An anomalous surge in Automatic Identification System (AIS) data on November 2 caused hundreds of vessels from around the world to be incorrectly displayed as actively sailing in the Baltic Sea. This incident, though brief, has severely underscored the vulnerabilities inherent in AIS data aggregation systems.
The Anomaly Event
The core of the incident was traced to a single faulty source that was part of the global AIS network.
- Timeline and Scope: The anomaly was recorded at approximately 1100 hrs on November 2 and lasted about 10 minutes. Data from Lloyd’s List Intelligence indicated that 609 cargo-carrying vessels were falsely shown in the Baltic Sea on that day, compared to a normal count of 423 vessels the next day. A second brief spike was also noted later that day at 1748 hrs.
- Fictitious Location: Vessels were implausibly recorded in the shipping channel between the island of Bornholm and the Gulf of Finland. For example, a bulk carrier legitimately berthed at Rugao port, China, was temporarily “pulled” into the Baltic. Even vessels that had not broadcast a signal for months were affected.
- Source Identified: The issue was traced to an amateur Finnish receiving station located in Parainen, Finland, which transmits received AIS signals to commercial vessel-tracking services. The station was owned and operated by a radio amateur (non-commercial transmitter).
- Cause Investigation: The Finnish Transport and Communications Agency (Traficom) confirmed they knew how the false data was transmitted but not yet why. The leading theory is that the station was hacked, causing it to transmit hundreds of falsified AIS data messages to a data provider. Finnish authorities are investigating the station operator for “inadvertently fed the system with aggregated data.”
System Vulnerability
The incident highlighted that the distributed nature of the AIS network is its main security weakness when a source is compromised.
- Data Aggregation Risk: AIS data is aggregated from multiple independent sources. As noted by analysts, there is an inherent risk of data corruption when one source transmits faulty information.
- Error Propagation: Errors from a single compromised station can quickly propagate across several commercial data platforms until they are detected and the source is suspended.
- Geopolitical Context: While this specific incident was not due to the rampant third-party GNSS interference often seen in the region (near Russian ports and hitting neighboring areas like Poland), it adds to the Baltic’s growing reputation as an AIS interference hotspot.
The data provider ultimately suspended the amateur station to prevent further distribution of the incorrect information. Experts caution that this is not the first instance of fake AIS tracks appearing in the Baltic, with four previous incidents investigated in 2022.
Did you subscribe to our daily Newsletter?
It’s Free Click here to Subscribe!
Source: Lloyd’s List
