Podcast describing a project wherein a CSA client shipped sensitive, high value IT equipment to, and within, the People’s Republic China. The client was justifiably concerned that its IP, confidential information and trade secrets would be compromised. CSA developed a protocol to ensure the shipment arrived safely across a long, treacherous and uncertain chain of custody.
Elliot Brazil, host of the “Are You Shipping Me” podcast is joined by Walt Beadling, Matt Brazil, and Erik Hoffer. Walt is Managing Partner at both the Cargo Security Alliance and Cayuga Partners. Matt is a Research Fellow at the Jamestown Foundation. He recently published Chinese Communist Espionage: An Intelligence Primer with co-author Peter Mattis. Prior to the Jamestown Foundation Matt was involved in cargo theft investigations and intellectual property security in the corporate world. Erik Hoffer is a Cargo Security Alliance partner and President of CGM Security Solutions Inc. and Rig Secure, Inc., manufacturers of security products and technology designed to mitigate and prevent cargo theft incidents.
Monday, September 23, 2019
The recent indictment of American Airlines mechanic Ahmed Alani on charges of “willfully attempting to damage, destroy, disable and wreck a civil aircraft”, and his alleged ISIS connections, shines a spotlight on a major risk exposure in our airports: employee screening.
“Should people be worried? Hell, yeah,” says Doron Pely, a former aviation security consultant in Israel. “This doesn’t require a suicide bomber. It requires access to an airframe, an aircraft and motivation.”
900,000 people work in the 450 airports under US federal supervision and control, and many are able to bypass traditional screening requirements that passengers must endure. At the same time, airports, airlines and cargo handlers are under pressure to hire personnel in a tight job market, especially during seasonal peaks, putting pressure on authorities to expedite employee screening.
A House Homeland Security Committee report issued in February, 2017, can be found here. Since that time, major US airports and air cargo hubs have taken measures to expedite and improve screening procedures, but the threat remains.
Alani entered a “Not Guilty” plea in Miami, FL Federal Court on Friday.
WTF (What’s The Future?): “Trucks are Smart Machines too!” Our friend and associate Road Scholar Transport CEO Jim Barrett talks tech, safety, security, responsibility, accountability and being a “Vendor Managed Company”.
LinkedIn Video here.
Date: 26 June 2019
Location: United States and Canada
Description: Holiday weekends are of notoriously high risk for manufacturers and logistics-related organizations. Organized cargo theft rings in the United States and Canada will be extremely active in the coming days, as more shipments are left unattended for extended periods of time due to the upcoming holiday. This year July 4th falls on a Thursday, meaning that many facilities may be closed on Friday the 5th, resulting in longer stage times and lower security staffing. In July 4th holidays between 2014 – 2018, the SensiGuard™ Supply Chain Intelligence Center (SCIC) recorded 2.5 thefts per day with an average loss value of USD $226,505 which is a theft rate 20% higher and an average loss value 34% higher than thefts throughout the year.
Geographically, Texas (+65%), Ontario (+30%), and Tennessee (+39%) all had significantly higher theft rates during the holiday weekend than throughout the year. Facility Theft (+101%) and Pilferage (+10%) were both more frequently perpetrated over the holiday weekend as well. Within product types, Electronics (avg. value $729,813) and Home & Garden ($81,824) both tie for the most stolen product types over this holiday weekend at 19% each. Electronics beat its normal theft rate by 22% and its average value by 93%, while Home & Garden beat its rate by 33% and its value by 9%.
Recommendation: The SensiGuard SCIC recommends that logistics and security professionals ensure security protocols are up-to-date and in line with industry best practices for both in-transit and warehouse operations. Also, in order to mitigate criminal attempts to exploit cargo at rest, we suggest confirming that a given receiver’s hours of operation for the holiday weekend are consistent with scheduled delivery times and planning for secure parking locations in the event a shipment will have to stop for an extended period of time. Covert GPS tracking and active monitoring of high-value shipments are highly recommended, as they have proven to be the most effective protocols to both mitigate in-transit theft and facilitate successful recovery of stolen product.
In addition, the following guidelines are collectively endorsed by IMUA, PCSC, Travelers Insurance, SWTSC, SETSC, NETSC, the Cargo Security Alliance, and Sensitech:
• Steps should be taken to verify the authenticity of all shipment related activity during these periods – particularly any entity which has been engaged to either move or store a shipment. Driver and business verification, prior to releasing any shipment, is paramount.
