Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-15 Thread Bob kb8tq 
Hi

One has to finance retirement somehow :)

It’s also a pretty simple way to demonstrate the what and why of
a spoof without getting into anything so obscure that it can’t be 
understood. A secondary point *might* be that indeed, the stuff
we are talking about is mainly useful to “bad guys”.

Bob

> On Aug 15, 2017, at 12:58 PM, Ken Winterling  wrote:
> 
> Hmmm   Bob,
> 
> It seems you have given a considerable amount of thought to armored cars,
> gold bars, bank vaults, and stock trades...  Is there anything you want to
> tell us  LOL
> 
> Ken
> WA2LBI
> 
> 
> 
> 
> On Tue, Aug 15, 2017 at 12:44 PM, Bob kb8tq  wrote:
> 
>> Hi
>> 
>> In the case of a spoof, the target is likely one specific vehicle. You
>> care about the
>> armored car with the big pile of gold bars in it. The objective is not to
>> get him to
>> drive into a bridge abutment. It’s to get him to turn left on the wrong
>> road. You tailor
>> the spoof so everything “makes sense”.  Likely you spend a *lot* of time
>> planning
>> just how the spoof will happen and what is down that road he turned on.
>> This isn’t
>> a random process ….
>> 
>> In the same sense, if you are going to spoof time, you do it for a
>> specific reason and
>> with a specific target. You want the bank vault to open early. You want
>> the stock trade
>> to get time stamped “just right”. There’s no need to throw off every clock
>> everywhere if
>> you can identify autonomous GPS based time islands. Finding those time
>> islands takes
>> work. So does tracking down the armored car with the gold in it ….
>> 
>> Bob
>> 
>> 
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-15 Thread jimlux 

On 8/15/17 9:58 AM, Ken Winterling wrote:

Hmmm   Bob,

It seems you have given a considerable amount of thought to armored cars,
gold bars, bank vaults, and stock trades...  Is there anything you want to
tell us  LOL



There's a lot of really neat time-nuts gear out there that's expensive. 
Building your own H-maser might be more of a challenge than a clever 
bank robbery (leaving aside the legal, moral, and ethical implications).


Or maybe Bob's writing a book

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-15 Thread Ken Winterling 
Hmmm   Bob,

It seems you have given a considerable amount of thought to armored cars,
gold bars, bank vaults, and stock trades...  Is there anything you want to
tell us  LOL

Ken
WA2LBI




On Tue, Aug 15, 2017 at 12:44 PM, Bob kb8tq  wrote:

> Hi
>
> In the case of a spoof, the target is likely one specific vehicle. You
> care about the
> armored car with the big pile of gold bars in it. The objective is not to
> get him to
> drive into a bridge abutment. It’s to get him to turn left on the wrong
> road. You tailor
> the spoof so everything “makes sense”.  Likely you spend a *lot* of time
> planning
> just how the spoof will happen and what is down that road he turned on.
> This isn’t
> a random process ….
>
> In the same sense, if you are going to spoof time, you do it for a
> specific reason and
> with a specific target. You want the bank vault to open early. You want
> the stock trade
> to get time stamped “just right”. There’s no need to throw off every clock
> everywhere if
> you can identify autonomous GPS based time islands. Finding those time
> islands takes
> work. So does tracking down the armored car with the gold in it ….
>
> Bob
>
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-15 Thread Bob kb8tq 
Hi

In the case of a spoof, the target is likely one specific vehicle. You care 
about the 
armored car with the big pile of gold bars in it. The objective is not to get 
him to 
drive into a bridge abutment. It’s to get him to turn left on the wrong road. 
You tailor 
the spoof so everything “makes sense”.  Likely you spend a *lot* of time 
planning 
just how the spoof will happen and what is down that road he turned on. This 
isn’t 
a random process ….

In the same sense, if you are going to spoof time, you do it for a specific 
reason and
with a specific target. You want the bank vault to open early. You want the 
stock trade
to get time stamped “just right”. There’s no need to throw off every clock 
everywhere if
you can identify autonomous GPS based time islands. Finding those time islands 
takes
work. So does tracking down the armored car with the gold in it ….

Bob

> On Aug 15, 2017, at 4:35 AM, Chris Albertson  
> wrote:
> 
> I think that even with a rudimentary and incomplete knowledge of the road
> network one could detect spoofing a car navigation system.   The car would
> show up inside buildings and farm fields and lakes.   You'd see this even
> on a very poor map.
> 
> If the spoofer moved the signal even 200 yards the match to the roads would
> be total rubbish and non sense.  It would be detectable even using very old
> maps with many segments missing
> 
> 
> 
> On Mon, Aug 14, 2017 at 3:10 PM, Ron Bean 
> wrote:
> 
>>> In a car it is even easier.  The car nav system KNOWS it must be on a
>>> roadway.  The car's ground track (positional history) must be on a road.
>> 
>> That's assuming the GPS company keeps their maps up to date (it doesn't
>> matter how often you update the maps in the device if the company's maps
>> don't keep up with reality). New roads appear, old ones occasionally get
>> moved.
>> 
>> ___
>> time-nuts mailing list -- time-nuts@febo.com
>> To unsubscribe, go to https://www.febo.com/cgi-bin/
>> mailman/listinfo/time-nuts
>> and follow the instructions there.
>> 
> 
> 
> 
> -- 
> 
> Chris Albertson
> Redondo Beach, California
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-15 Thread Chris Albertson 
I think that even with a rudimentary and incomplete knowledge of the road
network one could detect spoofing a car navigation system.   The car would
show up inside buildings and farm fields and lakes.   You'd see this even
on a very poor map.

If the spoofer moved the signal even 200 yards the match to the roads would
be total rubbish and non sense.  It would be detectable even using very old
maps with many segments missing



On Mon, Aug 14, 2017 at 3:10 PM, Ron Bean 
wrote:

> >In a car it is even easier.  The car nav system KNOWS it must be on a
> >roadway.  The car's ground track (positional history) must be on a road.
>
> That's assuming the GPS company keeps their maps up to date (it doesn't
> matter how often you update the maps in the device if the company's maps
> don't keep up with reality). New roads appear, old ones occasionally get
> moved.
>
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>



-- 

Chris Albertson
Redondo Beach, California
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-15 Thread Thomas Petig 
Hi all,

On Mon, Aug 14, 2017 at 06:10:33PM -0400, Ron Bean wrote:
> >In a car it is even easier.  The car nav system KNOWS it must be on a
> >roadway.  The car's ground track (positional history) must be on a road.
>
> That's assuming the GPS company keeps their maps up to date (it doesn't
> matter how often you update the maps in the device if the company's maps
> don't keep up with reality). New roads appear, old ones occasionally get
> moved.
In a regular vehicle you can still look out of the window and see the
GNSS fools you.

For autonomous vehicles we have seen that even with a rather expensive
unit, that is fusing IMU with RTK, the position is not accurate enough.
We see offsets of >10 m in urban areas due to multipath[1]. Thus, I
believe, map matching with LIDAR, RADAR, Cameras, etc. is necessary to
navigate an autonomous vehicle in urban areas. This allows, as a side
effect, to detect spoofing.

On ships RADAR is standard if visibility is low, but doesn't help if
there are no obstacles above water.

Best regards,
   Thomas

[1] Fusing odometry information would help a bit.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-15 Thread sarel 
 

This article from 2009:
http://web.stanford.edu/group/scpnt/gpslab/website_files/anti-spoofing/insideGNSS_rasd-montgomery.pdf


It talks about spoofing and preventing Spoofing. 

On 2017-08-15 09:06, REEVES Paul wrote: 

> This was referred to in my post (subject: 'Loran') on 8/8/17 and was a news 
> item in 'Inside GNSS' and other journals before that. Didn't get many 
> comments on my post :-( 
> Must have used the wrong subject
> 
> Paul G8GJA
> 
> -Original Message-
> From: time-nuts [mailto:time-nuts-boun...@febo.com] On Behalf Of John Allen
> Sent: 12 August 2017 22:23
> To: Discussion of precise time and frequency measurement
> Subject: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian 
> cyberweapon
> 
> FYI, John K1AE
> 
> -Original Message-
> From: YCCC [mailto:yccc-boun...@contesting.com] On Behalf Of ROBERT DOHERTY
> Sent: Saturday, August 12, 2017 9:26 AM
> To: YCCC Reflector
> Subject: [YCCC] Fwd: Re: [Radio Officers, ] Ships fooled in GPS spoofing 
> attack suggest Russian cyberweapon
> 
> As if there were not enough problems in the world .
> 
> Whitey K1VV
> 
>> Date: August 12, 2017 at 7:37 AM Subject: Re: [Radio Officers, ] Ships 
>> fooled in GPS spoofing attack suggest Russian cyberweapon Ships fooled in 
>> GPS spoofing attack suggest Russian cyberweapon News from: New Scientis 
>> (article reported by R/O Luca Milone - IZ7GEG) 
>> https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof [1] 
>> ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh are 
>> https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof [1] 
>> ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh are 
>> On date: 10 August 2017 By David Hambling Reports of satellite navigation 
>> problems in the Black Sea suggest that Russia may be testing a new system 
>> for spoofing GPS, New Scientist has learned. This could be the first hint of 
>> a new form of electronic warfare available to everyone from rogue nation 
>> states to petty criminals. On 22 June, the US Maritime Administration filed 
>> a seemingly bland incident report. The master of a ship
off the Russian port of Novorossiysk had discovered his GPS put him in the 
wrong spot - more than 32 kilometres inland, at Gelendzhik Airport. After 
checking the navigation equipment was working properly, the captain contacted 
other nearby ships. Their AIS traces - signals from the automatic 
identification system used to track vessels - placed them all at the same 
airport. At least 20 ships were affected 
http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea 
[2] . While the incident is not yet confirmed, experts think this is the first 
documented use of GPS misdirection - 
https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/ 
[3] a spoofing attack that has long been warned of but never been seen in the 
wild. Until now, the biggest worry for GPS has been it can be jammed 
https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/
 [4] by masking the GPS satellite signal with noise. While this can cause chaos,
it is also easy to detect. GPS receivers sound an alarm when they lose the 
signal due to jamming. Spoofing is more insidious: a false signal from a ground 
station simply confuses a satellite receiver. "Jamming just causes the receiver 
to die, spoofing causes the receiver to lie," says consultant David Last 
http://www.professordavidlast.co.uk/ [5] , former president of the UK's Royal 
Institute of Navigation. Todd Humphreys 
http://www.ae.utexas.edu/faculty/faculty-directory/humphreys [6] , of the 
University of Texas at Austin, has been warning of the coming danger of GPS 
spoofing for many years. In 2013, he showed how a superyacht with 
state-of-the-art navigation could be lured off-course by GPS spoofing. "The 
receiver's behaviour in the Black Sea incident was much like during the 
controlled attacks http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full [7] 
my team conducted," says Humphreys. Humphreys thinks this is Russia 
experimenting with a new form of electronic warfare. Over
the past year, GPS spoofing has been causing chaos for the receivers on phone 
apps in central Moscow to misbehave 
https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823 
[8] . The scale of the problem did not become apparent until people began 
trying to play Pokemon Go. The fake signal, which seems to centre on the 
Kremlin, relocates anyone nearby to Vnukovo Airport 
http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/
 [9] , 32 km away. This is probably for defensive reasons; many NATO guided 
bombs, missiles and drones rely on GPS navigation, and successful spoofing 
would make it impossible for them to hit their targets. But now the geolocation 
interference is being used far away from the Kremlin. Some

