Iranian AIS “spoofing”?

Recent reports (here, here and here) say that Iranian tankers are transmitting “false” AIS data in order to try to evade sanctions on trade. Reading the press reports, it’s kind of confusing what is actually being “spoofed” and whether they are even referring to AIS. This article from Reuters (linked through the always-informative gCaptain) says “AIS” but the description is more appropriate to LRIT: “sending incorrect satellite signals that confuse global tracking systems” and “Large vessels must transmit their identity and location to other ships and coastal authorities using an automatic satellite communication system.”  There’s a bit of confusion in the article beyond what actual tracking system is being used. One quote implies the ship’s GPS can falsify its identity: “a ship could get its Global Positioning System (GPS) to give false data, including pretending to be another vessel.” GPS only provides position data, not identity. It is either the AIS equipment or LRIT system on board that provides identity (which as correctly noted in the article is input by the crew and can be fairly easily altered). The article includes a false statement: “However, another piece of identification data, the IMO [number], can’t be changed, and that, too, is sent with every message on position, which enabled vessel-tracking experts to detect that signals came from two different ships.” The IMO number can indeed be changed in the AIS static and voyage-related message (not the position report, which doesn’t include the IMO number). So it’s just as “spoofable” as the MMSI, vessel name, dimensions and all the other information that is manually entered in the AIS.

This article uses the term “AIS” and says “…Iranian tankers [are] sending false AIS signals and somehow being in two places at the same time” but there is little more information. If “being in the same place at the same time” due to duplicate MMSIs being transmitted is suspicious behavior, then there are a lot of suspicious vessels out there. Many vessels are transmitting bogus MMSIs in their AIS messages, unintentionally either through laziness (entering “123456789,” “111111111” or something else rather than the actual MMSI), honest mistake (transposing or forgetting to enter digits), or a fault with the AIS equipment itself (the infamous 1193046 is the default MMSI for a certain type of unit that is reset when the unit is power cycled.).

Both of these articles are written from the perspective of external (i.e. shore-based) systems that collect data and create vessel tracks. From nearby vessels it is not a huge safety issue (except if vessels are attempting to hail each other to make passing arrangements and one of the vessels’ name is falsified). It is also readily apparent the information is incorrect when the vessels are in sight.

To a certain extent, this incident validates an argument made in the early days of Maritime Domain Awareness (MDA). Many were arguing that LRIT, AIS and other tracking measures were redundant and that only one or two capabilities should be focused upon. Others argued that with multiple systems, there was more opportunity for “bad guys” to make errors – e.g., “spoof” an incorrect MMSI but neglect to change the IMO number to match it (as appears to be the case here). This actually makes detecting spoofing easier, as such anomalies would stand out (unless of course it’s so complicated that every vessel, legitimate or not, can’t help but make mistakes).

In any event it is clear that AIS is no panacea, and that those unfamiliar with the technology and its use can easily misunderstand the implications of incorrect data – whether intentionally transmitted or otherwise. It’s good to see that the potential “spoofing” was detected and there ought to be additional efforts dedicated to analysis of AIS data – in conjunction with other information – to detect problems, sinister or otherwise. Finally, as AIS technology matures and “next generation” AIS is developed, security and data integrity need to be addressed, as Kurt Schwehr has noted. I hope to look into this some more in future blog posts.