• Communication between drivers and shippers needs to be firmly established and regularly maintained during shipments over these periods. That communication should include driver(s) instruction as to what types of behavior are required and what is not permissible.
• Truck stops, highway rest areas and distribution centers are frequent targets for cargo thieves – not only traditionally but more so over holiday periods. For that reason, any location where cargo would either intentionally (or unintentionally) come to rest – even for brief periods of time – should be as secure as possible. Things to consider when selecting a secure area/lot are: controlled access, adequate lighting, congestion, any type of either personal or video surveillance, how long the conveyance will be left unattended, as well as past intelligence of localized cargo theft activity.
• If a cargo conveyance must be left unattended for any period of time it should be made as secure as possible. Theft-resistant locking/sealing mechanisms for tractors, trailers and cargo compartments; disabling technology for the vehicle’s power units or trailer movements; parking vehicles and/or cargo compartments in a fashion which make access as difficult as possible – are all things worthy of strong consideration.
• If any tracking technology, such as GPS monitoring, that is available for deployment should be used to its fullest extent possible. That would include tracking technology on the conveyance’s power unit, its cargo area (if separate), as well as within the cargo itself.
• Conduct a personal inspection of both the outside and inside of your facilities before securing them. Remove/repair anything that would assist a perpetrator in his/her illicit activity. For example: exterior lighting that doesn’t work, gates/doors/windows left unsecured, keys left in forklifts inside, etc.
• Prior to securing a facility for unattended periods check to make sure all alarms, CCTV recording equipment, and any sources of auxiliary power are all in good working order. With anything that is battery powered, those batteries should be tested for effectiveness.
• Treat all premises alarms (no matter the number or closeness in frequency) as if they are all actual penetration attempts. Responses should be made accordingly.
• Make sure all lists of company individuals responsible for contact, in the event of suspicious activity or emergency, are up to date. All entities that monitor your alarm/access activity need to have access to these up-to-date lists.
• Encourage local law enforcement agencies to make extra patrols in the areas where your facilities are located – as well as make it as easy as possible for them to “see” your critical access areas.
Notable thefts over Fourth of July 2014-2018:
• 2014, Florida, Facility Theft of Cell Phones, $451,000
• 2014, Texas, Theft of Full Truckload of Meat, $200,000
• 2015, Nevada, Facility Theft of Computers, $250,000
• 2015, California, Facility Theft of Hard Drives, $381,000
• 2015, Washington, Theft of Full Truckload of Cell Phones, $5,700,000
• 2016, Texas, Theft of Full Truckload of Canned & Dry Goods, $85,000
• 2016, Tennessee, Theft of Full Truckload of Beer, $42,000
• 2017, Wisconsin, Pilferage of pre-release Toys, $328,000
• 2017, California, Theft of Full Truckload of Appliances, $100,000
• 2018, New Jersey, Facility Theft of Cosmetics, $1,000,000
• 2018, Tennessee, Theft of Full Truckload of Canned & Dry Goods, $458,000
SensiGuard™ Supply Chain Intelligence Center • firstname.lastname@example.org
Cargo trucks have become a weapon of choice for global terror attacks. This Unclassified TSA Report details the Threat Landscape, Indictaors and Countermeasures.
Overdrive Online Todd Dills |January 12, 2017
Imagine you arrive at a facility to pick up a load and, checking in with personnel at the gate, the man in the guard shack looks confused, checks and double-checks his list of impending arrivals, only to tell you you’ve already been there. The load is gone.
It’s a situation that’s become more and more common over the years since the so-called “fictitious pickup” cargo theft mode drew enough attention in supply-chain-security circles to warrant specific attention.
According to a white paper issued in 2013 by the CargoNet firm [with the Cargo Security Alliance], it began to “emerge as a trend around 2005,” growing to account for a significant share of all thefts reported to CargoNet in 2011, with many thefts occurring in California. By 2012, such thefts, sometimes involving thieves’ fraudulent assumption of an existing carrier’s identity, accounted for 8 percent of all thefts reported to CargoNet.
