Cargo Ships Spoofing Location Data to Violate Government Sanctions

As U.S economic sanctions have widened, and tracking software has become more common, some cargo ships have found new ways to go unnoticed.

One increasingly common approach is "spoofing," or using the registration data and identity of another ship, at times a sunken or out-of-service one, to avoid compliance with sanctions.

One Cyprus-flagged oil tanker called Berlina was caught using this method when it was pinged near a Caribbean island but was spotted at the same time in Venezuela packing crude oil onto the ship. U.S. sanctions prohibit actions like these.

Nine additional oil tankers, some of which had connections with the Berlina's owner, have demonstrated similar discrepancies between a pinged location at sea and simultaneous changes in ship weight that indicate they have been loaded with crude oil, the Associated Press reported.

The maritime intelligence agency Windward investigated the Berlina and concluded that its methods might become common practice for other groups looking to bypass U.S. sanctions.

"We believe this is going to spread really fast because it's so efficient and easy," Matan Peled, co-founder of Windward, said in an interview. "And it's not just a maritime challenge. Imagine what would happen if small planes started adopting this tactic to hide their true locations?"

For more reporting from the Associated Press, see below.

Oil Tanker
As U.S economic sanctions have widened, and tracking software has become more common, some cargo ships have found new ways to go unnoticed. One increasingly common approach is "spoofing," or using the registration data and identity of another ship to avoid compliance with sanctions. Above, the Nave Andromeda in the port on October 26, 2020, in Southampton, England. Finnbarr Webster/Getty Images

Under a United Nations maritime treaty, ships of over 300 tons have been required since 2004 to use an automated identification system to avoid collisions and assist rescues in the event of a spill or accident at sea. Tampering with its use is a major breach that can lead to official sanctions for a vessel and its owners.

But that maritime safety system has also become a powerful mechanism for tracking ships engaged in illegal fishing or transporting sanctioned crude oil to and from places under U.S. or international sanctions like Venezuela, Iran and North Korea.

In the cat-and-mouse game that has ensued, the advent of digital ghosts leaving false tracks could give the bad actors the upper hand, said Russ Dallen, the Miami-based head of Caracas Capital Markets brokerage, who tracks maritime activity near Venezuela.

"It's pretty clear the bad guys will learn from these mistakes and next time will leave a digital trail that more closely resembles the real thing," Dallen said, referring to some of the anomalies detected by Windward, such as the sudden 180-degree turn. "The only way to verify its true movement will be to get a physical view of the ship, which is time consuming and expensive."

The Berlina never reported a port call while floating in the Caribbean. Nonetheless, on March 5, the draft—showing the level at which it rides through the water—indicated by its identification system went from 9 meters to 17 meters (30 feet to 60 feet), suggesting it had been loaded with oil.

Was it manipulation or a malfunction?

While the Berlina's voyage remains something of a mystery, Vortexa, a London-based energy cargo tracker, determined the tanker had loaded at the Venezuelan port of Jose on March 2 and then headed toward Asia. Separately, Windward also confirmed the crude delivery through two sources.

Two months later, on May 5, the Berlina discharged its crude in a ship-to-ship transfer to a floating storage vessel, the CS Innovation, according to Vortexa. The CS Innovation remains off the coast of Malaysia, where the transfer took place, and has undertaken a number of ship-to-ship transfers in the interim, making it nearly impossible to know where Venezuela's oil will end up.

Adding to suspicions, the Berlina and at least four of the nine other vessels involved in the Caribbean voyage earlier this year are connected to the same Greek company, according to Windward. And all 10 vessels switched the countries in which they were registered—another common ploy used to make it harder to keep track of ships—to Cyprus in the four months prior to the manipulation of the fleet's tracking information.

The AP was unable to locate any contact information for the Berlina's ship manager or owner, both of which are based in the port city of Pireaus, near Athens.

Peled said the Berlina's activities may never have been detected if not for a tip it received from an external source that it wouldn't identify.

But the know-how gained from the investigation has allowed it to identify other recent examples of location tampering, including one in January, when a ship it did not identify was spotted loading Iranian crude at Kharg island while broadcasting a location out at sea somewhere else in the Persian Gulf.

While the U.S. government has more resources than commercial enterprises to ferret out such deceptive practices, doing so will require extra effort.

"It suggests the length to which rogue actors are willing to go, to hide their activities," said Marshall Billingslea, an assistant Treasury secretary for terrorist financing during the Trump administration and former deputy undersecretary of the Navy. "It's a worrisome trend and given the huge volume of maritime traffic will introduce a lot more noise into the system."