Maritime OSINT in Detail

by

POPULARITY – 5,308 views

I don’t quite actually know why I love maritime osint, but maybe it is the vulnerability of their systems which grabs my attention so much.

You might have already heard of some tools related to maritime if you are into osint for quite some time. So let’s start with the basics!

Vessels and their tracking

A ship can be identified through its IMO and MMSI numbers. The IMO Ship Identification Number is a unique seven-digit number which remains unchanged through a vessel’s lifetime and is linked to its hull, regardless of any changes of names, flags, or owners. Unlike IMO, the Maritime Mobile Service Identity (MMSI) is a unique 9 digit number, a temporarily assigned UID, that is assigned to an individual vessel for contacting issued by that object’s current flag state. It is entered into DSC radios and AIS units used on that vessel. Some ships for conducting suspicious activities oftentimes spoof their MMSI mid voyage.

Vessels, hmm.. could be cargo, tankers, cruise, yachts, ferry, fishing boats and military ships. The sources to gather data majorly depend on the type of vessel that you are investigating, based on which you will get a whole load of intelligence if collected efficiently and in a systematic manner. Below are some websites, all categorized on the basis of vessel types (note that some sites are meant for the surveillance of all vessel types):

  1. MarineTraffic (all vessel types)
  2. VesselFinder (all vessel types)
  3. MyShipTracking (all vessel types)
  4. TankerTrackers (tracks and reports crude oil in the sea)
  5. MarineVesselTraffic, (Ships, Planes, Ports & Cargo tracking)
  6. FollowingSea (Yacht tracking)
  7. Cruisin Earth (Cruise Ship tracking)
  8. CruiseMapper (Cruise Ship tracking)
  9. CruiseHive (Cruise Ship tracking)
  10. GlobalFishingWatch (Fishing Vessel tracking)

Beside these all, there are many other websites designed for different purposes like SubtelForum.com (for tracking cable ships and submarines), eships.net (for vessel database), IMB Piracy and Armed Robbery MapGlobalFishingWatch (for tracking illegal fishing) and MarineVesselTraffic (for tracking global military incidents).

Solely tracking vessels via these platforms is not enough. Every piece of data leads to somewhere. As an example, we can skim through social media where possibly more clues related to the vessel, its company or crew members might be available. Apart from this, we have shipspotting.com where maritime enthusiasts post pictures of every vessel they spot, or platforms like MaritimeConnecter, MyShip and LinkedIn where you would get a detailed bio of the crew members linked to a certain vessel. Moreover, if a ship has been sanctioned for committing illegal deeds, you may look for it in the OFAC Sanctions List. Remember, Port Cams are also of great help!

Something else linked to a ship that we can track? Yes, containers… if it’s a cargo ship!

Cargos and their tracking

A shipping container with several markings (containertech.com)

Each marking on the doors of the cargo deals with something important.

  1. Container Number: A unique number made up of 4 letters and 7 numbers displayed on the top right part of the container. First 3 capital letters -Owner Code, another letter – Equipment Category Identifier, sequence of six digits- Registration Number (or Serial Number).
  2. Check Digit: The following solo number, the last digit of the container number to verify the veracity of the entire sequence.
  3. ISO Code: A sequence of 4 letters or digits providing information about the container dimensions and type.
  4. Operational Markings: Displays the operational characteristics of the container like maximum gross weight, payload etc.
  5. CSC Plate: For verifying good condition and acceptable safety.

Now that we have known the basic markings on a shipping container, we can easily track any cargo using Fleetmon.comTrack-tracePanjiva or ImportGenius.

Maritime Communication

Marine VHF Radio

If you have taken a deep dive into maritime intelligence, you might be aware of International Code of Signals (ICS) — an international system of signals and codes for use by vessels to communicate important messages regarding navigation safety and related matters. Vessels in the sea use various methods to send signals, it could be through a flaghoist, signal lamp or blinker (in which morse code is used to send a message), flag semaphore, radiotelegraphy or radiotelephony.