Scott Cornell, 2VP of Transportation and Crime and Theft Specialist at Travelers Insurance, who for years headed the insurance company’s Special Investigations Group devoted to cargo theft, says that straight theft — thieves hitch to a loaded trailer, unload a trailer or otherwise drive away with a full tractor-trailer — remains the most common sort of cargo theft. But these “strategic” thefts, his terminology for the broad category CargoNet IDs as “fictitious pickup,” represent the “fastest-growing method of cargo theft,” Cornell says, accounting today for about 10 percent of thefts nationwide. Most of such thefts are coming from thieves operating inIllinois and Southern California, Cornell adds.
Since the thefts nearly always have a virtual component, thieves can “can target something no matter where it is,” Cornell says. “Part of the difference” — and the attraction for thieves, no doubt — “is that you can be very selective. You can pick out what you want to target rather than randomly picking out a trailer.”
As the CargoNet white paper illustrates, this relatively new kind of theft is taking advantage of the rise of web-based brokering and the sometimes tenuous nature of broker-carrier relationships on the spot market. “Fictitious pickups have grown alongside the expansion of web-based brokering,” according to the CargoNet report, “the ability to set up fictitious companies and websites, and the availability of high-quality fraudulent driver’s licenses. The just in time (JIT) supply chain management practices have exacerbated the problem by putting a premium on speed at the expense of performing time-consuming due diligence in vetting” carriers by brokers, and company employees by carriers, in some instances.
“Computer-savvy criminals (often former employees of trucking and logistics companies),” the report goes on to predict, “will increasingly turn to this modus operandi because it is less risky than traditional cargo theft.”
Carrier identity theft occurs when a thief impersonates a legitimate carrier, secures a load, picks it up and then disappears. Thieves posing as both brokers and carriers, and in some cases successfully claiming old or even active authorities for themselves, are increasingly using this scam.
“In an identity theft scenario,” says Cornell, a carrier or broker is “dealing directly with the bad guy. You’re hiring the bad guy yourself.” Conversely, in another sort of fictitious pickup, you’re dealing with the good guy. “ABC Trucking agrees to Friday at 1 o’clock to pick up the cargo. Everybody involved in that transaction is who they say they are, but the bad guy finds out about that arrangement.” He then shows early and grabs your load, leading to situations like the hypothetical one starting this piece.
Travelers’ in-house investigative unit is famous for its sting trailer, equipped with hidden cameras, tracking devices, hidden mics and more that law enforcement agencies around the nation have used to bust up the various elements of the organized cargo theft rings operating in hot spots and other areas around the country. Cornell says the enforcement community is beginning to “look at ways to use the sting trailer” to combat the gamut of fictitious-pickup scenarios as well, particularly “if there’s an organized ring concentrating on them in certain areas. We might work with law enforcement to try to get the sting trailer to be used one or two of those loads.”
Otherwise, Cornell and other speakers at Truckstop.com’s November Connected 2016 conference encouraged a holistic and preventive approach toward minimizing risk of identity theft and closing other vulnerabilities.
Tactics to minimize straight theft remain prominent in any discussion of cargo theft (with a high-value load, extend your first segment from the origin point before any stop to avoid anyone who may be following you, for instance). But the new threats require better diligence on the part of brokers in vetting carriers they don’t know personally. Double- and triple-check the identities of company reps via phone calls to the legitimate company home. Match phone numbers and other contact/address info on paperwork to home city, state and Department of Transportation (Safer.gov and the CSA Safety Measurement System) listings for the business.
Carriers can protect their identities by regularly logging into their carrier profile with their DOT-issued PIN and keeping all contact information updated and current, likewise proofing for any unauthorized changed. During the Truckstop.com panel on cargo theft, speakers referenced possible vulnerabilities in DOT’s processes, which allow for MCS-150 carrier information form updates in a manner other than online updates using the PIN that carriers are issued to make their online updates. Cases were detailed in which thieves may have utilized such methods to change contact information on a carrier’s profile to go directly to him, for instance, thus enabling him to secure a load as that carrier with a broker.
If you still don’t have a DOT PIN to take control of your registered profile online, follow this link or call (800) 832-5660 for details.
