Cyber Experts Believe Hacking May Have Caused Collision of USS John S. McCain

Following the collision between the USS John S. McCain with an oil tanker on August 21, several experts in cyber security and satellite navigation systems have raised the possibility that there might have been cyber interference with the ship’s satellite navigation system. The experts’ suspicions were increased by the fact that the John S. McCain was the fourth collision involving a ship of the Seventh Fleet this year. The others occurred on January 31, when the guided missile cruiser USS Antietam ran aground off the coast of Japan; on May 9, when another cruiser, the USS Lake Champlain, was struck by a South Korean fishing vessel; and on June 17, when the destroyer USS Fitzgerald collided with a container ship, resulting in the deaths of seven sailors. 

The latest collision occurred near the Strait of Malacca, a crowded 1.7-mile-wide waterway that connects the Indian Ocean and the South China Sea. The strait accounts for about 25 percent of global shipping and is always crowded with vessels.

A Navy commander said on August 22 that divers had found the remains of some of the 10 sailors who have been missing since the McCain collided with the tanker. The McCain is now moored at Changi naval base in Singapore.

The McClatchyDC, news website interviewed Jeff Stutzman, chief intelligence officer at Wapack Labs, a New Boston, New Hampshire cyber intelligence service, about his take on the naval collisions. Stutzman is a former Navy information warfare specialist.

{modulepos inner_text_ad}

“When you are going through the Strait of Malacca, you can’t tell me that a Navy destroyer doesn’t have a full navigation team going with full lookouts on every wing and extra people on radar,” said Stutzman.

“There’s something more than just human error going on because there would have been a lot of humans to be checks and balances,” he noted. 

McClatchyDC also quoted Todd E. Humphreys, a professor at the University of Texas and expert in satellite navigation systems, who also had his doubts about human error being the only thing responsible for the recent naval collisions: “Statistically, it looks very suspicious, doesn’t it?”

Humphreys cited a June 22 incident as an example of how cyber attacks can alter GPS signals. On that day, someone manipulated GPS signals in the eastern part of the Black Sea, leaving some 20 ships with little situational awareness. Shipboard navigation equipment, which appeared to be working properly, reported the location of the vessels 20 miles inland, near an airport.

“We saw it done in, I would say, a really unsubtle way, a really ham-fisted way. It was probably a signal that came from the Russian mainland,” Humphreys said.

While such hacking once required expensive equipment and sophisticated software coding skills, Humphreys said it can now be done with off-the-shelf gear and easily attainable software. “Imagine the English Channel, one of the most highly trafficked shipping lanes in the world, and also subject to bad weather. Hundreds and hundreds of ships are going back and forth. It would be mayhem if the right team came in there and decided to do a spoofing attack,” Humphreys said.

Humphreys explained that most ships rely on a global protocol known as Automatic Identification System, or AIS, to avoid collisions. Beacons aboard ships transmit vessel name, cargo, course, and speed; and readouts aboard ships display other vessels in the vicinity, similar to the transponders carried aboard aircraft.

However the AIS system is vulnerable to hacking and counterfeit signals. “You can send an AIS beacon out and claim just about whatever you like. You can make a phantom ship appear,” Humphreys said.

The Military.com website, in an August 21 report, cited a video that Chief of Naval Operations Admiral John Richardson posted to his Facebook page that day, wherein he said he was “devastated and heartbroken” to hear about the collision of the McCain. Richardson emphasized that the Navy’s first priority was on attending to the safety of the destroyer’s crew, but he added that the trend of mishaps in the region called for “more forceful action.”

Richardson said he has directed that an operational pause be taken in all fleets around the world and that a comprehensive review be launched that examines the training and certification of forward-deployed forces as well as a wide span of factors that may have contributed to the recent costly incidents. “I want our fleet commanders to get together with their leaders and their commands to make sure that we’re taking all appropriate immediate actions to safe and effective operations around the world,” Richardson said.

More significant, considering the statements by experts who suspect malicious cyber activity, Richardson said in a tweet he sent out at 3:04 p.m. on August 21:

2 clarify Re: possibility of cyber intrusion or sabotage, no indications right now… but review will consider all possibilities

There are other knowledgeable experts who also suspect cyber interference, so it is good that the Navy will consider all possibilities. The International Business Times reported that Itay Glick, the founder of cyber security firm Votiro, who worked in the cyber-warfare unit of the Israeli intelligence agency for seven years, told news.com.au that the possibility of cyber interference was the first thing that came to his mind when he heard about the McCain incident. “I don’t believe in coincidence,” Glick told the Australian website.

“Both USS McCain and USS Fitzgerald were part of the 7th Fleet, there is a relationship between these two events and there may be a connection,” he added.

Glick said he believed countries such as Russia and China might have the capability to launch cyber attacks on warships. “China has capabilities, maybe they are trying things, it is possible,” he said.

Glick said there are two different ways that a warship can be interfered with: attacking its GPS and thereby impacting its navigation or a malware attack on its computer network.

 Photo of the USS John McCain: U.S. Navy

Related articles:

Pentagon: Cyberattack an Act of War

The CIA’s Hacking Ability

Foiling Foul Hackers