Tuesday, September 1, 2020

‘Going Dark’ is so 2019


From Windward by Omer Primor

Movies have taught us that, when looking to achieve an investigative breakthrough and capture a bad-guy, it is necessary to track their phones.
Movies have also taught us that the bad guys know that, and they often adapt their ways, trying to throw the good-guys off their tail.

The ocean is no different than a great spy movie.

For over two decades, the shipping industry relied on AIS to prevent collisions at sea by requiring ships larger than 300 tons to transmit their digital information, ensuring ships maintain a safe distance from one another at sea.
Today, AIS data can do more.

AIS transmissions implement a new level of transparency regarding ship movements in the ocean and can be used to optimize, enhance, and improve maritime trade, transportation, security, safety, and supply chain management.

For the good guys, this is great news, but for the bad guys, this is another problem they must overcome; AIS transmissions and the increased transparency they create is precisely what bad actors at sea want to avoid.
To try and exploit the sea and conduct illicit activities, criminals have developed sophisticated ways to exploit AIS vulnerabilities and mask their location.

In 2020 however, that may be a moot effort.

AIS off, pressure on

Criminals trying to trade illegal goods or violate sanctions need to do so without getting caught.
As sea, that means avoiding detection, hiding origin and destination locations, not docking at ports, and doing anything possible to avoid transmitting AIS data.

When docking, transhipping, or getting too close to a ship becomes unavoidable for the criminals, their only option is to go dark.
By turning off transmissions, there are no records of locations, port entries, or transshipment conduct occurring.
Sounds great? Think again.

The bar for sanctions screening has been raised as a result of the new advisories, and with it, the Know Your Vessel (KYV) checks companies must perform.
For criminals looking to violate sanctions or conduct illegal activities under the guise of “going dark,” this means bad news.

Any AIS transmission gap becomes a blaring red flag necessitating further examination, thereby increasing the chance of exposure.

It no longer matters if there is no proof of loading or discharging sanctioned cargo; the suspicious behavior itself is enough for companies to withhold services or terminate contracts under the new advisory.

Having an AIS transmission gap and not knowing a ship’s exact whereabouts becomes reason enough to flag it, making turning AIS off completely counterproductive.

You see what I want you to see

Criminals recognize that turning off their AIS signal is an immediate red flag, and that is what they want to avoid.
Instead of turning off AIS data transmission, they instead try to manipulate the data.
Instead of controlling WHEN they do and do not transmit data, they try to control WHAT data they transmit, and WHO is transmitting it.

Consider the following case:
In mid-June 2020, a laden VLCC tanker docked in Qingdao, China.
Based on its size and reported draft change, it delivered approximately 2 million barrels of crude oil from the Persian Gulf.
Diving deep into the voyage data reveals that the tanker first arrived at the Gulf late-April, and after a quick detour into Hormuz, it anchored halfway between Fujairah and Iran for 10 days.
After anchoring, the ship reported its draft as “laden,” and set sail for China.


The voyage itself seems similar to many others; however, there is one significant unanswered question: Where did the oil come from?

An examination of the ships’ AIS data did not reveal any port calls, transshipments, or “dark” periods during the entire 10 days it was anchored.
However, during this time, oil was loaded to the ship.
This makes the origin of the cargo a mystery.

When examining this trade contextually, things do not add up.
Behavior analysis shows the tanker loaded a high-risk commodity in a high-risk area while taking significant efforts to disguise the origin of the goods.
This fact alone does not prove that the ship engaged in a sanctionable and illegal trade, but it should be cause for concern and trigger a due diligence process to investigate the situation further.


Here is the full story of what happened with this tanker: shortly after anchoring offshore Iran, tanker A stopped transmitting AIS.
At the exact same time, another tanker anchoring nearby (tanker B) began transmitting under the guise of tanker A.
In doing so, AIS transmission was manipulated to carry the same identity as tanker A, making it appear as though tanker A was transmitting continuously, albeit with a slightly changed location.
In reality, tanker A was not transmitting AIS data at all.
During this time, tanker A went dark, sailed to Iran, and loaded the sanctionable cargo of crude via ship-to-ship from an Iranian tanker.

Several days later, after tanker A was laden with sanctioned oil, it returned to the same area where tanker B was.
In a magnificently orchestrated digital dance, tanker B switched off, tanker A switched on, and the operation was complete; a VLCC, laden with Iranian crude, retained squeaky clean from entity and AIS screenings.
The only way this could have, and was, detected, is by examining voyage irregularities.

Behavior analysis to the rescue

Since the start of 2020, the number of VLCCs “going dark” to disguise sanctionable trading has dropped by over 80%, going down from 26 tankers in January to just 4 in July.

The decline in VLCC’s “going dark” can either mean a drop in the trade of sanctioned crude or an increase in the sophistication of deceptive shipping practices criminals undertake.


“Going dark” is still a key deceptive shipping practice used by bad actors looking to conceal illicit operations, but now it is harder to identify it.
As seen above, criminals are getting better at manipulating AIS data, and each time technology catches up with them, they will have a new method of AIS manipulation.

Unfortunately for criminals, while they can try to manipulate AIS data and show false movements and identities, they cannot manipulate behavior.
Analyzing trade patterns of all ships makes it possible to whitelist certain vessels and immediately reveal voyage irregularities for those that do not operate the way they should.

Behavioral analysis that leads to actionable results can only be achieved by combining automated analysis with human expertise.
Together, man and machine can investigate new signals and voyage irregularities, improving accuracy and illicit behavior at sea.
Incorporating emerging methods that go beyond common deceptive practices is crucial for businesses and organizations that want to make forward-looking decisions and gain control of potential risks before they impact their operations.

Much like in the movies, criminals do not simply stop exploiting opportunities; they just get better at hiding.
It’s up to the good guys to stay one step ahead of crime at all times.

Links :

No comments:

Post a Comment