The online update, too, has its vulnerabilities. Once you have your PIN, be careful who you entrust it to, says CargoNet Vice President Sal Marino. While some people might believe FMCSA’s online system is hacked toward carrier identity theft, Marino doesn’t think that’s the case. Too many, he suggests, may just be the result of the PIN being shared too much internally, then getting out to the wrong party through any number of means. (Queries to FMCSA were not answered in final form in time to include in this report. Overdrive will issue a follow-up when the agency responds.)
by DOROTHY COX/The Trucker Staff www.thetrucker.com
September 28, 2016
The Homeland Security (DHS) Inspector General’s Office in a new report recently declared that background checks of port workers by the Transportation Security Administration (TSA) aren’t as effective as they should be.
That comes as no surprise to those who routinely go in and out of the nation’s ports.
Jim Stewart, a long-time port hauler and former Teamster recruiter said, “Any port is a terrorist’s paradise” and that “Homeland Security is a joke.”
The IGO said there isn’t sufficient oversight or guidance for TWIC (Transportation Worker Identification Credential) cards.
Again, no surprise. TWICs are still “flash cards” in the sense that there aren’t satisfactory card readers to check cardholders’ documentation adequately. Plus, “The ports have come out with their own cards,” said Stewart, who recently quit port hauling because of the low rates and health problems. He had worked in Virginia ports for years.
After September 2011, the cards were seen as necessary for maritime/port security for Longshoremen, port facility employees, truck drivers hauling in and out of the ports and others.
Mandated by the Maritime Transportation Security Act of 2002, the TWIC system has historically been beset by red tape, delays, mismanagement and a host of other problems.
Stewart said there has been a “cottage industry” of people making fake TWICs for $100 each “for years.” He said the rush to develop TWICs made them full of security holes or as Rep. John Mica, R.-Fla., called them, “at best no more useful than a library card.”
Angered by the government’s failure to fix the TWIC system, the late Sen. Frank Lautenberg, who served on the Committee on Commerce, Science and Transportation and was at one time executive commissioner of the Port Authority of New York and New Jersey, said, “hundreds of millions of tax dollars” were being spent “on a program that might actually make the ports less safe.”
Paul Dodge, who works in the Boston area and has been a port hauler for more than 30 years, said the TWICs “really don’t do a d**n thing. I’ve been asked to put a TWIC in the [documenting] machine maybe four times and . . . the machine didn’t work, anyway. They’re kind of a joke.”
He said about once or twice a month in Boston, local authorities, TSA inspectors, U.S. Customs officials and Coast Guard officials run a random truck inspection at the port. “Lately they’ve had TWIC machines” but because it’s so random and not widespread “I seldom get caught up in that,” he said.
Dodge added that the Massachusetts Port Authority has its own ID cards which are “more secure” than a TWIC card and that’s the one he normally uses.
“Sure there are still fake TWICs,” Stewart said, “especially with illegals behind the wheel with no CDLs. If you can’t get the [legal] paperwork you pay someone to make it up.”
“If you want to get into a port, you can get into a port. They would like to say nobody gets past the gate but I’ve seen illegals” working on a construction job in the port “cut a hole in the gate and go back and forth to work.” This was at a marine terminal in Virginia. “Anybody could have followed the construction workers in,” he said.
But, he added, why try to get in a port in the first place?
“Once a drayage truck comes out of the port with poisonous chemicals, explosives, refrigerated food or whatever, they could just follow it to the trucking company’s drop yard or some other supposedly secure yard or just wait until they drop the load along the street,” he said, “then go hook up to it and drive away.”
Frequently, he noted, “Chemicals and hazardous materials are dropped at truck stops and parking lots” outside the ports along with “chickens, drugs and truck tires, anything people can sell. I’m surprised it hasn’t happened” he said of terrorists accessing ports and nearby areas to cause a large explosion, poison a big water supply or something of that nature. He said security “soft spots” are easy to see if someone hangs around the ports long enough.
Dodge said “once in awhile” he’s asked at the port gate if he has anyone with him in his truck and he says no and they take his word. “I could have six guys in my sleeper,” he said, adding that at the small ports the truckers are usually recognized on sight by port officials. However, “They really don’t check the trucks,” he said.
The DHS Inspector General’s Office has recommended TSA take a multitude of actions to fix ports’ security problems including designating an entity to coordinate and provide guidance for the program, conducting a comprehensive risk analysis and improving the credentialing process.
