C4ADS as per its description is a “nonprofit organization dedicated to providing data-driven analysis and evidence-based reporting on global conflict and transnational security issues.” Its board of directors is primarily individuals connected to the US military, Congress, while some are distinguished scientists in their fields.
The report is powered by “Palantir,” the company that “knows everything about you”:
“Founded in 2004 by Peter Thiel and some fellow PayPal alumni, Palantir cut its teeth working for the Pentagon and the CIA in Afghanistan and Iraq. The company’s engineers and products don’t do any spying themselves; they’re more like a spy’s brain, collecting and analyzing information that’s fed in from the hands, eyes, nose, and ears.”
The analysis looks at GPS and GNSS spoofing and jamming by Russia, mostly wherever Putin goes. It is also used around sensitive sites around Russia, “its occupied territories,” and Syria.
The report begins with the observation: GPS and other Global Navigation Satellite Systems (GNSS) are used in everything from cellular communication networks, to basic consumer goods, high-end military systems, and stock trading inputs.
“But these systems are vulnerable: by attacking positioning, navigational, and timing (PNT) data through electronic warfare (EW) capabilities, state and non-state actors can cause significant damage to modern militaries, major economies, and everyday consumers alike. With recent technological advances, the tools and methodologies for conducting this interference are now at a high risk for proliferation. GNSS attacks are emerging as a viable, disruptive strategic threat.”
By using publicly available data, C4ADS carried out a research by using publicly available data. It discerned the ability to mimic, or “spoof,” legitimate GNSS signals in order to manipulate PNT data.
According to the research spoofing is quite actively used in Russia, Crimea and Syria, and this in turn demonstrates that Russia is growing a comparative advantage in the targeted use and development of GNSS spoofing capabilities to achieve tactical and strategic objectives at home and abroad.
The research is separated into four sections looking into different cases of Russian state activity based on locations and the systems that were allegedly used:
- In Section One – activity of GNSS spoofing is examined across Russia, “its occupied territories,” and overseas military facilities. In total 9,883 suspected instances across 10 locations that affected 1,311 civilian vessel navigation systems since February 2016 were identified.
- In Section Two – the role of GNSS spoofing in VIP protection, mostly Vladimir Putin, but also others. According to the report, the Russian Federal Service (FSO) operates mobile systems to facilitate the activity. Review of Russian procurement data also even provided a possible mobile system that was manufactured by a company connected to the FSO.
- In Section Three – the role of GNSS for strategic protection is looked into. Potential technology was used for facility protection in Moscow. Spoofing was also used in coastal regions of Russia and Crimea in the Black Sea. One of the sites is a “multi-million dollar ‘palace’ formerly owned by reported family members of senior FSO officers and previously reported to be built for President Putin.”
- In Section Four – finally, Russian spoofing activity is looked into in active combat zones where Russia is present, Syria in particular.
Furthermore, according to the report, Russia has a clear advantage currently, but the low cost, commercial availability, and ease of deployment of these technologies will empower not only states, but also insurgents, terrorists, and criminals in a wide range of destabilizing state-sponsored and non-state illicit networks.
The methodology to detect spoofing was the following:
C4ADS used two distinct investigative methods to identify and map GNSS spoofing activities in Russia and Syria: (1) spoofing detection through marine vessel Automatic Identification System (AIS) path histories and (2) spoofing detection through a LEO satellite GNSS receiver. Each method presents ways in which publicly and commercially available data can be used to identify potential basing locations for devices used to conduct denial-of-service GNSS spoofing activities. The methodologies detailed in this report are highly replicable and scalable, and can be applied to other sources of GNSS positioning data, such as fitness tracking applications and aircraft positioning signals.
Then the transmitter may be localized by analyzing the raw signal data and by Doppler-based geolocation.
There is also a substantial difference between GNSS jamming and spoofing, as can be seen on the simple infographic:
The C4ADS report also provided a table with various sectors that operate GNSS and how spoofing may be utilized in them.
Despite these vulnerabilities, leaders in the public and private sectors have paid little attention to the threat of GNSS spoofing. Until recently, this was for good reason. Signal generators capable of conducting a spoofing attack cost of tens of thousands of dollars and required expert knowledge to operate. But this all began to change over the past decade with the advent of cheap, commercially available, and portable “software defined radios” (SDR) and open-source code capable of transmitting spoofed GPS signals.
Between 2016 and 2018, Russian spoofing activity was noted in Moscow, Saint Petersburg, Sochi and Gelendzhik, as well as Arkhangelsk in the Russian far north, Vladivostok in the far east, the Kerch Strait near the frontline with Ukraine, and Sevastopol and Olyva on the Crimean Peninsula. In addition, GNSS spoofing was using around the Russian airbase in Hmeimim, Syria.