Nowadays Marine VHF Radio is used extensively which is a worldwide system of two way radio transceivers, which could happen from ship-to-ship, ship-to-shore or even from ship-to-aircraft when needed. It uses FM channels in the Very High Frequency (VHF) radio band in the frequency range between 156 to 174 MHz which is designated by the ITU as the VHF maritime mobile band.

Common Technologies used in maritime

AIS (Automatic Identification System)

It is mandatory for all ships of 300 gross tonnage and upwards engaged on international voyages and all passenger ships irrespective of size to use AIS transponders. AIS (Automatic Identification System) uses transceivers on ships and is one of the components used by VTS (others include radar, closed-circuit television and VHF radiotelephony) supplementing marine radar to avoid collisions between vessels. If AIS signatures are received through a satellite, the term Satellite-AIS (S-AIS) is used. AIS is quite analogous to ADS-B in aviation. It uses globally allocated marine band channels 87 & 88.

Although it’s a compulsion to keep AIS turned on during voyages since it also protects the vessels from unexpected accidents, there are a few instances when a master is permitted to deactivate a ship’s AIS provided that it keeps making entries into the logbook as well as reactivates it at the earliest opportunity. In case the ship is within a mandatory VTS reporting area, they should also report the action to the authorities, unless there is a safety or security reason for not doing so. Some legitimate reasons to switch off the AIS include security concerns or law enforcement purposes. Illegal reasons to switch off AIS could be for conducting IUU fishing activity in prohibited areas of the sea, for smuggling or even for trading with sanctioned countries. Though in the case of fishing vessels, sometimes they turn off their AIS just after leaving the port and reactivate it only after they have reached back solely because they wish to keep their fishing areas unknown to other competitive fishing companies.

VTS (Vessel Traffic Service)

A Vessel Traffic Service (VTS) is a sophisticated marine traffic monitoring system that is implemented and managed by harbor or port authorities, designed to ensure the safe and efficient movement of ships within a designated area. Drawing parallels to the Air Traffic Control (ATC) system for aircraft, the VTS provides continuous surveillance, communication, and guidance to vessels navigating through busy waterways, congested harbors, and sensitive environments.

The primary objective of a VTS is to minimize the risk of maritime accidents, such as collisions and groundings, by providing real-time information on vessel positions, movements, and intentions. To achieve this, the system relies on a combination of advanced technologies, including radar, Automatic Identification System (AIS), and closed-circuit television (CCTV) cameras, as well as skilled VTS operators who monitor and analyze the data collected from these sources.

In addition to monitoring vessel traffic, the VTS plays a crucial role in coordinating emergency response efforts in the event of a maritime incident. This includes liaising with relevant authorities, such as the coast guard, towage and salvage services, and pollution control agencies, to ensure a swift and effective response to any developing situation.

Furthermore, the VTS also plays a vital role in managing and optimizing the overall efficiency of port operations. By providing real-time information on vessel arrivals, departures, and berthing schedules, the VTS enables harbor authorities to allocate resources more effectively, reducing wait times and minimizing the potential for congestion.

DSC (Digital Selective Calling)

Digital Selective Calling (DSC) is an advanced service integrated within marine communication systems that enables direct and efficient communication between a vessel and a shore station or another vessel by initiating a targeted “individual” call. DSC revolutionizes the traditional maritime communication process by eliminating the need to constantly monitor all radio messages to identify if there is a call or message intended specifically for you.

DSC operates on the Very High Frequency (VHF) and High Frequency (HF) bands and is a crucial component of the Global Maritime Distress and Safety System (GMDSS), which is an internationally recognized safety protocol for maritime communication. The implementation of DSC has significantly improved the speed, accuracy, and reliability of distress calls and other maritime communications.

