Inside job interrupted. - CyberWire Daily

Summary7 min read

CyberWire Daily – “Inside job interrupted.”

Date: November 24, 2025
Host: Maria Varmazes (in for Dave Buettner)
Special Guest: Brandon Karpf, leader for International Public Private Partnerships at NTT

Episode Overview

This episode delivers a rapid-fire rundown of the day’s most notable cybersecurity news and provides an expert discussion of maritime GPS jamming and spoofing—an increasingly relevant area of cyber-physical risk for both commercial and military interests. In the latter half, Brandon Karpf joins the show to break down how adversaries are exploiting weaknesses in GPS systems, particularly at sea, the techniques used (jamming, spoofing), and potential mitigations. The episode also covers a fascinating case study of a Russian crime syndicate's integration into the banking system for laundering cybercrime profits.

Key News and Analysis (01:21–11:58)

1. CrowdStrike Insider Incident

Event: An insider at CrowdStrike was terminated for allegedly sharing internal screenshots with hackers (01:21).
Claim: Hackers (Scattered Lapsus Hunters, Shiny Hunters) falsely claimed access to systems; CrowdStrike insists customers were protected.
Details: The group allegedly offered $25,000 for insider access, but CrowdStrike acted before access could be granted.

2. Salesforce Data Breach

Scope: Google’s Threat Intelligence Group reports hackers leveraged third-party Gainsight apps to access over 200 Salesforce instances (01:57).
Targets Included: DocuSign, LinkedIn, Verizon.
Salesforce’s Position: No core Salesforce vulnerability; attack vector was the integrations.

3. Ransomware Hits Cox Enterprises via Oracle EBS Zero-Day

Breach Impact: Personal data (~9,500 individuals) was compromised (02:32).
Victim Pool: Part of a wider Clop gang campaign, also targeting Logitech, Harvard, Washington Post, Envoy Air, Mazda.

4. Transport for London Attack – Arrests and Pleas

Details: Two British teens have pleaded not guilty to charges under the Computer Misuse Act and attempted hacks on US healthcare entities (03:09).

5. WSUS Vulnerability Exploited

Vuln: Attackers abused a critical Windows Server Update Services flaw (CVE-2025-59287, 9.8 CVSS) (03:42).
Payload: Deployed the “ShadowPad” backdoor using PowerCat, Certutil, Curl, and DLL sideloading.
Mitigation: Urgent patching and access restriction advised.

6. Iberia Customer Data Leak

Details: Names, emails, loyalty card numbers exposed via third-party breach (04:44).
Response: Airline activated security protocols; forum claims of stolen technical data could not be verified.

7. Harvard University: Voice Phishing Breach

Incident: Alumni affairs system compromise following vishing attack (05:18).
Data Involved: Contact, donation, and event records—not financial or SSN data.

8. Cybersecurity Business Activity (Monday Business Briefing, 06:21)

$180 million+ raised in investments:
- Doppel raised $70M (social engineering defense)
- Bedrock Data raised $25M (data security, multi-petabyte scale)
Acquisitions:
- Cloudflare to acquire Replicate (AI model dev), aiming for scalable AI application deployment.

Deep Dive: Maritime GPS Jamming and Spoofing with Brandon Karpf

(Starts at 11:58–30:02)

Setting the Stage (12:08)

Brandon Karpf (C): U.S. Naval Academy grad, maritime expert.
Topic: How maritime industries and militaries rely on GPS, and how adversaries exploit it through jamming/spoofing.

The Ubiquity and Vulnerability of GPS

Brandon:
“Every aspect of our daily lives and economy today relies on this brilliant innovation from the US military… literally trillions of dollars of economic value have been attributed to GPS.” (13:04–13:50)
Modern GPS offers centimeter-level accuracy, integral for power sectors, autonomous ships, logistics, aviation, and more (13:50–15:05).

The Space Perspective

Maria Varmazes:
“There are several different ones. GPS is the US owned one…Galileo is famously the one that Europe has and China has its own…often when you say GPS, people know what you mean…” (15:11–15:55)
Many markets and technologies are unexpectedly dependent on these satellite constellations.

