AIS spoofing: new technologies for new threats

AIS spoofing is increasingly common throughout the maritime ecosystem and is used to achieve different goals. As bad actors become more sophisticated and technologically advanced in the maritime sphere, so do their techniques. “Things have unfolded at just an amazing and frightening speed,” said Matan Peled, Co-Founder and Head of U.S. Business at Windward, in The New York Times.

What is AIS spoofing?

AIS spoofing has become an umbrella term for everything that has to do with AIS manipulation, including location and identity. Within the concept of AIS spoofing, there are multiple tactics involving the use of various identities, transmitters, and even GNSS manipulation methodologies that are evolving quickly compared to previous deceptive shipping practices (DSPs). 

AIS: from friend to foe

When originally developed, Automatic Identification Systems (AIS) were used as a safety precaution to avoid collisions. With time, AIS use has evolved, and with it, vessels’ AIS reliance increased. Safety of Life at Seas (SOLAS) sought to instill AIS transmissions as a primary safety tool for all vessels, but AIS was never designed as a tracking tool, nor was it created as a security or risk solution. It was originally designed to ensure safe outcomes for crews and vessels. 

AIS technology relies on radio frequency and, to some extent, manual data input. This makes it prone to human error or intentional AIS manipulation. In recent years, bad actors have become more sophisticated and have developed new ways to conceal their illegal operations. Following the 2012 sanctions on Iran, cases of AIS spoofing, and AIS manipulation rose drastically. Iranian tankers, no longer able to enter international ports, simply changed their flags and fraudulently entered them.  

The AIS spoofing case that changed the industry

The Yuk Tung vessel spoofed its AIS when it transmitted under a Panamanian flag, using the vessel name Maika, and altered its course and destination. This occurred on November 11, 2018, after a suspicious ship-to-ship transfer between the Yuk Tung and the Ocean Explorer in October 2018. 

The Hika, Comoros-flagged vessel, had the same IMO as the Maika. The two vessels were sister ships, built in the same year, by the same manufacturer, with the same specifications and profile. However, during this time, the Hika was actually over 7,000 miles away. Meanwhile, the Maika (aka Yuk Tung) was deceiving authorities under the Hika’s name. This AIS spoofing case made it clear that bad actors had raised the bar.

AIS spoofing progressed as Iranian and North Korean vessels continued exploiting AIS vulnerabilities, taking their methods to new levels and showcasing the sophisticated capabilities of criminals and sanction evaders. More recently, the Russia-Ukraine war has caused bad actors to consider AIS spoofing to get around regulations and sanctions on Russian oil, etc.

How has AIS spoofing evolved? 

Cases such as the Yuk Tong and Su Ri Bong highlight why AIS regulations and advisories alone cannot stop bad actors. Businesses need strong technology to stay ahead of this cat and mouse game, and should understand this constantly evolving world to best prepare.  Here’s a breakdown of the latest AIS spoofing deceptions that you need to know:

The Identity Games – newer deceptive practices that we are seeing more frequently

• Dual transmission – the use of multiple AIS transmitters onboard a single vessel transmitting different entities with separate International Maritime Organization (IMO) numbers
• Identity tampering – the intentional falsification of a vessel’s broadcasted data on AIS and/or alterations to its physical features, to misrepresent its identity 
• Identity theft – when one vessel assumes the identity of another operating vessel, creating a duplication of the same transmitted identifiers
• Identity laundering – when one or more ships deliberately tamper with or misrepresent aspects of their physical, digital, and registered identities. This is done to obscure the original identity and necessitates at least one ship assuming a fraudulently obtained, IMO-registered “shell” identity 

Seafloor Strategies – the latest cutting-edge techniques 

• Location tampering, also known as global navigation satellite system manipulation – the use of a machine-generated location/path to disguise the true location of the vessel
• AIS handshake – using a decoy vessel as a disguise. The “dirty” vessel will assume the “clean” vessel’s identity as they are sailing in close proximity, while the “clean” vessel makes its way to its destination while dark. Upon returning, the vessels will recreate the switch, leaving the “clean” vessel unharmed   

For more details and insights on AIS spoofing detection and the latest deceptive shipping practices, check out Windward’s whitepaper Hiding in Plain Sight. 

Shifting from reactive to proactive

Staying on top of evolving deceptive shipping practices with advanced technologies is crucial for stakeholders. Major caveat: the best technology is created by actual maritime experts who know how to create and then train effective Maritime AI™ models. Windward’s Maritime AI™ is cutting-edge technology developed by maritime experts with years of industry experience. 

Learn how to detect & mitigate AIS spoofing