According to the recent DHS report, TSA has agreed with the recommendations and “has already started to implement corrective actions.”
That’s nothing new, either. The Government Accountability Office released reports in 2011 and 2013 that criticized weaknesses in the TSA’s background checks and at one point, U.S. Government Accountability Office officials said they were able to obtain authentic TWICs using fraudulent identification documentation.
However, port haulers who had spent $125 or more on legitimate TWICs haven’t always able to use them because of system glitches, as Dodge recounted.
In November 2011 TSA announced that an estimated 26,000 TWIC cards issued before April 5, 2011, wouldn’t work when inserted into a TWIC card reader. Each card contained a Federal Agency Smart Credential Number (FASC-N), which would uniquely identify each card in federal databases but in the faulty cards the FASC-N wasn’t fully encoded, causing the cards to be read as invalid.
“TSA has known for years that there were problems and I’m concerned that little has been done to address them,” Sen. Bill Nelson, D.-Fla., ranking member of the Commerce, Science and Transportation Committee, told The Hill recently. “These weaknesses have opened up our ports to potential security threats, including the opportunity for an insider threat or someone with a serious criminal history to gain access to secure areas. These gaps must be closed immediately to secure our ports and maritime facilities.”
Meanwhile, cargo-laden Hanjin Shipping vessels that have been stranded off U.S. coastlines can’t do anything to help U.S. cargo security.
Hanjin, one of the largest container shipping companies in the world, filed for bankruptcy in South Korea at the end of August, stranding dozens of active ships in waters around the world.
Consequently, many cities and crews refused to allow Hanjin ships access, fearing that they would not be paid for their work. So far, about $14 billion worth of cargo as well as hundreds of workers and others aboard the ships have been impacted, and the saga has continued for weeks.
- Fully test all your security alarm and surveillance systems to ensure they are in proper working order
- Ensure your back-up cellular alarm system is fully functional
- Check ALL pieces of security equipment that are backed up by batteries. Make sure all batteries are at full strength. If not, replace them
- Perform a full perimeter check of your facility(s). Take a walk – look at your fencing, all of your windows, all of your doors, as well as your roofs to ensure they can be properly secured. Think, if you were a bad guy, how would you try to get in???
- One evening this week have someone make sure all of your exterior lighting is functional – perform a check and replace/repair any lighting units that are defective BEFORE the holiday weekend starts
- Think about leaving more lights, than usual, “on” inside your facilities during this period – particularly ones that can be seen from the outside
- Don’t make it easier for potential burglars by leaving anything outdoors (or within a warehouse) that they could use to help facilitate a crime
- TODAY, look at your company’s alarm call list and make sure it is current/accurate with those at your central station
- That same on-call list should be current with your local police department – check, TODAY, to make sure
- Remind all the employees that are on your call list to respond immediately to any calls from your alarm monitoring contractor
- Treat ALL alarms with the same degree of diligence
- Have law enforcement respond to ALL alarm events – even when the system is suspected of mal-functioning (you can worry about any false alarm “fees” after the weekend is over)
- If you don’t currently employ a guard service consider hiring a contracted guard entity just for this specific holiday time period
- Contact your local law enforcement and request, if it’s possible, additional patrols in the area during this period
- If your facility is not gated, make it as easy as possible for a passing patrol car to “see” your critical points of entry. Keep as many lanes open as possible to allow that patrol car to drive around your facility
- Talk with your neighbors – offer to assist them by remaining diligent if they, in turn, will do the same for you. Share basic contact information with them
- Remove any keys from all warehouse equipment (such as forklifts) and place them in a secure location
- In the unfortunate event that someone is able to illicitly enter your facility make sure all important and sensitive documents are locked up – a “clean desk” policy should be in place by Friday noon
by MIKE BRUNKER NBC News August 8, 2016
A sophisticated eight-antenna jamming device built into a suitcase. One such “serious kit” was recently used by crooks smuggling drugs from Germany into the U.K. to knock out a variety of communications signals. Chronos Technology Ltd.
Once the province of hostile nations, electronic warfare has arrived with little fanfare on U.S. highways and byways.
