This time, we are diving into researching offshore organizations from bunch of leaks like Panama Papers, Bahamas Leaks or Paradise Papers.

In this episode I will present:

• Structure of offshore organizations of Polish Steamship Company (POLSTEAM)
• Methods to research offshore leaks
• Network visualization of offshore companies with connections to Polsteam vessels and key players

In addition, I'm open sourcing my d3js visualization with parsing scripts. It means, you can create cool interactive d3js network without doing much front end. I strongly recommend to use it instead of Gephi. The network is presented at the end of the article.

This article is quite different than previous ones, I want to give you interactive journey over the research and structure of Polsteam. Some visualizations might not work properly on mobile devices, I'm still working on it.

Artykuł po polsku dostępny jest tutaj

https://www.offensiveosint.io/offensive-osint-s01e06-analiza-offshorowych-spolek-polskiej-zeglugi-morskiej/

Last episode about porn industry organization Mindgeek is available below for free.

I want to know my fanbase better so I started a subscription. Drop your email at the bottom of the website or sign up here

https://www.offensiveosint.io/signup/

You will get access to all articles, early access to the newest ones and more with the time.

Introduction

Anti-money laundering is another field where we can use previously learnt OSINT skills like research into organizations, persons or activities. Money laundering is more common that you might think and leaks from Monsack & Fonseca or other tax management companies just confirm this. Thanks to the hackers that leaked all the material to the Consortium of Journalists, everyone can get insight how rich and powerful individuals evade paying taxes. Basically, it's about creating a companies in tax-heavens countries and tunnel money through these organizations to evade government restrictions and keep more money for private businesses. You can think of almost every position in government, from military officers to prime minsters or presidents. More stories can be found here.

Football is also involved in different tax evasions techniques, you can read about it below

Flag of convenience

Maybe, the example I've chosen is not the best to show AML techniques but good one to present distribution of offshore companies. It's quite common that actual owners of the ship register it in countries with looser taxes or work regulations. It allows to bypass regulations established by countries regarding work conditions, environment pollution, money or s In short words, it's just better for organizations but it's not the best solution for ship crew to work under jurisdiction of foreign country. However, you cannot find any polish vessels that operates under polish flag, many of Europen countries have this "issue" and run their steamship companies via offshore organizations located in Malta, Cyprus, Virgin Island, Bahamas etc.

Before we start, I want to say that everything included in this research, companies, names or addresses are legit and have been confirmed in "Offshore Leaks".

I dug through hundreds of documents to draw connections and also offered my help to transcribe these documents for Project X-Ray.  

https://xray.ddosecrets.com/

Polish Steamship Company

I'm not going to write about history of Polsteam, what you need to know is they own 59 vessels with 2,2 millions of load in total. All of the ships have been registered under country with "flag of convenience" in the 90' but last registration took place in 2004 for vessel Ziemia Gnieźnieńska. They are also state-owned.

In 2016, when Bahamas Leaks appeared, investigative journalists came across ownership document of POLSTEAM SHIPPING COMPANY LTD, where ZBIGNIEW BRZEZICKI (Deputy Minister of Maritime Affairs and Inland Navigation 2015-2017, Director of Polsteam 1998-2005) was a Director. According Pawel Szynaruk (Director of Polsteam in 2016) he saved company from financial troubles by registering vessels in flag of convencience countries.

First let's meet people that own the most offshore companies.

Click on the image to display details.

I highlighted only 6 individuals with the most amount of appearances in registration papers as officer. Of course, there are more officers as well as different shareholders that are engaged in the business structure that we will meet later. The most interesting persona here is GABRIELE WESTERHAUSEN, I couldn't establish any common points with Polsteam and there is literally nothing significant about here online.

But lets do not forget about range of the businesses, they own many vessels and transport goods worldwide. Every vessel is managed by offshore companies and some of them connected to CYFADACO SHIPMANAGEMENT which director is Zofia Galka. We can track each ship, based on it's name, number or company and marinetraffic.com is perfect placeto start. I gathered photos for eight ships that have more than 18 t gross load. Statistics for every vessel are available in the network graph.

