Is Russia distorting GPS signals to protect Putin?

Since the start of the year the news has been filled with headlines about a palace on the Black Sea near the resort town of Gelendzhik that opposition activist Alexei Navalny claimed was built for Russian President Vladimir Putin.

The Kremlin has rejected the allegations, while an oligarch with close ties to the president has said that he owns the complex, and intends to run a hotel there.

What is certain is that signals from Global Navigation Satellite Systems (GNSS) in the vicinity seem to be interfered with, or distorted, remarkably often. Many observers claim there is spoofing going on to deflect prying eyes.

What is spoofing? 

But what exactly is spoofing? In this context, it is an attack whereby false signals are mimicked and transmitted to a receiver that misinterprets them as being authentic. Spoofing can affect any GNSS, including the US Global Positioning System (GPS), Russia's GLONASS or the EU's Galileo, which, as Christoph Günther from the German Aerospace Center explained, usually "transmit signals for public use, for example in cellphones."

Such signals might be recreated artificially to test the phones. But spoofing devices can "use them to transmit false signals" and if these are transmitted at a higher frequency than those usually used by navigation satellites in space they can overwrite data on navigation devices on earth. So the user of a spoofing device can define "the position displayed by a receiver."

Such techniques are usually strictly prohibited unless there is an emergency: "State security forces might use them to avert a particular danger," Günther said, though he also pointed out that a spoofing device could be bought for just a few hundred dollars.

There are some parts of the world, including the Black Sea region, where spoofing seems to be more frequent than elsewhere. One spoofing that occurred in June 2017 was particularly disconcerting: The Atria, a tanker sailing under the French flag, was on its way to the Russian port of Novorossiysk when its GPS display put out a warning that it was at Gelendzhik Airport, some 26 kilometers to the southeast. The captain contacted other vessels in the area, and it turned out that they had the same problem. The US Maritime Administration (MARAD) subsequently sent out a warning to ships in that part of the Black Sea.

Russia: A spoofing 'pioneer'

In spring 2019, the Washington-based non-profit think tank the Center for Advanced Defense Studies (C4ADS) published a report on spoofing activity in Russia, Crimea and Syria. After evaluating public sources, data from ships' automatic identification systems (AIS) and a GPS receiver installed on the International Space Station (ISS), it concluded that Russia was a "pioneer" in spoofing techniques, which were being used more than previously known to protect VIPs and strategic facilities.

It is not clear whether the incident with the tanker was directly connected to Putin's alleged palace, and C4ADS speculated that it may have had more to do with the Russian president's visit to Anapa on the Black Sea to survey the TurkStream gas pipeline project.

But over 4,600 spoofing events were recorded in the area between 2016 and 2018, and the report suggested an explanation: "Gelendzhik is frequented by security service officials, which is in line with popular but unconfirmed reports that President Vladimir Putin maintains a private residence in the outskirts of the town."

"Following an examination of several hypotheses, we believe that the GNSS spoofing system in use near Gelendzhik is land-based," it added. "Given the frequent nature of GNSS spoofing activity near Gelendzhik and its wide-reaching effects on vessels in the area, we posited that the device has access to a reliable and sustained source of electricity."

"The results indicated that only one facility located at Cape Idokopas appeared to have line of sight with more than 98% of the affected vessel-based receivers," C4ADS pointed out.

The report could not say whether the area was causing the most spoofing activity because of the palace, though it is closely followed by Sochi, where Putin has his official summer residence. It did say, however, that Gelendzhik was "located next to the Novorossiysk port, which is one of the largest deep-water ports in Russia and home to a large contingent of the Russian Black Sea Fleet […]"

Other explanations

According to the findings, vessels were often spoofed to a nearby airport, such as Gelendzhik or Sochi. Günther suggested that this might have something to do with regulations regarding drones, which "pose a danger to air traffic and are not allowed to fly near airports." Instead, they have to land automatically as soon as they are registered close by.

"This is obviously exploited by individual security forces using spoofing devices to send signals that correspond to an airport's position," he explained. "Even if a drone does not land, it continues to display the same position. So it can no longer be directed. Third parties can usually detect a fake position easily and adjust. A ship cannot drop anchor at an airport."

In other words, Russia is using spoofing to deter drone attacks, and the confusion posed to ship captains and other users of navigation systems is "collateral damage," so to speak.

The International Maritime Organization (IMO) is aware of MARAD's warnings. In March 2020, the US coast guard submitted a paper to the IMO's Maritime Safety Committee, which "identifies the urgent issue of deliberate interference with GPS and GNSS signals."

"Interfering with these signals places the efficiency and more importantly, the safety of maritime operations at risk and jeopardizes the safety of life at sea," it added. Though it referred to incidents in the Black Sea and the Eastern Mediterranean in the period 2016 to 2018, it did not mention Russia.

But it pointed out that such interference contravened the "International Telecommunication Union Radio Regulation," which prohibits "all transmissions with false or misleading identification" and reminded all member states to "refrain from interfering with GPS and GNSS signals, except when required for security reasons."

The IMO is due to discuss the paper in May of this year.