Electronic Weapons: Shanghai Spoofer World Tour


February 5, 2021: In late 2020 a growing number of Iranians in the capital (Tehran) were openly complaining of an odd problem with the GPS on their cellphones. At seemingly random times the GPS indicated another location than the one the user knew they were at. After months of complaints to the city government were ignored, one frustrated resident compiled evidence of the problem and sent it off to American government communications authorities, noting that complaints to their Iranian counterparts were futile. The complaint largely consisted of a spreadsheet where incidents of GPS malfunction, including time, known location and false location indicated by the cellphone GPS. The Iranian message asked if the Americans knew about the problem and what might be done about it. Many Iranians had access to foreign news, despite their censored Internet, and there were many Tehran residents who had family or friends in other countries that they could call or contact via the Internet. Apparently, it was widely known that Russia, China and North Korea had all manner of GPS jamming technology, and in 2019 it became public that the Russians were using GPS spoofing to conceal the true location of senior leaders and some military units. Since 2018 a growing number of Iranians were openly demonstrating against their own government about mismanagement, which included a growing number of crashes by commercial and military aircraft. The failure of their own government to respond to the GPS problem led to some Iranians reporting the incidents to other countries. The spreadsheet sent to the Americans revealed several interesting patterns. The most telling item was that the GPS disruptions were all occurring in the vicinity of the Iranian Army Command And Staff University. Another feature of the problem was it only occurred in small areas and that location moved in a circular fashion at a speed of about 35 kilometers an hour. Finally, the incidents of GPS problems had been increasing for months, as had the government use of lethal force against demonstrators. The American government did not remain silent but could only speculate that the Iranian military was testing a new GPS spoofing technology in downtown Iran. American government requests for information from the Iranian government were also ignored and that alarmed many nations that operated commercial ships and airliners in the Persian Gulf and Iranian Indian Ocean coast. Iran has been caught making attacks on foreign shipping with naval mines in shipping channels or limpet mines attached, usually at night, to the hulls of foreign ships anchored in the Persian Gulf. Iran always denies responsibility but several major investigations, including one by the UN, concluded that Iran was behind this violence. That has not stopped Iran from using GPS spoofing against ship or airliner navigation systems would be likely.

Developers and users of GPS jamming gear tend to keep quiet about it because this sort of thing is illegal in peacetime, especially when civilians are going to experience the GPS disruptions themselves. When the United States tests military GPS jamming it does so at sea or in remote areas and warns nearby civilians who might encounter GPS problems to be aware of the tests and act accordingly. This warning policy has been in use for decades because of the growing number of new electronic equipment designs that could cause problems for civilians if the disruptive effect extended farther than expected.

Despite the secrecy about GPS disruption, since 2017 there has been growing evidence that Russia has been frequently jamming or spoofing GPS signals, mainly to hide the exact location of key people or military units. Developing equipment like this is easily within Russian capabilities. In early 2019 a report made the news describing there had been nearly 10,000 instances that someone, apparently Russia, had been jamming or spoofing satellite navigation signals. Not just the American GPS, but also signals from non-American satellite navigation systems (Chinese Beidou, EU’s Galileo, Japan’s QZAA and even the Russian GLONASS). Much of this activity was not outright jamming but spoofing. This was apparently done to conceal the true location of key Russian officials, like president Putin, and Russian military units. The spoofing was particularly common for Russian military forces in Ukraine and Syria. The spoofing replaced the actual satellite signal with a false one that rendered smart bombs or planned attacks on targets inaccurate.

Spoofing has become more popular and practical because it does not require expensive or high-tech equipment. While American weapons and military navigation systems have a backup in the form of unjammable INS (Internal Navigation System) systems, these are useless if the spoofing is not detected. American systems are supposed to detect spoofing and revert to INS but the Americans do not disclose details of how these systems work in order to make it difficult for spoofing systems to be modified to be less detectable. That is one reason why the U.S. has not released information on spoofing incidents. To further complicate the issue there have also been instances where mandatory AIS (Automatic Identification System) transponders that all large ships much carry are more frequently reporting instances of getting no GPS signal at all. Large ships usually carry two AIS units, in case one malfunctions so AIS failure can be ruled out as a cause. Something outside the ship is messing with the GPS signa.

Other nations are not as secretive in complaining and often the culprit is Russia. In late 2018 Finland and Norway went public with their accusations that Russia deliberately jammed GPS signals in northern Finland and Norway from a location near the Russian military bases in the Kola Peninsula on the Barents Sea. The jamming took place as NATO held its largest training exercise since the Cold War ended in 1991. Russia denied any responsibility even though they are known to possess long-range jammers for GPS and other signals. Norway said they had tracked the jammer to a specific location but when Russia refused to admit any involvement Norway refused to explain how they tracked the signal because that would provide Russia with information on Norwegian EW (Electronic Warfare) equipment that might be useful to them.

