Skip to content

The power of maritime OSINT – interview with Wondersmith Rae

  • by

Maritime OSINT and tracking the movements of vessels is a hot topic again in the recent times. 

Regardless of the changing trends, there are people who have been involved in this area of research for a while and are experts at various aspects of maritime open source intel investigations.

Meet Rae Baker – a versatile OSINT analyst, who stands out in the community due to her expertise on everything maritime OSINT related. Don’t forget to check out her Medium blog!

Ships are giant control systems and have the same vulnerabilities that any large system would have. If you think of an ICS or SCADA anywhere you would be concerned with things like default credentials and things being public facing on the internet.
Rae maritime OSINT
Rae Baker
@wondersmith_rae

First things first – your introduction. Who are you and what is your OSINT experience?

I am a Senior OSINT Analyst in Cyber Recon for a large Consulting Firm. My OSINT experience is mostly self-taught from writing blogs, speaking at conferences, and doing personal research into topics that I find interesting.

Can you tell us how you developed your interest in maritime OSINT – and why?

I developed an interest in Maritime by accident. I like to use blogs and presentations as an excuse to get better at performing OSINT research and I was looking for a topic that was not covered very often in the OSINT world.
 
I chose to write a blog about Maritime OSINT and people seemed really receptive to it. The excitement that other people showed towards what I had written propelled me to keep pursuing it and the rest is history!
 

What is your methodology to research and follow vessels? What do you concentrate the most on? 

When I am researching vessels I focus a lot on their behavior. Any behavior that seems uneconomical for the ship is interesting to me and I take great joy in baselining the activity of an area and noting changes over time. If you watch vessels for any period of time you will notice patterns.
 
These patterns can be patterns of normal routes or maybe patterns of illicit activity but usually you can see something that jumps out and requires further investigation. My collection method is a bit more haphazard and I like to collect as much detail as possible and toss it in a OneNote.
 
Eventually, something interesting will pop out in my notes and I will dive in. Some of my co-workers affectionately call this “Going full Rae” which may or may not be a compliment.
 
What are your favourite resources and techniques for maritime OSINT?
 
Maritime is hard for OSINT analysts because the free tools are limited. Where it is relatively easy and low budget to track flights historically the cost for tracking ships historically is much greater. I usually recommend letting other people do that work for you. Use social media, especially Twitter as a way to gather intel.
 
There are plenty of amazing analysts who have access to satellite imagery and historical maritime tracking and they will post that for their own research. I don’t see anything wrong with using their research to verify and develop your own. I definitely make sure to give them credit though, because they make my life easier.
 
Aside from social media, I think tools like Marine Traffic and Vessel Finder are great for tracking vessels in real-time, and if you are looking for specific vessel details you can always use Google and search for the IMO number and ship name to see if there have been any articles or sanctions placed on them. I usually start with Google and work my way out from there.
 

Is there a big difference between tracking civilian and military vessels? What are the main issues or difficulties of both?

Yes, there is a big difference between tracking civilian and military vessels. Civilian vessels do not have set methods for obfuscating their identities so it tends to make it a bit easier to track them. Military vessels have procedures for the crew to use when switching IMO numbers or turning off their AIS.
 
That said, military vessels are definitely photographed more and tracked on social media so it can be easier to keep tabs on them that way. A cargo ship or a tanker might not get the same amount of press that a group of ships traveling for a well documented exercise would.
 

Are there any places on Earth (ports, but also rivers, canals, lakes, etc.) where researching vessels is much harder than normally?

Tracking ships out in the ocean is the hardest in my opinion. When they are in port they are generally stationary and easier to catch on satellite, photographs, and registries. Out in the ocean you have to hope the satellite passed that area at the right time, with the right weather, to capture the evidence you need.
 
Satellite imagery is often only offered so many miles from shore and out in the middle of the ocean you would be required to task a satellite to go there to see it and that becomes expensive.
 

Does maritime OSINT also include researching shipwrecks? Have you ever done that?

You asked about shipwrecks specifically but in my short time as a maritime analyst there have been several noteworthy plane crashes into the ocean that were of interest to OSINT analysts. There was a US F35 that crashed into the South China Sea and the controversial MH17 Malaysian airlines crash to name a few.
 