Click on the ship to display photo

Information about vessels was collected from Maritime Directory. Below you can find all vessels that belong to Polsteam (POLSKA ZEGLUGA MORSKA). It also shows which organization is under control over the ship makes it easier to connect them to Polsteam.

Photos and positions have been taken from Marine Traffic, it's mostly known from showing real live ships position around the world. Below you can find information about SUDETY vessel.

https://www.marinetraffic.com/en/ais/details/ships/shipid:755809/mmsi:636015816/imo:9582518/vessel:SUDETY

If we are talking about sources, first thing to visit during offshore research is of course ICIJ website where you can search database by name, jurisdiction or country. Not all documents have been transcribed and some of them contain spelling errors. I came across this situation with Jan Rutkiewicz (POLSTEAM USA). I did not find anything in ICIJ database under his name, however he is listed as Jan Rutkiewiez.

Second example is "ZEGLUGA POLSKA S.A." (shipping) is listed as "ZEGULGA POLSKA S.A.". Letter U and L are substituted.

To search for proper person, you need to search every possible mistake or look up by his name. To search for documents, I used Hunter from DDoS project.

https://hunter.ddosecrets.com/

The structure of Polsteam (PZM) is not a secret, it's public data and one of my starting point was website

It already gives us around 70 companies owned by Polsteam (POLSKA ZEGLUGA MORSKA PP) and thanks to Offshore Leaks we can go deeper and find owners of the companies registered in tax haven countries. Having these names, we can lookup them in DDoS Hunter or offshore database to discover owners and draw new connections. It was quite time consuming work to check all the companies and new individuals appeared often which made research harder and more confusing - probably I still haven't discovered all the connections.

As you can see, network graph is quite big and messy on first look. To make it more readable I customized it to highlight hovered nodes and all connections associated. Also images size indicates how many connections the node has. Visualization allows to group as many records as  you like, this way graph will be even more clear thanks to images and colors for each group. Moreover, tooltips give flexibility to put information about the node, (it might be a Twitter bio for example) they are also accessible over nodes that describes relationship. I wrote this d3js vizualition by merging couple from https://bl.ocks.org/ into the one that will be suitable for task and flexible for other investigations. Having simple connections in csv file like this

a,b
c,d

script with translate it to new data format

{
    "nodes": [
        {
            "name": "a",
            "group": 1,
            "id": 1,
            "photo": "",
            "size": 50,
            "info": ""
        },
        {
            "name": "b",
            "group": 2,
            "id": 2,
            "photo": "",
            "size": 50,
            "info": ""
        },
        {
            "name": "c",
            "group": 3,
            "id": 3,
            "photo": "",
            "size": 50,
            "info": ""
        },
        {
            "name": "d",
            "group": 4,
            "id": 4,
            "photo": "",
            "size": 50,
            "info": ""
        }
        ],
    "links": [
        {
            "source": 1,
            "target": 2,
            "value": 2
        },
        {
            "target": 3,
            "source": 4,
            "value": 2
        }
        

    ]
}
        
        

then you can adjust viz to your needs by reading json and add photos based on group or put additional info about nodes. To fully customize your visualization, you need to play with d3.forceSimulation() options.

const simulation = d3.forceSimulation()
    .nodes(graph1.nodes)
    // .force("forceX", d3.forceX().strength(.1).x(width * .5))
    // .force("forceY", d3.forceY().strength(.1).y(height * .5))
    // .force("collide",d3.forceCollide( function(d){ return d.r + 8 }).iterations(1) )
    // .force("y", d3.forceY(0))
    // .force("x", d3.forceX(0))
    .force('collision', d3.forceCollide().radius(55))
    // .force('center', d3.forceCenter(-50, 100))
    .force("link", d3.forceLink().id(function(d) { return d.id;}).distance(500))
    // .force('charge', d3.forceManyBody(-100))
    .force('center', d3.forceCenter(width / 2, height / 2))
    .on('tick', ticked);

I recommend to adjust your data from the beginning i.e. scraping information and calculating values on the way.

