A shipwreck in India, an ammunition seizure in Senegal, and a raid on an oil tanker in Malaysia – all three incidents involve ageing vessels, operating with false papers and one recurring figure: Captain Suniel Kumar Sharma.

For over a decade, Sharma has been condemned by the governments of Dominica, Guyana, Samoa, the Federated States of Micronesia and Eswatini, as well as the UN International Maritime Organisation (IMO), for issuing fraudulent paperwork to vessels, including false flag certificates.

In a recent interview with the Financial Times, Sharma said his most prominent flag registry, the International Maritime Safety Agency of Guyana (IMSAG), was no longer operational. However, a Bellingcat investigation has found certificates issued by IMSAG as recently as December 2025. In the same interview, Sharma denied setting up any more registries. Yet Bellingcat has found evidence of a newly launched website linked to Sharma offering flag registration in Nicaragua.

In June 2020, a typhoon off the Indian coast forced the 38-year-old oil tanker, MT Basra Star (IMO 8515817), to run aground. Despite an insurance inspector’s report recommending her immediate demolition, the vessel remained for five years, rusting away on the beach, until she was finally scrapped in January this year.

The insurance report states Basra Star was sailing under a Samoan flag and its classification society (the company that certifies the vessel as seaworthy) was Ascent Navals.   

Two years before MT Basra Star ran aground, the Samoan government and the IMO issued a warning about a fraudulent company called Ascent Navals, and its director, Captain Suniel Kumar Sharma, for appearing to operate on behalf of Samoa, but without official authorisation.

By sailing under a false flag (Samoa False) and a fraudulent classification society (Ascent Navals), when the worst-case scenario did occur, no jurisdiction (flag state) was legally responsible for the marooned ship.

Bellingcat contacted the vessel’s owners, Shat Al Arab Marine Supply LLC, the insurance surveyors, Uday Bhogate & Associates, and Ascent Navals and its director, Suniel Kumar Sharma. None responded to requests for comment.

Nearly two years after Basra Star was shipwrecked, another ageing vessel, Eolika (IMO 8214968), was found operating under a false flag while laden with illicit cargo. At the port of Dakar, Senegalese customs officers boarded the 39-year-old cargo ship and discovered three concealed containers of ammunition, reportedly worth US$5.2 million. Eolika was flying a false Guyana flag. 

In an open letter, the IMO, together with the Guyana authorities, denounced the flag under which Eolika was sailing as false. They warned of a fraudulent company, the International Maritime Safety Agency of Guyana (IMSAG), for flagging vessels without authorisation from any flag state. Guyana’s police force said it would investigate “this rogue enterprise led by Captain Suniel Kumar”, together with Interpol.  

There is no suggestion that Sharma or IMSAG took part in the transport of illicit goods. The IMO warning was issued in response to IMSAG supplying false paperwork, which then enables vessels to operate without oversight. Flying a false flag for a registry that doesn’t exist voids any insurance, risks crew safety and threatens environmental harm, as seen with the Basra Star.  

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

But it’s not just Sharma’s companies supplying false papers. Last year, maritime experts at Windward identified 285 international tankers falsely flagged by 18 different fraudulent registries. The majority were sanctioned vessels, which typically seek out false flags to evade restrictions. However, according to Lloyd’s List Intelligence, it was Guyana’s fraudulent registry which became the first port of call for sanctioned tankers looking to hop flags.

Seized off the coast of Malaysia earlier this year, the sanctioned tanker Nora (IMO 9237539) switched to a false Guyana flag issued by IMSAG on February 1, 2025. Nora and a second sanctioned tanker, Rcelebra (IMO 9286073), were caught by the Malaysian Maritime Enforcement Agency (MMEA) engaged in an unauthorised ship-to-ship transfer.

Both captains and 53 members of the crew were detained. The cargo of crude oil was valued at more than RM512 million (US$130 million), according to the MMEA. 

However, within days, both tankers were released. Fined the maximum penalty of RM300,000 (US$76,000) for an unauthorised ship-to-ship transfer, the MMEA acted to enforce Malaysia’s environmental and maritime safety laws, but not International and UN sanctions. Asked if this was within its remit, the MMEA did not respond to our request. 

There is no indication that Sharma or IMSAG knowingly issued flags to criminal actors. But by providing false paperwork, the IMO warn that fraudulent flag registries are enabling high-risk vessels to continue operating. 

The promise of investment and the signing of an MoU

Crucial to understanding how IMSAG has continued to operate as a fraudulent registry for so long is that it was once legitimate. 

Back in 2021, Guyanan media described how IMSAG was making investments of US$35 million, creating hundreds of jobs, and constructing a state-of-the-art training facility – all presented as a way to grow Guyana’s maritime industry. 

Sharma also signed a Memorandum of Understanding (MoU) with Guyana’s Maritime Ministry. But less than six months later, Guyana quietly terminated all arrangements with Sharma and his companies.

