The future – or perhaps a rather dystopian version of it – is closer than you may think. In recent years, a worrying new phenomenon, called AIS-spoofing, has made its unwelcome debut on the world stage. In essence, this is the ability to manipulate a vessel’s unique automatic identification system (AIS) footprint in order to transmit incorrect locations, directions, and identities.
The reason for doing this can serve a myriad of potential purposes including both military and criminal ones. But the common factor is that it is wholly intentional and, since there is an over-reliance on AIS as the prime monitor of vessel positions, of which the primary function of AIS transponders is to ensure the safety of vessels and crews at sea, any potential meddling with the signal poses a potentially lethal danger to seafarers.
The manipulation of AIS vessel tracking data can take several forms. In this op-ed, we review the circumstances in which state actors and others may wish to cloak or relocate the position of a vessel and the forms this kind of active intervention may take.
Actors wishing to interfere with the ability of a vessel to transmit its position accurately
To take a fairly recent and salient example, in June 2021, the Royal Navy’s Type 45 Destroyer HMS Defender departed Odesa in Ukraine, en route to the Georgian port of Batumi on the Black Sea. It was conducting routine passage through Ukrainian territorial waters. This legitimate movement triggered the Russian Navy and coastguard into despatching patrol boats and anti-shipping aircraft to buzz the British warship in an effort to divert it away from occupied Crimea's waters, which are not recognised as Russian under international law.
This incident followed a previous Russian attempt to spoof AIS signals to show Defender and her Dutch flotilla mate HNLMS Evertsen as sailing towards the Russian naval base in Sevastopol, southwest Crimea. Neither warship, however, was advancing towards Sevastopol but Russia nonetheless publicly paraded the fiction as proof of NATO warships threatening Russian territory.
In another case, assessment of AIS data from the seizure of the UK-flagged product tanker Stena Impero by the Islamic Revolutionary Guard Corps (IRGC) on 19 July 2019 suggested an AIS-spoofing attack. Analysis by Lloyds List Intelligence suggested the transmission to the vessel, by the IRGC, of counterfeit satellite automatic identification signals took the vessel off course into Iranian waters as it transited the Strait of Hormuz. This misguided route was then used as an excuse to seize the vessel, largely in retaliation for the seizure of the Iranian tanker Adrian Darya-1 (previously Grace One) by UK forces near Gibraltar on suspicion of flouting EU sanctions on Syria.
Actors wishing to mask their vessel position by deliberately sending incorrect positions
Vessels can also manipulate AIS tracking data deliberately to broadcast incorrect positions. A number of news outlets have reported that a “shadow” fleet as large as 600 vessels may presently be facilitating the movement of oil affected by Western sanctions; of these, many ‘dark’ ships may disguise their activities, such as ship-to-ship transfers of oil to avoid sanctions, by turning off their AIS transponders or intentionally broadcasting false positions. For example, Global Fishing Watch found that a 138m-long refined-fuel tanker made two trips across the Black Sea and past Greece in May 2022, while broadcasting false positions on AIS showing that the vessel was sailing in circles in Greek Waters.
Actors not transmitting their position at all to avoid monitoring
Vessels can also consciously turn off their AIS devices to avoid monitoring for a wide range of reasons, including for unscrupulous and criminal reasons.
Vessels conducting illegal fishing often manually turn off their AIS transponders to avoid detection in marine protected areas. Research published in the Science Advances found hotspots for intentional AIS disabling off the coast of Argentina, in the Northwest Pacific Ocean and off the coast of West Africa, locations which were already regions of concern for illegal, unreported and unregulated fishing.
Actors not transmitting when passing ‘piracy’ hot spots
Vessels can, however, knowingly turn off their AIS devices to avoid monitoring for a limited number of legitimate reasons: International Maritime Organization (IMO) guidelines are clear that a vessel may conceal the identity, location and course of a ship when transiting through waters prone to piracy. This is due to concern that AIS data, which is publicly available, could be misused by perpetrators of piracy. However, AIS is essential to the safety of navigation, providing enhanced situational awareness to reduce the risk of collision at sea.
In our next post, we will discuss how it is possible successfully to address these kinds of tactics and others like them, and the role that we at Sirius Insight are able to play to help prevent vessels and their crews from targeted by hostile actors.