That's just couple examples, full documentation is accessible below

Script and visulization is on my github.

By providing tutorials and sharing knowledge I hope to partially cover my medical bills. If you like my work and use my tools, please donate.

But let's back to the main topic and analyze the network a little bit. The biggest nodes are people mentioned in Key Players and have the most companies under control. TOMASZ KAMINSKI has a lot of connections and example can be NERO FOUR SHIPPING LTD, where he is listed as a Director together with 4 other persons - SLAWOMIR JACEK BALAZY, ARTUR WITKOWSKI, PIOTR WASZCZENKO and DARIUSZ CZAJKOWSKI. This company, registered in Bahamas, is responsible for WADOWICE II vessel. Analyzing is easy as that when you prepared correct visualization.

I also specified Tax advisories firms that are being used by Polsteam.

Click on the menu on the left side to display information and network.

We can create smaller networks from the big one and present specific cases like these above.

They show associations with Law & Tax Advisors in Malta and Cyprus. LAKE ST. CLAIR LTD has been registered in Malta in '98 and was liquidated by IVAN FSADNI from Ivan Fsadni AID Compliance. I did not find any connections to actual vessels or shipping relations so it might be a good starting point for deeper research.

What's interesting to highlight here, is a connection between POLSTEAM and ORLEN (oil refiner and petrol retailer) established through VITORINE BAJADA from Dingli & Dingli Law Firm Malta.

We see that VITORINE BAJADA is a secretary for UNITY LINE LIMITED as well as ORLEN INSURANCE LTD and ORLEN HOLDING MALTA LIMITED where shareholder is POLSKI KONCERN NAFTOWY ORLEN SPOLKA AKCYJNA (POLISH OIL CONCERN ORLEN).

For people that looks for offshore topic to investigate, I found ex vice president of Szczecin ELZBIETA MALANOWSKA listed as a director in company SAIL AFRICA INTERNATIONAL MALTA LIMITED. It's another steamship(?) like company.

CARMEL CHIRCOP is a shareholder of POLMICO LTD and Director and judical representative of CYFADACO (MALTA) LIMITED. He was murdered in October 2015 but new facts came out recently. Official investigation is still going on but new line opened by police is related to property dealings

Informed sources speaking to The Malta Independent have claimed that Dr Chircop, like so many others, had found ways to under-declare the value of property transactions in order to reduce the amount of tax payable.

https://www.independent.com.mt/articles/2015-10-17/local-news/Police-investigators-probing-murdered-lawyer-Carmel-Chircop-s-property-dealings-6736143772

In addition, Malta Today announced his relations to More Supermarkets and $750k interest-free loan.

Now, from information seen by MaltaToday, it transpires that Chircop had loaned a substantial sum to people connected to the More Supermarkets bust, where millions are said to have been lost after director and owner Ryan Schembri fled the island.

According ICIJ data he is connected to 106 entities, besides POLSTEAM related assets. It's another lead to check for properties owned by any director of tax heaven company.  The most popular way of spending money are real estates, expensive assets (yachts, cars), weapons (financing terrorism) or drugs.

If you:

• know structure of Polsteam
• know who is Gabrielle Westerhausen
• want to go deeper with the research

contact me.

For the people reading this, I have been looking for a cyber security/OSINT/Intelligence job for some time. If you know someone who's hiring or can help, please do let me know.

Conclusion

Even if structure of Polsteam is already known, it was fascinating journey to discover owners of these offshore companies. Gathered this and similar data/charts can be used for corporate espionage, white collar investigations or law enforcement to track the smugglers or pirates.

Apart from Polsteam assets, we dive little bit into d3js visualizations and now it's piece of cake for you to make the same network relationship graph as I did.

https://maritime.com.pl/newsletter/indexm.php?id_term=27545