One of the primary advantages of DSC is its ability to automatically send distress messages, which can include essential information such as the vessel’s identification, position, and the nature of the emergency. This automated process ensures that distress messages are transmitted quickly and accurately, significantly improving the chances of a timely and effective response from rescue authorities.

In addition to distress calls, DSC facilitates various other types of communication, including routine calls, safety calls, and group calls. Routine calls enable direct communication between two parties, while safety calls are used for sharing navigational safety information, such as weather updates and navigational warnings. Group calls, on the other hand, allow simultaneous communication with multiple vessels or shore stations, which can be particularly useful in coordinating search and rescue operations or conveying urgent information to a specific group of vessels.

Moreover, DSC-equipped radios often include features that enhance the overall safety and efficiency of maritime communication, such as a built-in Global Positioning System (GPS) receiver that automatically updates the vessel’s position and a directory that stores a list of frequently contacted stations or vessels.

ECDIS (Electronic Chart Display and Information System)

An Electronic Chart Display and Information System (ECDIS) is a cutting-edge geographic information system specifically designed for nautical navigation, which adheres to the International Maritime Organisation (IMO) regulations. Serving as a viable alternative to traditional paper nautical charts, ECDIS offers a range of advanced features that streamline and enhance the navigation process for mariners.

ECDIS primarily displays information from Electronic Navigational Charts (ENC), which are digital equivalents of paper charts. These ENCs contain detailed and up-to-date hydrographic data, including information on water depths, coastline features, navigation aids, and potential hazards. By constantly updating the chart data, ECDIS ensures that mariners have access to the most accurate and current information for safe navigation.

One of the main advantages of ECDIS is its ability to integrate position information from various sources, such as position, heading, and speed through water reference systems. This integration allows for real-time tracking of the vessel’s location, heading, and speed, providing a comprehensive understanding of the vessel’s progress and enabling the crew to make informed navigational decisions.

Additionally, ECDIS can interface with a wide range of other navigational sensors to further enhance its functionality. Some of these sensors include radar, which provides real-time information on the location and movement of nearby vessels and obstacles; Navtex, which is a global maritime communication system that broadcasts navigational warnings and weather forecasts; Automatic Identification System (AIS), which enables the exchange of navigational data between vessels and shore-based stations; and depth sounders, which measure the water depth beneath the vessel to aid in safe navigation.

The integration of these various sensors into the ECDIS not only offers a comprehensive situational awareness for the mariner but also helps to reduce the potential for human error by automating numerous tasks that would typically require manual input or interpretation. As a result, ECDIS plays a vital role in improving the overall safety and efficiency of maritime navigation.

NAVTEX (Navigational Telex)

NavTex, an acronym for Navigational Telex, is a vital international automated medium frequency direct-printing service that serves as an essential communication channel for mariners. It is specifically designed to deliver a wide range of crucial navigational and meteorological warnings, forecasts, and urgent Maritime Safety Information (MSI) to ships operating in coastal and offshore waters.

Operating on a designated frequency of 518 kHz, NavTex provides a continuous stream of text-based information, which is transmitted by a network of coastal stations across the globe. This information is automatically received and printed by NavTex receivers installed on board ships, ensuring that mariners have continuous access to updated safety and navigational data.

The primary objective of NavTex is to promote safety at sea by providing mariners with timely and accurate information, which can be critical in avoiding potential hazards and making informed navigational decisions. The range of information disseminated through NavTex includes navigational warnings, such as information on obstructions, navigation aids, or changes in shipping routes; meteorological warnings and forecasts, which cover weather conditions, storm alerts, and sea state predictions; and urgent MSI, encompassing safety-related messages, such as distress signals, search and rescue operations, and pollution incidents.

Furthermore, NavTex is an integral component of the Global Maritime Distress and Safety System (GMDSS), an internationally recognized safety framework aimed at enhancing the safety of life at sea. The GMDSS ensures that ships are equipped with a standardized set of communication and navigation tools, including NavTex, which enables them to receive vital safety information and communicate with other ships and shore-based authorities in the event of an emergency.