Why GPS is Easy to Attack

Brandon:
“The GPS signal itself is an incredibly low power signal…so again, this is something that you could probably buy maybe $50 of off the shelf equipment and create a spoofed GPS signal.” (16:21–17:17)
- Even labs use this for testing—technically illegal, but easy and widespread.
Military and commercial shipping both heavily rely on accurate position data, including for munitions targeting and collision avoidance.

Russian Operationalization of Jamming/Spoofing

“GPS spoofing and jamming really kind of took off by the Russians in the Eastern Mediterranean during the conflict in Syria...We've seen it in the western Pacific around Taiwan...the Red Sea, the Straits of Hormuz, and recently...off the coast of Venezuela.” (17:43–18:21)
Notable tactic: When Vladimir Putin is aboard a ship or in remote regions, local GPS service is intentionally disrupted to mask presence or mislead tracking. (18:21–18:36)

Jamming vs. Spoofing: Tactics Explained (19:22)

Jamming (Barrage and Spot):
- Barrage: Overwhelming the signal with noise (“like a radio turned up loud during a whispered conversation”) (19:47–20:22)
- Spot: Targeted noise covering only relevant GPS frequencies—more efficient and targeted.
Spoofing:
- Simulating the actual GPS signal (modulation, timing, frequency, power) (21:15–22:28)
- Sophisticated spoofers can slowly shift a ship’s perceived location, luring vessels into restricted areas or hazards, or just increasing navigational risk.
- Open-source software and cheap hardware can enable this (22:33).
Strategic Risks:
- Spoofing can drag ships into exclusive economic zones or territorial waters, potentially justifying interception or attack by a hostile country (22:45–24:42).

Attack Surface: Mostly Receivers, Not Satellites

Maria:
- “It sounds like yet again, it’s really more a terminal, a ground terminal thing…” (24:42–25:07)
Brandon:
- “You jam a receiver, not a transmitter. … The GPS constellation is just a whole bunch of transponders in medium earth orbit.” (25:07)
Solutions may involve Navigation Message Authentication—digital signatures that receivers can verify, used in network and software security—though this adds computational overhead to each terminal.

Military/Commercial Divide

Dave Buettner:
- “Does the military have their own separate fallback...?” (26:57)
Brandon:
- “The military is very much using the same system that all the rest of us use...” (27:22)
- Next-gen GPS under development; still early days.

Redundancy and Mitigation Ideas

Low Earth Orbit (LEO) Ideas:
- LEO constellations could supplement GPS, possibly for kinetic (anti-satellite weapon) threats, not for spoofing/jamming (28:20–28:52).
- LEO would need more satellites but offers lower power requirements.
Terrestrial Alternatives:
- Legacy tech: LORAN (low-frequency, hard to jam/spoof, but needs big equipment).
- Quantum and laser-based navigation under research.

Notable Quotes

“It’s so easy to do…literally $50 of equipment.” — Brandon Karpf (17:12)
“When you think about maritime, every country who has coastal regions has this thing called an exclusive economic zone…spoofing would affect that.” — Brandon Karpf (23:05)
“Navigation message authentications…digital signatures using kind of the techniques from authenticating communications and network technologies…might be, I think, the best solution.” — Brandon Karpf (25:07)
“The military is totally reliant on the legacy GPS architecture.” — Brandon Karpf (27:22)

Money Laundering & Cybercrime: A Russian Bank’s Role

(31:08–end)

On Christmas 2024, a Russia-linked crime syndicate acquired a 75% stake in Kyrgyzstani’s Mary Bank MIS, using it to launder profits and route funds to Moscow’s war financing (31:08).
UK’s National Crime Agency: Operation involved cash couriers, crypto conversion, and funneling through the bank to support Russian military lenders.
Over 120 arrests, millions seized, and six core operatives now sanctioned.
“The NCA says its crackdown is tightening the pressure. And the money launderers? Oh, yep, they know it.” (32:53)

