Plunge into the world of OSINT at sea (and in port) with the leader in maritime intelligence and NeedleStack guest Rae Baker.
As the world moves online, drugs are sold over social media, and anything the criminal heart desires can be bought on the dark web, it’s easy to forget how these goods move around the globe.
According to the Organisation for Economic Co-operation and Development (OECD), ocean shipping accounts for 90% of global trade. In the U.S. alone, maritime vessels are transporting goods valued more than $1.5 trillion annually. The average container ship can carry a whopping 24,000 containers. That leaves a lot of room for illegal or unsanctioned goods to stow away.
Maritime intelligence is an important field for governments, law enforcement and private enterprises. It can help shed light on military exercises and activity; expose sanction violations and illegal fishing; uncover drug smuggling and human trafficking operations; even combat illegal shipbreaking (the scrapping and abandonment of ships — and the environmental impacts that come with it).
That’s why we’re rounding up the best tips for OSINT in maritime intelligence from a leader in the field and author of the new book, Deep Dive: Exploring the Real-world Value of Open Source Intelligence, Rae Baker.
Don’t miss Baker’s interview on NeedleStack >
OSINT tips for investigating maritime vessels
In her book and blogs, Baker stresses that the researchers’ mindset is more important than the tools they have at their disposal. With curiosity and creativity, investigators can get the information they need — they just need to ask the right questions and keep a keen eye on unusual activity and uncommon patterns.
“While tracking ship activity it is a best practice to ask a few questions: What is the normal pattern of life is for the vessel? Does anything appear out of character for the voyages? Does the true identity of the ship match what they are advertising? Have they had any meetups and is the cargo lighter or heavier afterward? The answers to these questions paired with additional intelligence such as corporate reconnaissance can help you create a great profile on your target vessels.”— Rae Baker, raebaker.net/blog
To help determine which vessels deserve a deeper look, Baker recommends a few key activities that can help investigators narrow down their search. It’s important to remember that while any of these actions might be completely legal and harmless on their own, researchers need to look for patterns and combinations of activities to uncover potential criminal intent.
Changing the vessel’s flag from one country to another is a common practice. Owners often reflag their ships for convenience reasons, such as better tax climates or cheaper labor costs; but reflagging could also be used to exploit legal loopholes and circumvent sanctions. Laws in countries such as Panama and Malta offer ample opportunities to hide the ship’s true ownership, which may alert an investigator and warrant a closer look at the vessels’ or owners’ actions.
Ships typically stick to the route that makes the most economic sense — to maximize their profits while delivering cargo, fishing or transporting passengers. If the vessel deviates from their route for reasons other than weather or another reasonable event and/or makes an unscheduled stop in a port that is not typically on their historic track, this may indicate suspicious activity. Sites such as Maritime Traffic (requires paid access to view historical data), can be a great source of information for uncovering and investigating divergence.
Strange AIS activity
AIS, or automated identification systems, help track speed and location of each vessel, and are required for most of the larger ships. If these safety systems are turned off or manipulated, it could be a sign that a vessel is engaged in unlawful activity, such as illegal fishing or smuggling.
At-sea meetups are common and are often used to transfer cargo and crew or for refueling. As a standalone event, a meeting of two ships does not constitute suspicious activity, but if a researcher notices that one or both vessels have turned off their AIS and/or have deviated from their historic course to meet in international waters, this might be a cause for a closer look. Using sites like Maritime Traffic and Vessel Finder (historical data accessible through paid subscription) or even Twitter to track these meetings can help an investigator to uncover potential illegal activity.
If the ship’s weight (indicated by draft) drastically changes after meeting with another vessel, a researcher might want to investigate why it’s happening. A sudden change in draft could indicate that cargo has been removed from the ship. Sites like Fleetmon can offer detailed information on a vessel’s draft range, and even comparing photos of ships entering and exiting ports (from sites like Shipspotting and Maritime Traffic) can provide clues to unexplained weight changes.
Name or MMSI changes
The Maritime Mobile Security Identity (MMSI) is a nine-digit number that’s assigned to the vessel’s AIS unit. Because MMSI is a self-reporting system, it is often spoofed or misused, making vehicles hard to track. Combined with additional intelligence, this could indicate suspicious behaviors or intend to mislead the authorities to the nature of the ship and its mission.
Read the full blog, 6 Tips for Investigating Maritime Vessels >
OSINT tips for investigating ports
An increase in illegal global trade and a growing problem with smuggling of goods and people are creating the need for detailed port analysis. Baker recommends that investigators who look into port activity take advantage of the OSINT tools, which are often just as effective as the sophisticated technologies used by Customs and other agencies.
As usual, Baker advises starting with the basic questions: What’s the scope of the investigation? What cargo are the vessels carrying? Does anything stand out from historic images and are there any anomalies in patterns of traffic? Baker offers some tips to help make port investigations more efficient.
Review satellite images
A good starting point is Google Earth – especially when researching ports that investigators haven’t visited in person. The quality of the photos is often high enough to allow analysts to zoom in and see words on buildings, streets and ships. Researchers can also view historic images to compare what has changed over the years, which structures have been built or demolished, and how a port may have expanded.
Understand new pivot points
While most historical data is hidden behind the paywall, analysts can still find plenty of information on tracking ships’ paths using open-source resources. Sites like MarineTraffic use AIS to track positions and information about specific vessels. From here, researchers can find out the ship’s origin, the time of their departure and arrival, which flag they sail under, etc., and spot activities that differ from the usual patterns.
Dig into the vessel’s ownership records
Once the analyst knows the name of the ship and some details about their origin and destination, it’s not difficult to locate information about the ship’s builder and owner. Contract sites such as GovTribe or GovWin can shed light on the contracts that the ship holds, which can in turn produce even more intel on where the money is being spent.
A simple search of news articles and social media posts can help piece together more of a story about the vessel’s owners and their relationships with other individuals and corporations.
Search the Maritime Business Register
Analysts can search it by country or name to locate businesses involved in shipping, inspections and more.
Analyze port’s personnel and crew
Several high-profile cases have exposed the port’s workers as the key actors in smuggling operations. Port employees can also fall victim to blackmail or extortion, or inadvertently cause breaches in the port’s security perimeter. An analyst can take a closer look at individuals who have a high level of access to the port’s IT systems to make sure they have not been compromised.
Read the full blog, Maritime OSINT: Port Analysis >
An open mind and curiosity get results
Securing vessels and ports that they operate in is critical for protecting supply chain integrity. OSINT researchers can help piece together relevant information on both vessels and the ports they operate in to analyze patterns, uncover connections and expose potential illegal activity. While there are many tools and databases that can aid researchers in their quest, Baker believes that asking the right questions and having an open mind are more important than tools when investigating ships, their crew and their missions.
To learn more about maritime OSINT and other OSINT tips, check out Baker’s book here.