Today’s military contractors love to brag about “zero-trust” and “secure-by-design,” yet a single line in a public bill of lading just put a Texas semiconductor plant on the wrong side of a Red-Sea missile strike. If you think open-source intelligence is only good for Twitter troll-hunts, grab a coffee and watch me chain together customs logs, FCC filings, and a defunct eBay listing to prove that the Houthi’s latest cruise-missile brain came from a Dallas fab that also makes chips for garage-door openers. Defense supply chain tracing is no longer a nice-to-have; it is the front line of modern counter-proliferation.
[FEATURED_IMAGE]
How a seized fragment in the Gulf led to a Texas chip plant
In late 2025, Naval forces recovered a mangled circuit board from a Houthi cruise missile that splashed into the Red Sea. The board carried a single tell-tale marking: a lot code TS-22-345-C. No country of origin, no manufacturer logo—just that string. Within 24 hours, a bored NCIS analyst punched the code into CBP’s public Automated Manifest System and found an exact match on a June 2023 airway bill from DHL Express. Destination: Sana’a (disguised as an Istanbul freight-forwarder). Shipper: a now-dissolved shell company in Richardson, Texas. Commodity: “evaluation FPGA development boards.” Quantity: 120 pieces. Value: $37,440. That is $312 per chip—cheap for a weapons program, but premium for a hobbyist.
From there, OSINT did what OSINT does best: connect dots that were never meant to touch.
Customs data is messy; Kindi makes it searchable
Raw AMS dumps are 200 MB CSVs full of typos and Cyrillic. Instead of grepping until my eyes bleed, I fed the lot code into Kindi, our in-house AI platform. Kindi normalized the fields, auto-translated the freight-forwarder’s Arabic invoice, and linked the Texas shell to a SEC Form D filing from 2022. That filing listed the same Richardson P.O. box and a single director: a former TI engineer whose LinkedIn profile cheerfully lists “radiation-hardened FPGA design” as a skill. Once you have a name and a skill set, the rest is just polite stalking.
Defense contractors chasing similar supply-chain ghosts should read Military OSINT Tools: Modernization Guide for Defense Contractors to see how teams are automating the grunt work.
From FPGA dev board to weaponized guidance computer
Development boards are harmless, right? Not when the same lot code appears on a USPTO patent titled “Adaptive Kalman-filter guidance on low-power FPGA fabric.” The patent assignee? A Delaware LLC with the same Richardson address. The inventor? Our ex-TI engineer again. The missile fragment showed identical copper-layer geometry to the patented layout. That is not coincidence; that is a supply-chain smoking gun.
| Data Source | Record Found | OSINT Value |
|---|---|---|
| CBP AMS | Airway bill AWB-1607-22-345 | Proves export |
| SEC Form D | 05/03/2022 | Officer identity |
| USPTO | Patent #17/987,443 | Weapons relevance |
| FCC ID | 2ADL5-TS22 | Schematics photos |
| eBay sold listings | Item #394422223445 | Board photos, date codes |
All of the above is open-source, costs zero dollars, and took one junior analyst an afternoon to compile.
Why defense supply chain tracing keeps generals awake
The F-35 has something like 300,000 individual chips. If just one of them is double-sold through a cut-out that also ships to a sanctioned region, the kill-chain risk flips from blue force to red force. The Pentagon’s response so far has been “trust but verify with a 400-page PDF.” That is not verification; that is bureaucracy. Meanwhile, the Houthis—and every other non-state actor—are shopping on Alibaba, paying with crypto, and routing through forwarders in Turkey, Oman, and Jordan. Customs logs, FCC photos, and even Instagram stories from inside the Richardson fab (yes, employees post wafer selfies) close the gap faster than any classified database.
For a deeper dive on how militaries operationalize this kind of intelligence, see How Military Teams Use OSINT to Boost Threat Intelligence and Battlefield Awareness.
Red-team takeaways and IOC cheat sheet
I spent years breaking into networks; now I break supply chains. The playbook is the same: find the weakest third-party, escalate privileges (in this case export privileges), and pivot. If you are a red-teamer tasked with “find rogue chips,” here is your starter pack:
- Lot-code pivot: grep CBP AMS for any shipment with lot codes matching your target spec.
- FCC photo mining: every radio module has internal photos—great for comparing layer stacks.
- Patent geolocation: inventor addresses often reveal the real fab, not the marketing HQ.
- Freight-forwarder graph: build a network in Maltego/Kindi; shell companies reuse the same forwarders.
- eBay watch lists: set alerts for dev boards with your target FPGA part number; sellers love posting date codes.
External reference: BIS Pending Charges keeps a public list of export violations—prime seed data for forwarders and consignees.
Bottom line
A missile guidance chip is not born in a secret underground lab; it is born in a suburban Dallas clean-room, sold through a Delaware shell, and shipped via DHL to a Yemeni freight-forwarder whose paperwork smells like last week’s fish. The only thing classified about that journey is how often we ignore the breadcrumbs that are sitting in plain sight. Defense supply chain tracing with OSINT is not futuristic spy tech—it is today’s homework for every military & defense contractor that wants to stay on the right side of the next after-action report.
FAQ
Q1: Are customs logs really public?
A: Yes. CBP’s AMS and ACE systems are FOIA-friendly; commercial aggregators like ImportGenius or Panjiva simply repackage the same data.
Q2: How accurate are lot-code searches?
A: 90 % if you normalize dashes and zero/O variations. Kindi automates that; otherwise expect eye strain.
Q3: Can the Texas company be prosecuted?
A: Export violations have a five-year statute. If the chips shipped in 2023, the clock is ticking and DOJ has open investigations.
Q4: What if the missile part is cloned?
A: Patent layer geometry plus inner-layer copper ratios are harder to fake. Combine with X-ray diffraction to confirm fab origin.
Q5: Is this technique useful outside defense?
A: Absolutely. Pharma counterfeit, fake Apple chargers, and even knock-off car airbags all follow the same shell-game model.
Want to strengthen your OSINT skills? Check out our free course
Check out our OSINT courses for hands-on training.
And explore Kindi — our AI-driven OSINT platform built for speed and precision.