Notable Quotes and Memorable Moments

Brandon Karpf on GPS economic value:
“We've literally gained trillions of dollars [from GPS].” (13:37)
Maria Varmazes on global system proliferation:
“There are a lot [of GNSS constellations] and there are going to be increasingly more…” (15:48)
On ease of spoofing:
“You can look up, I mean, open source, you know, GitHub repos that do this…software defined radio has the ability to do this.” — Brandon Karpf (22:33)
Maria's reaction to spoofing attack sophistication:
“That’s so cool…I hate that.” (22:28–22:31)
On military reliance:
“Military is totally reliant on the legacy GPS architecture.” — Brandon Karpf (27:22)

Timestamps for Key Segments

News Roundup Begins: 01:21
CrowdStrike Insider Incident: 01:21–01:56
Salesforce Third-Party Breach: 01:57–02:32
Cox Enterprises Oracle EBS Breach: 02:32–03:09
Transport for London Hackers Plead: 03:09–03:42
WSUS Vulnerability: 03:42–04:44
Iberia Data Breach: 04:44–05:18
Harvard Voice Phish Breach: 05:18–06:21
Business Briefing: 06:21–09:48
Maritime GPS Jamming/Spoofing Interview Begins: 11:58
Jamming/Spoofing Tactics: 19:47–22:28
Mitigation Discussion: 25:07–30:02
Russian Crime Syndicate Case Study: 31:08

Conclusion

This episode blends urgent cyber threat news with a thorough technical and geopolitical look at GPS vulnerabilities, especially in maritime contexts. The interview with Brandon Karpf provides rare clarity on why GPS jamming/spoofing is both a low-barrier and high-impact threat, how it plays into current military contestations, and what both commercial and defense-focused organizations might do to adapt. The closing case underscores how cyber threats increasingly intersect with real-world geopolitics and financial crime.

For all news links and further analysis, visit thecyberwire.com.