Out of all locations, Gelendzhik had the most spoofing activity at 4,659 cases, while Sochi came in 2nd with 2,506. Gelendzhik is located next to the Novorossiysk port, which is one of the largest deep-water ports in Russia and home to a large contingent of the Russian Black Sea Fleet.
Spoofing was also shown to take place near sensitive government airspace. However, the spoofing activities reportedly put vessels outside of Russian territorial waters in danger, as it affected their GNSS as well.
In terms of protecting VIPs, two cases stood out – September 15th, 2016 and May 15th, 2018 at the Kerch Strait bridge. The first time was when Russian President Vladimir Putin visited to oversee progress on the bridge, while the second time was when it was completed.
On September 15th, 2016, the Russian President and Prime Minister made a single-day trip to Kerch to examine progress on the Kerch Bridge.73 That same day, vessels moored at the nearby Kerch Port reported false positioning information at the Simferopol Airport nearly 200km away in Crimea. This event was the first GNSS spoofing event detected near Kerch, and the only one detected in 2016. According to official news releases posted on the Kremlin’s website, the September 15 trip was the first and only official Presidential visit to Kerch in 2016.
On May 15th, 2018, to celebrate the opening, Putin led a convoy of construction vehicles across the bridge from Russia to Crimea.76 AIS records for vessels in the Kerch Strait at the time show that vessel passage through the straight was heavily restricted at the time of the event. It is during this time that at least 24 vessels anchored in waters in proximity to the bridge reported spoofed GNSS positioning information at the Anapa Airport more than 65km away. This was the only sustained spoofing disruption evidenced by AIS records in Kerch in 2018.
On a side note, a professor at UT Austin, Todd Humphreys commented regarding the spoofing surrounding Putin:
“What’s ironic is if you look at these patterns, and if you coordinate it with the movements of the leader of Russia, it appears you have a Putin detector,” Humphreys said. In other words, if you detect spoofing, there’s a good chance Putin may be nearby.
According to C4ADS, the spoofing activities are carried by a mobile system, most likely the Shipovnik-Aero or a close analog to it. According to official documentation and the information sheet, the Shipovnik-Aero is a military-grade EW system based on a Kamaz vehicle frame that can be used to suppress unmanned aerial vehicle systems by creating a false navigation field, thereby forcing drones to land. However, a representative from the United Instrument-Making Corporation (UIMC), the company that produces the Shipovnik-Aero, denied that the system is in use by the special services at the Kremlin.
C4ADS found numerous FSO procurement contracts and repair agreements for several mobile electronic countermeasure systems, including the “Shipovnik-4800M” and the “Shipovnik-M.” These systems are produced not by UIMC, but rather by a joint stock company based in the town of Vladimir named JSC Design Skilled Office of Radio Equipment (JSC KOBRA).
Expectedly, in terms of protecting important facilities, Novo-Ogyarovo and the Kremlin are subject to occasional spoofing in Moscow, the Crimea Government Residence, Bacharov Ruchey and Riviera-6 in Sochi.
The spoofing in these locations is presumably mostly used to counter any drone activity, private/commercial or otherwise.
In terms of spoofing around facilities that aren’t known, the spoofing in Gelendzhik was in the spotlight. he coast near Gelendzhik does not have any declared government residences. Despite this, spoofing events off the Gelendzhik coast were the most frequent in our sample. We wanted to find the likely source of this activity, and so we turned to local media reports and an abundance of spoofed vessel position data to narrow our search.
According to the report, Gelendzhik is frequented by security service officials, which is in line with popular but unconfirmed reports that President Vladimir Putin maintains a private residence in the outskirts of the town.
Moving on to EW activities in Syria, in April 2018 US SOCOM Gen. Tony Thomas referred to Syria as, “the most aggressive electronic warfare environment in the world.”
Spoofing activity in Syria was focused on the Hmeimim Airbase.
UT Austin researchers found that while the signals successfully mimicked authentic GPS satellites, they carried no valid navigation information. In essence, GPS receivers targeted by these spoofed signals would report live GPS satellite connections but would be unable to calculate any valid positioning or timing information, which would effectively render the receivers inoperable.
In sort, spoofing appeared to be tested to also cause jamming.
In addition to the abovementioned Shipovnik-Aero, other EW systems that may have been utilized are:
- R-330ZH “Zhitel” – SATCOM/GPS/GSM jamming station (detection, direction-finding, analysis and suppression of UHF radio signals). Part of R-330M1P Diabazol automated jamming system.
- Samarkand – Allegedly capable of GPS jamming and spoofing in addition to interference with C4ISR systems. Possibly a stationary system.
- Krasukha-4 – Conflicting reports on capabilities, believed to be a multifunctional jammer capable of jamming radars on aircraft and LEO reconnaissance satellites.
In conclusion, the report claims that despite Russia being ahead in terms of this type of EW, the low cost and ease of access to such technology allows for great opportunities to both state and private entities to take advantage and get ahead of the curve.