Criminals, rogue employees and even otherwise law-abiding citizens are using illegal “jamming” devices to overpower GPS, cellphone and other electronic signals over localized areas. The devices are small and mobile — a common variety plugs into a vehicle’s cigarette lighter — making it difficult for law enforcement to identify the culprits.
And experts say the threat to the Global Positioning System (GPS) — the critical space-based navigational, positional and timing network — is escalating as potentially more destructive “spoofing” devices become readily available.
“We’re highly dependent on (GPS) in pretty much every part of our economy and security, yet it’s very easy to disrupt,” said Dana Goward, president and executive director of the Resilient Navigation and Timing Foundation, which is urging the federal government to move quickly to better protect GPS and to develop a backup system. “… I think the general consensus is that any outage of more than an hour or two would be pretty unpleasant.”
Experts have been warning for years about the vulnerabilities of GPS, a global network of 36 U.S. satellites that provides timing data for a wide array of critical infrastructure, including telecommunications, the energy grid and financial markets, as well as everyday applications like smart phone mapping and ride-sharing services like Uber.
“If there were an airline crash or a wide-scale, long-duration interruption of GPS, say in New York City, that affected the stock exchanges there, you can bet there would be a lot of people wagging their fingers and saying, ‘I told you so,'” said Todd Humphreys, associate professor at the Radionavigation Laboratory at the University of Texas at Austin and a leading authority on GPS security holes.
Humphreys was referring to predictions that a widespread outage of GPS — either due to natural phenomena like solar flares or a major electronic warfare attack — would immediately cause serious slowdowns in all types of transportation, with the impact spreading through other sectors if service could not be quickly restored.
Protecting the system is difficult, as GPS signals from 12,000 miles in space are extremely faint and susceptible to interruption by jamming (interference by transmitters operating at or near the same frequency) or spoofing (tricking GPS receivers into reporting they are somewhere they are not or producing an incorrect time signal). The U.S. military, which developed GPS, uses a separate frequency band with encryption and other measures that render it more secure.
Predictably, criminals have found ways to profit from GPS weaknesses with illegal jamming devices. The devices, once available only to those with considerable technical savvy, are now widely advertised on the internet for $50 or less and require no expertise to operate.
“You put a battery in it or plug it in and turn it on. That’s it,” said Peter Soar, business development manager for military and defense for the Canadian firm NovAtel, which supplies positioning and timing components to a wide range of industries.
Addition to the criminal ‘Armory’
As a result, experts say, the devices — which typically disrupt GPS and sometimes other frequencies over areas ranging from about 980 feet to more than 5 miles, according to one test — have become almost standard issue for villains engaged in certain kinds of serious crime like cargo theft and drug trafficking.
“Any respectable criminal involved in that kind of (cargo) hijacking is going to employ jammers as part of their armory,” David Last, professor emeritus at the University of Bangor in Wales and past president of the Royal Institute of Navigation, told NBC News. “There is no reason why they shouldn’t and every reason why they should.”
Charles Curry, managing director and founder of the British firm Chronos Technology, cited a case in which an organized crime group used jammers to protect surreptitious shipments of stolen high-end cars to Uganda for resale.
“You must have been a really well-organized crime gang to be doing that kind of business, stealing top-end Jaguar Land Rovers from the streets of the U.K., shipping them via France (and the) Middle East to Mombasa in Kenya and then overland to Uganda,” he said. “That isn’t a petty criminal.”
Drug traffickers also regularly use them to try to foil electronic surveillance by law enforcement or rival gangs, Last said.
Last, who frequently testifies as an expert witness in GPS jamming cases in Britain, recalled one recent incident in which the courier meeting a flight of illicit drugs from Germany at a small general aviation airport in England deployed a “very serious kit” in a suitcase, with eight antennas that jammed GPS, mobile phones, Bluetooth, Wi-Fi and the frequency used by stolen vehicle recovery systems such as LoJack.
“I don’t know if you’ve ever been around when Air Force One lands, but nothing electronic works for several hundred meters around,” he said. “It was quite like that.”
Stealing jewels with a garage-door opener
But Last said far less sophisticated crooks also are using jamming, citing a case in which “a couple very low-tech criminals” used a garage door opener to prevent a jewelry courier’s key fob from locking the vehicle. They then made off with goods left inside while the courier was in a store making a delivery.
“So there’s quite a mom-and-pop level of criminality that uses jammers and doesn’t even know quite how they work,” Last said.
