The Navy said it had lost confidence in Vice Adm. Joseph Aucoin's "ability to command" the U.S. 7th Fleet. Video provided by Newsy Newslook
SAN FRANCISCO — Was a hack attack behind two separate instances of Navy ships colliding with commercial vessels in the past two months? Experts say it’s highly unlikely, but not impossible — and the Navy is investigating.
Rumors on Twitter and in computer security circles have been swirling about the possibility that cyber attacks or jamming were involved in the collisions. Speculation has been fueled by four accidents involving a U.S. warship this year, two of which were fatal, the highly-computerized nature of modern maritime navigation, and heightened concern over global cyberattacks — especially attacks against U.S. government entities.
Chief of naval operations Admiral John Richardson said in a tweet on Monday there was no indication of the possibility of cyber intrusion or sabotage but the "review will consider all possibilities." It had been retweeted over 830 times by Wednesday.
2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now...but review will consider all possibilities
say there are certainly scenarios they can imagine in which GPS hacks could have been used to foil ships' navigations systems, but emphasize there's no evidence such attacks took place in the case of the Navy collisions.
"The balance of the evidence still leads me to believe that it was crew negligence as the most likely explanation — and I hate to say that because I hate to think that the Navy fleet was negligent,” said University of Texas at Austin aerospace professor Todd Humphreys, who studies GPS security issues.
The technology to jam or misdirect navigational software is readily available, though the Navy uses a much more robust encrypted version of GPS that would be very difficult to disrupt, said Humphreys.
The only way to spoof such a system would be to use what’s known as a “record and replay attack,” he said. That's where a recording is made of the encrypted location data being sent down from satellites to the Naval ship and then replaying the recording at a slightly later time and directing it towards the ship.
“That way you could fool a ship into thinking it is someplace it’s not,” Humphries said.
That would be a very sophisticated and difficult hack, requiring recording the navigation data stream from multiple angles to mimic the multiple antennas on the Navy ship, and then sending the recorded signal from two or more locations. To ensure that nearby ships didn’t also get the false data, it would have to be transmitted from close to the Navy ship being targeted, perhaps using multiple drones.
Yacht GPS hacked
None of this seems likely, but it's not impossible, said Humphreys. In 2013 he and a group of graduate students were able to successfully spoof an $80 million yacht’s GPS system, sending it hundreds of yards off course without the ship's navigation system showing the change to the crew.
The Navy's Richardson said the second "extremely serious incident" in little more than two months "gives great cause for concern that there is something out there that we're not getting at." The Navy has blamed the Fitzgerald collision on a loss of situation awareness by sailors on the bridge.
Dana Goward, former head the Marine Transportation Systems for the U.S. Coast Guard, the navigation authority for all U.S. waters and vessels, also doesn’t believe hacking was involved in the Navy collisions.
As a former Coast Guard captain, he said that years of navigating at sea tell him that especially in high-traffic areas where the collisions occurred, it’s easy for mistakes to happen. “It’s a difficult environment to be in and human error is always present,” he said.
The notion of a cyber attack causing the collision has gained currency in part because it's possible — and other military powers are known to have tried it.
For instance, said Goward, a malicious party could focus on the unencrypted navigation feed of the commercial vessel while at the same time mounting a jamming effort against the Navy ship for a brief period of time. Or, hackers could just try commandeering the GPS of the cargo ship to get it to veer slightly off course.
“It takes two to tango,” said Professor David Last, former president of the Royal Institute for Navigation in the United Kingdom. “I think you just have to attack the weaker of the pair, which is the commercial vessel. I’m not saying it happened, I’m just saying that’s what I would do if I were trying to be a troublemaker in that way.”