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-15 Thread REEVES Paul 
This was referred to in my post (subject: 'Loran') on 8/8/17 and was a news 
item in 'Inside GNSS' and other journals before that. Didn't get many comments 
on my post :-(  
 Must have used the wrong subject

Paul  G8GJA

-Original Message-
From: time-nuts [mailto:time-nuts-boun...@febo.com] On Behalf Of John Allen
Sent: 12 August 2017 22:23
To: Discussion of precise time and frequency measurement
Subject: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian 
cyberweapon

FYI, John K1AE

-Original Message-
From: YCCC [mailto:yccc-boun...@contesting.com] On Behalf Of ROBERT DOHERTY
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, ] Ships fooled in GPS spoofing 
attack suggest Russian cyberweapon

As if there were not enough problems in the world .

Whitey  K1VV  

> Date: August 12, 2017 at 7:37 AM
> Subject: Re: [Radio Officers, ] Ships fooled in GPS spoofing 
> attack suggest Russian cyberweapon
> 
> Ships fooled in GPS spoofing attack suggest Russian cyberweapon
> 
> News from: New Scientis (article reported by R/O Luca Milone – 
> IZ7GEG)
> 
> 
> https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof
> ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh
> are 
> https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof
> ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh
> are
> 
> 
> On date: 10 August 2017
> 
> By David Hambling
> 
> 
> Reports of satellite navigation problems in the Black Sea suggest that 
> Russia may be testing a new system for spoofing GPS, New Scientist has 
> learned. This could be the first hint of a new form of electronic warfare 
> available to everyone from rogue nation states to petty criminals.
> 
> 
> On 22 June, the US Maritime Administration filed a seemingly bland 
> incident report. The master of a ship off the Russian port of Novorossiysk 
> had discovered his GPS put him in the wrong spot – more than 32 kilometres 
> inland, at Gelendzhik Airport.
> 
> 
> After checking the navigation equipment was working properly, the captain 
> contacted other nearby ships. Their AIS traces – signals from the automatic 
> identification system used to track vessels – placed them all at the same 
> airport. At least 20 ships were affected 
> http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea
>  .
> 
>  
> While the incident is not yet confirmed, experts think this is the first 
> documented use of GPS misdirection – 
> https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/
>   a spoofing attack that has long been warned of but never been seen in the 
> wild.
> 
> 
> Until now, the biggest worry for GPS has been it can be jammed 
> https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/
>   by masking the GPS satellite signal with noise. While this can cause chaos, 
> it is also easy to detect. GPS receivers sound an alarm when they lose the 
> signal due to jamming. Spoofing is more insidious: a false signal from a 
> ground station simply confuses a satellite receiver. “Jamming just causes the 
> receiver to die, spoofing causes the receiver to lie,” says consultant David 
> Last http://www.professordavidlast.co.uk/ , former president of the UK’s 
> Royal Institute of Navigation.
> 
> 
> Todd Humphreys 
> http://www.ae.utexas.edu/faculty/faculty-directory/humphreys , of the 
> University of Texas at Austin, has been warning of the coming danger of GPS 
> spoofing for many years. In 2013, he showed how a superyacht with 
> state-of-the-art navigation could be lured off-course by GPS spoofing. “The 
> receiver’s behaviour in the Black Sea incident was much like during the 
> controlled attacks http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full  
> my team conducted,” says Humphreys.
> 
> 
> Humphreys thinks this is Russia experimenting with a new form of 
> electronic warfare. Over the past year, GPS spoofing has been causing chaos 
> for the receivers on phone apps in central Moscow to misbehave 
> https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823 
> . The scale of the problem did not become apparent until people began trying 
> to play Pokemon Go. The fake signal, which seems to centre on the Kremlin, 
> relocates anyone nearby to Vnukovo Airport 
> http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/
>  , 32 km away. This is probably for defensive reasons; many NATO guided 
> bombs, missiles and drones rely on GPS navigation, and successful spoofing 
> would make it impossible for them to hit their targets.
> 
> 
> But now the geolocation interference is being used far away from the 
> Kremlin. Some worry that this means that spoofing is getting easier. GPS 
> spoofing previously required

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Ron Bean 
>In a car it is even easier.  The car nav system KNOWS it must be on a
>roadway.  The car's ground track (positional history) must be on a road.

That's assuming the GPS company keeps their maps up to date (it doesn't 
matter how often you update the maps in the device if the company's maps 
don't keep up with reality). New roads appear, old ones occasionally get 
moved.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Chris Albertson 
Detecting a spoof is not really so hard.  What you need to redundancy.
When the two navigation methods diverge then you know one of them is acting
up.  (that is broken or being spoofed or just buggy)

On a ship you have magnetic compass and knot log and almost certainly gyros
and all these are typically NMEA connected.   Then of course there is a
paper based backup.   But just using the available electronics you could
detect divergence.

A large ship that is long enough could use two GPS receivers one at each
end.  The ship knows it's magnetic heading and the distance between the two
GPS receivers.  When the GPS solution is wrong the ship knows to ignore
GPS.An attacker would have to spoof so that both receivers are moved
the exact same direction and distance.   I'mhaving some trouble seeing how
that could be done. (not that it can't be done)   But in any case the first
method (divergence from expected location) would work eventually and not
requires any extra hardware.

In a car it is even easier.  The car nav system KNOWS it must be on a
roadway.  The car's ground track (positional history) must be on a road.
When this is no longer true the navigator can turn the screen red and say
"invalid gps signal".

I more sophisticated car such as a Tesla with autopilot sensors can do a
more sophisticated form of visual navigation and compare the observed road
type (multilane divided highway or residential) and it can notice when it
crosses intersections.   It should notice divergence from GPS more quickly
can could fail back to dead reckoning with visual updates.  Yes an
expensive to develop software system but not science fiction either.

In a way cars have it good because they know they can't drive though
building.

Commercial aircraft have even better data available that could be used to
compare with GPS, Ground based radar being one but many on-board systems as
well.

In short it is REALLY HARD to spoof information a person can  know from
other sources.



On Mon, Aug 14, 2017 at 11:29 AM, Bob kb8tq  wrote:

> HI
>
> Since multi path is a real issue in a mobile environment, defining what an
> “abnormal”
> change is could be quite tricky. A reasonable “spoof” would start with
> feeding the correct
> data and then slowly capture the target (still with correct data). Once he
> is are “in charge”
> signal wise, start doing whatever …. If you are talking about a ship, you
> have *lots* of time.
>
> Bob
>
> > On Aug 14, 2017, at 1:40 PM, ken Schwieker 
> wrote:
> >
> > Wouldn't monitoring the received signal strength and noting any
> non-normal increase (or decrease) level change indicate possible spoofing?
> The spoofing station would have no way to know what the target's
> > received signal strength would be.
> >
> > Ken S
> >
> >
> > ---
> > This email has been checked for viruses by AVG.
> > http://www.avg.com
> >
> > ___
> > time-nuts mailing list -- time-nuts@febo.com
> > To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> > and follow the instructions there.
>
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>



-- 

Chris Albertson
Redondo Beach, California
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Bob kb8tq 
Hi

Setting up the signals for any time / location on earth is simply  matter of 
a few mouse clicks with any of a number of packages. No need to do anything
more than that to get the data. 

Bob

> On Aug 14, 2017, at 3:02 PM, Graham / KE9H  wrote:
> 
> Remember the military drone that the Iranians tricked into landing in Iran
> a few years ago?
> 
> The best explanation I heard of how they did it was that they knew that if
> it lost its command channel, that it would return to the airport where it
> took off.
> 
> So, what they did was spoof the GPS with a signal that said it was 150
> miles further east than it actually was, then jam the control channel, and
> it set down nicely on the airport it came from, except that it was the
> desert in IRAN with a few rocks that ripped up its landing gear, and not
> its home runway.
> 
> Would this spoof be as easy as recording the real signal and playing it
> back (louder) delayed by about 120 seconds? (Assuming you want to shift
> things to the East.) (Also assume you have a relatively unsophisticated GPS
> nav receiver.)
> 
> --- Graham
> 
> ==
> 
> On Mon, Aug 14, 2017 at 1:41 PM, Bob kb8tq  wrote:
> 
>> Hi
>> 
>>> On Aug 14, 2017, at 2:13 PM, Chris Albertson 
>> wrote:
>>> 
>>> The trouble with spoofing location is that in theory every ship is using
>>> more than one method of navigation.   They would notice their GPS is
>> acting
>>> up and turn it off.
>> 
>> In most cases the “other method” is dead reckoning. That’s actually being
>> generous. There are a *lot* of cases every year where the answer is that
>> the vessel is on GPS autopilot with nobody at all on watch. Yes the
>> results of
>> breaking the law are fairly predictable. Actually having a competent
>> navigator
>> on duty all the time running “alternate” data, that costs money …..
>> 
>> Bob
>> 
>>> 
>>> I'm far from a professional but I've taken the  six week class and I'm
>>> reasonably certain I could find a place on the other side of the pacific
>>> ocean with no GPS.   The GPS is far easier to use and more accurate but
>> no
>>> one uses just GPS alone, they alway compare several methods.
>>> 
>>> On Mon, Aug 14, 2017 at 10:12 AM, Clint Jay  wrote:
>>> 
 I guess it would depend on the level of infrastructure available to the
 attacker, clock distribution is a reasonably well solved problem isn't
>> it?
 
 There would, I suppose also be the issue of receiver swamping, you could
 monitor received signal levels as it's my understanding that the signals
 from the satellites are weak enough that they're indiscernible from
>> noise
 floor without some rather complex processing?
 
 Authentication via signing could be another feasible way to prevent
 spoofing except we are potentially talking about interference from state
 actors who may even be the very people who run one of the satellite
 networks
 
 On 14 Aug 2017 5:51 pm, "Attila Kinali"  wrote:
 
> On Mon, 14 Aug 2017 12:09:43 -0400
> Tim Shoppa  wrote:
> 
>> I think if you are only trying to spoof a single receiver it would be
>> possible to walk a spoofed time/space code in a way that time moved
> without
>> so obvious of a discontinuity. I'm sure there would be effects a
 time-nut
>> could notice still.
> 
> Not really. Unless you have a multi-antenna setup (see jim's email),
> you have nothing to compare the signal to. Even an ideal reference
> clock in your GPS receiver does not help, as the attacker could be
> tracking you in such a way that you will never see a discontinuity
> in time or position and that all the other sanity checks you do
> still don't show anything.
> 
> With a two antenna setup, you can already check whether the phases
> add up to what you expect them to be, given your position relative
> to the satellites position. You do not need 3 antennas as a potential
> attacker can spoof the phase of some satellites correctly, but not
> of all at the same time. This at least gives you a spoof/no-spoof
>> signal.
> 
> With an antenna array you can do some masking of spoofers (ie placing
> a null where the spoofer comes from). But this increases the cost and
> complexity of the system super-linear with the number of antennas.
> Maybe one way to do it, would be to use a single receiver with a stable
> reference clock and switch between antennas in short succession. Ie
 similar
> to how the early single channel GPS receivers worked, but for antennas
> instead of SVs. But I have no idea how easy/difficult this would be
> to do and how well it would work against spoofers.
> 
>   Attila Kinali
> --
> It is upon moral qualities that a society is ultimately founded. All
> the

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Graham / KE9H 
Remember the military drone that the Iranians tricked into landing in Iran
a few years ago?

The best explanation I heard of how they did it was that they knew that if
it lost its command channel, that it would return to the airport where it
took off.

So, what they did was spoof the GPS with a signal that said it was 150
miles further east than it actually was, then jam the control channel, and
it set down nicely on the airport it came from, except that it was the
desert in IRAN with a few rocks that ripped up its landing gear, and not
its home runway.

Would this spoof be as easy as recording the real signal and playing it
back (louder) delayed by about 120 seconds? (Assuming you want to shift
things to the East.) (Also assume you have a relatively unsophisticated GPS
nav receiver.)

--- Graham

==

On Mon, Aug 14, 2017 at 1:41 PM, Bob kb8tq  wrote:

> Hi
>
> > On Aug 14, 2017, at 2:13 PM, Chris Albertson 
> wrote:
> >
> > The trouble with spoofing location is that in theory every ship is using
> > more than one method of navigation.   They would notice their GPS is
> acting
> > up and turn it off.
>
> In most cases the “other method” is dead reckoning. That’s actually being
> generous. There are a *lot* of cases every year where the answer is that
> the vessel is on GPS autopilot with nobody at all on watch. Yes the
> results of
> breaking the law are fairly predictable. Actually having a competent
> navigator
> on duty all the time running “alternate” data, that costs money …..
>
> Bob
>
> >
> > I'm far from a professional but I've taken the  six week class and I'm
> > reasonably certain I could find a place on the other side of the pacific
> > ocean with no GPS.   The GPS is far easier to use and more accurate but
> no
> > one uses just GPS alone, they alway compare several methods.
> >
> > On Mon, Aug 14, 2017 at 10:12 AM, Clint Jay  wrote:
> >
> >> I guess it would depend on the level of infrastructure available to the
> >> attacker, clock distribution is a reasonably well solved problem isn't
> it?
> >>
> >> There would, I suppose also be the issue of receiver swamping, you could
> >> monitor received signal levels as it's my understanding that the signals
> >> from the satellites are weak enough that they're indiscernible from
> noise
> >> floor without some rather complex processing?
> >>
> >> Authentication via signing could be another feasible way to prevent
> >> spoofing except we are potentially talking about interference from state
> >> actors who may even be the very people who run one of the satellite
> >> networks
> >>
> >> On 14 Aug 2017 5:51 pm, "Attila Kinali"  wrote:
> >>
> >>> On Mon, 14 Aug 2017 12:09:43 -0400
> >>> Tim Shoppa  wrote:
> >>>
>  I think if you are only trying to spoof a single receiver it would be
>  possible to walk a spoofed time/space code in a way that time moved
> >>> without
>  so obvious of a discontinuity. I'm sure there would be effects a
> >> time-nut
>  could notice still.
> >>>
> >>> Not really. Unless you have a multi-antenna setup (see jim's email),
> >>> you have nothing to compare the signal to. Even an ideal reference
> >>> clock in your GPS receiver does not help, as the attacker could be
> >>> tracking you in such a way that you will never see a discontinuity
> >>> in time or position and that all the other sanity checks you do
> >>> still don't show anything.
> >>>
> >>> With a two antenna setup, you can already check whether the phases
> >>> add up to what you expect them to be, given your position relative
> >>> to the satellites position. You do not need 3 antennas as a potential
> >>> attacker can spoof the phase of some satellites correctly, but not
> >>> of all at the same time. This at least gives you a spoof/no-spoof
> signal.
> >>>
> >>> With an antenna array you can do some masking of spoofers (ie placing
> >>> a null where the spoofer comes from). But this increases the cost and
> >>> complexity of the system super-linear with the number of antennas.
> >>> Maybe one way to do it, would be to use a single receiver with a stable
> >>> reference clock and switch between antennas in short succession. Ie
> >> similar
> >>> to how the early single channel GPS receivers worked, but for antennas
> >>> instead of SVs. But I have no idea how easy/difficult this would be
> >>> to do and how well it would work against spoofers.
> >>>
> >>>Attila Kinali
> >>> --
> >>> It is upon moral qualities that a society is ultimately founded. All
> >>> the prosperity and technological sophistication in the world is of no
> >>> use without that foundation.
> >>> -- Miss Matheson, The Diamond Age, Neil Stephenson
> >>> ___
> >>> time-nuts mailing list -- time-nuts@febo.com
> >>> To unsubscribe, go to https://www.febo.com/cgi-bin/
> >>>

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Hal Murray 

albertson.ch...@gmail.com said:
> I'm far from a professional but I've taken the  six week class and I'm
> reasonably certain I could find a place on the other side of the pacific
> ocean with no GPS.   The GPS is far easier to use and more accurate but no
> one uses just GPS alone, they alway compare several methods.

What's magic about the other side of the Pacific?   GPS is based on 
satellites that don't care if there is land or water underneath.

Do you have examples for "several methods"?  LORAN was turned off within the 
USA.  Few people know how to use a sextant.



-- 
These are my opinions.  I hate spam.



___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread jimlux 

On 8/14/17 10:24 AM, Magnus Danielson wrote:

Hi Jim,

On 08/14/2017 06:03 PM, jimlux wrote:

And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction.  It's pretty
easy to set up 3 antenna separated by 30 cm or so and tell what
direction the signal from each S/V is coming from.

I would expect that as spoofing/jamming becomes more of a problem
(e.g. all those Amazon delivery drones operating in a RF dense
environment) this will become sort of standard practice.

So now your spoofing becomes much more complex, because the sources
have to appear to come from the right place in the sky.  (fleets of
UAVs?)


You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe
problems.



I think it is more about are looking for "spoof detection" or "spoof 
immunity"..  Spoof detection is a easier bar.






There is an overbeliefe in such approaches, rather than trying to look
at the system analysis, since when you loose the GPS signal, what do you
do. I get blank stares all too often when I ask that trick question.



Most successful schemes rely on "side information" of one sort or 
another - whether from an IMU or from other sources.  Acquisition is 
always more vulnerable than track.


I don't do much, if any, of this stuff these days - that was more my 
thing in the mid-80s when I would killed to have the cheap processing 
power and fast data converters available today.




___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Magnus Danielson 

Hi,

Sure, some have started to work on it, but far from it. Traditional 
navigation helps a lot. While you have signal you can trim continously.


Cheers,
Magnus

On 08/14/2017 07:43 PM, paul swed wrote:

Sextent, compass, and clock.
Amazingly as posted on time nuts some time ago the Navy and Coast Guard
have re-introduced that training.

On Mon, Aug 14, 2017 at 1:24 PM, Magnus Danielson <
mag...@rubidium.dyndns.org> wrote:


Hi Jim,

On 08/14/2017 06:03 PM, jimlux wrote:


And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction.  It's pretty easy to
set up 3 antenna separated by 30 cm or so and tell what direction the
signal from each S/V is coming from.

I would expect that as spoofing/jamming becomes more of a problem (e.g.
all those Amazon delivery drones operating in a RF dense environment) this
will become sort of standard practice.

So now your spoofing becomes much more complex, because the sources have
to appear to come from the right place in the sky.  (fleets of UAVs?)



You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe
problems.

There is an overbeliefe in such approaches, rather than trying to look at
the system analysis, since when you loose the GPS signal, what do you do. I
get blank stares all too often when I ask that trick question.

Cheers,
Magnus
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/m
ailman/listinfo/time-nuts
and follow the instructions there.


___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.


___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Bob kb8tq 
Hi

> On Aug 14, 2017, at 2:13 PM, Chris Albertson  
> wrote:
> 
> The trouble with spoofing location is that in theory every ship is using
> more than one method of navigation.   They would notice their GPS is acting
> up and turn it off.

In most cases the “other method” is dead reckoning. That’s actually being 
generous. There are a *lot* of cases every year where the answer is that
the vessel is on GPS autopilot with nobody at all on watch. Yes the results of 
breaking the law are fairly predictable. Actually having a competent navigator
on duty all the time running “alternate” data, that costs money …..

Bob

> 
> I'm far from a professional but I've taken the  six week class and I'm
> reasonably certain I could find a place on the other side of the pacific
> ocean with no GPS.   The GPS is far easier to use and more accurate but no
> one uses just GPS alone, they alway compare several methods.
> 
> On Mon, Aug 14, 2017 at 10:12 AM, Clint Jay  wrote:
> 
>> I guess it would depend on the level of infrastructure available to the
>> attacker, clock distribution is a reasonably well solved problem isn't it?
>> 
>> There would, I suppose also be the issue of receiver swamping, you could
>> monitor received signal levels as it's my understanding that the signals
>> from the satellites are weak enough that they're indiscernible from noise
>> floor without some rather complex processing?
>> 
>> Authentication via signing could be another feasible way to prevent
>> spoofing except we are potentially talking about interference from state
>> actors who may even be the very people who run one of the satellite
>> networks
>> 
>> On 14 Aug 2017 5:51 pm, "Attila Kinali"  wrote:
>> 
>>> On Mon, 14 Aug 2017 12:09:43 -0400
>>> Tim Shoppa  wrote:
>>> 
 I think if you are only trying to spoof a single receiver it would be
 possible to walk a spoofed time/space code in a way that time moved
>>> without
 so obvious of a discontinuity. I'm sure there would be effects a
>> time-nut
 could notice still.
>>> 
>>> Not really. Unless you have a multi-antenna setup (see jim's email),
>>> you have nothing to compare the signal to. Even an ideal reference
>>> clock in your GPS receiver does not help, as the attacker could be
>>> tracking you in such a way that you will never see a discontinuity
>>> in time or position and that all the other sanity checks you do
>>> still don't show anything.
>>> 
>>> With a two antenna setup, you can already check whether the phases
>>> add up to what you expect them to be, given your position relative
>>> to the satellites position. You do not need 3 antennas as a potential
>>> attacker can spoof the phase of some satellites correctly, but not
>>> of all at the same time. This at least gives you a spoof/no-spoof signal.
>>> 
>>> With an antenna array you can do some masking of spoofers (ie placing
>>> a null where the spoofer comes from). But this increases the cost and
>>> complexity of the system super-linear with the number of antennas.
>>> Maybe one way to do it, would be to use a single receiver with a stable
>>> reference clock and switch between antennas in short succession. Ie
>> similar
>>> to how the early single channel GPS receivers worked, but for antennas
>>> instead of SVs. But I have no idea how easy/difficult this would be
>>> to do and how well it would work against spoofers.
>>> 
>>>Attila Kinali
>>> --
>>> It is upon moral qualities that a society is ultimately founded. All
>>> the prosperity and technological sophistication in the world is of no
>>> use without that foundation.
>>> -- Miss Matheson, The Diamond Age, Neil Stephenson
>>> ___
>>> time-nuts mailing list -- time-nuts@febo.com
>>> To unsubscribe, go to https://www.febo.com/cgi-bin/
>>> mailman/listinfo/time-nuts
>>> and follow the instructions there.
>>> 
>> ___
>> time-nuts mailing list -- time-nuts@febo.com
>> To unsubscribe, go to https://www.febo.com/cgi-bin/
>> mailman/listinfo/time-nuts
>> and follow the instructions there.
>> 
> 
> 
> 
> -- 
> 
> Chris Albertson
> Redondo Beach, California
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Bob kb8tq 
Hi

Consider what your automotive GPS receiver does coming out of a tunnel or out 
from under
a bunch of trees. It still needs to work correctly in that situation. Same 
thing with 
a big rain cloud “over there”.  I don’t think you would want a receiver that  
went nuts in those cases. 
I don’t think the military would want one either. 

Bob

> On Aug 14, 2017, at 1:49 PM, Tim Shoppa  wrote:
> 
> Civilian receivers generally do not measure absolute strength but instead
> report S/N. The spoofer could fake up a reasonable amount of noise to get a
> wimpy S/N with a much stronger signal.
> 
> Tim.
> 
> On Mon, Aug 14, 2017 at 1:40 PM, ken Schwieker 
> wrote:
> 
>> Wouldn't monitoring the received signal strength and noting any non-normal
>> increase (or decrease) level change indicate possible spoofing?  The
>> spoofing station would have no way to know what the target's
>> received signal strength would be.
>> 
>> Ken S
>> 
>> 
>> ---
>> This email has been checked for viruses by AVG.
>> http://www.avg.com
>> 
>> 
>> ___
>> time-nuts mailing list -- time-nuts@febo.com
>> To unsubscribe, go to https://www.febo.com/cgi-bin/m
>> ailman/listinfo/time-nuts
>> and follow the instructions there.
>> 
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Chris Albertson 
The trouble with spoofing location is that in theory every ship is using
more than one method of navigation.   They would notice their GPS is acting
up and turn it off.

I'm far from a professional but I've taken the  six week class and I'm
reasonably certain I could find a place on the other side of the pacific
ocean with no GPS.   The GPS is far easier to use and more accurate but no
one uses just GPS alone, they alway compare several methods.

On Mon, Aug 14, 2017 at 10:12 AM, Clint Jay  wrote:

> I guess it would depend on the level of infrastructure available to the
> attacker, clock distribution is a reasonably well solved problem isn't it?
>
> There would, I suppose also be the issue of receiver swamping, you could
> monitor received signal levels as it's my understanding that the signals
> from the satellites are weak enough that they're indiscernible from noise
> floor without some rather complex processing?
>
> Authentication via signing could be another feasible way to prevent
> spoofing except we are potentially talking about interference from state
> actors who may even be the very people who run one of the satellite
> networks
>
> On 14 Aug 2017 5:51 pm, "Attila Kinali"  wrote:
>
> > On Mon, 14 Aug 2017 12:09:43 -0400
> > Tim Shoppa  wrote:
> >
> > > I think if you are only trying to spoof a single receiver it would be
> > > possible to walk a spoofed time/space code in a way that time moved
> > without
> > > so obvious of a discontinuity. I'm sure there would be effects a
> time-nut
> > > could notice still.
> >
> > Not really. Unless you have a multi-antenna setup (see jim's email),
> > you have nothing to compare the signal to. Even an ideal reference
> > clock in your GPS receiver does not help, as the attacker could be
> > tracking you in such a way that you will never see a discontinuity
> > in time or position and that all the other sanity checks you do
> > still don't show anything.
> >
> > With a two antenna setup, you can already check whether the phases
> > add up to what you expect them to be, given your position relative
> > to the satellites position. You do not need 3 antennas as a potential
> > attacker can spoof the phase of some satellites correctly, but not
> > of all at the same time. This at least gives you a spoof/no-spoof signal.
> >
> > With an antenna array you can do some masking of spoofers (ie placing
> > a null where the spoofer comes from). But this increases the cost and
> > complexity of the system super-linear with the number of antennas.
> > Maybe one way to do it, would be to use a single receiver with a stable
> > reference clock and switch between antennas in short succession. Ie
> similar
> > to how the early single channel GPS receivers worked, but for antennas
> > instead of SVs. But I have no idea how easy/difficult this would be
> > to do and how well it would work against spoofers.
> >
> > Attila Kinali
> > --
> > It is upon moral qualities that a society is ultimately founded. All
> > the prosperity and technological sophistication in the world is of no
> > use without that foundation.
> >  -- Miss Matheson, The Diamond Age, Neil Stephenson
> > ___
> > time-nuts mailing list -- time-nuts@febo.com
> > To unsubscribe, go to https://www.febo.com/cgi-bin/
> > mailman/listinfo/time-nuts
> > and follow the instructions there.
> >
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>



-- 

Chris Albertson
Redondo Beach, California
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Bob kb8tq 
HI

Since multi path is a real issue in a mobile environment, defining what an 
“abnormal”
change is could be quite tricky. A reasonable “spoof” would start with feeding 
the correct
data and then slowly capture the target (still with correct data). Once he is 
are “in charge”
signal wise, start doing whatever …. If you are talking about a ship, you have 
*lots* of time.

Bob

> On Aug 14, 2017, at 1:40 PM, ken Schwieker  wrote:
> 
> Wouldn't monitoring the received signal strength and noting any non-normal 
> increase (or decrease) level change indicate possible spoofing?  The spoofing 
> station would have no way to know what the target's
> received signal strength would be.
> 
> Ken S
> 
> 
> ---
> This email has been checked for viruses by AVG.
> http://www.avg.com
> 
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Tim Shoppa 
Civilian receivers generally do not measure absolute strength but instead
report S/N. The spoofer could fake up a reasonable amount of noise to get a
wimpy S/N with a much stronger signal.

Tim.

On Mon, Aug 14, 2017 at 1:40 PM, ken Schwieker 
wrote:

> Wouldn't monitoring the received signal strength and noting any non-normal
> increase (or decrease) level change indicate possible spoofing?  The
> spoofing station would have no way to know what the target's
> received signal strength would be.
>
> Ken S
>
>
> ---
> This email has been checked for viruses by AVG.
> http://www.avg.com
>
>
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/m
> ailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Tim Shoppa 
In some sense the "jump everyone to the airport 32km away" is a
too-simplistic case because it's too easy to detect.

Let's just arbitrarily place 100nanoseconds as the threshold for detectable
time jump indicating that you're being spoofed. Yes modern timing receivers
do better than that all the time but navigation receivers are not timing
receivers.

The spoofing transmitter would need to know the single target's
3-dimensional location to 100 feet, to avoid detection of a spoofing
attempt, then. This seems possible or even likely, especially in the case
of a spoofing demonstration with slow seagoing vessels, or maybe even road
vehicles known to be traveling on a given highway combined with other
roadside sensors.

After the spoofer had acquired the spoofing target that way, giving it a
false (but not inconceivable) course to the wrong location seems possible.
If you know something about the craft's ability for inertial guidance you
would keep your fake course within those parameters.

So it all gets much easier ifyou can set up the local detection net at key
locations that a spoofing target is likely to travel through. A narrow
strait or a highway intersection. It all gets much harder when you have
multiple targets in your field of view that you want to spoof especially if
you can't follow them closely.

But maybe as long as all the GPS manufacturers are focusing on low
time-to-first-fix, the target GPS will always be too willing to believe a
completely arbitrary location. Us time-nuts don't mind surveying for days.
Real GPS positioining users want the answer much more quickly!

Tim N3QE



On Mon, Aug 14, 2017 at 12:51 PM, Attila Kinali  wrote:

> On Mon, 14 Aug 2017 12:09:43 -0400
> Tim Shoppa  wrote:
>
> > I think if you are only trying to spoof a single receiver it would be
> > possible to walk a spoofed time/space code in a way that time moved
> without
> > so obvious of a discontinuity. I'm sure there would be effects a time-nut
> > could notice still.
>
> Not really. Unless you have a multi-antenna setup (see jim's email),
> you have nothing to compare the signal to. Even an ideal reference
> clock in your GPS receiver does not help, as the attacker could be
> tracking you in such a way that you will never see a discontinuity
> in time or position and that all the other sanity checks you do
> still don't show anything.
>
> With a two antenna setup, you can already check whether the phases
> add up to what you expect them to be, given your position relative
> to the satellites position. You do not need 3 antennas as a potential
> attacker can spoof the phase of some satellites correctly, but not
> of all at the same time. This at least gives you a spoof/no-spoof signal.
>
> With an antenna array you can do some masking of spoofers (ie placing
> a null where the spoofer comes from). But this increases the cost and
> complexity of the system super-linear with the number of antennas.
> Maybe one way to do it, would be to use a single receiver with a stable
> reference clock and switch between antennas in short succession. Ie similar
> to how the early single channel GPS receivers worked, but for antennas
> instead of SVs. But I have no idea how easy/difficult this would be
> to do and how well it would work against spoofers.
>
> Attila Kinali
> --
> It is upon moral qualities that a society is ultimately founded. All
> the prosperity and technological sophistication in the world is of no
> use without that foundation.
>  -- Miss Matheson, The Diamond Age, Neil Stephenson
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread ken Schwieker 
Wouldn't monitoring the received signal strength and noting any 
non-normal increase (or decrease) level change indicate possible 
spoofing?  The spoofing station would have no way to know what the target's

received signal strength would be.

Ken S


---
This email has been checked for viruses by AVG.
http://www.avg.com

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread paul swed 
Sextent, compass, and clock.
Amazingly as posted on time nuts some time ago the Navy and Coast Guard
have re-introduced that training.

On Mon, Aug 14, 2017 at 1:24 PM, Magnus Danielson <
mag...@rubidium.dyndns.org> wrote:

> Hi Jim,
>
> On 08/14/2017 06:03 PM, jimlux wrote:
>
>> And GPS users who care about spoofing tend to use antenna systems that
>> will reject signals coming from the "wrong" direction.  It's pretty easy to
>> set up 3 antenna separated by 30 cm or so and tell what direction the
>> signal from each S/V is coming from.
>>
>> I would expect that as spoofing/jamming becomes more of a problem (e.g.
>> all those Amazon delivery drones operating in a RF dense environment) this
>> will become sort of standard practice.
>>
>> So now your spoofing becomes much more complex, because the sources have
>> to appear to come from the right place in the sky.  (fleets of UAVs?)
>>
>
> You gain maybe 10 to 20 dB, but not much more.
> A real protection scheme needs much more tolerance to handle severe
> problems.
>
> There is an overbeliefe in such approaches, rather than trying to look at
> the system analysis, since when you loose the GPS signal, what do you do. I
> get blank stares all too often when I ask that trick question.
>
> Cheers,
> Magnus
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/m
> ailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Bob kb8tq 
Hi


> On Aug 14, 2017, at 11:38 AM, Clint Jay  wrote:
> 
> All very true and yes, for a capable programmer and hardware tech it's not
> going to be an impossible task.
> 
> I would still expect a turnkey solution to exist though as I can see many
> applications for not just state actors.

There have been multiple “turn key” solutions out there for at least 10 years 
now.
It’s a bit like buying a couple hundred pounds of heroin. You just need to know 
where to shop ….

Bob


> 
> On 14 Aug 2017 4:32 pm, "Attila Kinali"  wrote:
> 
>> On Mon, 14 Aug 2017 10:26:13 +0100
>> Clint Jay  wrote:
>> 
>>> That it can "so easily" be spoofed (it's not a trivial hack to spoof and
>>> would, as far as I can see, take good knowledge of how GPS works and
>> skill
>>> to implement) is worrying and it could have disastrous consequences if
>>> anyone decided to use it for malicious means but I'd be surprised if
>> there
>>> wasn't a turnkey solution available to anyone who has the funds.
>> 
>> You don't need a turnkey solution. If you start from zero and are working
>> alone, it probably will take you a month or two to write the code to spoof
>> GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
>> you can do it in a weekend.
>> 
>> If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
>> it will take a bit longer, but not that much, as 90% of the code shared.
>> 
>> Not only is this very simple. All the documentation you need is readily
>> available and packaged such, that you don't need to know anything about
>> GNSS systems before you start and it will not slow you down significantly.
>> (e.g. Pick up the book from Hegarty and Kaplan and you can just write
>> the code as you read it).
>> 
>> The most difficult part of this is not creating the signals, but figuring
>> out a way what PRN's and fake position to choose, such that the tracking
>> loop of the target doesn't go completely bonkers and needs to do a
>> re-aquisition on all signals. But even that is not that difficult, if
>> you have some estimate of the target's location. Or you can simply not
>> care about it, if you have a slow moving target, like a car or a ship,
>> as the re-aquisition will take less than a minute.
>> 
>> 
>> There have been discussions on adding authentication to GNSS services
>> for quite some time (at least 10 years, probably longer). And it
>> culminated in the CS and PRS services of Galileo. I.e. they are a
>> restricted and/or paid-for service. I am pretty sure that this will
>> change at some point and the OS serivces (including the free services
>> of GPS) will provide some basic authentication system as well.
>> 
>> In the meantime, people who rely on GNSS heavily have monitoring
>> facilites that check the on air signals for degradation or spoofing.
>> As this requires multiple monitoring stations over the whole area
>> covered, to ensure that no spoofing or jamming attempt goes unnoticed,
>> this is rather expensive. The only use of this kind of system, that I
>> am aware of, are airports. And yes, this is not fool-proof. A narrow
>> beam spoofer pointed at some airplane will go unoticed, as all the
>> monitoring stations are on the ground.
>> 
>> 
>>Attila Kinali
>> 
>> --
>> It is upon moral qualities that a society is ultimately founded. All
>> the prosperity and technological sophistication in the world is of no
>> use without that foundation.
>> -- Miss Matheson, The Diamond Age, Neil Stephenson
>> ___
>> time-nuts mailing list -- time-nuts@febo.com
>> To unsubscribe, go to https://www.febo.com/cgi-bin/
>> mailman/listinfo/time-nuts
>> and follow the instructions there.
>> 
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Magnus Danielson 

Hi Jim,

On 08/14/2017 06:03 PM, jimlux wrote:
And GPS users who care about spoofing tend to use antenna systems that 
will reject signals coming from the "wrong" direction.  It's pretty easy 
to set up 3 antenna separated by 30 cm or so and tell what direction the 
signal from each S/V is coming from.


I would expect that as spoofing/jamming becomes more of a problem (e.g. 
all those Amazon delivery drones operating in a RF dense environment) 
this will become sort of standard practice.


So now your spoofing becomes much more complex, because the sources have 
to appear to come from the right place in the sky.  (fleets of UAVs?)


You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe 
problems.


There is an overbeliefe in such approaches, rather than trying to look 
at the system analysis, since when you loose the GPS signal, what do you 
do. I get blank stares all too often when I ask that trick question.


Cheers,
Magnus
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Clint Jay 
All very true and yes, for a capable programmer and hardware tech it's not
going to be an impossible task.

I would still expect a turnkey solution to exist though as I can see many
applications for not just state actors.

On 14 Aug 2017 4:32 pm, "Attila Kinali"  wrote:

> On Mon, 14 Aug 2017 10:26:13 +0100
> Clint Jay  wrote:
>
> > That it can "so easily" be spoofed (it's not a trivial hack to spoof and
> > would, as far as I can see, take good knowledge of how GPS works and
> skill
> > to implement) is worrying and it could have disastrous consequences if
> > anyone decided to use it for malicious means but I'd be surprised if
> there
> > wasn't a turnkey solution available to anyone who has the funds.
>
> You don't need a turnkey solution. If you start from zero and are working
> alone, it probably will take you a month or two to write the code to spoof
> GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
> you can do it in a weekend.
>
> If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
> it will take a bit longer, but not that much, as 90% of the code shared.
>
> Not only is this very simple. All the documentation you need is readily
> available and packaged such, that you don't need to know anything about
> GNSS systems before you start and it will not slow you down significantly.
> (e.g. Pick up the book from Hegarty and Kaplan and you can just write
> the code as you read it).
>
> The most difficult part of this is not creating the signals, but figuring
> out a way what PRN's and fake position to choose, such that the tracking
> loop of the target doesn't go completely bonkers and needs to do a
> re-aquisition on all signals. But even that is not that difficult, if
> you have some estimate of the target's location. Or you can simply not
> care about it, if you have a slow moving target, like a car or a ship,
> as the re-aquisition will take less than a minute.
>
>
> There have been discussions on adding authentication to GNSS services
> for quite some time (at least 10 years, probably longer). And it
> culminated in the CS and PRS services of Galileo. I.e. they are a
> restricted and/or paid-for service. I am pretty sure that this will
> change at some point and the OS serivces (including the free services
> of GPS) will provide some basic authentication system as well.
>
> In the meantime, people who rely on GNSS heavily have monitoring
> facilites that check the on air signals for degradation or spoofing.
> As this requires multiple monitoring stations over the whole area
> covered, to ensure that no spoofing or jamming attempt goes unnoticed,
> this is rather expensive. The only use of this kind of system, that I
> am aware of, are airports. And yes, this is not fool-proof. A narrow
> beam spoofer pointed at some airplane will go unoticed, as all the
> monitoring stations are on the ground.
>
>
> Attila Kinali
>
> --
> It is upon moral qualities that a society is ultimately founded. All
> the prosperity and technological sophistication in the world is of no
> use without that foundation.
>  -- Miss Matheson, The Diamond Age, Neil Stephenson
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Clint Jay 
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't it?

There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from noise
floor without some rather complex processing?

Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite networks

On 14 Aug 2017 5:51 pm, "Attila Kinali"  wrote:

> On Mon, 14 Aug 2017 12:09:43 -0400
> Tim Shoppa  wrote:
>
> > I think if you are only trying to spoof a single receiver it would be
> > possible to walk a spoofed time/space code in a way that time moved
> without
> > so obvious of a discontinuity. I'm sure there would be effects a time-nut
> > could notice still.
>
> Not really. Unless you have a multi-antenna setup (see jim's email),
> you have nothing to compare the signal to. Even an ideal reference
> clock in your GPS receiver does not help, as the attacker could be
> tracking you in such a way that you will never see a discontinuity
> in time or position and that all the other sanity checks you do
> still don't show anything.
>
> With a two antenna setup, you can already check whether the phases
> add up to what you expect them to be, given your position relative
> to the satellites position. You do not need 3 antennas as a potential
> attacker can spoof the phase of some satellites correctly, but not
> of all at the same time. This at least gives you a spoof/no-spoof signal.
>
> With an antenna array you can do some masking of spoofers (ie placing
> a null where the spoofer comes from). But this increases the cost and
> complexity of the system super-linear with the number of antennas.
> Maybe one way to do it, would be to use a single receiver with a stable
> reference clock and switch between antennas in short succession. Ie similar
> to how the early single channel GPS receivers worked, but for antennas
> instead of SVs. But I have no idea how easy/difficult this would be
> to do and how well it would work against spoofers.
>
> Attila Kinali
> --
> It is upon moral qualities that a society is ultimately founded. All
> the prosperity and technological sophistication in the world is of no
> use without that foundation.
>  -- Miss Matheson, The Diamond Age, Neil Stephenson
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Attila Kinali 
On Mon, 14 Aug 2017 12:09:43 -0400
Tim Shoppa  wrote:

> I think if you are only trying to spoof a single receiver it would be
> possible to walk a spoofed time/space code in a way that time moved without
> so obvious of a discontinuity. I'm sure there would be effects a time-nut
> could notice still.

Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.

With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof signal.

With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie similar
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.

Attila Kinali
-- 
It is upon moral qualities that a society is ultimately founded. All 
the prosperity and technological sophistication in the world is of no 
use without that foundation.
 -- Miss Matheson, The Diamond Age, Neil Stephenson
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Bob kb8tq 
Hi

Time is one more thing the spoofer needs to consider. It does not eliminate the
ability to spoof, it just adds one more factor to his setup. If he’s got a 
“clear” GPS
signal to base his spoof on, that gives him a timebase to use. 

Bob

> On Aug 14, 2017, at 12:09 PM, Tim Shoppa  wrote:
> 
> Bringing this back around to time-nuts - wouldn't the timescale
> discontinuity at the receiver, be a powerful clue that spoofing was going
> on? But these being navigation receivers they aren't looking so critically
> at the time.
> 
> Presumably this was a single-transmitter jammer that pretended it was a
> whole GPS constellation.
> 
> A 32 kilometer jump in position would've been a 10 to 100 microsecond time
> jump for at least some of the receivers in that section of the Black Sea.
> And 10 microseconds sticks out like a sore thumb to a time nut.
> 
> I think if you are only trying to spoof a single receiver it would be
> possible to walk a spoofed time/space code in a way that time moved without
> so obvious of a discontinuity. I'm sure there would be effects a time-nut
> could notice still.
> 
> Tim N3QE
> 
> 
> On Sat, Aug 12, 2017 at 5:23 PM, John Allen 
> wrote:
> 
>> FYI, John K1AE
>> 
>> -Original Message-
>> From: YCCC [mailto:yccc-boun...@contesting.com] On Behalf Of ROBERT
>> DOHERTY
>> Sent: Saturday, August 12, 2017 9:26 AM
>> To: YCCC Reflector
>> Subject: [YCCC] Fwd: Re: [Radio Officers, ] Ships fooled in GPS spoofing
>> attack suggest Russian cyberweapon
>> 
>> As if there were not enough problems in the world .
>> 
>> Whitey  K1VV
>> 
>>>Date: August 12, 2017 at 7:37 AM
>>>Subject: Re: [Radio Officers, ] Ships fooled in GPS spoofing
>> attack suggest Russian cyberweapon
>>> 
>>>Ships fooled in GPS spoofing attack suggest Russian cyberweapon
>>> 
>>>News from: New Scientis (article reported by R/O Luca Milone –
>> IZ7GEG)
>>> 
>>>https://www.newscientist.com/article/2143499-ships-fooled-
>> in-gps-spoofing-attack-suggest-russian-cyberweapon/#.
>> WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/
>> article/2143499-ships-fooled-in-gps-spoofing-attack-
>> suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
>>> 
>>> 
>>>On date: 10 August 2017
>>> 
>>>By David Hambling
>>> 
>>> 
>>>Reports of satellite navigation problems in the Black Sea suggest
>> that Russia may be testing a new system for spoofing GPS, New Scientist has
>> learned. This could be the first hint of a new form of electronic warfare
>> available to everyone from rogue nation states to petty criminals.
>>> 
>>> 
>>>On 22 June, the US Maritime Administration filed a seemingly bland
>> incident report. The master of a ship off the Russian port of Novorossiysk
>> had discovered his GPS put him in the wrong spot – more than 32 kilometres
>> inland, at Gelendzhik Airport.
>>> 
>>> 
>>>After checking the navigation equipment was working properly, the
>> captain contacted other nearby ships. Their AIS traces – signals from the
>> automatic identification system used to track vessels – placed them all at
>> the same airport. At least 20 ships were affected
>> http://maritime-executive.com/editorials/mass-gps-spoofing-
>> attack-in-black-sea .
>>> 
>>> 
>>>While the incident is not yet confirmed, experts think this is the
>> first documented use of GPS misdirection – https://www.marad.dot.gov/
>> msci/alert/2017/2017-005a-gps-interference-black-sea/  a spoofing attack
>> that has long been warned of but never been seen in the wild.
>>> 
>>> 
>>>Until now, the biggest worry for GPS has been it can be jammed
>> https://www.newscientist.com/article/dn20202-gps-chaos-how-
>> a-30-box-can-jam-your-life/  by masking the GPS satellite signal with
>> noise. While this can cause chaos, it is also easy to detect. GPS receivers
>> sound an alarm when they lose the signal due to jamming. Spoofing is more
>> insidious: a false signal from a ground station simply confuses a satellite
>> receiver. “Jamming just causes the receiver to die, spoofing causes the
>> receiver to lie,” says consultant David Last
>> http://www.professordavidlast.co.uk/ , former president of the UK’s Royal
>> Institute of Navigation.
>>> 
>>> 
>>>Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/
>> humphreys , of the University of Texas at Austin, has been warning of the
>> coming danger of GPS spoofing for many years. In 2013, he showed how a
>> superyacht with state-of-the-art navigation could be lured off-course by
>> GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much
>> like during the controlled attacks http://onlinelibrary.wiley.
>> com/doi/10.1002/navi.183/full  my team conducted,” says Humphreys.
>>> 
>>> 
>>>Humphreys thinks this is Russia experimenting with a new form of
>> electronic warfare. Over the past year, GPS spoofing has been causing chaos
>> for the receivers on phone apps in

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Bob kb8tq 
Hi

The big(er) deal with some systems is that they offer encrypted services. If 
you happen to have 
access to the crypto version, that’s going to help you. As long as you are 
using “public” (and thus
fully documented) modes … not a lot of difference. The same info that lets 
anybody design a 
receiver lets people design a spoofing system. 

Bob

> On Aug 14, 2017, at 11:54 AM, John Hawkinson  wrote:
> 
> So, what I wonder: to what extent (if any) are GPS, GLONASS, and Galileo 
> sufficiently different that it is challenging to spoof all three in the same 
> way? Is there any reason why it is more than 3 times the work to spoof all 3?
> 
> Is there something clever receivers can do, with awareness of all three 
> services, that makes them harder to spoof (beyond checking the services 
> against each other)?
> 
> --jh...@mit.edu
>  John Hawkinson
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Tim Shoppa 
Bringing this back around to time-nuts - wouldn't the timescale
discontinuity at the receiver, be a powerful clue that spoofing was going
on? But these being navigation receivers they aren't looking so critically
at the time.

Presumably this was a single-transmitter jammer that pretended it was a
whole GPS constellation.

A 32 kilometer jump in position would've been a 10 to 100 microsecond time
jump for at least some of the receivers in that section of the Black Sea.
And 10 microseconds sticks out like a sore thumb to a time nut.

I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved without
so obvious of a discontinuity. I'm sure there would be effects a time-nut
could notice still.

Tim N3QE


On Sat, Aug 12, 2017 at 5:23 PM, John Allen 
wrote:

> FYI, John K1AE
>
> -Original Message-
> From: YCCC [mailto:yccc-boun...@contesting.com] On Behalf Of ROBERT
> DOHERTY
> Sent: Saturday, August 12, 2017 9:26 AM
> To: YCCC Reflector
> Subject: [YCCC] Fwd: Re: [Radio Officers, ] Ships fooled in GPS spoofing
> attack suggest Russian cyberweapon
>
> As if there were not enough problems in the world .
>
> Whitey  K1VV
>
> > Date: August 12, 2017 at 7:37 AM
> > Subject: Re: [Radio Officers, ] Ships fooled in GPS spoofing
> attack suggest Russian cyberweapon
> >
> > Ships fooled in GPS spoofing attack suggest Russian cyberweapon
> >
> > News from: New Scientis (article reported by R/O Luca Milone –
> IZ7GEG)
> >
> > https://www.newscientist.com/article/2143499-ships-fooled-
> in-gps-spoofing-attack-suggest-russian-cyberweapon/#.
> WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/
> article/2143499-ships-fooled-in-gps-spoofing-attack-
> suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
> >
> >
> > On date: 10 August 2017
> >
> > By David Hambling
> >
> >
> > Reports of satellite navigation problems in the Black Sea suggest
> that Russia may be testing a new system for spoofing GPS, New Scientist has
> learned. This could be the first hint of a new form of electronic warfare
> available to everyone from rogue nation states to petty criminals.
> >
> >
> > On 22 June, the US Maritime Administration filed a seemingly bland
> incident report. The master of a ship off the Russian port of Novorossiysk
> had discovered his GPS put him in the wrong spot – more than 32 kilometres
> inland, at Gelendzhik Airport.
> >
> >
> > After checking the navigation equipment was working properly, the
> captain contacted other nearby ships. Their AIS traces – signals from the
> automatic identification system used to track vessels – placed them all at
> the same airport. At least 20 ships were affected
> http://maritime-executive.com/editorials/mass-gps-spoofing-
> attack-in-black-sea .
> >
> >
> > While the incident is not yet confirmed, experts think this is the
> first documented use of GPS misdirection – https://www.marad.dot.gov/
> msci/alert/2017/2017-005a-gps-interference-black-sea/  a spoofing attack
> that has long been warned of but never been seen in the wild.
> >
> >
> > Until now, the biggest worry for GPS has been it can be jammed
> https://www.newscientist.com/article/dn20202-gps-chaos-how-
> a-30-box-can-jam-your-life/  by masking the GPS satellite signal with
> noise. While this can cause chaos, it is also easy to detect. GPS receivers
> sound an alarm when they lose the signal due to jamming. Spoofing is more
> insidious: a false signal from a ground station simply confuses a satellite
> receiver. “Jamming just causes the receiver to die, spoofing causes the
> receiver to lie,” says consultant David Last
> http://www.professordavidlast.co.uk/ , former president of the UK’s Royal
> Institute of Navigation.
> >
> >
> > Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/
> humphreys , of the University of Texas at Austin, has been warning of the
> coming danger of GPS spoofing for many years. In 2013, he showed how a
> superyacht with state-of-the-art navigation could be lured off-course by
> GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much
> like during the controlled attacks http://onlinelibrary.wiley.
> com/doi/10.1002/navi.183/full  my team conducted,” says Humphreys.
> >
> >
> > Humphreys thinks this is Russia experimenting with a new form of
> electronic warfare. Over the past year, GPS spoofing has been causing chaos
> for the receivers on phone apps in central Moscow to misbehave
> https://themoscowtimes.com/articles/the-kremlin-eats-gps-
> for-breakfast-55823 . The scale of the problem did not become apparent
> until people began trying to play Pokemon Go. The fake signal, which seems
> to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport
> http://www.thetruthaboutcars.com/2017/01/bizarre-gps-
> spoofing-means-drivers-near-kremlin-always-airport/ , 32 km

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread jimlux 

On 8/14/17 8:24 AM, Attila Kinali wrote:

On Mon, 14 Aug 2017 10:26:13 +0100
Clint Jay  wrote:


That it can "so easily" be spoofed (it's not a trivial hack to spoof and
would, as far as I can see, take good knowledge of how GPS works and skill
to implement) is worrying and it could have disastrous consequences if
anyone decided to use it for malicious means but I'd be surprised if there
wasn't a turnkey solution available to anyone who has the funds.


