The Next Big Threat to National Security Is ‘Spoofing’

Treat GPS like Reagan treated Russia: Trust but verify

The new director of the CIA, Rep. Mike Pompeo during his confirmation hearing before the Senate Intelligence Committee on January 12, 2017 in Washington, DC.
The new director of the CIA, Rep. Mike Pompeo during his confirmation hearing before the Senate Intelligence Committee on January 12, 2017 in Washington, DC. Joe Raedle/Getty Images

Imagine terrorists using new technology to trick planes into crashing into buildings. It may sound like a Die Hard movie, but the premise, which involves “GPS spoofing,” troubles our nation’s intelligence and law enforcement agencies.

Spoofing became a big deal when University of Texas professor Todd Humphreys accepted a challenge a few years ago from the Department of Homeland Security (DHS) to use this method to commandeer one of the agency’s drones via a GPS device. Much to their astonishment, he was successful.

“It’s easiest to understand GPS spoofing by comparing it with GPS jamming,” Humphreys told the Observer. “Jamming attempts to prevent the use of GPS, whereas spoofing attempts to fool the GPS unit into reporting the wrong position (or time). Jamming is like shining a flashlight into your eyes so you can’t see the lighthouse as you approach the harbor on a dark night,” he elaborated. “Spoofing is like erecting a tower that pretends to be a lighthouse.”

It’s not just science fiction. Security experts believe Iran deployed spoofing to capture a drone from Afghanistan a few years back and more recently tried to lure American Navy vessels into its waters in a plot to capture them. In December, Clare Sebastian from CNN Tech wrote about strange spoofing behavior near Russia’s Kremlin that inflated some passenger’s Uber fares. And Palestinian terrorists with Islamic Jihad likely penetrated Israeli drone feed data and, according to prosecutors, “could see what the Israeli military’s surveillance drones saw.”

According to professor Ramon Spaaij, a sociologist at Victoria University and the University of Amsterdam, “It seems more likely that a spoofing attack would come from a larger entity, like a state sponsor or state-based enabler of terrorism.”

Of course, it’s against the law to spoof (or engage in jamming, for that matter) in the United States, but that won’t deter terrorists or rivals intent on disrupting society—and with potentially drastic consequences. Such a threat may more likely come from ISIS lone wolves, warned Joseph Wippl, a former Central Intelligence Agent who now teaches at the Frederick S. Pardee School of Global Studies at Boston University. “The problem now is there are ISIS members trained in weaponry who will scatter throughout the world and could willingly die for their ideology,” Wippl explained. “Intelligence officials throughout the world will have their work cut out for them.”

Spaaij, who wrote Understanding Lone Wolf Terrorism, recognizes the threat that could come from a terrorist with “some form of specialized training and professional expertise in this area, such as in computer science.”

But why is spoofing such a threat now? It has become low cost and low-tech, requiring fewer resources, less know-how and less time to develop. According to professor Humphreys, a hacker “found several low-cost off-the-shelf hardware platforms that were capable hosts for her software, turning her line-by-line instructions into fake but convincing GPS signals….she showed that anyone can now do it.”

But there’s hope for the future, as researchers this year from Poland managed to design some algorithms to help spot spoofing attempts before it is too late, possibly saving the day Bruce Willis-style. And, as professor Humphreys points out, while it’s now simpler to build a spoofer, it’s also easier to create a spoofer detector. “Going forward, we’ll need to treat GPS like Reagan treated Russia: trust but verify.”

John A. Tures is a professor of political science at LaGrange College in LaGrange, Ga. He can be reached at The Next Big Threat to National Security Is ‘Spoofing’