Jamming and spoofing may be your greatest threats
Sean Kilcarr
If you haven’t heard the terms “jamming” and “spoofing” in relation to trucking telematics before, you are not alone, for both are highly rare forms of telematics hacking in the U.S.
Yet Guy Buesnel, product manager for the positioning & navigation business unit at Spirent Communications, warns that such activity has occurred in overseas freight markets and could eventually make their way here to the U.S.
“GPS jamming is very prevalent right now, and the jamming equipment is easily procured and very inexpensive,” he told Fleet Owner. “We know that criminals are starting to use jammers to carry out crimes. For example, in Italy gangs have been targeting shipments of scrap metal. They hijack a truck, force the driver to pull over, hold the driver captive and then use a GPS jammer so the cargo can’t be tracked as they drive off with it.”
One of the more “insidious effects” of GPS jamming in Buesnel’s estimation is that as a jammer gets closer to a receiver, the receiver might start outputting hazardously misleading information such as incorrect information on position and time.
“Without understating how your receiver behaves with jamming and spoofing attacks, you’re taking a really big risk in trusting the data it outputs,” he explained.
Spoofing, however, is “a little trickier” to conduct, Buesnel said, because spoofing is actually about “faking” a GPS signal.
“So far there hasn’t an instance where someone has spoofed by faking a satellite signal,” he explained. “However, we know spoofing is going to be a real threat because criminals are already getting into application software and faking GPS coordinates.”
For fleets, Buesnel thinks spoofing is going to become a real threat to navigation, positioning, and timing systems.
“In order to cope with this, you need to know how robust your equipment is today and to be prepared,” he emphasized. “And you can only do that if you assess your risks and then test your equipment against current and future trends.”
That includes closely monitoring how a trucking company’s information technology (IT) network is constructed as well.
“With fleet networks, often the focus is on the trucking and delivery aspects, and all too often the IT components—servers, routers, firewalls, etc.—aren’t necessarily taken as seriously,” Buesnel noted.
“But people can get into the networks and start messing with data, which can impact delivery schedules, for example,” he explained. “This can easily be addressed by looking at what you’re building and figuring out how to properly secure it.”
Cyber security is also becoming a larger concern throughout the U.S. business community, according to the 2015 Business Risk Survey conducted by insurance broker The Graham Company.
The firm polled 300 senior U.S. business professionals and found that cyber security retained the highest proportion of “business risk” with 21% of respondents naming it as the number one threat they were most concerned about.
The survey also found nearly half of respondents felt a “significant level” of cyber risk from the following scenarios:
- A hacking incident leading to theft of customer information
- Inability to use the organization’s network
- Theft of employees’ private information
- Theft of intellectual property
- Inability to access the organization’s website
“In the modern-day business environment where everything is interconnected, the potential threats facing a business are immense,” noted Ken Ewell, president and COO of The Graham Company. “This complexity of risks has caused many business leaders to become overwhelmed and unknowingly expose their businesses to risks that threaten their bottom line.”
That’s one reason why Spirent’s Buesnel believes IT security on the “back-end” of a motor carrier’s network “is vital, as all it takes is someone doing the wrong thing once” and malware gets installed within the carrier’s computer system.
“At that point a hacker now has complete access to your network, including delivery schedules, credit card payments, customer lists, etc.,” Buesnel warned. “All of this data can be taken very easily if the back-end IT network supporting the fleet is not secure.”
It’s also wise policy not to put too much trust in off-the-shelf “firewalls” designed to protect IT networks from hacking, he emphasized.
“Companies will often buy a firewall but they don’t always take time to think, ‘What does it actually mean that I bought a firewall?’” Buesnel pointed out.
“Is it configured properly? Did I buy the right licensing for it? Is it actually going to provide the protection I’m looking for? That goes for anti-virus too,” he added. “In Spirent’s testing, we’ve seen well-known products that are only 44% effective at blocking attacks. Just because you buy a firewall doesn’t mean you’re automatically secure.”
