portal and provision of various web services for navigation information.
  • 06 – 07 Dec 12: Various e-Nav and AIS work, including participation in phone conference to discuss work needed to get transmission of weather data via AIS in Alaska set up. Interesting public-private partnership opportunity between Marine Exchange of Alaska, National Weather Service and USCG.

The week ahead:

  • 10 Dec 12: Work on a blog post or two, preps for CMTS, USACE, USCG and RTCM meetings. Oh and this as well as other holiday preparations!
  • 11 Dec 12: CMTS Bagel Breakfast, e-Nav IAT and WG meetings. Also working with USCG on a joint article for the IALA Bulletin on transmission of various navigation data via AIS in the US inland waterways system.
  • 12 Dec 12: RTCM SC123 meeting. Briefing to USACE Chief of Ops on LOMA status and requested support.
  • 13 Dec 12: USCG-USACE AIS coordination meetings; RTCM SC121 meeting to adjudicate comments on SC 12100.0 standard “For creation and qualification of application-specific messages.”
  • 14 Dec 12: This and catch up from the rest of the week; hopefully also get a batch of Altbier brewing.

On the horizon: