Iranian Tanker Hacks AIS to Disguise Itself Off Singapore

There’s been a bit of talk recently about the security vulnerabilities when it comes to hacking the Automatic Identification System (AIS), a system which is used to track maritime shipping around the world.  Hacking the AIS system on board your own ship however, appears to be equally as big of an issue, and a method currently being used by a tanker anchored off Singapore at this very moment.

The 163k deadweight crude oil tanker Ramtin (formerly known as Volga), is managed and owned by Tabuk Maritime, a company which has been sanctioned by OFAC for its connections to the Iranian oil trade.  The vessel has recently been detected operating in Eastern Singapore / Malaysia ship-to-ship transfer operation area after steaming fully-loaded with crude from Bandar Abbas, Iran.

MarInt, a predictive maritime analytics system developed by Windward followed the Ramtin as it began transmitting a new Maritime Mobile Service Identity (MMSI) number while it passed through the Gulf of Oman on its way toward Singapore.  Its MMSI number now matched that of a much smaller tanker named ‘Hamoda K.” which was on its way to Karachi from the U.A.E.

The Ramtin still has its same IMO number, but its MMSI number is now that of the Hamoda K, a vessel which is not on the OFAC blacklist.  This “sharing” of identity, together with the close proximity in time of the operations, appears to indicate that the Hamoda K is being manipulated to disguise Ramtin’s activities near Malaysia.

Draught reports show that the Ramtin was at its maximum crude capacity (17m-) while sailing towards Singapore, and has yet to transmit any new information about its draught – possibly indicating it had not yet transferred parts of its crude oil to a second tanker.

MT Hamoda K has left Karachi and is now on its way to Hamariya Bay (U.A.E)

Timeline:

10/09 – MT Hamoda K arrives to Karachi port waiting area in Pakistan.
10/09 – MT Ramtin (formerly known as Volga) leaves the port of Bandar Abbas (Iran) on its way to Eastern Singapore / Malaysia STS operation area
30/09 – MT Ramtin arrives to Eastern Singapore / Malaysia area then stops 18M offshore 12/10 – MT Hamoda leaves the port of Karachi on its way back to the U.A.E.

Images of the event

As the two images show, the MMSI number of the Hamoda K and the Ramtin (Volga) match.

As it gets more and more easy to manipulate ordinary AIS tracking system, the ability of MarInt to automatically analyze vessel behavior on a global scale already unveils illicit or suspicious activities. When analyzing crude or other commodity flows, it is apparent that such analytics is key to understanding what is really going on at sea.