(There are many Apps which make GPS spoofing easy.)
CRFS
From ship navigation to financial transactions, we’re increasingly reliant on GPS (or other GNSS systems, such as Galileo, GLONASS or BDS BeiDou). Jamming and spoofing can therefore cause significant disruption and represent a public safety threat. Fortunately, spectrum monitoring allows detection and location of jammers and the possibility to pre-empt attacks with anti-jamming and anti-spoofing technologies.
GPS Jamming
Can GPS be jammed? Yes, and without much difficulty. GPS jamming is a relatively uncomplicated technique that simply involves producing an RF signal strong enough to drown out the transmissions from GPS satellites. The subject of a GPS jamming attack will be instantly aware that something is wrong, as the system will be unable to produce a geolocation result. GPS jamming can be carried out either unintentionally or deliberately, and its prevalence is increasing – during an L1 and L2 GPS band monitoring campaign over just a few weeks in London, we detected significant jamming activity. This ranged from crude unmodulated sources of interference poorly centered on the L1 or L2 band to synthesized sources suggesting deliberate targeting.
A common use of jammers in London is taxi and HGV drivers evading rules on maximum driving hours or trying to stop employers from tracking them. In other parts of the world, GPS jamming has been used for more sinister purposes. South Korea was subject to a major campaign of GPS jamming from North Korea in 2016, affecting ship and aircraft navigation. And with the advent of 5G systems moving into the frequencies used by GPS, interference is likely to become more and more widespread.
Whatever the target of a GPS jammer, the devices do not discriminate, so there is usually additional collateral damage. Air Traffic Control (ATC), search and rescue operations, the electric grid and mobile phone services are all vulnerable to GPS jamming fallout. The London Stock Exchange has been subject to repeated GPS outages, affecting timestamping of financial transactions. In 2007, a navy exercise on loss of GPS communications in San Diego harbor meant that residents of the city were unable to withdraw cash from ATMs and doctors’ emergency pagers stopped working – it took 3 days to identify the ships as the cause. As jamming activity from civilian users becomes more prevalent, we risk similar disruptions as well as more fatal incidents such as aircraft colliding over populated areas.
Spectrum monitoring, as implemented in our London campaign, enables GPS jammers to be detected and located by mobile direction finding systems. Analysis of frequency spectra to determine duration of interference and signal type can also be used as an indication of whether the interference is accidental or deliberate. Those involved in unintentional jamming can then be warned and malicious attackers can be prosecuted. This results in quick resolution of disruption and danger caused by GPS jamming and acts as a preventative deterrent.
CRFS’s RFeye receivers have exceptional noise performance allowing detection and location over larger areas. Automation features minimize human intervention and allow triggering of alarms on detection of jamming activity. Our GPS holdover module also ensures accurate timing synchronization between receivers even if jamming activity (or poor reception) means GPS signal is lost. High-performance receiver boards can also be integrated into 3rd party anti-jamming and anti-spoofing systems for critical applications requiring a proactive approach. Anti-jamming and anti-spoofing systems can distinguish true GPS signals from jammers and spoofers, enabling GPS location and timing services to continue even while under attack.
CRFS recommends that law enforcement implement a wider strategy of spectrum monitoring to combat the rise in GPS jamming activity. Any organization highly dependent on GPS services, whether a stock exchange or Air Traffic Control, is also advised to operate a dedicated counter-jamming system to ensure continuous protection of critical infrastructure.
GPS Spoofing
GPS spoofing is a more insidious form of attack, which involves deliberately mimicking the form of transmissions from GPS satellites, tricking the receiver into believing that it has been sent information as expected. GPS spoofing in its simplest form (sometimes called denial-of-service spoofing) involves location information being sent to the GPS receiver which is clearly false (it might, for instance, tell a ship out at sea that it is currently located on land). It is immediately clear to the user that they are being spoofed, but it nonetheless stops them using their GPS system for its intended purpose. In these circumstances, spoofing basically functions as a more targeted form of jamming, that only affects GPS systems, rather than flooding the entire RF environment with noise.