U.S. authorities are generally tight-lipped about the criminal use of jamming devices, but an industry advisory issued by the FBI’s Cyber Unit in October 2014 indicates they take the problem seriously.
The advisory said an industry security group had reported 46 instances of car thieves’ using jammers to try to avoid detection of stolen vehicles in shipping containers bound for China.
It also referred to a theft in Florida in which the thieves used jamming devices after stealing a refrigerated truck trailer filled with pharmaceuticals, in case any tracking device was hidden in the cargo. The thieves were caught by the Florida Highway Patrol during a routine vehicle stop, it said.
Separately, the shipping security firm FreightWatch reported last year that there have been at least four failed cargo thefts in which jamming devices were recovered, saying the attempted heists were the work of Cuban cargo thieves operating along the Eastern Seaboard.
That may just be the tip of the iceberg.
“We often don’t know, based on what law enforcement tells us, whether a GPS jamming device facilitated and enabled (a particular) cargo theft to happen,” said John Wislocki, the information manager and publisher with the American Trucking Associations’ Safety Management and Transportation Security councils.
(The FBI declined an interview request from NBC News, directing inquiries to the Federal Communications Commission, the agency primarily tasked with enforcing anti-jamming laws. The FCC also declined an interview, instead pointing to a jammer enforcement web page and a 2013 forfeiture notice imposing a $32,000 fine on Gary Bojczak, a New Jersey engineer whose illegal jamming device inadvertently interfered with a test of a GPS landing system at Newark Liberty International Airport in New Jersey.)
Hiding from ‘the boss’
The use of jammers has been well documented in Britain in a 2012 study known as the Sentinel Project, which used a network of detection sensors around the country to measure the frequency of the illegal activity. The BBC reported at the time that 20 roadside monitors detected 50 to 450 occurrences of jamming in the country every day.
The problem has only grown worse since then, according to Curry, whose company conducted the study with government and industry support.
In addition to documenting use of jamming devices, the study found that the overwhelming majority of them — about 9 out of 10 — were employed by fleet drivers or truckers trying to avoid monitoring by the fleet-tracking systems “because they don’t want the boss to know where they are,” Curry said.
That observation was bolstered by a March 2014 experiment in the United States by Rohde & Schwarz, which manufactures radio testing and measurement equipment. An instrumented van parked near a major highway adjacent to Portland International Airport in Oregon found that “about every third or fourth truck” was radiating at or near GPS frequency, according to a presentation by GPS and communications consultant Logan Scott.
Despite such anecdotal evidence, Brian Lagana, executive director of the trucking associations’ safety and security councils, said he has seen no evidence that truckers are using the devices in significant numbers to defeat tracking or manipulate driving logs.
“I think, in general drivers, are well aware of the regulatory requirements … and they’re also very well aware of the penalties they could receive for use of a jamming device,” he said.
In fact, Britain’s Sentinel study found that many jamming culprits were at the wheels of smaller vehicles, including service and delivery vehicles and taxis.
It also documented instances of civilians with no ill intent using jammers. In one account that has become something of a legend in GPS security circles, an employee of a U.S. government agency with a mobile jamming detection device was surprised when it began alerting while he was at church.
“He went up to the priest after the service and said, ‘Father, I think there’s a GPS jammer in the church here somewhere,'” said Goward, who knows the official. “The father says: ‘Yeah. You’re darn right. I bought it to jam GPS and the cellphones because I was tired of people texting during the sermon.'” (The official declined an interview request from NBC News and requested anonymity.)
Spoofing concern growing
While use of illegal jammers appears relatively common in the field, spoofing — tricking GPS receivers by faking satellite signals — so far appears to be largely confined to electronic battlefields (Iran reportedly spoofed a U.S. reconnaissance drone that it captured in 2011) and laboratories. But that may be changing.
The closest thing to official confirmation of a criminal spoofing incident came when a Homeland Security Department official said at a security conference in December that Mexican drug cartels were trying to jam and spoof GPS signals to interfere with U.S. government drones patrolling the border.
“The bad guys on the borders have lots of money, and what they’re putting money into is … spoofing and jamming of GPS,” Timothy Bennett, a DHS science-and-technology program manager, said at the Center for Strategic International Studies conference.