You don't need a turnkey solution. If you start from zero and are working
alone, it probably will take you a month or two to write the code to spoof
GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
you can do it in a weekend.

If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
it will take a bit longer, but not that much, as 90% of the code shared.

Not only is this very simple. All the documentation you need is readily
available and packaged such, that you don't need to know anything about
GNSS systems before you start and it will not slow you down significantly.
(e.g. Pick up the book from Hegarty and Kaplan and you can just write
the code as you read it).

The most difficult part of this is not creating the signals, but figuring
out a way what PRN's and fake position to choose, such that the tracking
loop of the target doesn't go completely bonkers and needs to do a
re-aquisition on all signals. But even that is not that difficult, if
you have some estimate of the target's location. Or you can simply not
care about it, if you have a slow moving target, like a car or a ship,
as the re-aquisition will take less than a minute.


There have been discussions on adding authentication to GNSS services
for quite some time (at least 10 years, probably longer). And it
culminated in the CS and PRS services of Galileo. I.e. they are a
restricted and/or paid-for service. I am pretty sure that this will
change at some point and the OS serivces (including the free services
of GPS) will provide some basic authentication system as well.

In the meantime, people who rely on GNSS heavily have monitoring
facilites that check the on air signals for degradation or spoofing.
As this requires multiple monitoring stations over the whole area
covered, to ensure that no spoofing or jamming attempt goes unnoticed,
this is rather expensive. The only use of this kind of system, that I
am aware of, are airports. And yes, this is not fool-proof. A narrow
beam spoofer pointed at some airplane will go unoticed, as all the
monitoring stations are on the ground.


And GPS users who care about spoofing tend to use antenna systems that 
will reject signals coming from the "wrong" direction.  It's pretty easy 
to set up 3 antenna separated by 30 cm or so and tell what direction the 
signal from each S/V is coming from.


I would expect that as spoofing/jamming becomes more of a problem (e.g. 
all those Amazon delivery drones operating in a RF dense environment) 
this will become sort of standard practice.


So now your spoofing becomes much more complex, because the sources have 
to appear to come from the right place in the sky.  (fleets of UAVs?)





Attila Kinali



___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread John Hawkinson 
So, what I wonder: to what extent (if any) are GPS, GLONASS, and Galileo 
sufficiently different that it is challenging to spoof all three in the same 
way? Is there any reason why it is more than 3 times the work to spoof all 3?

Is there something clever receivers can do, with awareness of all three 
services, that makes them harder to spoof (beyond checking the services against 
each other)?

--jh...@mit.edu
  John Hawkinson
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Attila Kinali 
On Mon, 14 Aug 2017 10:26:13 +0100
Clint Jay  wrote:

> That it can "so easily" be spoofed (it's not a trivial hack to spoof and
> would, as far as I can see, take good knowledge of how GPS works and skill
> to implement) is worrying and it could have disastrous consequences if
> anyone decided to use it for malicious means but I'd be surprised if there
> wasn't a turnkey solution available to anyone who has the funds.

You don't need a turnkey solution. If you start from zero and are working 
alone, it probably will take you a month or two to write the code to spoof
GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
you can do it in a weekend. 

If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
it will take a bit longer, but not that much, as 90% of the code shared.

Not only is this very simple. All the documentation you need is readily
available and packaged such, that you don't need to know anything about
GNSS systems before you start and it will not slow you down significantly.
(e.g. Pick up the book from Hegarty and Kaplan and you can just write
the code as you read it).

The most difficult part of this is not creating the signals, but figuring
out a way what PRN's and fake position to choose, such that the tracking
loop of the target doesn't go completely bonkers and needs to do a
re-aquisition on all signals. But even that is not that difficult, if
you have some estimate of the target's location. Or you can simply not
care about it, if you have a slow moving target, like a car or a ship,
as the re-aquisition will take less than a minute.


There have been discussions on adding authentication to GNSS services
for quite some time (at least 10 years, probably longer). And it
culminated in the CS and PRS services of Galileo. I.e. they are a
restricted and/or paid-for service. I am pretty sure that this will
change at some point and the OS serivces (including the free services
of GPS) will provide some basic authentication system as well.

In the meantime, people who rely on GNSS heavily have monitoring
facilites that check the on air signals for degradation or spoofing.
As this requires multiple monitoring stations over the whole area
covered, to ensure that no spoofing or jamming attempt goes unnoticed,
this is rather expensive. The only use of this kind of system, that I
am aware of, are airports. And yes, this is not fool-proof. A narrow
beam spoofer pointed at some airplane will go unoticed, as all the
monitoring stations are on the ground.


Attila Kinali

-- 
It is upon moral qualities that a society is ultimately founded. All 
the prosperity and technological sophistication in the world is of no 
use without that foundation.
 -- Miss Matheson, The Diamond Age, Neil Stephenson
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Martin Burnicki 
Hi Björn,

bg wrote:
> Hi Martin,
> No there was also a SDR hack to spoof.
> http://www.rtl-sdr.com/cheating-at-pokemon-go-with-a-hackrf-and-gps-spoofing/

This sounds indeed like a nice way to test if a real spoofing approach
is working properly, so it could also be used to do really evil things.

But of course it's a nice way to demonstrate how easy it's possible.

Thanks for the pointer.

Martin

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Clint Jay 
Oh definitely and if I was going to cheat at Pokémon then that'd be the
most cost effective method (yes, I play, my 9 year old son insists) but I'd
rather have the "fun" of actually catching them the proper way

On 14 Aug 2017 12:08 pm, "Martin Burnicki" 
wrote:

> Clint Jay wrote:
> > No, this was not the software hack, it was done with some rather nice
> > Rohde test equipment.
>
> Ah, OK, of course that's also possible.
>
> However, what I found was much simpler:
> https://devs-lab.com/how-to-play-pokemon-go-without-
> moving-no-root-required.html
>
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Martin Burnicki 
Clint Jay wrote:
> No, this was not the software hack, it was done with some rather nice
> Rohde test equipment.

Ah, OK, of course that's also possible.

However, what I found was much simpler:
https://devs-lab.com/how-to-play-pokemon-go-without-moving-no-root-required.html

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Clint Jay 
No, this was not the software hack, it was done with some rather nice
Rohde test equipment.

On 14 Aug 2017 10:42 am, "Martin Burnicki" 
wrote:

> Clint Jay wrote:
> > Absolutely, their use of it was for something trivial and my reason for
> > using that example was to show how 'simple' and available the technology
> is
> > if a couple of students could do it with lab equipment that anyone can
> buy
> > (obviously you'd need deep pockets).
>
> I just searched for "Pokémon GO GPS spoofing" on the 'net.
>
> Looks like this was just a hack in Android where apps were provided with
> a spoofed position from the hack instead of the true position determined
> by the GPS/GNSS receiver.
>
> So this is quite a different thing than spoofing the real GPS signals,
> and it only affects the devices which have that hack installed.
>
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread bg 
Hi Martin,
No there was also a SDR hack to spoof.
http://www.rtl-sdr.com/cheating-at-pokemon-go-with-a-hackrf-and-gps-spoofing/
--
     Björn


Sent from my smartphone.
 Original message From: Martin Burnicki 
<martin.burni...@burnicki.net> Date: 14/08/2017  11:42  (GMT+01:00) To: 
Discussion of precise time and frequency measurement <time-nuts@febo.com> 
Subject: Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian
  cyberweapon 
Clint Jay wrote:
> Absolutely, their use of it was for something trivial and my reason for
> using that example was to show how 'simple' and available the technology is
> if a couple of students could do it with lab equipment that anyone can buy
> (obviously you'd need deep pockets).

I just searched for "Pokémon GO GPS spoofing" on the 'net.

Looks like this was just a hack in Android where apps were provided with
a spoofed position from the hack instead of the true position determined
by the GPS/GNSS receiver.

So this is quite a different thing than spoofing the real GPS signals,
and it only affects the devices which have that hack installed.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Martin Burnicki 
Clint Jay wrote:
> Absolutely, their use of it was for something trivial and my reason for
> using that example was to show how 'simple' and available the technology is
> if a couple of students could do it with lab equipment that anyone can buy
> (obviously you'd need deep pockets).

I just searched for "Pokémon GO GPS spoofing" on the 'net.

Looks like this was just a hack in Android where apps were provided with
a spoofed position from the hack instead of the true position determined
by the GPS/GNSS receiver.

So this is quite a different thing than spoofing the real GPS signals,
and it only affects the devices which have that hack installed.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Martin Burnicki 
Clint Jay wrote:
> Absolutely, their use of it was for something trivial and my reason for
> using that example was to show how 'simple' and available the technology is
> if a couple of students could do it with lab equipment that anyone can buy
> (obviously you'd need deep pockets).
> 
> That it can "so easily" be spoofed (it's not a trivial hack to spoof and
> would, as far as I can see, take good knowledge of how GPS works and skill
> to implement) is worrying and it could have disastrous consequences if
> anyone decided to use it for malicious means but I'd be surprised if there
> wasn't a turnkey solution available to anyone who has the funds.

I absolutely agree.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Clint Jay 
Absolutely, their use of it was for something trivial and my reason for
using that example was to show how 'simple' and available the technology is
if a couple of students could do it with lab equipment that anyone can buy
(obviously you'd need deep pockets).

That it can "so easily" be spoofed (it's not a trivial hack to spoof and
would, as far as I can see, take good knowledge of how GPS works and skill
to implement) is worrying and it could have disastrous consequences if
anyone decided to use it for malicious means but I'd be surprised if there
wasn't a turnkey solution available to anyone who has the funds.

On 14 Aug 2017 10:04 am, "Martin Burnicki" 
wrote:

> Clint Jay wrote:
> > It might have been a hoax but I'm sure I saw it demonstrated by a couple
> of
> > students who used it to fool Pokémon go...
>
> Yes, I read about that, too. However, related to Pokémon go it's just
> fun, but related to serious application it can cause quite some damage.
>
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Martin Burnicki 
Clint Jay wrote:
> It might have been a hoax but I'm sure I saw it demonstrated by a couple of
> students who used it to fool Pokémon go...

