The Dark Side of AIS: Staying Ahead in a Sea of Spoofing

What’s inside?
How We Got Here
Automatic identification systems (AIS) are crucial maritime technologies designed for vessel tracking and collision avoidance. They transmit a ship’s identity, position, speed, and voyage details to other vessels and monitoring stations, mainly for the prevention of illegal occurrences and collisions at sea.
The systems’ integrity was quickly compromised, though. Bad actors realized they could turn off their AIS and essentially become invisible, which significantly increased the number of deceptive shipping practices (DSPs) and compromised AIS’ integrity.
Regulators eventually clamped down on dark activities (the OFAC 2020 advisory is an example) and intentionally disabling the AIS device put a huge target on a ship’s deck. But bad actors continued looking for technological means to avoid detection.
This drove the significant evolution of DSPs in recent years. From simple dark activities, bad actors have evolved into using AIS spoofing, an umbrella term encompassing various sophisticated techniques.
These deceptive practices include dual transmission, identity tampering, and location (GNSS) manipulation – all aimed at creating misleading or dangerous situations by broadcasting false information about the true location of a ship. For instance, dual transmission involves using multiple AIS transmitters on a single vessel to transmit different identities, while location (GNSS) manipulation features machine-generated locations from point A, when really the ship is at point B, sailing undetected.
Fastest Growing Deceptive Shipping Practice (DSP)
Location (GNSS) manipulation is growing faster than the other DSPs, with more than 2,500 cases already recognized by Windward’s patented models in just over three years. It is clear this complex-to-detect behavior is here to stay:
Traditionally, the maritime industry has operated under the assumption that non-transmitting vessels are bad actors and transmitting vessels are safe. However, the reality is far more complex.
Some AIS turn-offs are legitimate, aimed at protecting vessels from piracy or missile attacks, especially in high-risk areas such as Somalia and the Red Sea. Vigilance against AIS spoofing instances is crucial, but so is considering the context, especially concerning sanctions and security.
There were approximately 588,000 lost AIS transmission events in Q2 2024. Windward’s AI-powered dark activity model only flagged 0.7% of them as risky due to sanctions evasions. Context is king…
Advanced Technology is Essential
Simply screening for sanctions lists or detecting dark activity is insufficient. The cat-and-mouse game between regulators and bad actors continues to escalate, as the potential rewards of illegal activities, such as crude oil and grain smuggling, remain high. Without advanced technology, legitimate stakeholders – shipowners, traders, beneficial cargo owners, and freight forwarders – face significant challenges.
Russia’s war has intensified DSPs, as have the Houthi attacks, and historical trends indicate that future geopolitical conflicts will trigger additional sanctions. With criminal networks adept at hiding in plain sight, investing in robust detection tools is essential.
Detecting dark activity without the appropriate technology results in numerous false positives, wasting both financial and human resources. Detecting location (GNSS) manipulation without advanced technology is impossible. Truly staying on top of bad actors’ intentions and actual locations requires maritime expertise combined with innovative AI systems capable of automatically flagging illicit activities, applying the right context, and rapidly determining actionable steps.