Whilst the MoU was in effect, IMSAG had served as Guyana’s official international ship registry. The domain imsag.org was used to register and flag vessels on its behalf. But after the MoU was terminated, instead of shutting the company down, IMSAG continued to operate without Guyana’s authorisation. A redacted version of the MoU is still live and being promoted on IMSAG’s website. 

In a recent interview with the Financial Times, Sharma confirmed he had set up a ship registry in Guyana, but said it had been “discontinued” after the authorities withdrew consent. He also said the domain imsag.org was “not operational just informative”.

Bellingcat recently downloaded 230 vessel certificates for 87 ships from imsag.org, including the sanctioned tanker recently seized by the Malaysian authorities, Nora. 

Counter to Sharma’s claims that IMSAG was no longer operational, all 230 certificates found by Bellingcat were issued well after the MoU was terminated in March 2021, including some as recently as December 2025. Of the 87 certified vessels 63 were oil tankers, with an average age of 24 years. Diana 1 (IMO 9212229), for example – a 26-year-old oil tanker last seen in Libya – was issued a certificate by IMSAG on June 26 2025. 

According to Equasis data, Diana 1 hopped to a false Guyana flag on July 1 2025. 

Neither Sharma nor IMSAG responded to our request for comment regarding our findings that IMSAG had continued issuing certificates as recently as December 2025, despite Guyana having terminated the MoU and withdrawn its authorisation.

For a full list of the 87 vessels, including certificates and details of our methods, click below to expand:

Expanding Operations in Nicaragua

In Sharma’s interview with the Financial Times, he denied he was setting up any more registries and said he had left the maritime sector entirely. Yet Bellingcat has found evidence of a new registry with links to Sharma that appears to be offering flag registration in Nicaragua. 

In July 2025, the domain niataregister.com was launched, promoting the Nicaragua International Aquatica Transportation Administration (NIATA).

The website is active. Bellingcat found a certificate issued as recently as February 2 for the sanctioned tanker and member of the shadow fleet, Al Jafzia (IMO 9171498, sanctioned under the name Chil 1).

According to maritime tracking data, on February 6, while sailing under a false Aruba flag, the Al Jafzia was detained by the Indian Coast Guard for an illicit ship-to-ship transfer of Iranian oil. On February 11, the vessel began broadcasting under a Nicaraguan flag, listing its home port as Corinto, Nicaragua’s largest port. The MMSI number can be seen in the certificate below.  

Despite multiple requests, the Nicaraguan authorities did not respond to our questions as to whether they had heard of NIATA or had any official partnership with the company. 

According to the IMO’s GISIS database, Nicaragua has not approved any organisation to issue flags on its behalf. The IMO also confirmed directly to Bellingcat that Nicaragua had provided no further information beyond what was visible in GISIS at the time of publication.

Bellingcat downloaded all publicly available forms from NIATA’s website. Analysing document metadata revealed the creator of the documents as ‘Oceaniek Technologies’.

Navigating to the Oceaniek Technologies homepage (shown below), under the headline ‘Our Products’ 11 companies were promoted in a looping carousel up until August of last year. It now features only five, spanning a wide range of industries, including a cricket league, a hospital and streaming services.

The managing director of Oceanik Technologies, according to his own LinkedIn, is Suniel Sharma. Sharma has also been photographed by local Indian media, cited as the “MD of Oceanik Technologies”.

Also among the 11 companies promoted up until August of last year were the Nautilus Times and Nautilus Register.

Promoting vessel classification services, Nautilus Register, appears as an entity of interest in OpenSanctions due to its ties with several sanctioned vessels, including members of the shadow fleet. Sharma’s own LinkedIn lists him as the Director General of the Nautilus Register. 

Bellingcat confirmed nautilusregister.net is still active, issuing classification certificates as recently as January 2026 (shown below). The IMO told Bellingcat that Nautilus Register is not listed as a recognised organisation in their database, GISIS.

A search for the second company, Nautilus Times, led to a website offering dozens of training courses, from cadetship to firefighting, as well as competency training.

Competency training is a requirement for all seafarers. Crew members may attend a course in any jurisdiction, but it’s then up to the flag state (the country in which the vessel is registered) as to whether that training is recognised.

According to the Nautilus Times website, a crew member can enrol in any one of six jurisdictions, as shown below, including Guyana and Nicaragua.

After contacting all six jurisdictions, the official Maritime Administration Department (MARAD) of Guyana confirmed that Nautilus Times was not authorised to issue certificates to seafarers on their behalf. They reiterated that they had no relationship with Nautilus Times or Sharma. St Maarten has previously said that it does not have an international flag registry and therefore does not issue competency certificates. No other jurisdictions replied to our request. 

Bellingcat contacted both the Nautilus Times and Sharma to ask why the site was advertising courses on behalf of Guyana and St Maarten without their authorisation. Neither replied to our request for comment.

Finally, two more companies embedded in the carousel on Oceaniek Technologies’ homepage,  but deleted after August 2025, were the MSTA Registry and Aruba Maritime.

