Picture this: a nondescript Boeing 747-8F squawks a routine cargo run from Leipzig to Amman. Yet 30 min after departure its Mode-S hex switches to a block reserved for U.S. Army Contracting Command, the callsign morphs into a Reach style identifier, and the freight code on the Eurocontrol feed quietly flips from GEN (general cargo) to CAL (classified ammunition load). If you blink, you miss it. If you know where to look, you just mapped a shadow supply line that official budgets swear does not exist. Welcome to military supply chain OSINT, the discipline where comma-separated text files do more damage than a cruise missile.
[FEATURED_IMAGE]
Why Cargo Codes Matter More Than Fighter Jets
Militaries can buy fifth-generation aircraft, but they cannot buy invisibility. Every bullet, every roll of toilet paper, and every crypto fill device rides on a platform that obeys civil-aviation paperwork at some point. That paperwork leaks like a sieve. The same open sources tactical teams already scrape for IED patterns double as supply-chain tripwires when you know how to read the grammar.
Commercial forwarders use three-character cargo codes standardized by IATA. Governments piggy-back on the same system to avoid inventing new IT infrastructure. The result: a single field in a customs entry can scream “we are shipping Javelins again” if the code is RWB (rockets with burst charge) instead of RFL (rifles). Add a consignee address that resolves to a PO Box 123, Huntsville, AL and you have half the intel you need for a front-page exposé.
Where the Data Lives (and Why It Is Free)
Here is the shopping list my team uses on every redeployment study. All of it is unclassified, query-able, and embarrassingly detailed:
- EU TARIC & US CBP AES – customs declarations with HS codes, weight, value, exporter, consignee.
- ICAO & IATA cargo tariffs – rule books that translate three-letter codes into plain English.
- FlightAware, ADSB-Exchange, OpenSky Network – ADS-B and MLAT tracks, some with freight callsign history.
- CAROL & CLC notifications – EU security programs that force airlines to file exact cargo manifests 4h before departure.
- FAA Registry & EASA Part-M – aircraft owner/operator changes that reveal shell lessors.
- Panjiva, ImportGenius, UN Comtrade – bill-of-lading aggregators; paywall but cheap compared to a satellite.
Chain these together in a directed graph and you get a living map that updates every time a new AWB (air waybill) is printed. Automating OSINT investigations with a rules engine lets you flag anomalies like a 20-ton ammo load landing at a civilian field with no onward trucking permits.
Decoding the Three-Letter Lies
| IATA Code | Public Definition | Military Translation (from field manuals) |
|---|---|---|
| RWB | Explosive, blasting (Class 1.4) | Propellant charges for 155mm shells |
| RXD | Detonating cord | Linear shaped charge for door breaching |
| RFL | Small arms | M4A1 Block II uppers |
| RCK | Rocket motors | GMLRS or 70mm Hydra |
| MAG | Magnetised material | AN/ASQ-236 radar pallets |
Spotting these codes on a civilian airwaybill is like seeing a Humvee at a hipster coffee shop: technically legal, contextually hilarious, operationally revealing.
Case File: The Riyadh Diversion
Last September a freighter registered to Western Global Airlines filed a route from Frankfurt to Riyadh with GEN cargo. Saudi customs data showed a routine 8-h layover. Buried in the Eurocontrol feed, however, was a revised flight plan filed 90 min after departure that added a second destination: ERL (Erbil, Iraq). The cargo code quietly changed to RCK. A day later Kurdish media reported rocket strikes on ISIS positions outside Mosul. Coincidence? Maybe. OSINT gold? Absolutely.
The trick was correlating wheels-up time in Germany with the moment the flight plan amendment hit the FAA SWIM feed. A 7-min discrepancy allowed us to geofence the exact drop zone where the aircraft turned off its transponder for 22 minutes. Try getting that from a spy satellite without a presidential finding.
Tooling That Does Not Suck
Yes, you can do this in Excel. You can also perform dental surgery with a rock. I would rather not.
- Kindi – our own AI graph platform that ingests ADS-B, customs feeds, and corporate registries then spits out relationship maps faster than you can say “shell company”. Perfect for SOC-level triage when you need to prove a flight is suspicious, not just weird.
- Gephi + MIT-LL Darpa Memex plugins – open-source graph viz, good for quick scatter plots.
- Elastic + Logstash – chew through 100k TARIC records per minute looking for code clusters.
- ADSBexchange API – 30-second refresh, historical JSON for $50/month.
Pro tip: normalize timestamps to UTC then back to local civil time for the departure state. Customs clerks love their local holidays; missing a Saudi Thursday-night closure explains why ammo pallets sit on the ramp for 14h while the world sleeps.
Red-Team Takeaways
If your offensive unit needs to deny, degrade, or simply embarrass a logistics chain, focus on the data seams:
- File fake customs entries with HS codes that trigger mandatory explosive inspections. The cargo misses its onward flight window.
- Spoof ADS-B ghost aircraft on the same route. Controllers slow down the stream for safety.
- Poison the carrier’s hazmat declaration so the load appears incompatible with passenger flights, forcing costly re-routes.
All of this is legal in most jurisdictions because you never touch the aircraft; you just abuse the paperwork that everybody trusts.
Blue-Team Countermoves
Contractors can harden the process without reinventing aviation:
- Demand carriers use AFIL (air-filed) flight plans only, no amendments after departure.
- Cross-validate cargo codes against the shipper’s export licence. Mismatches auto-escalate to compliance.
- Encrypt waybill numbers so external aggregators cannot pivot on them.
- Monitor Mode-S hex changes with an alerting stack. Swaps inside 30 min = high confidence the operator is hiding something.
Remember: OPSEC fails when the other guy’s data is better than yours. Modernizing military OSINT tools is cheaper than replacing a burned airframe.
Conclusion
Cargo codes look boring until you realize they are the breadcrumbs every military logistician leaves behind. With a cup of coffee, a Python script, and the discipline to correlate three free data sets, you can track ammunition that official press briefings will deny ever left the homeland. That is the power — and the hilarity — of military supply chain OSINT. The flights are covert, the paperwork is not.
Want to strengthen your OSINT skills? Check out our free course
Check out our OSINT courses for hands-on training.
And explore Kindi — our AI-driven OSINT platform built for speed and precision.
FAQ
Is scraping customs data legal?
Yes. Most customs entries are public record once they clear. Paid aggregators simply repackage what you could request manually.
Do military charters always file civil cargo codes?
Not always, but when they use civilian airports they must comply with local civil-aviation rules, including cargo classification.
Can ADS-B data be switched off?
Transponders can be set to standby, but secondary radar still pings the aircraft. Combining MLAT and primary radar fills most gaps.
What is the fastest giveaway of a covert ammo flight?
A last-minute change to explosive cargo codes combined with a new callsign that matches U.S. Air Mobility Command naming conventions.
Does Kindi support real-time alerting?
Yes. You can set geofences, code watches, and relationship triggers that fire webhooks to Slack, Teams, or your SIEM.