An even more subtle and complex form of GPS spoofing, deception spoofing, involves hijacking GPS systems by initially sending them correct location information (so the spoofing is not immediately obvious), and then very slowly changing the information being sent so as to, for instance, drag vessels off course into hostile waters, or disable a vessel on a sand bank.
So how does it work? GPS satellites send out a pseudo-random code, and receivers on the ground can tell from this code what time the signal was sent from each satellite. This allows them to determine how long the signal takes to reach them, and therefore how far from each satellite they are. The obvious way to determine if spoofing is taking place is to work out where the received signals are coming from. If it turns out to be sent from near to the receiver, rather than high in the atmosphere, we can be fairly certain the receiver is being spoofed. This is where CRFS’s systems come in. Using a network of at least four RFeye Nodes, a time difference of arrival (TDOA) calculation can be performed to find out where it originated. Not only does this allow the spoofing to be detected, but knowing the location of the spoofers can allow measures to be taken to shut it down at source.
Crash Spurs Investigation of Tactics Designed to Circumvent HOS Rules
Eric Miller
Faced with evolving tactics to bypass hours-of-service rules, the Federal Motor Carrier Safety Administration is taking steps to combat electronic logging device fraud. The agency is launching a multipronged approach to address what it describes as a “moving target.”
In particular, the agency cited National Transportation Safety Board concerns with so-called ghost drivers as well as drivers utilizing multiple ELD accounts, and it is exploring various technological requirements to target those specific issues. It also is monitoring ELD performance data, training enforcement personnel to identify and act against fraud, removing noncompliant ELD providers from the market, and updating its ELD rules.
“FMCSA is committed to staying diligent with its fraud prevention efforts,” an agency spokeswoman said in a statement. “FMCSA continues to explore other methods to decrease ELD fraud in both the short and long term.”
A fatal December 2022 crash in Virginia put a spotlight on ELD fraud after a tractor-trailer driver for Illinois-based Triton Logistics was able to — with apparent participation from the carrier — falsify his ELD records to extend his driving time beyond the 11-hour regulatory maximum limit. The truck he was driving during early morning hours along Interstate 64 near Williamsburg, Va., came upon and crashed into a party bus after he failed to take evasive action or brake in time, according to the NTSB investigation. NTSB cited fatigue as a factor in the crash.
“We found that the truck driver’s lack of response to the slow-moving vehicle in his travel lane was due to fatigue from excess driving time and lack of sleep opportunity,” said the NTSB report, recently made public. “The truck’s motor carrier, Triton Logistics, created fictitious driver accounts for some of its vehicles’ electronic logging device systems that enabled drivers to operate beyond federal regulations, creating an opportunity for fatigued driving.”
Three occupants in the party bus died, nine sustained serious injuries, and 11 sustained minor injuries. The truck driver also was seriously injured.
Triton did not return a message left by Transport Topics seeking comment. However, NTSB said the company’s CEO denied knowledge of the fictitious logins and said it conducted internal checks to determine how the incident happened.
The driver detailed the scheme for NTSB investigators. He said whenever he reached his 11-hour limit, he could call the carrier’s HOS department — based in Lithuania — and add the name of a fictitious or former co-driver to the ELD, opening up another 11-hour driving window. If asked by a roadside inspector about the double login, the driver would tell the inspector that he dropped off his co-driver at a truck stop for a family emergency. The driver noted that other drivers used the login scheme to extend time behind the wheel.
After the 2022 crash, FMCSA conducted an on-site review of Triton and issued violations related to drivers making false reports regarding duty status as well as requiring or permitting drivers to extend driving time beyond 11 hours. After the review, FMCSA assigned Triton a conditional safety rating.
