GNSS manipulation 2.0: Practice makes perfect

GNSS manipulation is not old news. In fact, bad actors are only just getting started.

Last year, the OFAC and the OFSI advisories provided guidance for the industry on maritime red flags – specifically coined by the UN Panel of Experts, as deceptive shipping practices. Deceptive shipping practices are tactics commonly used by bad actors to avoid sanctions or disguise illicit trade. Suddenly terms like “dark activity” (i.e. intentional disabling of AIS transmissions) and ship-to-ship transfers became common terms for compliance analysts worldwide as the market reacted by introducing new clauses and due diligence processes. And bad actors were just as quick to react. 

As early as August 2020, just three months after the published advisories, Windward saw instances of GNSS manipulation methods to overcome the industry’s development. These methods are done within the same realm of AIS that has accompanied the shipping industry since the 80’s. And while AIS hasn’t seen major advancements, bad actors have attained technologies and know-how that have enabled them to co-opt electronic warfare manipulations that up until now were only in the hands of states.

A wake-up call

By using machine-generated location tampering, bad actors falsify the GPS reading transmitted via the AIS device to transmit a different location than the vessel’s real whereabouts. Deceptive shipping practices, like GNSS manipulation, can create an illusion of knowledge and without strong technology and the right insights, stakeholders can be left in the dark. What does this look like in practice? Take the case of Vessel A** – in our system, the vessel appeared to be ‘drifting’ offshore the UAE. Upon a closer look however, the synthetic patterns indicate a machine-generated drifting pattern.

Further, the vessel was not even in the UAE. It had a positional jump (a possible technical malfunction by the bad actors), positioning it in fact, within Iranian waters. 

**Vessel name was changed for anonymity

What does this mean for you?

This is a prime example of how such cases confound true events at sea. The truth is that GNSS manipulation has reached a point where it is nearly impossible to detect. Any vessel crossing the Suez canal or drifting offshore the UAE might actually be in Syria, Iran, or anywhere else in the world.

In our latest whitepaper, we discuss how GNSS manipulation has taken the maritime domain by storm, evolving faster and posing a greater risk than any other deceptive shipping practice seen before. The scale of the problem is one that compliance professionals simply cannot leave unmanaged. Below is a sneak peek of what’s inside:

A different playing field 

Over the years, with the development of MDA systems and enhanced surveillance tools, dark activity has become commonplace. This practice, done to disguise the true location and activity of a vessel, is effective, but not sophisticated. Today, dark activity is not any different than it was 5 or even 10 years ago. In contrast, GNSS manipulation has not only seen exponential growth, but it looks completely different with every month that passes. Each case is more advanced than the last. What began as distinguishable machine-generated patterns, has begun to look more and more like natural sailing paths. 

At Windward, we’re long familiar with bad actors’ habit of imitating vessel behavior in order to appear legitimate and bypass detection. At first, dark activity was the name of the game. But since dark activity has been around for so long, when a vessel turns off its transmission, any tracking system is quick to red-flag it. On the other hand, GNSS manipulation is much more likely to go undetected. The impact? According to our research, just from Q2 of 2020 to Q2 of 2021, there has been a 5000% increase in GNSS manipulation cases. 

The May 2020 advisory demanded a higher level of due diligence, and the market reacted by onboarding advanced systems. Nevertheless, the counteraction by bad actors was faster, and more sophisticated, than expected. With advanced manipulation tactics on the rise, a business as usual approach will fall short in effectively managing risk in this environment.

The scale of the GNSS manipulation problem

When the OFAC advisory was published in May 2020, GNSS manipulation was not on any compliance or security radar. But very quickly, cases started to emerge. At the time, many players in the market were unable to explain the developing phenomenon. Since we have recorded cases from over a year ago, we wanted to compare how GNSS manipulation fared since the OFAC advisory in May 2020, to understand if enhanced regulations perhaps triggered a rise in cases. In May 2020, there were no detected cases of GNSS manipulation. Windward data then shows a sharp increase in cases beginning in June and continuing throughout the year. From May 2020 to May 2021, the number of unique vessels and cases almost doubled the amount. In this time period, there were 98 unique vessels that had manipulated their location or ID. There were over 140 unique events with instances of vessels employing this practice.

But it doesn’t end there.

Since May 2021 and until the end of August 2021, we’ve seen an additional 80 unique vessels and 95 unique events of GNSS manipulation. This is nearly the same number of cases seen over the course of one year – in less than half the time. So rather than a fleeting trend, it’s clear that this tactic is becoming an alarming norm.

Without the ability to detect cases like these, how can stakeholders answer questions like: If the vessel isn’t where it’s claiming to be then where is it? What activity is going undetected? What is the motivation behind it? Are there other vessels involved in the operation? Are the port authorities aware? Is the flag registry? Or what about the owner and insurers of the vessel? Leaving these questions unanswered can leave risk unaccounted for.

The time to act is now. Bad actors will continue to try to fool and get past traditional maritime risk solutions. By automatically identifying when they act next, stakeholders can respond in real-time, before the damage is done.

Grab your free copy of the full report for more insights and real-life screenshots of GNSS in action.