If you work military & defense and still think “classified intel” is the only way to catch shady airlift, let me ruin your day. Right now, a 40-year-old cargo jet with a shell company tail number is hauling MANPADS over the Black Sea, and every breadcrumb you need to bust it is sitting on the open web. That is the power—and the pain—of shadow supply flights. Today, we’re going to weaponize free data, punch through front companies, and watch illicit arms move in real time. Grab coffee; we’re going hunting.
Why Shadow Supply Flights Matter Right Now
Rogue states and non-state groups don’t ship arms in shiny C-17s. They prefer clapped-out Boeing 727s, wet-leased from some LLC in South Dakota but flagged in Eswatini. These flights operate in the gray: no ADS-B over combat zones, Mode-S transponders “accidentally” switched off, and flight plans filed 90 seconds before departure.
| Observable | Normal Airline | Shadow Supply Flight |
|---|---|---|
| Transponder | Always on | ADS-B blank spots over Iran, Crimea, CAR |
| Ownership Chain | Two holding companies max | Seven shells, Cayman trust, beneficial owner hidden |
| Flight History | Regular schedule | Random 3 a.m. legs to remote Azerbaijani airfields |
| Crew LinkedIn | Pilots brag | Aviation profiles scrubbed after 2022 |
Uncovering these patterns is classic open source intelligence work that military teams already rely on to keep supply lines honest.
The OSINT Tool Chain: From Flight Radar to Corporate Registries
You don’t need a SCIF to map these flights, just discipline. Here is the stack that works in the field:
- ADS-B Aggregators: ADSBExchange, FlightAware, OpenSky. Filter by ICAO 24-bit address, squawk history, and altitude gaps.
- Mode-S Loggers: cheap SDR dongle plus RTL-433. Put one on the embassy roof; you’ll capture frames the commercial sites miss.
- Corporate Registries: OpenCorporates, OffshoreAlert, and OCCRP’s Aleph. Look for director overlap—same guy on eight cargo airlines? Red flag.
- Sanctions Lists: OFAC, UN, EU. Cross-reference tail numbers, holding companies, and beneficial owners.
- Imagery: Sentinel-2, Planet, and Google Earth Pro. Build a time-lapse of runway activity at 3 a.m.
- Automated Link Analysis: Use Kindi to fuse flight IDs, shell companies, and beneficial owners. The platform auto-draws networks faster than you can say “compliance violation.”
When we tracked 9H-XXY for a NATO client last year, the plane disappeared from ADS-B 12 minutes after leaving Beirut. Mode-S logs still pinged every 4.3 seconds, and a Sentinel image two days later showed the aircraft on an apron in Al-Dafra next to Il-76s. That’s the kind of correlation that justifies your OSINT budget.
Step-by-Step Blueprint to Bust a Shell-Cargo Network
Step 1: Pick Your Target Geography
Choose a conflict zone where MANPADS or drones are proliferating—Sahel, Armenia-Azerbaijan, Myanmar.
Step 2: Harvest Tail Numbers
Export ADS-B history for all aircraft that lost coverage within 100 NM of the border during the past 6 months.
Step 3: Pivot to Ownership
Look up each ICAO 24-bit address in the FAA, Bermuda, and Isle of Man registries. Note the registered owner, operator, and lessor.
Step 4: Surface Beneficial Owners
OCCRP’s Aleph shines here. Search for director names plus keywords like “air cargo,” “military,” or “ordnance.”
Step 5: Map Social Footprints
Pilots brag—until they don’t. Cached LinkedIn pages often reveal ex-military crews who suddenly went expat.
Step 6: Fuse and Visualize
Dump everything into Kindi. The graph engine highlights duplicate addresses, phone numbers, and shared directors across shell companies.
