Ship Tracker Gaps Let Adversaries Mask Naval Logistics
If you think a 100 000-ton crude carrier can’t vanish in 2021-era open source intelligence, grab a chair and let Uncle Joe ruin your day. Military & defense contractors rely on satellite AIS, port calls, and Lloyd’s List to keep tabs on adversary logistics—yet every month another “ghost fleet” slips through the Strait of Malacca, reappears near Murmansk, and somehow still reports its position as “somewhere in the Med.” The punchline? Nobody notices until the sanctions team asks why a sanctioned tanker is still making money. That gap between what we expect maritime domain awareness to look like and what the data actually says is exactly where AIS spoofing defense becomes a life-or-death discipline.
Table of Contents
- Why AIS Is Broken by Design
- The Three Cheats Every Spoofer Uses
- How to Spot Ghost Fleets Using OSINT
- Toolkit for Military Contractors
- Case Study: Iran to Vladivostok
- Closing the Gap
- FAQ
Why AIS Is Broken by Design
The Automatic Identification System was built in the 90s to keep freighters from bumping into each other in fog—not to survive a world where both criminals and admirals weaponize metadata. Three facts make defenders cry:
- Transmissions are unencrypted 161.975 MHz bursts—any $25 SDR can inject packets.
- Only 2 048 unique MMSI numbers exist per flag state; recycle them every few months and you break correlation.
- Satellite receivers refresh every 45–90 minutes; turn off the beacon for 91 minutes and you’re invisible to half the commercial constellations.
Combine that with flag-hopping registries and you get military teams leaning on OSINT more than ever—because classified sources are too slow for real-time sanctions work.
The Three Cheats Every Spoofer Uses
| Technique | Cost | Detection Difficulty | Typical Actor |
|---|---|---|---|
| MMSI Swap | <$200 | Easy if you track fleet siblings | Smugglers |
| Position Offset | Free (software only) | Moderate—look for SOG vs. drift | Iranian VLCCs |
| Receiver Blackout | Free | Hard without SAR | Russian Navy auxiliaries |
Notice none of these require nation-state budgets—just a laptop and a cynical disregard for SOLAS. That’s why integrating OSINT to prioritize alerts is now mandatory for any SOC that supports maritime enforcement.
How to Spot Ghost Fleets Using OSINT
Step 1: Baseline legitimate traffic. Pull seven days of AIS from MarineTraffic (free API tier works) and cluster by MMSI + draught. Anything that changes draught by >0.5 m between ports is worth a flag.
Step 2: Cross-flag imagery. Sentinel-1 SAR is free, 24-hour revisit. If the AIS blob claims 300 m LOA but Sentinel pixel count shows 220 m, you just caught a spoof. Screenshot everything—courts love timestamps.
Step 3: Fuse with corporate risk data. Lloyd’s List Intelligence adds beneficial-owner graphs; pair that with OSINT for corporate risk detection and you’ll see shell companies share the same email domain across 43 flagged vessels. Surprise—they’re all in the same dark fleet.
Toolkit for Military Contractors
Commercial stack:
- ExactEarth or Spire Sense for satellite AIS (request 15-minute cadence)
- VesselFinder API for port call anomalies
- Open-source ais-catcher on a Raspberry Pi 4 for local validation
If you need to scale, spin up Kindi. Feed it MMSI lists, SAR imagery, and corporate registries; its graph engine will surface shadow links in minutes, not analyst-weeks. The platform keeps notes in markdown, so when the commodore asks “how sure are we?” you hand him a living report, not a 200-row spreadsheet.
Case Study: Iran to Vladivostok
In March 2025 a 299 000 DWT tanker transmitted as VELA 3 off Fujairah. Same MMSI, but three weeks later popped up near Vladivostok as NEW VISION. Here’s the breadcrumb trail:
- AIS went dark for 52 hours south of Karachi.
- Sentinel-1 caught a 332 m vessel at 24.8 N 62.2 E—no corresponding AIS.
- Manual DF by USN aux showed burst at 161.975 MHz with incremental MMSI +1.
- Port state control in Nakhodka listed cargo as “slops” yet draught jumped from 9.2 m to 20.7 m—classic crude-in, slops-out money laundering.
Result: OFAC sanctioned the beneficial owner 48 hours after we published the fused intel. AIS spoofing defense wins again—because somebody bothered to fuse SAR, AIS, and port state control instead of trusting a single sensor.
Closing the Gap
Want to stop the next ghost fleet?
- Mandate encrypted AIS-S (the military version) for any vessel contracting with DoD. Yes, shipping lobbyists will howl—let them.
- Task one analyst per COCOM to run nightly drift-detection scripts on AIS gaps >45 min inside EEZs.
- Buy commercial SAR access—ICEYE or Umbra—so you aren’t held hostage to European cloud quotas.
- Finally, automate the boring bits. Kindi already ingests both AIS and SAR out of the box; use its webhook to push anomalies to your JIRA board before morning stand-up.
Bottom line: if your maritime picture still depends on a single unencrypted protocol designed in the era of dial-up, you’re not doing AIS spoofing defense—you’re running a participation trophy scheme for sanctions busters.
Want to strengthen your OSINT skills? Check out our free course
Check out our OSINT courses for hands-on training.
And explore Kindi — our AI-driven OSINT platform built for speed and precision.
FAQ
What is AIS spoofing?
Intentionally broadcasting false identifiers, positions, or timestamps on the Automatic Identification System to hide a vessel’s real location or identity.
How can SAR imagery catch spoofers?
Synthetic-aperture radar sees through clouds and darkness, letting analysts measure actual ship dimensions and compare them to AIS claims.
Is encrypted AIS available today?
Yes, AIS-S (a military encrypted variant) is specified in NATO STANAG 4668, but adoption outside navies remains minimal.
What’s the cheapest detector setup?
A $100 RTL-SDR dongle plus open-source ais-catcher running on a laptop gives you a local baseline to verify satellite data.
Can small navies afford fused analytics?
Absolutely—platforms like Kindi offer per-seat pricing and fuse open data, so even coast-guard teams can field enterprise-grade fusion without enterprise budgets.