So ship and plane wrecks can be hugely important depending on the geopolitics involved, potential loss of life, potential loss of money when all the cargo sinks to the bottom of the ocean. I am always interested when I see an event taking place where several countries are racing to be the first to find a wreck in the middle of the sea.
 
I can’t help but add them to my tracking list and keep up on what is going on.
 
What info get you get on maritime technology? What are the commonly known vulnerabilities?
 
Ships are giant control systems and have the same vulnerabilities that any large system would have. If you think of an ICS or SCADA anywhere you would be concerned with things like default credentials and things being public facing on the internet.
 
It is the same for ships, often the control systems on the ships use default credentials or haven’t been updated in a long time. Ships also have a connection to devices on the shore which could be an entry vector for an attacker.
 

In the light of the recent wartime events in Ukraine and the flight of the oligarchs in the West as a result of sanctions, have you researched any of their vessels? What would be the best approach if somebody wanted to try doing it?

Oligarch hunting is very hot right now in the OSINT community and I have been keeping tabs on the vessels being tracked but not actively searching for them. These yachts are going to be spotted and photographed wherever they go and I don’t see them being able to hide for too long.
 
Many of the vessels that have been sanctioned, whether oligarch or otherwise, hide behind several layers of shell companies. If you enjoy tracking these yachts I would recommend getting into corporate OSINT research and start to understand how they structure the ownership behind the scenes (which often leads to more vessels).
 

How transferable are people OSINT skills to tracking vessels? Or maybe both of these skillsets work best when combined?

I believe most OSINT skills are transferrable across all the areas. People OSINT is obviously useful when looking into a ship’s crew and employees within the various levels of ownership. But if you start with human selectors you will still need to be comfortable with pivoting through things like corporate records, basic vessel tracking, and technology.
 
I believe being a well rounded analyst is most valuable to any investigation before having a niche focus. Most analysts I know will dig as deep as they need to and learn new skills in order to keep going so I have no doubt that in that regard people OSINT is definitely transferrable.
maritime OSINT ships
Source: Vessel Finder (vesselfinder.com)
What has prompted you to create your Medium blog – and how is that going?
 
Initially, I started my blog when I entered the OSINT community. I wanted to have a place where I could do research on topics that I enjoyed and wanted to learn more about so I used blogs to teach myself tradecraft. Also, I was very aware how much content I was consuming from the community and how it was helping me grow and I promised I wouldn’t take from the community without giving something useful back. That might sound super lame but it has been a mantra of mine in these last 2-3 years.
 

From a professional standpoint, how useful is maritime OSINT? Is there a job in that?

Maritime OSINT is definitely having a moment right now. I think companies are beginning to see the usefulness of integrating this type of capability into what they already provide. Based on how often people ask me about maritime I think it is safe to say the interest is growing and with current supply chain and geopolitical issues it is highly relevant. It is niche though and I recommend having a well-rounded set of skills in not only maritime but corporate records, HUMINT, threat hunting, domain/IP research.
 
Have you ever encountered maritime OSINT as part of a CTF or any similar competition or challenge?
 
I have not personally encountered any ctf with maritime questions outside of hack the sea type competitions where the intent is to hack a system on a ship. It would be great to see more ctf questions on maritime but I also understand how hard it is to formulate those questions with complete open source information.
 

To finish up on a real life story note, can you recall your favourite vessel you tracked, or your favourite maritime investigation?

One of my favorite public maritime investigations that I can talk about has got to be the Ever Given. When the Ever Given got stuck in the Suez canal everyone became a maritime analyst overnight and the memes that came out were fantastic. Not only was it fun to watch the conversations, it brought a lot of attention to the importance of supply chain and these choke points around the world that many people don’t consider. The event actually inspired my Layer 8 conference talk last year on the concerns around maritime supply chain.
 
Thanks so much for your time taken to answer my questions. Is there anything else you want to mention or talk about?
 
I am really excited to see how many people are discovering Maritime as a valuable part of OSINT. It has been amazing to see the growth in this area, and all of OSINT over just the last 2 years and I am excited to see how the field changes with the influx of new analysts.

Leave a Reply

Your email address will not be published. Required fields are marked *