What was curious about this incident was that it had no impact on the NATO military exercises and even commercial airliners operating in the area had INS (unjammable Inertial Navigation Systems) backup in case GPS signals were not working properly. The potential victims were civilians with smaller aircraft or on the ground who depend on commercial navigation gear using GPS. Then again, that may have been the point because Russian firms have long been producing a wide variety of GPS jammers that are generally ineffective against military GPS users but would be useful for criminals, terrorists or anyone involved in irregular warfare, as Russia has been in Ukraine since 2014. As for the damage to diplomatic relations with Norway and Finland, these two nations need no reminders of what a bad neighbor Russia is and historically has been.

During the last decade American researchers have developed new concepts and technology that greatly improve current INS accuracy and cost. By 2013 prototypes proved they could be nearly as accurate as GPS and almost as small. Cost was still a factor, with the new INS still costing more than 10 times what GPS does. But this is all a big improvement over what has been available before. The new INS can now be used to monitor GPS and alert the operator that their GPS has either developed a problem or is being jammed. The new INS is also useful for some fast missiles that often lose their GPS signal as they maneuver. Another urgent chore for INS is to alert users that their GPS is being spoofed rather than jammed and that their navigation system might not be reliable. Thus, even with the ability of anti-jamming tech to keep up with jammer technology, there is still a demand for a new INS. That has led to smaller, cheaper and more accurate INS systems. Aside from airlines and commercial shipping, there is not much of a mass market for these new INS systems because for most consumers GPS is reliable enough to keep the INS gear out of the more cost-sensitive consumer market. But the demand from the airlines, shipping companies and the military is huge. INS tech is becoming a popular feature for smartphones and other consumer items, as some smartphone (and smartwatch) manufacturers seek to use INS to automatically fill in if the user temporarily loses the GPS signal.

Many Department of Defense navigation and electronics experts believe current anti-jamming efforts are sufficient to keep military GPS use viable, but the new INS technology has attracted a lot of attention in the military as backups are always appreciated because when equipment fails in combat it’s literally a matter of life or death. Meanwhile, the U.S. is building and testing more compact GPS anti-jamming systems for smaller (as small as 200 kg/440 pounds) UAVs. This is part of a program to equip all American UAVs, even the smallest ones, with more secure GPS. While all UAVs can be “flown” by the operator, the GPS makes it a lot easier for the operator to keep track of exactly where his UAV is at all times and sometimes the UAV is programmed to simply patrol between a series of GPS coordinates. If the GPS jams or fails the operator can usually use the video feed to find landmarks on the ground and bring the UAV back to where it can be seen and landed.

GPS spoofing equipment has also found a market among criminal gangs. This was first encountered during 2018 in Shanghai, China where local gangsters were found to be using technology for spoofing (misdirecting) GPS signals. Shanghai was just the beginning because this spoofing tech was subsequently encountered in twenty other Chinese coastal cities where gangsters ran profitable smuggling operations. The Chinese GPS spoofing was implemented differently from the Russian method. The Russian spoofing would make all GPS devices in an area appear in the same position instead of the many different positions they actually were. In contrast, the Chinese spoofing, when active, would show individual ships each in a different location but always around the same central point that was apparently where the spoofing signals were broadcast. This produced what was called a “crop circle” pattern. This was first noted by crews of ships slowly entering the port of Shanghai. While doing so they would watch the location of other ships via their AIS transponders. By international law, all large seagoing ships were required to carry and use AIS equipment, which constantly broadcast the GPS position of the ship. But there were cases where ships suddenly saw the AIS positions of ships near them change. The bridge crew could see, often with/or without, the use of binoculars, where the other ships actually were while, at the same time, the AIS display was showing them somewhere else within a circular area. After a few minutes, AIS signals would accurately report location again. In situations like this, it was noted that no GPS receivers onboard were receiving a signal as were GPS devices ashore that were within the circle.

The Chinese government denied responsibility for this GPS spoofing and blamed it on smugglers who apparently use the spoofing device to avoid being caught by the police while a smuggler ship was carrying illegal cargo. In one case the smuggler was caught anyway, because of an accident caused by the spoofing, and the smuggler ship was found to be carrying sand illegally obtained nearby and being taken out of the port for sale elsewhere. Sand mining had been banned in this region because this valuable commodity was in great demand elsewhere and exporting more of it was damaging the environment.

GPS spoofing declined during 2020 but China revealed no details about what happened. In the past China has given local hackers a choice between going to prison or quietly working for the Chinese government. Russia uses similar tactics as do many other governments. One thing that was noted about the “Shanghai Spoofer” was that the spoofing often took place around oil terminals where ships smuggling oil for Iran or to North Korea often operated. The governments of Iran and North Korea also noticed this and could have received useful information on how the Shanghai spoofing gear worked. That’s one of the conspiracy theories popular with many Iranians and South Koreans.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close