Two NATO ship positions “spoofed”

Fears of a cyber-attack in the commercial shipping sector based on false AIS data will not be eased by the news that the tracking data of two NATO warships was faked so that they appeared to be off the coast of a Russian controlled naval base in the Black Sea, while in fact the ships were moored 180 miles away, USNI News has reported.

The actions of the HMS Defender hit the headlines in the UK, with UK journalists, the Russian authorities and the Royal Navy all offering differing interpretations of the Russian reaction to HMS Defenders actions on June 23rd. However, none of them mentioned location spoofing. The USNI’s report came two days before the “confrontation” (denied by the Royal Navy) was said to have occurred some miles south of Crimea, which was annexed by Russia from Ukraine in 2014.

The Royal Navy’s HMS Defender, a Type-45 Daring-class destroyer, and the Royal Netherlands Navy’s HNLMS Evertsen, a De Zeven Provinciën-class frigate, pulled into Odessa in Ukraine on June 18th. The group had been monitored by Russian warships while exercising in the Black Sea, according to US Navy photos dated on June 17.

According to AIS the two ships left Odessa just before midnight on June 18th. The data showed that they sailed directly to Sevastopol, approaching to within two nautical miles of the harbour entrance. Sevastopol houses the headquarters of Russia’s Black Sea fleet.

However, despite the information from the AIS track, there was clear evidence that the two warships did not leave Odessa. Live webcam feeds showed that they did not leave Odessa on June 18th (in fact they left Odessa four days later, taking a slightly more circuitous route in the Black Sea).

The situation becomes more fascinating. As USNI observed, positioning two NATO warships at the entrance of a major Russian naval base would be seen as a provocative action, based on conflicting claims of sovereignty.

And yet, a few days later, the HMS Defender did enter waters claimed as territorial by Russia, but denied as such by most of the international community, including the US, the UK and the Netherlands, which do not recognize Crimea as part of Russia.

Cause and effect come into play. Why did some agency assert that the vessels had come so close to Sevastopol when they had not moved from Odessa? And why did the HMS Defender follow a not dissimilar route just a few days later?

For the commercial sector the move raises questions about the efficacy of open-source intelligence data such as AIS. For journalists, AIS has to be relied upon as an accurate interpretation of reality.

NATO representatives did not respond to requests for comment on the fake AIS. The tracks were confirmed as false by Dutch naval warfare news site Marineschepen.nl.

The AIS positions were shared with AIS aggregator MarineTraffic.com by a receiver station in Chornomorsk, which is close to Odessa. Other AIS aggregators also reported the false positions. HMS Defender was shown under the credentials that she is currently using, IMO 4907878. HNLMS Evertsen was reported as  Netherlands Warship MMSI 244942000. Both the Defender and Evertsen are part of CSG21, the carrier strike group centred around HMS Queen Elizabeth.

The main body of CSG21 has remained in the Mediterranean, while the two warships temporarily deployed to the Black Sea, where they were performing freedom of navigation missions and exercising with allies. They had visited Turkey and Ukraine and were also intended to exercise with Romania and Georgia.