In addition to the standard 518 kHz frequency, NavTex services are also available on a secondary frequency of 490 kHz, which is primarily used for the transmission of localized information in the national language of the country providing the service. This dual-frequency approach enables mariners to access both international and local safety information, catering to a diverse range of language and information requirements.

VMS (Vessel Monitoring System)

Vessel Monitoring Systems (VMS) are advanced technologies used in the commercial fishing industry to track and manage fishing vessel activities. They play a crucial role in enforcing monitoring, control, and surveillance (MCS) programs on national and international levels, promoting sustainable fishing and marine resource conservation.

VMS consists of hardware and software components, such as GPS devices, satellite communication systems, and data processing tools. These components gather real-time data on vessel location, speed, and direction, which is then sent to regulatory authorities to monitor activities, detect illegal fishing, and ensure compliance with fishing regulations.

These systems can be used to monitor fishing activities in various maritime jurisdictions, including territorial waters and Exclusive Economic Zones (EEZ). VMS facilitates international cooperation in fisheries management by providing a standardized platform for data collection and sharing, enabling collaboration on joint MCS programs and addressing illegal, unreported, and unregulated (IUU) fishing.

GMDSS (Global Maritime Distress and Safety System)

The Global Maritime Distress and Safety System (GMDSS) is a comprehensive, internationally recognized communication framework designed to enhance maritime safety by using a combination of terrestrial, satellite technology, and advanced ship-board radio systems. The primary objective of GMDSS is to ensure rapid, automated, and reliable alerting of shore-based communication networks, rescue coordination centers, and nearby vessels in the event of a marine distress or emergency situation.

GMDSS operates by integrating a range of communication systems and equipment, including satellite-based services such as Inmarsat and COSPAS-SARSAT, as well as terrestrial systems like VHF, MF, and HF radio frequencies. By incorporating these various technologies, GMDSS enables seamless communication and coordination between ships and onshore facilities, regardless of the vessels’ location.

One of the key features of GMDSS is its ability to automate distress alerts, which significantly reduces the time it takes for rescue authorities to respond to emergencies. When activated, the system sends out a distress signal, including the vessel’s identification, position, and the nature of the emergency. This information is then received by nearby ships and rescue coordination centers, allowing for a swift and coordinated response to the situation.

In addition to distress alerting, GMDSS also supports other safety-related communication functions, such as maritime safety information broadcasts, navigational safety, and onboard communication. These features provide mariners with essential information on weather conditions, navigational hazards, and other safety-related matters, further enhancing their situational awareness and overall safety at sea.

Adherence to GMDSS standards is mandatory for all passenger ships and cargo vessels over 300 gross tonnage engaged in international voyages. The system is governed by the International Maritime Organization (IMO) and is continuously updated and improved to incorporate new technologies and enhance its overall effectiveness in promoting maritime safety.

NMEA (National Marine Electronics Association)

https://www.nmea.org/

The National Marine Electronics Association (NMEA) is responsible for developing and maintaining standardized communication protocols used in the marine sector, including boats, ships, and other maritime vessels. These protocols enable the seamless integration and communication between various electronic devices and systems onboard, such as navigation equipment, autopilots, depth sounders, and weather systems, ensuring efficient operation and enhanced safety at sea.

Over the years, the NMEA has introduced several updates to its communication standards, with the most prominent ones being NMEA 0183 and the more recent NMEA 2000. Each of these versions has brought improvements in data transmission, connectivity, and compatibility between different marine electronics devices.

NMEA 0183, introduced in the early 1980s, is an ASCII-based serial data communication standard that allows the exchange of information between marine devices at a relatively low data rate. Despite being an older version, NMEA 0183 is still widely used in the marine industry due to its simplicity and compatibility with a large number of legacy devices. However, it does have some limitations, such as a lack of support for multiple talkers and the inability to transmit large volumes of data.