Loading summary

Transcript44 lines

[00:02]
A
You're listening to the Cyberwire Network, powered by N2K.
[00:13]
B
What's your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.
[01:22]
A
CrowdStrike fires an insider who allegedly shared screenshots with hackers Cox Enterprises confirms Oracle EBS breach Alleged transport for London Hackers plead not guilty Iberia discloses breach of customer data we have our Monday business briefing and our guest today is Brandon Karpf, friend of the show, discussing maritime GPS jamming and spoofing and the launderers who wanted a bank for Christmas. Today is Monday, November 24, 2025. I'm Maria Varmazes, host of T Minus Space Daily, in for Dave Buettner as he's defrosting his turkey and this is your Cyberwire Intel Briefing. Thank you for joining me, everyone. Let's dive in. CrowdStrike has fired an insider who allegedly shared screenshots of internal systems with hackers. According to a report from TechCrunch, the scattered lapsus hunters published the screenshots in a Telegram channel last week, claiming to have gained access to CrowdStrike's systems after breaching gainsight. CrowdStrike says these claims are false, stating that, quote, its systems were never compromised and customers remained protected throughout. The company says the hackers obtained the screenshots from a malicious insider whose access has been terminated. Bleeping computer cites a Shiny Hunters member who said the group offered the insider $25,000 to grant access to CrowdStrike's networks, but the insider was detected and locked out before they could do so. These details have not, however, been confirmed by CrowdStrike. In related news, Google's Threat Intelligence Group reports that hackers accessed and stole Data from over 200 instances Salesforce via third party apps published by Gainsight. The campaign claimed by the scattered Lapses Hunters collective including Shiny Hunters, exploited integrations, not the core Salesforce platform, to infiltrate high profile targets such as dentor sign, LinkedIn and Verizon. Salesforce says the breach quote is not the result of any vulnerability in the Salesforce platform. US based global conglomerate Cox Enterprises has confirmed that its Oracle E Business suite or EBS instance was breached, leading to the theft of personal information belonging to nearly 9,500 individuals. According to a report from Security Week, Cox is one of the more than 100 entities named by the Clop ransomware gang as victims of a campaign targeting a zero day flaw in Oracle ebs, Logitech, Harvard University, the Washington Post, Envoy Air and Mazda have also confirmed that they were targeted by this campaign. Mazda told Security Week, however, that its defenses prevented the attackers from exfiltrating information. Two alleged Scattered Spider hackers have pleaded not guilty to charges related to last year's cyber attack against Transport for London, according to a BBC report. The defendants, 19 year old Talha Jubeir from East London and 18 year old Owen Flowers from the West Midlands, were arrested last year and charged with offenses under the Computer Misuse Act. Flowers has also been charged with attempting to hack two US based healthcare entities. The two defendants will be held in custody until their trial in June 2026. Attackers have exploited a recently patched vulnerability in Windows Server Update Services, more commonly known as WSUS, and it is CVE 20, 25, 59, 287 rated as a CVSS score of 9.8 enabling unauthenticated remote code execution at the system level. Once inside WSUS enabled servers, the adversary deployed the sophisticated backdoor shadow pad by chaining tools like PowerCat, Certutil and Curl to download and sideload a malicious DLL which then persists via scheduled tasks and system process injection. CISA has added the flaw to own exploited vulnerabilities Catalog and organizations using WSUS are urged to patch immediately, restrict access and audit for abnormal activity. Spanish airline Iberia has disclosed a breach affecting customers names, email addresses and loyalty card identification numbers. According to a new report from Bleeping Computer, the incident did not affect login credentials or financial details. The airline has attributed the breach to a third party vendor, saying in a statement, quote, as soon as we became aware of the incident, we activated our security protocol and procedures and implemented all necessary technical and organizational measures to contain it, mitigate its effects and prevent its recurrence. The Bleeping Computer story also notes that a threat actor posted on a criminal forum claiming to have stolen data from Iberia and offering to sell it for $150,000. It is unclear if these claims are related, however, since the threat actor claimed to have breached Iberia's own servers and stolen technical details related to aircraft. Harvard University has disclosed that its alumni affairs and development systems were compromised following a voice phishing attack on November 18, 2025, which allowed an unauthorized party to access data related to alumni, donors, students, faculty and staff. The exposed information includes email addresses, phone numbers, home and business addresses, donation and event attendance records, but notably not Social Security numbers, payment card data or financial account credentials. The University is working with law enforcement and third party cybersecurity experts and has begun notifying affected individuals and now it's time for your Monday business briefing. Last week's business breakdown highlights just over $180 million raised across seven investments and three acquisitions. On the investment front, US based social engineering defense company Doppel raised $70 million in a series C round. With this new funding, Doppel aims to expand its digital risk protection product portfolio alongside expanding its existing human risk management offerings. Additionally, Bedrock Data, a US based data security firm, raised $25 million in a series A round. Through this funding, the company aims to accelerate product development timelines and invest in scaling its data security integrations, classification and AI governance. Additionally, the company also aims to meet its growing enterprise demand for infrastructure platforms and software as a service and AI systems at the multi petabyte scale. For acquisitions, cloudflare announced its intention to acquire Replicate and that's a US based AI model development company. Through Replicate, Cloudflare is looking to expand its Cloudflare workers, offering to allow it to build scalable and reliable AI applications. Additionally, Cloudflare aims to enable developers to access AI models across the globe with minimal code. And that wraps up this week's business breakdown. For deeper analysis on major business moves shaping the cybersecurity landscape, subscribe to N2K Pro and check out TheCyberWire.com every Wednesday for the latest updates. Now make sure to stick around after the break because Dave Buettner and I recently sat down with Brandon Karp, friend of the show, as we discuss maritime GPS jamming and spoofing and the launderers who wanted a bank for Christmas.
[09:48]
B
From fishing to ransomware, cyber threats are constant. But with Nord layer, your defense can be too. Nordlayer brings together secure access and advanced threat protection in a single, seamless platform. It helps your team spot suspicious activity before it becomes a problem by blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to Deploy easy to scale and built on zero trust principles so only the right people get access to the right resources. Get 28% off on a yearly plan at Nordlayer.com cyberwire daily with code CYBERWIRE28 that's nordlayer.com cyberwire daily Code CYBERWIRE28 that's valid through December 10, 2025. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With Locker Allow listing, you stop unknown executables cold. With Ring Fencing, you control how trusted applications behave. And with Threat Locker DAC defense against Configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. Threat Locker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.
[11:59]
A
Dave Buettner and I recently sat down with Brandon Karpf, friend of the show, as we discussed maritime GPS jamming and spoofing. Here's our conversation.
[12:08]
B
It is my pleasure to welcome Brandon Karpf to the show. He is the leader for International Public Private Partnerships at ntt. Brandon, welcome.
[12:17]
C
Thank you. Always good to be here, Dave.
[12:19]
B
And of course Maria Vermazes, host of the T Minus Space Daily podcast. Maria, thank thanks for having me, Dave.
[12:27]
A
Glad to be here. And I'm Brandon.
[12:29]
B
You are a graduate of the US Naval Academy and as such have actually spent time out at sea. So our topic today is GPS maritime spoofing and what we're seeing around the world when it comes to our adversaries taking advantage of the GPS system and their ability to jam it or block it or do the things they want to do. Can I just start with you Brandon? For folks who aren't familiar with GPS and the reliance of it from folks at sea, how would you describe that?
[13:04]
C
Yeah, sure. So from. From a high level, right? Starting with what is this thing that we all do rely on and every aspect of our daily lives and economy today relies on this brilliant innovation from the US military developed around the 1970s that was really designed to drop a precision guided munition on Moscow during the Cold War.
[13:29]
B
Not to put too fine a point.
[13:30]
C
On it, which was the whole point of this.
[13:33]
A
That's why it's always great talking to you, Brandon. Just get right to it.
[13:38]
C
And then the private sector started realizing, hey, we can do a lot with this. And early days gps, the resolution was down to a few meters. And then over the last 20 years, the US military opened up more reserve frequencies that allowed our iPhones to geolocate us to within really centimeters. You know, incredibly high fidelity location that has opened up literally, I mean literally trillions of dollars of economic value have been attributed to gps. So talk about a great investment for the government to, for the US government to put, you know, into the economy. We've literally gained trillions of dollars. But when it comes to specific areas of the economy, you think any sort of transportation, whether it's aviation or mar, having the ability to precisely geolocate where you are on earth to navigate around things like hurricanes or typhoons or things like sea state, that is that, you know, is beyond the capabilities of your ship to do things like autonomous navigation, where you now have ships who are pretty much, you know, these days, the large maritime trade ships pretty much drive themselves. You know, they have a small crew who are there to really bring it in and out of port. Other than that, these ships really kind of just drive themselves. All of that relies on and requires the accurate GPS signals from our position, navigation and timing satellites.
[15:06]
B
And Maria, on the space side of things, that's what we're talking about here. This is a constellation of satellites, right?
[15:12]
A
