Gray Zone Tactics Playbook: Spoofing
Spoofing is a deception tactic meant to disrupt monitoring of maritime activities. It is frequently employed by Chinese gray zone actors in the South China Sea. In contrast to the “going dark” tactic of simply disabling a vessel’s Automatic Information System (AIS) broadcast, the spoofing tactic involves manipulating transmitting signals in order to falsify a vessel's identity and/or location.
Spoofing has come to be used as an umbrella term that encompasses a range of AIS-tampering techniques. We divide these techniques into three primary buckets:
- Identity spoofing, or continuously broadcasting false vessel information.
- Identity switching, or temporarily changing vessel information when conducting certain activities.
- Location spoofing, or embedding false GPS location data within a vessel’s AIS transmissions.
Valid AIS identities for spoofing purposes can be acquired by various methods, such as simply assuming the identity of another operating vessel ("identity theft") or the identity of a scrapped ("zombie") vessel. A gray zone actor may also switch to a fraudulently obtained IMO-registered shell identity ("identity laundering"). This white paper by maritime intelligence provider Windward goes into more detail about these practices.
1. Identity spoofing
Ship operators are responsible for manually entering their AIS broadcast messages into their own transponders. This makes it easy to manipulate basic information such as a vessel's name, type, length, tonnage, or Maritime Mobile Service Identity (MMSI)—a 9-digit reference number administered by the International Telecommunications Union (ITU) that should be unique to each ship.
One unsophisticated method is for vessels to enter the country code followed by all zeros (XXX000000). In fact, so many ships do this that it can lead to multiple vessels operating simultaneously with the same fake ID.
For example, on April 18 2023, a China Coast Guard cutter intercepted a Philippine resupply mission to Second Thomas Shoal while broadcasting an AIS signal identifying itself only as "G", a 2x2m pleasure craft with MMSI 412000000--a bogus number used concurrently by dozens of other ships around the globe.
2. Identity switching
It is so easy to manually change AIS broadcast data that occasionally ships are caught red-handed switching identities during sensitive operations. One example of this occurred on March 21 2023, when China Coast Guard cutter 5201 abruptly changed its callsign from "CCG5201" to "DONGYU1527-8 50%" while shadowing the Philippine Coast Guard vessel BRP Malapascua on a routine patrol mission in the Spratly Islands.
"Yu" (鱼) is Mandarin for "fish" and is often used in Chinese fishing boat names, which strongly suggests what the offending ship hoped its watchers would believe in this clumsy spoofing effort.
3. Location spoofing
It is also possible for a more sophisticated gray zone actor to insert fake GPS location data into an AIS boadcast, which makes the spoofing vessel appear to to be in a different location. We are unaware of any known incidents of Chinese security vessels spoofing their locations in the South China Sea, but location spoofing is a well known tactic in other maritime contexts.
Suffice it to say, AIS spoofing in all its forms endangers shipping and other lawful maritime activity, hinders transparency and effective monitoring, and contravenes both norms and rules for safety at sea and ITU regulations.