In an interview with NBC News in July, however, Bennett said DHS has no evidence that the cartels have actually used spoofing and that his comments were based on “what is happening in the field (and) what I know about how other people are using jammers in the United States.”
Humphreys, the University of Texas expert who is often consulted by law enforcement and other government security experts, said there are likely other incidents that have not been made public.
“When I get interviewed by the FBI, they often guardedly allude to incidents where jamming and even spoofing have been carried out … but of course they don’t reveal details to me,” he said.
Humphreys famously demonstrated how spoofing can be used to take control of a vehicle using GPS for navigation. In June 2012, he and several graduate students demonstrated the technique for DHS officials by commandeering a civilian drone; the following year, they went after larger game — a 213-foot superyacht — and tricked its GPS navigation system into sending the vessel hundreds of yards off course in the Mediterranean Sea without raising any on-board alarms.
Those demonstrations required considerable effort and expense, Humphreys said, estimating that it took “five years and a bunch of Ph.D.s” to develop the device capable of simulating and then overpowering real GPS signals.
But that changed dramatically last year when Chinese technology experts demonstrated at the Defcon hacker conference how anyone can use a $300 software-defined radio to spoof GPS.
“There is now the capability of downloading something that’s available online onto an off-the-shelf … radio frequency card and making your own spoofer,” Humphreys said. “It would be something that would only takes a few hours for someone who has a little bit of experience with radio frequency work.”
Humphreys estimates that, as a result, “the difficulty of mounting a spoofing attack has dropped by maybe a factor of a hundred since 2012,” when he first raised the alarm.
While jamming as practiced “in the wild” is often a nuisance crime — causing GPS to black out briefly or cell towers to drop calls when one is nearby — spoofing is potentially much more dangerous in the wrong hands.
As Soar, the NovAtel executive, puts it: “The snotty kid in the bedroom is now probably our worst nightmare.”
Hoping for a small ‘crisis’
Law enforcement is starting to fight back. Jamming detection devices manufactured by Chronos Technology, for example, have been available for about a year and are “starting to find their way into standard use,” Curry said.
The multi-agency Space-Based Positioning, Navigation and Timing Executive Committee, known as ExCom, has been working for years on a GPS backup solution that would make jamming and spoofing of GPS much harder.
It is now developing requirements for a backup timing system — the GPS function most important to critical infrastructure — to be followed by navigation and positioning requirements. The commission is expected to issue recommendations in the fall of 2017, said Nancy Wilochka, a spokeswoman for the U.S. Transportation Department.
Manufacturers of GPS navigation devices also are beginning to incorporate anti-jamming and anti-spoofing measures — such as inertial sensors and antennas that draw from multiple Global Navigational Satellite Systems (GNSS) or can determine the direction from which signals are arriving — into their designs to at least improve the chances that they can withstand a malicious attack or GPS outage.
“It’s an arms race of giving enough protection,” Soar said.
That is encouraging to experts like Humphreys, but he can’t help wondering whether the improvements will arrive soon enough — and be strong enough — to prevent a disaster.
“My hope is the first crisis, if it comes, is just large enough to really wake us into action but small enough that nobody gets killed or that there isn’t a great deal of economic damage done,” he said.
By Marissa Gamache, Special to Transport Topics
Days before Fourth of July celebrations, trailers loaded with SweetWater Brewing Co.’s 24-pack bottles of beer were stolen from its brewery; its Summer Variety Packs due for pick up in early morning.
The Atlanta-based company said the majority of its two trailers of beer stolen June 21 was found June 29 with help from Georgia authorities. That was the good news.
The bad news, the company said: “Unfortunately, the return of the stolen brews does not mean the product is able to be sold or consumed — every bottle will be destroyed.”
Incidents of cargo theft occur all too often across the nation and are a constant worry for trucking.
CargoNet, a theft prevention and recovery network, reported 906 thefts last year valued at $100.5 million. It said food and beverage thefts led the way, accounting for 29%, followed by electronics at 13% and household goods at 12%.
That’s up 7% from 2014, when 844 thefts valued at about $90 million were reported.
Continue reading this article at TTNews.com:
© Transport Topics, American Trucking Associations Inc.
Reproduction, redistribution, display or rebroadcast by any means without written permission is prohibited.