Well, there are several different ones. GPS is the US owned one. I'm sure Brandon was going to get to that. But there are many different ones. Galileo is famously the one that Europe has and China has its own. And I'm sure there's others that I'm forgetting and there's always more being added, but they're sort of in the industry just called either PNT position navigation and timing, as Brandon said, or GNSS is another one, sort of as the generic. But often when you say gps, people know what you mean, so yeah, but there are a lot and there are going to be increasingly more because many global economies are realizing that these are extraordinarily valuable and they're being increasingly tied to many different markets where you might not in ways you might not expect. I'm always surprised to find where else it's turning up and what else is totally dependent on these satellites being accessible and working correctly.
[15:59]
B
So let's talk about the implications for the maritime industry and indeed the military. I mean, we've got, as you say, Brandon, these ships that are relying on gps, but it is evidently easy or not too hard to jam or spoof, which can throw ships off course.
[16:22]
C
Yeah, most definitely. The signal characteristics themselves are actually incredibly basic. And just with some commercial off the shelf technology, you can replicate specifically a GPS signal. And again, as Maria mentioned, there are multiple different constellations. All of them have their own signal characteristics. But the GPS signal itself is an incredibly low power signal. It's not very complex in terms of the modulation. It uses a very basic form of modulation. So again, this is something that you could probably buy maybe $50 of off the shelf equipment and create a spoofed GPS signal. In fact, I've even heard of some companies who are doing precision robotics doing this inside their own labs of spoofing these signals or replicating these signals, which is technically illegal.
[17:08]
A
Technically illegal.
[17:11]
C
But it's so easy to do that when you need to create some sort of robot laboratory. You can really do it with literally probably about $50 of equipment. Now, the problem there is that not only, you know, are our military ships and equipment, and by the way, you know, we didn't mention, but military ships heavily reliant on gps, not just, you know, where you are, but also deconflicting where you are with other ships, but also your munitions. As we talked about the original intent of gps, these days, smart munitions all rely on gps. And so what you're seeing is increasing incidents of GPS spoofing and jamming, which are different things. And we could talk about the difference there, but GPS spoofing and jamming really kind of took off by the Russians in the Eastern Mediterranean during the conflict in Syria in the late mid to late 2010s, has really expanded in the war in Ukraine, around the Black Sea and Ukraine. We've seen it in the western Pacific around Taiwan and even in some of the straits like the Straits of Malacca. And we are starting to see it in areas like the Red Sea, the Straits of Hormuz, et cetera. And even recently some reports of manipulated GPS signals off the coast of Venezuela.
[18:21]
B
We've heard rumors of whenever Vladimir Putin is on board of a ship, on board a ship, they spoof that ship's location. So I guess to make it a more difficult target to find or something like that.
[18:36]
C
Short, certainly. And his dacha in the, the, the mountains of Russia, similarly, you know, no GPS signals will work anywhere near that location. And we have seen this, of course, with foreign, foreign leaders or dictators who understand how easy it is to manipulate these signals, but also how much the US and US allies rely on these for our military intelligence operations and how pretty much everything we have today in terms of those more technical operations rely on an accurate geolocated signal. And so, you know, right now this is starting to occur regularly. And as I mentioned, it's pretty inexpensive and easy to do this.
[19:22]
A
Brandon, can I ask you to walk us through the different modes of jamming or spoofing? Because I think we often, and I know I often get confused and when I read various, you know, mainline news stories about some. Some person doing something with a Bluetooth device to do something to gps, and I'm going, well, what exactly happened there? And if my understanding is there's actually a couple different ways to achieve this and they all kind of be a little bit different, so can you walk us through them?
[19:47]
C
Sure. So the, the first I'll talk about is really kind of the least sophisticated form of jamming, which is really just putting a whole bunch of noise out into the atmosphere. So imagine you and I are having kind of like a little whispered conversation and then someone else just turns on a radio super loud and you can't hear yourself think. That is barrage jamming. That is just the simplest form of jamming. You're just putting so much noise into the atmosphere that whoever's trying to receive the correct signal can't really hear the right signal, can't distinguish the signal for the noise. And that's the simplest form, really easy to generate that. And you're just putting a whole bunch of energy out there into the world. There are techniques for getting around that. Again, that's relatively unsophisticated. And so there are some interesting modulation techniques that you can actually still extract the signal from that kind of a noise. But that is still a very effective technique. And when it comes to gps, you're just denying the availability of a user of gps. No one's going to have GPS there. Now, a little more sophisticated is when you talk about more spot jamming, which is if you know the frequencies that someone is going to communicate on, which GPS is an open standard now, everyone knows those frequencies, even if it's moving frequencies, you can, instead of putting out just noise