The ability to detect AIS spoofing has become critical in global maritime trade, particularly off the coast of Malaysia, where “shadow fleet” tankers are continually exploiting regulatory gaps to conduct illicit ship-to-ship transfers of sanctioned oil.

According to analysis by Lloyd’s List Intelligence, more than 50 shadow vessels spoof their AIS signals each month in Malaysia’s outer port limits, a key transfer point for Iranian crude destined for China.

Malaysia has pledged tighter enforcement with new regulations, but “no details have yet emerged, and dark STS transfers continue unchecked,” Lloyd’s List Intelligence cautioned.

The maritime intelligence sector, therefore, relies heavily on detection technology to uncover these concealed operations and shine a light on hidden risks.

AIS spoofing involves manipulating a vessel’s location data to disguise its activity, a sophisticated and evolving challenge.

“Above are three different examples of spoofing patterns that can be spotted because of the impossibility of the movement. The yellow vessel is stationary, the pink vessel moves in a perfect circle, and the green vessel appears to be moving back and forth in a completely straight line,” Lloyd’s List Intelligence report noted.

One recent case involved the Sao Tome and Principe-flagged Lafit (IMO: 9379698), which spoofed its location for nearly three weeks in May 2025, falsely appearing in the eastern Singapore Strait. “The box pattern confirms the data is false,” the analysis observed.

SeaOrbis is actively supporting sanctions enforcement by enabling more confident and accurate detection of spoofing.

Lloyd’s List Intelligence explained that its detection methodology uses a hybrid approach, blending rule-based systems with machine learning models trained to spot unrealistic vessel behaviour, physically impossible movement patterns, and anomalies that are a departure from normal behaviour—that signal deliberate deception.

Bridget Diakun, Senior Risk and Compliance Analyst at Lloyd’s Register, remarked that some vessels spoof their AIS for only hours, while others, like Lafit, do so for weeks: “The AIS data for Lafit, which showed it near the Singapore Strait, was entirely fabricated. This makes it even more difficult to monitor the number of dark STS transfers taking place.”

Malaysian authorities have acknowledged their limitations, with Foreign Minister Dato’ Seri Mohamad Hasan admitting: “This ship-to-ship issue has become a thorn in our side.”

However, much of the illicit activity takes place outside the 12-nautical-mile territorial limit, where Malaysia’s jurisdiction is restricted and enforcement remains difficult without new legislation.

Lloyd’s List Intelligence highlighted that the fight against AIS spoofing is a global compliance challenge: “With sanctions scrutiny intensifying, organisations must ensure their maritime intelligence is built on data they can trust.”

Just recently, Cydome, a provider of class-endorsed maritime cybersecurity solutions, has launched a free reporting tool to simplify compliance. This tool comes in response to the Federal maritime cybersecurity reporting rules that entered enforcement on 16 July.

Many now-reportable incidents are routine issues like GPS spoofing, VSAT dropouts, partial software updates, unauthorised USB use, communication losses, or repeated password errors that lock accounts.

By Port Technology Team