The May 2020 advisory demanded a higher level of due diligence, and the market reacted by onboarding more advanced systems. Nevertheless, the counteraction by bad actors was fast and more sophisticated than expected. With advanced deceptive tactics on the rise, stakes are higher than ever. One of the latest tactics trending in the news is vessel identity laundering. As reported by C4ADS, smugglers suspected of evading sanctions on North Korea have turned to this scheme to create fraudulent identities for sanctioned ships.
Identity laundering challenges standard compliance measures and regulations. This practice makes use of advanced tools to confound the ability to verify the true identity of a vessel. Perhaps one of the most unsettling characteristics of laundering is that bad actors defraud the IMO. And a vessel’s IMO has long been a single source of truth for establishing vessel identities.
Before we get into the methods of identity laundering, it’s important to be familiar with the three core elements that make up a vessel’s identity. C4ADS defines these as registered, digital, and physical. To detect laundering, most stakeholders in the maritime domain rely only on one or two. For example, MDA systems tend to mostly rely on the digital identity, whereas port authorities rely on both physical and digital. Without reviewing all three in tandem, it becomes difficult to run a thorough analysis between IMO registration data, AIS transmissions across multiple identities, and the physical features of vessels.
Vessel identity laundering is significantly more sophisticated than previously observed instances of vessel identity tampering, in which vessels can modify their physical appearance or broadcast another vessel’s identity. To understand just how tricky these schemes are, we will walk through the case of the KINGSWAY. This vessel underwent a sophisticated identity laundering operation to avoid international sanctions for almost three years.
Vessel identity laundering in action
The KINGSWAY was a ‘dirty’ ship that regulators accused of transferring fuel to North Korean tankers in 2017. In January 2018, the KINGSWAY was denied entry at Kaohsiung Port by Taiwan authorities. The KINGSWAY never transmitted AIS signals under its own identity again.
So what happened? The KINGSWAY took on a new, fraudulent one. In July 2018, it transmitted for the first time the identity of the ALPHA on AIS while anchored northeast of the Singapore Strait. Bad actors then went a step further to enhance the vessel’s physical disguise through repainting.
In October 2018, the KINGSWAY ceased transmitting the ALPHA identity and began transmitting as the APEX. This was most likely done to more closely resemble the vessel’s true size. With its new APEX cover identity, the KINGSWAY resumed conducting voyage patterns typical of vessels engaging in fuel smuggling. In November 2019, the vessel changed its name to the SHUN FA (IMO 8528864).
On May 6, 2021, the vessel was detained by authorities in Busan, South Korea. So the KINGWAY’S cover was ultimately blown, but the bad actors bought themselves years of time. And that’s precisely what they were after.
The Windward effect
Given its complexity, vessel identity laundering presents new challenges for the maritime industry. For example, if a vessel has the IMO number, the appearance, and the AIS signal to back it up, how can stakeholders be expected to recognize it as another vessel? Thanks to this challenge, the KINGSWAY operated freely for nearly three years — until its detention in May 2021.
To help our partners proactively manage risk, Windward follows a vessel’s entity over time regardless of transmitted changes. We leverage all three aspects of a vessel’s identity – registry information from providers, digital data from the best AIS coverage in the market, and physical information via satellite imagery.
Analyzing multiple data points in real-time is key to detecting identity laundering at scale. This allows us to:
- Create a cleaner, more reliable picture of movements worldwide over time
- Preserve context on historical activities across multiple identity changes
- Automatically detect cases of identity-tampering and other manipulations
If there is one case of identity laundering, how many other vessels are doing the same? How can you avoid doing business with these vessels if this is the case?