January 07, 2023

Aircraft tracking lessons from Zelenskyy's trip to Washington

The USAF have a couple of tricks up their sleeve that they can, and do, use to obfuscate aircraft movements, including VIP transport. How seldom they use these tricks to hide VIP travel would surprise you, so when they do, they're identifiable and draw attention to the aircraft. The tricks used by state aircraft to avoid observation by open source methods are not limited to the USAF and can be found being used, with varying levels of success, by other air forces worldwide.

The Trip

On December 21, 2022 Ukrainian President Volodymyr Zelenskyy flew to Washington on an American plane. The plane carrying him was distinctly operating outside the norm, providing the public with a fingerprint of what "abnormal" aircraft operations look like.


The aircraft shown by the press which Zelenskyy disembarked from is a USAF C-40 Clipper decorated in executive livery (an "Air Force One"-like paint job). The USAF have ~12 Clippers in different configurations, but we can identify them all. The US Navy have their own fleet of C-40 Clippers used frequently to move personnel domestically and internationally.

The USAF C-40 Clipper fleet


The The USAF C-40 Clipper fleet also use ACARS; example courtesy of https://acars.adsbexchange.com

The Day Before

On the day before Zelenskyy was picked up and flown to the United States, his would-be plane took off from Joint Base Andrews, but didn't show up to open sources until they were over the Atlantic at ~02:14Z, entering British airspace, when they enabled ADS-B; USAF C-40B Clipper 01-0041 was flying as call sign SAM910, and laded at Ramstein Air Base in Germany.

Trick #1; don't fly using a transponder mode that's commonly visible to the public; from the time they departed JBA and arrived in UK airspace they likely flew using Mode-3A/3C; visible to ATC, but not commonly visible to the public. 👇

December 21, 2022

The next day the plane flew to Rzeszów-Jasionka Airport, in Poland, and apparently picked up Zelenskyy to fly him back to Joint Base Andrews. 👇

On the way back, after they passed through British airspace over the Atlantic Ocean, they reduced the amount of data being transmitted by their transponder to exclude their precise location data with ADS-B, and fell back to using simple Mode-S. 👇

Trick #2, stop transmitting precise location data when visibility isn't desired. Without precise ADS-B location data, the aircraft is only transmitting its altitude and identity using Mode-S, which would require multiple receivers to precisely geolocate using MLAT. 👇

You can see the same trick used by the RCAF when they fly operations over Iraq; they stop transmitting their precise location data and fall back to Mode-S reducing the precision with which they can be quickly geolocated.

Example: 2022-11-09 from 15:10Z to 18:22Z RCAF CC-130J Hercules 130604 flew over Iraq using Mode-S, not transmitting their precise location. 👇

Those are the two obfuscation techniques that I noticed were used and stood out to me. Looking for those tricks, they can be used as a behavioural fingerprint to identify the next VIP flight.

No comments:

Post a Comment