across the whole spectrum, put out noise specifically over those frequencies. And in that way, you're actually being much more efficient with the energy that you need and the resources you need to jam. And you're being much more effective in terms of jamming the specific frequencies being used by whatever user. But still jamming, you're just denying availability of that signal for someone to collect on it. Now, the Much more sophisticated type is actual GPS spoofing. And GPS spoofing is where you actually copy the GPS signal itself. You copy the modulation, you copy the frequencies, you copy the power level that someone expects to see. Because devices are actually pretty smart and there are ways of seeing, okay, this signal I'm receiving seems too powerful. And so let's just ignore it or filter it out. And so a really effective, sophisticated GPF spoofer is going to copy that modulation, copy the frequency, copy the power level, and replicate that out into the environment and give you just a slight timing delay. And really, that's how the GPS signals work. It's looking at the timing between you and multiple satellites, you and multiple satellite transponders. And if, if an adversary is spoofing that signal and slowly introduces a timing offset and slowly increases that timing offset over time, you're gonna, the adversary is gonna pull your GPS location away from where it's supposed to be, manipulating where you think you are in the world.
[22:29]
A
That's so cool.
[22:31]
C
I hate that.
[22:31]
A
That's my reaction. Like, that's so smart.
[22:34]
C
Oh, and you can look up, you can look up, I mean, open source, you know, GitHub, repos that do this, you know, algorithms that do this, you know, any sort of software defined radio has the ability to do this.
[22:46]
B
So one of the potential perils here that I've seen covered is that an adversary can, as you say, lure a ship away from, say, an international shipping lane into an area where they shouldn't be, therefore giving that adversary an excuse to board that ship or fire upon it.
[23:06]
C
Certainly. Right. And when you think about maritime, every country who has coastal regions has this thing called an exclusive economic zone, and then this thing called territorial waters. Your exclusive economic zone is within 200 nautical miles of your coast, and then territorial waters is within 12 nautical miles of your coast. Certainly military operations are very sensitive not to infringe upon that 12 nautical miles. Foreign nation military ships are not allowed to transit within 12. That, you know, that, that territorial waters of a foreign nation without being invited. But that exclusive economic zone is really, you know, gives that nation, you know, the nation permission to do their, their fishing and mining and oil drilling, etc. Without being infringed upon. And so certainly the GPS spoofing would affect that. Right, would affect a military's ability like ours, who's doing something like a freedom of navigation operation, which is where we move a ship between say Taiwan and mainland China and say, this is a free economic zone. Anyone can transit here. We are, we are participating in that freedom of navigation operation. But, but if the GPS signals are spoofed in that area, it makes the US military much more concerned that we might accidentally infringe upon the territorial waters of a foreign nation. So they might be more sensitive to that or pull further away. Also, just accurate navigation. Right. Ships are navigating based on charts and shoal waters and other potential hazards, and not having confidence in where you are creates a massive amount of risk that these ships might just not accept.
[24:42]
A
Brandon, when you were describing just the, the jamming and spoofing techniques, the, the thought that I had was we often shorthand talk about these satellite hacking problems and it's, it sounds like yet again, it's really more a terminal, a ground terminal thing is my read on that. Correct? I mean, what is the mitigation here for, you know, somebody who's dealing with this in the, in, you know, contested waters or whatnot?
[25:07]
C
Yeah, it is kind of a terminal, right? Because you jam a receiver, not a transmitter, right? When you jam something or spoof something, you are spoofing or jamming against the receiver, not the transmitter. The GPS constellation is just a whole bunch of transponders in medium earth orbit. So, yeah, I mean, the problem is that the protocol itself, right, the modulation, the technology is so fundamental that it's just so easy to replicate. But even if you did something much more complex, and it could still be hacked, you can manipulate a cell signal using CDMA pretty easily. You see that all the time with the cellular collection, stingrays and things like that. That's even a more complex signal that's pretty easy to spoof. So there are these things called navigation message authentications, which essentially think of it like a digital signature where you can maybe like sign the signal, but that requires the receiver to have a little more processing power. And so you're putting a tax on the terminal, on the receiver to actually do some calculation to take some CPU time to authenticate these messages. Really, that's, to me, really kind of the only solution here. You know, those, you know, digital signatures using kind of the techniques from authenticating communications and network technologies, and applying that to these GPS signals might be, I think, the best solution. That certainly has worked very well in terms of secure authentication in networks, secure software updates, et cetera, making sure that the message you're receiving is actually coming from who you think it's coming from. To me, that's approved and a well established solution in the network space probably applies quite well here.