To address these limitations and keep up with the increasing demands of modern marine electronics, the NMEA introduced the NMEA 2000 standard in the early 2000s. NMEA 2000 is a more advanced, high-speed communication protocol based on the Controller Area Network (CAN) bus technology, which allows for the simultaneous transmission of data from multiple devices and supports higher data rates. This standard also offers improved error detection, greater network flexibility, and plug-and-play functionality, making it an ideal choice for modern marine vessels.

Maritime VSAT

Maritime VSAT (Very-small-aperture terminal) is a specialized satellite communication system designed for use on moving ships at sea. This technology enables reliable, high-speed data transmission and reception, providing vessels with essential communication capabilities such as internet connectivity, voice communication, and access to critical navigation and weather data.

One of the key challenges of implementing satellite communication systems on ships is the constant motion caused by the water, which can disrupt the connection between the antenna and the satellite. To maintain a stable link, the VSAT antenna must be continuously adjusted to stay pointed at the satellite, regardless of the vessel’s movement. This is achieved through a combination of advanced stabilization technologies and precise reference points.

The stabilization system uses gyroscopes, accelerometers, and GPS data to track the ship’s motion and maintain the antenna’s alignment with the satellite. These sensors monitor the vessel’s pitch, roll, and yaw, compensating for any changes in position to ensure uninterrupted communication. The system also relies on the ship’s True North heading, which provides an accurate reference for the antenna’s azimuth alignment with the target satellite.

In addition to stabilization, maritime VSAT systems also use specialized tracking algorithms to maintain constant communication with the satellite. These algorithms predict the satellite’s position in the sky, adjusting the antenna’s elevation and azimuth angles accordingly. This continuous tracking ensures the antenna remains locked onto the satellite, even when the ship encounters rough seas or changes course.

INMARSAT (International Maritime Satellite Organisation)

https://www.inmarsat.com/en/index.html

INMARSAT, a premier global satellite communications company, was founded in London in 1979 with a mission to serve the maritime industry by developing state-of-the-art satellite communication systems. These systems were designed to cater to ship management, distress, and safety applications across maritime, aeronautical, and multinational corporate sectors. Over the years, INMARSAT has introduced a range of satellite communication services, each designed for specific purposes and applications. These include Inmarsat-A, Inmarsat-B, Inmarsat-C, Inmarsat-M, Inmarsat-Mini M, and Inmarsat-Aero.

Inmarsat-A, the first generation of INMARSAT satellites, offered analog voice and telex services for maritime communication. This system enabled ships to communicate with shore stations and other vessels, enhancing safety and operational efficiency at sea.

Inmarsat-B, launched as an upgrade to Inmarsat-A, introduced digital technology, providing higher quality voice communication, telex, and data services. This improved system made communication more reliable and allowed for faster information exchange between ships and shore facilities.

Inmarsat-C, a low-cost, packet-switched data service, was designed primarily for maritime safety and distress communication. It supports the Global Maritime Distress and Safety System (GMDSS), enabling ships to send and receive critical safety messages. Additionally, Inmarsat-C provides email, telex, and data reporting services.

Inmarsat-M, a mobile satellite service, offers voice, fax, and data communication for maritime, aeronautical, and land-based users. This versatile system supports a wide range of applications, from ship-to-shore communication to remote monitoring and tracking.

Inmarsat-Mini M, a compact, portable version of Inmarsat-M, is designed for smaller vessels and mobile users. This system provides voice, fax, and data services in a more lightweight and affordable package, making it accessible to a broader range of users.

Inmarsat-Aero, specifically developed for the aeronautical sector, delivers high-quality voice, data, and safety services for commercial and military aircraft. This system plays a crucial role in enhancing aircraft communication, providing real-time weather updates, and ensuring safe and efficient air travel.