Yes, I read about that, too. However, related to Pokémon go it's just
fun, but related to serious application it can cause quite some damage.

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Clint Jay 
It might have been a hoax but I'm sure I saw it demonstrated by a couple of
students who used it to fool Pokémon go...

On 14 Aug 2017 8:27 am, "Martin Burnicki" 
wrote:

> Clint Jay wrote:
> > Didn't someone demonstrate this using some rather expensive but 'off the
> > shelf' Rohde & Schwarz lab gear a year or so ago?
>
> https://news.utexas.edu/2013/07/29/ut-austin-researchers-
> successfully-spoof-an-80-million-yacht-at-sea
>
> https://sofrep.com/46818/gps-spoofing-how-iran-tricked-us-
> patrol-boats-into-capture/
>
> Martin
>
> ___
> time-nuts mailing list -- time-nuts@febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Martin Burnicki 
Clint Jay wrote:
> Didn't someone demonstrate this using some rather expensive but 'off the
> shelf' Rohde & Schwarz lab gear a year or so ago?

https://news.utexas.edu/2013/07/29/ut-austin-researchers-successfully-spoof-an-80-million-yacht-at-sea

https://sofrep.com/46818/gps-spoofing-how-iran-tricked-us-patrol-boats-into-capture/

Martin

___
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-14 Thread Bill Byrom 
This has been an area of interest to the US Air Force for many years:

http://www.ainonline.com/aviation-news/aviation-international-news/2006-10-18/usaf-facility-tests-gps-jamming-vulnerability

--
Bill Byrom N5BB

On Mon, Aug 14, 2017, at 12:46 AM, Clint Jay wrote:
> Didn't someone demonstrate this using some rather expensive but 'off the
> shelf' Rohde & Schwarz lab gear a year or so ago?
> 
> 
> 
> On 12 August 2017 at 22:23, John Allen 
> wrote:
> 
> > FYI, John K1AE
> >
> > -Original Message-
> > From: YCCC [mailto:yccc-boun...@contesting.com] On Behalf Of ROBERT
> > DOHERTY
> > Sent: Saturday, August 12, 2017 9:26 AM
> > To: YCCC Reflector
> > Subject: [YCCC] Fwd: Re: [Radio Officers, ] Ships fooled in GPS spoofing
> > attack suggest Russian cyberweapon
> >
> > As if there were not enough problems in the world .
> >
> > Whitey  K1VV
> >
> > > Date: August 12, 2017 at 7:37 AM
> > > Subject: Re: [Radio Officers, ] Ships fooled in GPS spoofing
> > attack suggest Russian cyberweapon
> > >
> > > Ships fooled in GPS spoofing attack suggest Russian cyberweapon
> > >
> > > News from: New Scientis (article reported by R/O Luca Milone –
> > IZ7GEG)
> > >
> > > https://www.newscientist.com/article/2143499-ships-fooled-
> > in-gps-spoofing-attack-suggest-russian-cyberweapon/#.
> > WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/
> > article/2143499-ships-fooled-in-gps-spoofing-attack-
> > suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
> > >
> > >
> > > On date: 10 August 2017
> > >
> > > By David Hambling
> > >
> > >
> > > Reports of satellite navigation problems in the Black Sea suggest
> > that Russia may be testing a new system for spoofing GPS, New Scientist has
> > learned. This could be the first hint of a new form of electronic warfare
> > available to everyone from rogue nation states to petty criminals.
> > >
> > >
> > > On 22 June, the US Maritime Administration filed a seemingly bland
> > incident report. The master of a ship off the Russian port of Novorossiysk
> > had discovered his GPS put him in the wrong spot – more than 32 kilometres
> > inland, at Gelendzhik Airport.
> > >
> > >
> > > After checking the navigation equipment was working properly, the
> > captain contacted other nearby ships. Their AIS traces – signals from the
> > automatic identification system used to track vessels – placed them all at
> > the same airport. At least 20 ships were affected
> > http://maritime-executive.com/editorials/mass-gps-spoofing-
> > attack-in-black-sea .
> > >
> > >
> > > While the incident is not yet confirmed, experts think this is the
> > first documented use of GPS misdirection – https://www.marad.dot.gov/
> > msci/alert/2017/2017-005a-gps-interference-black-sea/  a spoofing attack
> > that has long been warned of but never been seen in the wild.
> > >
> > >
> > > Until now, the biggest worry for GPS has been it can be jammed
> > https://www.newscientist.com/article/dn20202-gps-chaos-how-
> > a-30-box-can-jam-your-life/  by masking the GPS satellite signal with
> > noise. While this can cause chaos, it is also easy to detect. GPS receivers
> > sound an alarm when they lose the signal due to jamming. Spoofing is more
> > insidious: a false signal from a ground station simply confuses a satellite
> > receiver. “Jamming just causes the receiver to die, spoofing causes the
> > receiver to lie,” says consultant David Last
> > http://www.professordavidlast.co.uk/ , former president of the UK’s Royal
> > Institute of Navigation.
> > >
> > >
> > > Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/
> > humphreys , of the University of Texas at Austin, has been warning of the
> > coming danger of GPS spoofing for many years. In 2013, he showed how a
> > superyacht with state-of-the-art navigation could be lured off-course by
> > GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much
> > like during the controlled attacks http://onlinelibrary.wiley.
> > com/doi/10.1002/navi.183/full  my team conducted,” says Humphreys.
> > >
> > >
> > > Humphreys thinks this is Russia experimenting with a new form of
> > electronic warfare. Over the past year, GPS spoofing has been causing chaos
> > for the receivers on phone apps in central Moscow to misbehave
> > https://themoscowtimes.com/articles/the-kremlin-eats-gps-
> > for-breakfast-55823 . The scale of the problem did not become apparent
> > until people began trying to play Pokemon Go. The fake signal, which seems
> > to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport
> > http://www.thetruthaboutcars.com/2017/01/bizarre-gps-
> > spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is
> > probably for defensive reasons; many NATO guided bombs, missiles and drones
> > rely on GPS navigation, and successful spoofing would make it impossible
> > for them to hit their targets.

Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

2017-08-13 Thread Clint Jay 
Didn't someone demonstrate this using some rather expensive but 'off the
shelf' Rohde & Schwarz lab gear a year or so ago?



On 12 August 2017 at 22:23, John Allen  wrote:

> FYI, John K1AE
>
> -Original Message-
> From: YCCC [mailto:yccc-boun...@contesting.com] On Behalf Of ROBERT
> DOHERTY
> Sent: Saturday, August 12, 2017 9:26 AM
> To: YCCC Reflector
> Subject: [YCCC] Fwd: Re: [Radio Officers, ] Ships fooled in GPS spoofing
> attack suggest Russian cyberweapon
>
> As if there were not enough problems in the world .
>
> Whitey  K1VV
>
> > Date: August 12, 2017 at 7:37 AM
> > Subject: Re: [Radio Officers, ] Ships fooled in GPS spoofing
> attack suggest Russian cyberweapon
> >
> > Ships fooled in GPS spoofing attack suggest Russian cyberweapon
> >
> > News from: New Scientis (article reported by R/O Luca Milone –
> IZ7GEG)
> >
> > https://www.newscientist.com/article/2143499-ships-fooled-
> in-gps-spoofing-attack-suggest-russian-cyberweapon/#.
> WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/
> article/2143499-ships-fooled-in-gps-spoofing-attack-
> suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
> >
> >
> > On date: 10 August 2017
> >
> > By David Hambling
> >
> >
> > Reports of satellite navigation problems in the Black Sea suggest
> that Russia may be testing a new system for spoofing GPS, New Scientist has
> learned. This could be the first hint of a new form of electronic warfare
> available to everyone from rogue nation states to petty criminals.
> >
> >
> > On 22 June, the US Maritime Administration filed a seemingly bland
> incident report. The master of a ship off the Russian port of Novorossiysk
> had discovered his GPS put him in the wrong spot – more than 32 kilometres
> inland, at Gelendzhik Airport.
> >
> >
> > After checking the navigation equipment was working properly, the
> captain contacted other nearby ships. Their AIS traces – signals from the
> automatic identification system used to track vessels – placed them all at
> the same airport. At least 20 ships were affected
> http://maritime-executive.com/editorials/mass-gps-spoofing-
> attack-in-black-sea .
> >
> >
> > While the incident is not yet confirmed, experts think this is the
> first documented use of GPS misdirection – https://www.marad.dot.gov/
> msci/alert/2017/2017-005a-gps-interference-black-sea/  a spoofing attack
> that has long been warned of but never been seen in the wild.
> >
> >
> > Until now, the biggest worry for GPS has been it can be jammed
> https://www.newscientist.com/article/dn20202-gps-chaos-how-
> a-30-box-can-jam-your-life/  by masking the GPS satellite signal with
> noise. While this can cause chaos, it is also easy to detect. GPS receivers
> sound an alarm when they lose the signal due to jamming. Spoofing is more
> insidious: a false signal from a ground station simply confuses a satellite
> receiver. “Jamming just causes the receiver to die, spoofing causes the
> receiver to lie,” says consultant David Last
> http://www.professordavidlast.co.uk/ , former president of the UK’s Royal
> Institute of Navigation.
> >
> >
> > Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/
> humphreys , of the University of Texas at Austin, has been warning of the
> coming danger of GPS spoofing for many years. In 2013, he showed how a
> superyacht with state-of-the-art navigation could be lured off-course by
> GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much
> like during the controlled attacks http://onlinelibrary.wiley.
> com/doi/10.1002/navi.183/full  my team conducted,” says Humphreys.
> >
> >
> > Humphreys thinks this is Russia experimenting with a new form of
> electronic warfare. Over the past year, GPS spoofing has been causing chaos
> for the receivers on phone apps in central Moscow to misbehave
> https://themoscowtimes.com/articles/the-kremlin-eats-gps-
> for-breakfast-55823 . The scale of the problem did not become apparent
> until people began trying to play Pokemon Go. The fake signal, which seems
> to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport
> http://www.thetruthaboutcars.com/2017/01/bizarre-gps-
> spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is
> probably for defensive reasons; many NATO guided bombs, missiles and drones
> rely on GPS navigation, and successful spoofing would make it impossible
> for them to hit their targets.
> >
> >
> > But now the geolocation interference is being used far away from the
> Kremlin. Some worry that this means that spoofing is getting easier. GPS
> spoofing previously required considerable technical expertise. Humphreys
> had to build his first spoofer from scratch in 2008, but notes that it can
> now be done with commercial hardware and software downloaded from the
> Internet.
> >
> >
> > Nor does it require much power. Satellite signals are very