[26:58]
B
Also, you mentioned earlier that the military at some point had opened up access to gps. And I remember when that happened, suddenly devices got a lot more accurate. As you say, we're down to centimeter accuracy now. Does the military have their own separate fallback on this or are they still using the same system that all the rest of us use?
[27:22]
C
The military is very much using the same system that all the rest of us use. There's been a lot of talk and some funding going towards the next gener generation of gps. And Maria, certainly I'm curious what you've heard about this. It's early days for those. There's a number of companies on those contracts. But as of right now, military is totally reliant on the legacy GPS architecture.
[27:49]
A
Yeah, I was just thinking of that because just as you mentioned it, Dave, I was racking my brains. I'm like, I know I've been hearing a lot about this and it's still does sound very preliminary to Brandon's point. But I want to say I've also been hearing about putting PNT in low Earth orbit, which is an interesting idea. I guess the idea there'd be more redundancy but just because of where it would be versus in medium Earth orbit, I'm just kind of like how would that work? Someone's figuring it out. But it's like, why low Earth orbit? In that case, what would be the advantage there? Aside from proliferation I would assume.
[28:21]
C
Yeah, I've heard that as a defense against some other elements, which is that's not necessarily defending against jamming and spoofing.
[28:29]
A
More kinetic stuff.
[28:30]
C
It's more kinetic stuff, right? It's more, it's more attacks against the space based architecture itself. In lower Earth orbit you need a lot more satellites. But those satellites can be a lot less exquisite because they're a lot closer. I mean a lot, a lot closer. I mean low Earth orbit We're talking like 300 miles. Medium Earth orbit is like 12,000 miles or something.
[28:53]
B
Like.
[28:53]
C
So the amount of power you need to transmit down to ground, much less. But then again you need a lot more satellites to provide that proper coverage. But you know, I've heard talks about putting it on, on some of these mega constellations, et cetera as well. Yeah, I mean some of the other techniques here are get going away from space based solutions altogether. There are terrestrial based solutions and one of them is legacy technology called Loran, which was originally invented during the Cold War using a much lower frequency communication but an over the horizon frequency range that would allow kind of. I mean it's really hard to jam that really hard to spoof that and but unfortunately that also requires much larger equipment, at least back in the day to properly receive those signals. So there are other ideas out there. Like there's some quantum stuff that I've been reading about in terms of navigation and laser based inertial navigation. I mean tons of different technologies that people are actively investing in right now to try to solve this problem.
[30:03]
A
That was Brandon Karp, friend of the show, discussing maritime GPS jamming and spoofing.
[30:22]
C
At Thales, they secure what matters most the most trusted companies and organizations utilize Thales cybersecurity products to protect critical applications, sensitive data and identities anywhere at scale. Through their innovative services and integrated platforms, Thales provides customers a greater visibility of risks, the ability to defend against cyber threats, close compliance gaps, and deliver trusted digital experiences for billions of consumers every day. That's Talas T H A L E S learn more@cpl.thalesgroup.com.
[31:08]
A
So good, so good, so good. New markdowns are on at your Nordstrom Rack store. Save even more. Up to 70% on dresses, tops, boots and handbags to give and get cause I always find something amazing. Just so many good brands. I get an extra 5% off with my Nordstrom credit card. Total Queen treatment. Join the Nordy Club at Nordstrom Rack to unlock our best deals. Big gifts, big perks. That's why you rack. On Christmas Day 2024, a Russia linked crime network gifted itself something far more festive a 75% stake in a Kyrgyzstani bank. The UK's National Crime Agency says that Mary Bank MIS purchase became a convenient machine for washing cybercrime profits and channeling money into Moscow's war chest. Operation Destabilize found the scheme began with low paid couriers roaming 28 UK towns collecting envelopes of cash from drugs, firearm and immigration crimes. That cash was then flipped into crypto and funneled through Keramet bank, the one that they bought to support Promsvias Bank, Russia's military lender. At the top were two laundering crews Smart, allegedly led by Ekaterina Danova and tgr headed by George Rossi. Each leader worked alongside two partners and all six are now sanctioned by the US Treasury. The network also crossed paths with figures linked to Russian intelligence, including a group led by convicted spy Orlan Rusev and Drew in Russian Moldovan oligarch Elon Shor and his sanctions dodging crypto ventures. Couriers have already been jailed, including one caught with £750,000 at home and another pair who laundered £6 million under the guise of war related transfers with more than 120 arrests and millions seized. The NCA says its crackdown is tightening the pressure. And the money launderers? Oh, yep, they know it. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@anyn2k.com N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm your host, Maria Varmazes in for Dave Buettner. Thank you for listening. We'll see you tomorrow. Sam.