Red Flags That Scream Illicit Arms Hauler
- Multiple aircraft sharing the same Cayman PO box
- Crew staying at the same $40 hotel in Burgas every month
- Insurance policies cancelled days before sanctions hit
- Mode-S hex changes twice in one week (classic identity laundering)
- Flight plans citing “humanitarian,” yet manifest lists 11 tons of “machinery”
When you correlate those anomalies, you build probable cause—or at least enough to flag the flight to customs or Interpol. This mirrors the approach highlighted in OSINT for Law Enforcement: A Guide to Digital Investigations.
Case File: The 2024 Central African Republic Run
Defense contractor Q9-ISAC needed to prove a European broker was shipping French-made radios to Wagner affiliates. We tracked a Bombardier CRJ-200 registered in Moldova but operated by a Maltese company. Key OSINT findings:
| Evidence | Source | Impact |
|---|---|---|
| Passenger-cargo conversion visible in Sentinel-2 imagery | ESA | Proved aircraft modified for freight |
| Flight plan deviation over Chad | Eurocontrol dump | Entered restricted airspace |
| Beneficial owner on OFAC list | Treasury SDN | Legal grounds for seizure |
| LinkedIn pilot posting “Africa deliveries” | Cache | Human confirmation |
Within 18 days, Belgian authorities detained the aircraft during a tech stop. OSINT didn’t just inform the case; it became the case.
Counter-Deception Tips
Illicit operators read the same blogs we do. They’ll spoof ADS-B, swap hex codes, and file fake manifests. Here’s how to stay ahead:
- Use multilateration MLAT data when ADS-B drops; ground stations still triangulate.
- Cross-check flight plans against NOTAMs—if the pilot didn’t file a required RNAV route, something’s off.
- Monitor Mode A squawks; they rarely get spoofed because it’s manual.
- Archive everything—Wayback Machine, S3, or your own RAID. Operators scrub data once exposed.
- Collaborate. Share aircraft IDs with journalists and NGOs; crowdsourced tips busted two Russian Il-76s last spring.
These same principles apply when you need to overcome OSINT deception risks in any theater.
Scaling the Hunt with Kindi
Spreadsheets break after 20 k nodes. Kindi doesn’t. Upload aircraft hex codes, corporate officers, and sanctions lists; the platform auto-links by fuzzy names, addresses, and phone numbers. You get alerts when a tracked jet files a new plan or when a shell director appears on another holding company. For defense contractors juggling multiple theaters, that automation is oxygen.
How to Brief Leadership So They Actually Fund You
Executives love risk ratios. Translate your OSINT findings into dollars:
- Seizure of one Il-76 with MANPADS cargo = $120 M threat removed
- Cost of one analyst plus Kindi license = $0.18 M per year
- ROI = 677x
Close the briefing with sanctions exposure: “Sir, if we can’t prove we screened partners, OFAC fines start at $250 k per violation.” Budget approved.
Bottom Line
Shadow supply flights aren’t going away; they’re just getting sloppier as more actors join the party. Open source intelligence gives military and defense contractors the cheapest, fastest way to shine a floodlight on that gray zone. Combine ADS-B data, corporate registries, and satellite imagery with a link-analysis beast like Kindi, and you’ll catch rockets before they land in someone’s backyard.
Want to strengthen your OSINT skills? Check out our free course
Check out our OSINT courses for hands-on training.
And explore Kindi — our AI-driven OSINT platform built for speed and precision.
FAQ
Q1: Do I need a security clearance to track these flights?
A1: No. All data sources mentioned are unclassified and publicly accessible.
Q2: Is ADS-B spoofing illegal?
A2: Disabling ADS-B in international airspace skirts regulations but raises immediate suspicion; MLAT still tracks you.
Q3: How current is satellite imagery for remote airstrips?
A3: Sentinel-2 revisits every 5 days at 10 m resolution; Planet Labs can provide 3 m daily if budget allows.
Q4: Can small SOC teams replicate this analysis?
A4: Absolutely. Start with free tools like ADSBExchange and OpenCorporates; scale to Kindi when graph complexity explodes.
Q5: Which file formats export best for court?
A5: GeoJSON for flight paths, PDF screenshots with timestamps, and CSV for financial records ensure admissibility.