With an eye toward remedial action, NTSB concluded that a data-entry tracking history in ELD software could increase accountability and transparency and also deter motor carrier personnel from making false entries aimed at circumventing HOS regulations. Investigators recommended that FMCSA revise its requirements to require ELD providers to create an audit log that includes the date, driver login time and identity of who logged them in, driver’s license numbers, the names of anyone who edits a log, and any changes to active driver lists. NTSB also recommended that the Commercial Vehicle Safety Alliance inform its members about the scheme and circumstances surrounding the Williamsburg crash.
Senior NTSB investigator Shawn Currie told Transport Topics if the driver’s name was John, he’d be logged in as Frank and then operate with a new 11-hour HOS time limit. “The hours of service, whether you agree with them or not, are there to prevent drivers from driving in excess of the rules, and to ensure they have the appropriate time off,” Currie said. He noted that the circumstance of the Williamsburg case could result in FMCSA fines and possibly criminal penalties if the state elected to bring charges.
Jeremy Disbrow, a Commercial Vehicle Safety Alliance roadside inspection specialist, said inspectors encounter false ELD log entries “all day, every day. Of course, many of the false entries can’t be proven, or they go unnoticed.”
He said the issue is known to CVSA inspectors. “We just discussed all this in a conference after the NTSB report came out,” Disbrow said. “It was pretty clear from the inspectors around the country that this isn’t an isolated incident by any means. The average inspector is seeing this every shift, at least once or twice. There’s a number of ways that they’re falsifying [logs].”
This can include simply using tools available on some devices, he said.
“Drivers can make edits,” Disbrow noted. “If a driver makes an edit on the device himself, it will show up as an edit, and a suspicious inspector can see that. But if a carrier in their back office makes the edit, there are instances where it’s been done but doesn’t show up as an edit.”
Disbrow noted it’s risky to publicly discuss the varying methods. “It’s hard to talk about it because I don’t want to give people ideas,” he said. “I don’t want the industry to say, ‘Hey we can try that.’ As the years are going by, people are finding new workarounds. It’s a cat and mouse game.”
He added, “The hours-of-service rules are there to protect everybody. Thwarting them and running an extra five, six, seven hours without adequate rest is absolutely a recipe for fatigue.”
Stephen G. Lowry
An electronic logging device, or ELD, is installed in a commercial truck to record how long a driver has been on the road. Not every truck has them – any truck manufactured before 2000 won’t have the system in place; neither will certain types of vehicles or short-haul trucks – but most commercial vehicles used for long-haul trucking have these devices.
ELDs are supposed to ensure that commercial drivers (and the companies which employ them) follow the federally-mandated Hours of Service (HOS) rules. HOS rules “refers to the maximum amount of time drivers are permitted to be on duty including driving time, and specifies number and length of rest periods, to help ensure that drivers stay awake and alert.” These rules were implemented for safety reasons: fatigued truck drivers are dangerous drivers, and companies can and do often push their drivers to the brink when it comes to delivering goods.
This is why a recent investigation by Freightwaves, a price reporting agency that deals exclusively with the global freight market, is so disturbing. Per their findings, “industry insiders are accusing some ELD vendors of exploiting flaws in the Federal Motor Carrier Safety Administration’s technical specifications to let trucking companies and their drivers add ‘ghost co-drivers’ to skirt hours-of-service rules.”
What’s a ghost account/driver?
A ghost account is a “dummy” account created within a truck’s system that allows a company to “prevent unassigned driving time from building up in the system.” For example, say a company wants to run a road test for a new driver. The “ghost driver” would be logged into the system so that the ELD wouldn’t record the new driver’s road test as actual logged miles. There are perfectly legal reasons to use a ghost account – but avoiding HOS violations isn’t one of them.
How some ELD vendors are using their software to add more driver time
What ELD Rider is doing, according to Freightwaves, is creating fake drivers as a way to get around the HOS rules. A trucker told Freightwaves the following story (with corroborating video) about his experience with the ELD vendor:
Recently, a driver using ELD Rider software recorded a ghost co-driver being added to his device within 15-20 minutes after the driver contacted the company to request more hours….
