The use of Spire Maritime AIS data to uncover real-world maritime incidents with tactical and strategic implications 

A fundamental data set is Spire Maritime’s AIS data capability. In this use-case, we show how Geollect have leveraged Spire’s Maritime data, fused it with multiple data sets and applied Intelligence tradecraft standards to develop assessment that demonstrate strategic capability, intent and insights on a conflict that has global effect.

Russia’s Black Sea AIS manipulation – Information Operations as a weapon

[1/4] Analysis by Geollect indicates that since 14 May 2023, commercial vessels’ Automatic Identification System (AIS) data has been remotely spoofed to create the impression of a 65km long Russian pro-war Z symbol on the Black Sea, visible on open source tracking software. pic.twitter.com/aHUi5kqI6c

— Ministry of Defence 🇬🇧 (@DefenceHQ) May 25, 2023

AIS spoofing is not a new phenomenon, but Russia’s weaponizing of AIS manipulation is a clear strategic message. These incidents of AIS manipulation demonstrate a concerted effort by Russia to use data, particularly AIS in this case, as part of their ‘Hybrid warfare’ tactics to control the narrative in the region and demonstrate their capability.

Russia routinely utilises manipulation of AIS/GNSS data for propaganda purposes and this example shows Russia’s brazen disregard for maritime safety. The UK Ministry of Defence use Geollect monitoring and assessments to report such incidents:

Latest Defence Intelligence update on the situation in Ukraine – 25 May 2023.

Find out more about Defence Intelligence's use of language: https://t.co/QJ9i0Ncboj

🇺🇦 #StandWithUkraine 🇺🇦 pic.twitter.com/fbuhQPzOYj

— Ministry of Defence 🇬🇧 (@DefenceHQ) May 25, 2023

This incident shows the importance of how the maintenance of effective Maritime Domain Awareness is often based on relatively easily ‘adjusted’ single-source AIS data.

Russia’s data manipulation as a weapon of war

Additional insights using Spire data demonstrate multiple AIS tracks emanating from the Russian international airport at Sheremetyevo. Notwithstanding the airport is 300 nautical miles from the nearest body of water, it is clear the active AIS location on the main runway for over 60 vessels indicate Russia’s manipulation. Geollect used overlaid Spire data and regional Intelligence specialists to assess. It is highly likely Russia use the mass-manipulation of AIS data to disrupt navigational frequencies used by Ukrainian autonomous systems when targeting. In this case, it is highly probable the data manipulation was part of the protection for the Kerch Strait Bridge. The bridge remains a known target for Ukraine and has been targeted on numerous occasions. Ukraine has demonstrated various methods to target the bridge including the use of Unmanned Surface Vessels (USVs). It is likely Russia’s manipulation of AIS data is a direct response to this threat.

Sheremetyevo International Airport is one of the busiest in the Moscow region and is an integral hub to the region’s air transport network. The following image shows the scale of the airport, as well as the AIS tracks converging on the main runway.

Overlaid AIS search of Sheremetyevo International Airport for the 27th Feb 2024

The manipulation of AIS data is not limited to one airport. There are multiple indications of additional vessel data at recorded positions at Novosibirsk Tolmachevo Airport, located over 1,700 miles east of Moscow.

AIS search of Novosibirsk Tolmachevo Airport for Feb 2024

Vessel AIS positions are indicated over Moscow and Novosibirsk, but the true locations of the ships are almost certainly concentrated in a specific section in the Black Sea.

Using Spire Maritime’s AIS data, Geollect confirmed the ships were located in the northern section of the Black Sea (each coloured track represents an individual ship transit). While AIS positions were recorded in close proximity to the Kerch Strait Bridge, no AIS positions were identified indicating a ship crossing under the bridge. No legitimate AIS positions were recorded within two nautical miles of the bridge.

Vessel data in relation to the Kerch Strait Bridge in Feb 2024

Kerch Strait Bridge Vessel AIS data linked to Moscow track

AIS Spoofing – how can we tackle the problem?

Leveraging multiple data layers, automating indicators and warnings, fusing intelligence analysis and using human experience and machine learning is the only way to tackle these types of issue. Geollect and Spire will continue to work closely, share their excellent resources and continue to innovate ways of improving Maritime Situational Awareness.