Using ADS-B Exchange to Collect Unfiltered Open Source Flight Data

ADS-B Exchange is the world’s largest source of unfiltered flight data.  Normally, blocked tail numbers from private airplanes aren’t visible.  With ADS-B Exchange, you can access all the information from any tail number you want.  This is great for tracking politicians, business leaders, etc. to find connections between them or any associated event.  Additionally, ADS-B Exchange tracks international flight data as well, making this particularly useful for OSINT collection outside of the United States.  Here’s a quick guide on getting started with ADS-B Exchange and open source flight data.

0. Figure Out Who or What the Target Is

Who or what (organization) will you be collecting on?  Are you trying to find information about Russian intrusion into Ukraine or historical data of the annexation of Crimea?  Maybe you’re trying to figure out what Jeff Bezos from Amazon might be buying next.  The first thing you need to do to find historical flight data on a target is to identify their private jet registration number.  This is pretty easy.  Let’s get started with Jeff Bezos. Here’s an open source resource for Jeff Bezos’ private jet.  For fun, it also includes imagery of his many houses. You should have found ‘ND271DV’ as Bezos’ registration number.  It says it right in the title of the resource I linked to.  This is all we need to extract the data from ADS-B Exchange.

1. Navigating the ADS-B Exchange Webiste

Next, go ahead and visit the ADS-B Exchange website.  You should see a pretty basic home page explaining what the website is and what service they offer. They offer a ton of useful features and even have their own API if you’re a Python developer.  Let’s dive right in to the easiest way to use ADS-B Exchange, flight history data.  Hover your mouse over the ‘Other Flight Info’ tab in the navigation menu.  Under the available options, select the first one labeled ‘Flight History Data’.  If you can’t find it, here’s a link.  The page will now show a few drop down boxes for you to choose from.  Under the default dropdown list labeled ‘icao’, go ahead and change that to ‘registration’.  Now the ‘enter registration’ box will be available.  Enter Bezo’s private jet registration number there.

2. Sifting Through the Data

Now you will see a list of dates with links to other pages containing more information.  Click on the first one and see where it takes you.  For me, it’s June 3, 2018.  Here’s what I found.

Screen Shot 2018-06-05 at 9.15.31 PM

It looks like Mr. Bezos, or something flying in his jet, just flew from El Paso, TX back to Seattle.  What does this mean?  Well you’d probably have to do more digging to find out.  Is this the first time he (or an associate) has flown to El Paso?  If not, how long ago was the last time he went there?  Can you find any related open source information that might place Bezos in El Paso in June (it’s hot!).  Let’s look at another example.

Here’s a snapshot of Bezos’ flight data from May 4, 2018 (May the 4th be with you).

Screen Shot 2018-06-05 at 9.18.29 PM

Looks like he was flying back from Dallas, TX this time.  What’s up with Texas?  Could this possibly be the state chosen for HQ2? Austin and Dallas are on the list.  This is two times Bezos has flown to Texas in 1 month.  It could be a coincidence, or it could be more (if Amazon chooses Dallas for HQ2, you heard it here first!).

What should you look out for when looking at flight data like this?  Well, what I’d look for is the frequency of travel to a certain location.  Next, I’d look to see if that location is traveled to at the same time (date) every single year, year after year.  I’d also compare other associates with private jets to see if they are going to the same place at the same time.  I’d also look at places they aren’t going (often the best information lies there).  It depends on the target and what the purpose of the investigation is.  I’d assume with Bezos it’d be competitive or market intelligence, but I could be wrong.

3. Taking it a Step Further

If you’re looking to extract a whole bunch of data and do some real analysis, hunting and pecking through each link and manually entering the data may be time consuming and lead to mistakes.  If you’re an advanced or intermediate Python programmer, you can use their open API to extract the data and manipulate it in the way you see fit. What can you use the ADS-B Exchange API for? Let’s look at 2.

  • Query Live Position Data
  • Retrieve Historical Data

Query Live Position Data

“Live position data can be queried with various parameters are results returned in a JSON format. As you may be aware, ADSBexchange is based on the excellent Virtual Radar Server product by Andrew Whewell.” – ADS-B Exchange Webpage

You can convert that JSON into a Python script and away you go! Here’s the full documentation.

Retrieve Historical Data

“If you want to download a historical record of all data received by ADSBexchange, this is the section for you.  Building on the “Querying Live Data” section above, essentially, every 60 seconds, we issue the following JSON query and store the results:” – ADS-B Exchange Website

This is where you can start doing trend analysis and selecting the specific data you’re looking for.  You may be surprised at what you find!  I’ll let you explore and customize it to your specific needs.

I hope you enjoyed this article.  You can apply these same concepts to monitor train and marine activity using similar resources.  This could be an excellent exercise to improve your OSINT capabilities and learn about a new industry (aviation).  I’m still figuring out the Python part as I go, but the more resources I find, the more possibility I uncover!  Follow me on Twitter for more updates and good OSINT content or subscribe to this blog so you never miss a beat!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s