At the time the U.S. driver contacted the ELD Rider representative in Serbia, the driver, who didn’t want to be named for fear of retaliation, had no drive time left on his clock and only 12 hours remaining on his 70-hour cycle before he was required by FMCSA to take a 34-hour reset.
He later received a call from ELD Rider confirming that the representative had edited the log to add a co-driver, often referred to as a ghost driver. The video then pans to the driver logging back into his device, showing that he now had almost 10 hours of drive time left in his day and around 68 hours remaining on his cycle before he must take 34 consecutive hours off duty before driving again.
This behavior, Freightwaves reports, has been going on since 2019.
The Federal Motor Carrier Safety Administration (FMCSA) is conducting an investigation, but it is likely to take a long time; ELD Rider is owned by LionEight LLC, which was once owned and operated by LionEight TMS LLC, but has been since sold off to Darex Solutions. In short, determining ownership and liability may be complicated, and the FMCSA has only just begun to ramp up its enforcement efforts against companies which skirt their regulations.
Crash Spurs Investigation of Tactics Designed to Circumvent HOS Rules
Eric Miller
Faced with evolving tactics to bypass hours-of-service rules, the Federal Motor Carrier Safety Administration is taking steps to combat electronic logging device fraud. The agency is launching a multipronged approach to address what it describes as a “moving target.”
In particular, the agency cited National Transportation Safety Board concerns with so-called ghost drivers as well as drivers utilizing multiple ELD accounts, and it is exploring various technological requirements to target those specific issues. It also is monitoring ELD performance data, training enforcement personnel to identify and act against fraud, removing noncompliant ELD providers from the market, and updating its ELD rules.
“FMCSA is committed to staying diligent with its fraud prevention efforts,” an agency spokeswoman said in a statement. “FMCSA continues to explore other methods to decrease ELD fraud in both the short and long term.”
A fatal December 2022 crash in Virginia put a spotlight on ELD fraud after a tractor-trailer driver for Illinois-based Triton Logistics was able to — with apparent participation from the carrier — falsify his ELD records to extend his driving time beyond the 11-hour regulatory maximum limit. The truck he was driving during early morning hours along Interstate 64 near Williamsburg, Va., came upon and crashed into a party bus after he failed to take evasive action or brake in time, according to the NTSB investigation. NTSB cited fatigue as a factor in the crash.
“We found that the truck driver’s lack of response to the slow-moving vehicle in his travel lane was due to fatigue from excess driving time and lack of sleep opportunity,” said the NTSB report, recently made public. “The truck’s motor carrier, Triton Logistics, created fictitious driver accounts for some of its vehicles’ electronic logging device systems that enabled drivers to operate beyond federal regulations, creating an opportunity for fatigued driving.”
Three occupants in the party bus died, nine sustained serious injuries, and 11 sustained minor injuries. The truck driver also was seriously injured.
Triton did not return a message left by Transport Topics seeking comment. However, NTSB said the company’s CEO denied knowledge of the fictitious logins and said it conducted internal checks to determine how the incident happened.
The driver detailed the scheme for NTSB investigators. He said whenever he reached his 11-hour limit, he could call the carrier’s HOS department — based in Lithuania — and add the name of a fictitious or former co-driver to the ELD, opening up another 11-hour driving window. If asked by a roadside inspector about the double login, the driver would tell the inspector that he dropped off his co-driver at a truck stop for a family emergency. The driver noted that other drivers used the login scheme to extend time behind the wheel.
After the 2022 crash, FMCSA conducted an on-site review of Triton and issued violations related to drivers making false reports regarding duty status as well as requiring or permitting drivers to extend driving time beyond 11 hours. After the review, FMCSA assigned Triton a conditional safety rating.