CommBox

KVH’s CommBox is an advanced network management solution that incorporates shipboard network management hardware and software to streamline and optimize on-board communications. This innovative tool offers a range of network hub options designed to enhance performance, network control, and overall efficiency while supporting various communication systems on maritime vessels.

The CommBox system is comprised of several software modules that cater to different aspects of on-board communication, such as email, file transfer, remote monitoring, and more. These modules work together to ensure seamless communication between the ship and shore facilities, as well as among the crew members on the vessel.

Several key companies and product names within the maritime communication industry are worth noting, including Sailor 900, Inmarsat Solutions, Telenor Satellite, CommBox, Cobham SeaTel Satcom, and Thrane. Each of these entities and products plays a crucial role in the development and implementation of cutting-edge communication technologies for the maritime sector.

Despite these advancements in communication technology, the maritime industry still faces significant security challenges from a technological perspective. As a result, this sector is particularly vulnerable to cyber attacks, including jamming and spoofing of vital systems such as the Automatic Identification System (AIS) and Global Positioning System (GPS). These attacks can disrupt navigation, communication, and safety systems, posing a considerable risk to the operation and security of maritime vessels.

Using Shodan to detect vulnerabilities

In Shodan.io, you can search for possible vulnerable devices by entering the above mentioned terms that I told you to remember into the searchbar. You can also search by org:“Intelsat Global Connex Solutions (GXS)” or org:“Telenor UK Ltd”. Moreover, Shodan also has a live shiptracker which tracks vessels via VSAT connected antennas and exposes web services. You can also search on that map as “server:MicroDigitalWebserver”.

When you find a Cobham SeaTel Satcom web interface, you can analyze it through Fiddler/Burpsuite and you will find some juicy javascripts there through which you can easily access the admin page, “/js/userlogin.js” contains some hints. Some of their menus will be available without authentication.

Just in case that doesn’t work, you can try to login with the default usernames and passwords which are present in the Cobham Satcom’s manual.

Case Study: Vessel Identity Laundering

Just another area left for maritime organizations to tackle efficiently! There have been frequent cases where vessels, either because they are sanctioned from the authorities or for other illicit purposes transform into an entirely new vessel by tampering with their Physical, Registered or Digital identities. Presently, vessel identity laundering has two typologies as researched by C4ADS:

  1. Direct Vessel Identity Laundering
  2. Indirect Vessel Identity Laundering

Direct Vessel Identity Laundering Operation

A direct vessel identity laundering operation typically follows a three-step process and only requires one real ship (the dirty vessel itself):

Step 1 Preparation and Disguise: Physical Identity Tampering

Step 2 Creating a Shell Identity: IMO Number Fraud

Step 3 Assuming a Shell Identity: Digital Identity Tampering

Indirect Vessel Identity Laundering Operation

Indirect vessel identity laundering operations are more complex than direct vessel identity laundering operations. While direct vessel identity laundering requires only one vessel, indirect vessel identity laundering operations require the participation of at least two real ships (including the dirty vessel and a clean “intermediary” vessel). However, the goal is still the same: to provide the dirty vessel with a clean identity.

Indirect vessel identity laundering operations typically follow a four-step process:

Step 1 Preparation and Disguise: Physical Identity Tampering

Step 2 Creating a Shell Identity: IMO Number Fraud

Step 3 The Intermediary Ship Assumes the Shell Identity: Digital Identity Tampering

Step 4 The Dirty Ship Assumes the Vacated Identity of the Intermediary Ship: Digital Identity Tampering

If you wish to give the C4ADS report on vessel identity laundering a read, here’s the link: 
https://c4ads.org/s/Unmasked-Vessel-Identity-Laundering-North-Korea-f2nf.pdf

Conclusion

Indeed a lot of areas in the maritime industry need more regulations and newer methods so as to remain updated with the technology, and majorly securing themselves from prevalent cyberattacks is of utmost importance.