Could hackers be behind the US Navy collisions?
By ELIZABETH WEISE | USA Today | Published: August 24, 2017
SAN FRANCISCO (Tribune News Service) — Was a hack attack behind two separate instances of Navy ships colliding with commercial vessels in the past two months? Experts say it’s highly unlikely, but not impossible — and the Navy is investigating.
Rumors on Twitter and in computer security circles have been swirling about the possibility that cyber attacks or jamming were involved in the collisions. Speculation has been fueled by four accidents involving a U.S. warship this year, two of which were fatal, the highly-computerized nature of modern maritime navigation, and heightened concern over global cyberattacks — especially attacks against U.S. government entities.
Chief of naval operations Admiral John Richardson said in a tweet on Monday there was no indication of the possibility of cyber intrusion or sabotage but the "review will consider all possibilities." It had been retweeted over 830 times by Wednesday.
Experts in the technology say there are certainly scenarios they can imagine in which GPS hacks could have been used to foil ships' navigations systems, but emphasize there's no evidence such attacks took place in the case of the Navy collisions.
"The balance of the evidence still leads me to believe that it was crew negligence as the most likely explanation — and I hate to say that because I hate to think that the Navy fleet was negligent,” said University of Texas at Austin aerospace professor Todd Humphreys, who studies GPS security issues.
On Monday, the USS John S. McCain collided with an oil tanker off Malaysia, which left ten sailors missing and five injured. On June 17 seven sailors died when the USS Fitzgerald was hit by a cargo ship 60 miles off the coast of Japan.
The incidents have clearly rattled the Navy. On Wednesday Vice Adm. Joseph Aucoin was dismissed as commander of the 7th Fleet. And on Monday the Navy ordered a global pause in operations to allow commanders to take immediate action to keep sailors and ships safe as well as a Navy-wide review to get at the root causes of the problems.
The technology to jam or misdirect navigational software is readily available, though the Navy uses a much more robust encrypted version of GPS that would be very difficult to disrupt, said Humphreys.
The only way to spoof such a system would be to use what’s known as a “record and replay attack,” he said. That's where a recording is made of the encrypted location data being sent down from satellites to the Naval ship and then replaying the recording at a slightly later time and directing it towards the ship.
“That way you could fool a ship into thinking it is someplace it’s not,” Humphries said.
That would be a very sophisticated and difficult hack, requiring recording the navigation data stream from multiple angles to mimic the multiple antennas on the Navy ship, and then sending the recorded signal from two or more locations. To ensure that nearby ships didn’t also get the false data, it would have to be transmitted from close to the Navy ship being targeted, perhaps using multiple drones.
Yacht GPS hacked
None of this seems likely, but it's not impossible, said Humphreys. In 2013 he and a group of graduate students were able to successfully spoof an $80 million yacht’s GPS system, sending it hundreds of yards off course without the ship's navigation system showing the change to the crew.
The Navy's Richardson said the second "extremely serious incident" in little more than two months "gives great cause for concern that there is something out there that we're not getting at." The Navy has blamed the Fitzgerald collision on a loss of situation awareness by sailors on the bridge.
Dana Goward, former head the Marine Transportation Systems for the U.S. Coast Guard, the navigation authority for all U.S. waters and vessels, also doesn’t believe hacking was involved in the Navy collisions.
As a former Coast Guard captain, he said that years of navigating at sea tell him that especially in high-traffic areas where the collisions occurred, it’s easy for mistakes to happen. “It’s a difficult environment to be in and human error is always present,” he said.
The notion of a cyber attack causing the collision has gained currency in part because it's possible — and other military powers are known to have tried it.
For instance, said Goward, a malicious party could focus on the unencrypted navigation feed of the commercial vessel while at the same time mounting a jamming effort against the Navy ship for a brief period of time. Or, hackers could just try commandeering the GPS of the cargo ship to get it to veer slightly off course.
“It takes two to tango,” said Professor David Last, former president of the Royal Institute for Navigation in the United Kingdom. “I think you just have to attack the weaker of the pair, which is the commercial vessel. I’m not saying it happened, I’m just saying that’s what I would do if I were trying to be a troublemaker in that way.”
GPS jamming and spoofing isn’t new and it's known to be happening now. North Korea, Chinese and Russian military have all been known to jam GPS, according to Goward.
In June, at least 20 vessels that were on the water in the Black Sea reported that their GPS systems told them they were all actually 19 miles inland, at Gelendzhik airport in Russia.
It was as if "they were all parked at their airport," said Last.
Humphries said the bizarre event was as close to a fully verified GPS attack as he knows of, and according to some of his sources "it's still going on."