With an eye toward remedial action, NTSB concluded that a data-entry tracking history in ELD software could increase accountability and transparency, and also deter motor carrier personnel from making false entries aimed at circumventing HOS regulations. Investigators recommended that FMCSA revise its requirements to require ELD providers to create an audit log that includes the date, driver login time and identity of who logged them in, driver’s license numbers, the names of anyone who edits a log, and any changes to active driver lists. NTSB also recommended that the Commercial Vehicle Safety Alliance inform its members about the scheme and circumstances surrounding the Williamsburg crash.
Senior NTSB investigator Shawn Currie told Transport Topics if the driver’s name was John, he’d be logged in as Frank and then operate with a new 11-hour HOS time limit. “The hours of service, whether you agree with them or not, are there to prevent drivers from driving in excess of the rules, and to ensure they have the appropriate time off,” Currie said. He noted that the circumstance of the Williamsburg case could result in FMCSA fines and possibly criminal penalties if the state elected to bring charges.
Jeremy Disbrow, a Commercial Vehicle Safety Alliance roadside inspection specialist, said inspectors encounter false ELD log entries “all day, every day. Of course, many of the false entries can’t be proven, or they go unnoticed.”
He said the issue is known to CVSA inspectors. “We just discussed all this in a conference after the NTSB report came out,” Disbrow said. “It was pretty clear from the inspectors around the country that this isn’t an isolated incident by any means. The average inspector is seeing this every shift, at least once or twice. There’s a number of ways that they’re falsifying [logs].”
Want more news? Listen to today’s daily briefing above or go here for more info
This can include simply using tools available on some devices, he said.
“Drivers can make edits,” Disbrow noted. “If a driver makes an edit on the device himself, it will show up as an edit, and a suspicious inspector can see that. But if a carrier in their back office makes the edit, there are instances where it’s been done but doesn’t show up as an edit.”
Disbrow noted it’s risky to publicly discuss the varying methods. “It’s hard to talk about it because I don’t want to give people ideas,” he said. “I don’t want the industry to say, ‘Hey we can try that.’ As the years are going by, people are finding new workarounds. It’s a cat and mouse game.”
He added, “The hours-of-service rules are there to protect everybody. Thwarting them and running an extra five, six, seven hours without adequate rest is absolutely a recipe for fatigue.”
Truckers Report
Mainly Chicagoland does this, so what they do is they buy an ELD service platform from overseas although the ELD platform believes they are in America because they furnish a credible USDOT/MC, vehicle count, and fake business fronts.
So even though they’re dispatching from overseas & not American-based whatsoever, the scammers use Google voice numbers, fake websites & fronts to create false imitations to the ELD platforms. Then they’ll imitate the ELD customer service line of the actual ELD platform to the drivers and then the carriers scam their own drivers, brokers, and shippers/receivers with weekly production.
The drivers don’t actually team drive it’s fake in reality but on paperwork, the scammer carriers reverse engineer the way elogs works, there’s not ever really two drivers for the one shipment it’s really only one driver. Brokers have no idea they just let a team load ship by a solo driver working under a foreign scam carriers Pretending to be an American carrier company.
It’s really all the ELD platforms fault because there’s no verification system for the driver HOS protection at length, ELD platforms haven’t designed a way to prevent the scamming from Russia, India, or other countries scamming all over America…. and then what the scammer carriers do as well…is after even the Driver no longer works there for the scam carrie, the scam carrier still use the CDL drivers license without the drivers knowledge even though he/she is long gone month and months later. The scam carrier takes the drivers CDL Credentials amongst the other drivers doing fake team driving and without permission of the CDL driver uses the drivers license.. The scam carriers do this to falsify record government filings to drive up vehicle mileage fraud, tax evasion, falsify production, and so so forth.
So basically say CDL drivers at home out of work for months but they are actually working at companies all throughout the states where their license is being utilized but they’re actually never there because they don’t actually have a job… but the scammer carriers from overseas with the false fake American fronts are illegally using the drivers CDL license while the real driver is actually out of work at home wondering hmm where should I work next.