The MSTA Registry was cited in a warning issued by St Maarten and the IMO in May 2025 for issuing false flags to vessels under the guise of St. Maarten. Aruba Maritime was sanctioned by the European Union in October 2025 for fraudulently issuing oil tankers with false Aruba flags. 

Neither Oceaniek Technologies nor Sharma responded to our request for comment regarding the nature of these companies’ connection to Oceaniek Technologies. 

As sanction enforcements continue to expand, so too will the number of vessels seeking illegitimate paperwork from fraudulent registries such as IMSAG. Despite criminal charges being filed, warnings being issued, and investigations being published, Sharma’s operation continues – now seemingly having expanded into Nicaragua and with the apparent formation of a larger network, Oceaniek Technologies. 

Merel Zoet and Claire Press contributed to this report.

Bellingcat is a non-profit and the ability to carry out our work depends on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here and Mastodon here.

The post Shipwrecks, Sham Papers and False Flags: Tracking the Company Behind It All appeared first on bellingcat.

Online shopping has never been easier. A few clicks can get almost anything delivered straight to your door, sometimes at a surprisingly low price. But behind some of those deals lies a fulfillment model called drop-shipping. It’s not inherently fraudulent, but it can leave you disappointed, stranded without support, or tangled in legal and safety issues.

I’m in the process of de-Googling myself, so I’m looking to replace my Fitbit. Since Google bought Fitbit, it’s become more difficult to keep your information from them—but that’s a story for another day.

Of course, Facebook picked up on my searches for replacements and started showing me ads for smartwatches. Some featured amazing specs at very reasonable prices. But I had never heard of the brands, so I did some research and quickly fell into the world of drop-shipping.

What is drop-shipping, and why is it risky?

Drop-shipping means the seller never actually handles the stock they advertise. Instead, they pass your order to another company—often an overseas manufacturer or marketplace vendor—and the product is then shipped directly to you. On the surface, this sounds efficient: less overhead for sellers and more choices for buyers. In reality, the lack of oversight between you and the actual supplier can create serious problems.

One of the biggest concerns is quality control, or the lack of it. Because drop-shippers rely on third parties they may never have met, product descriptions and images can differ wildly from what’s delivered. You might expect a branded electronic device and receive a near-identical counterfeit with dubious safety certifications. With chargers, batteries, and children’s toys, poor quality control isn’t just disappointing, it can be downright dangerous. Goods may not meet local standards and safety protocols, and contain unhealthy amounts of chemicals.

Buyers might unknowingly receive goods that lack market approval or conformity marks such as CE (Conformité Européenne = European Conformity), the UL (Underwriters Laboratories) mark, or FCC certification for electronic devices. Customs authorities can and do seize noncompliant imports, resulting in long delays or outright confiscation. Some buyers report being asked to provide import documentation for items they assumed were domestic purchases.

Then there’s the issue of consumer rights. Enforcing warranties or returns gets tricky when the product never passed through the seller’s claimed country of origin. Even on platforms like Amazon or eBay that offer buyer protection, resolving disputes can take a while to resolve.

Drop-shipping also raises data privacy concerns. Third-party sellers in other jurisdictions might receive your personal address and phone number directly. With little enforcement across borders, this data could be reused or leaked into marketing lists. In some cases, multiple resellers have access to the same dataset, amplifying the risk.

In the case of the watches, other users said they were pushed to install Chinese-made apps with different names than the brand of the watch.. We’ve talked before about the risks that come with installing unknown apps.

What you can do

A few quick checks can spare you a lot of trouble.

• Research unfamiliar sellers, especially if the price looks too good to be true.
• Check where the goods ship from before placing an order.
• Use payment methods with strong buyer protection.
• Stick with platforms that verify sellers and offer clear refund policies.
• Be alert for unexpected shipping fees, extra charges, or requests for more personal information after you buy.

Drop-shipping can be legitimate when done well, but when it isn’t, it shifts nearly all risk to the buyer. And when counterfeits, privacy issues and surprise fees intersect, the “deal” is your data, your safety, or your patience.

If you’re unsure about an ad, you can always submit it to Malwarebytes Scam Guard. It’ll help you figure out whether the offer is safe to pursue.

And when buying any kind of smart device that needs you to download an app, it’s worth remembering these actions:

• Question the permissions an app asks for. Does it serve a purpose for you, the user, or is it just some vendor being nosy?
• Read the privacy policy—yes, really. Sometimes they’re surprisingly revealing.
• Don’t hand over personal data manufacturers don’t need. What’s in it for you, and what’s the price you’re going to pay? They may need your name for the warranty, but your gender, age, and (most of the time) your address isn’t needed.

Most importantly’worry about what companies do with the information and how well they protect it from third-party abuse or misuse.

We don’t just report on scams—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

There’s a modern-day train heist happening across America, and this time, some of the bandana-masked robbers are sitting behind screens.

According to new research, a group of cybercriminals has been attacking trucking, freight, and logistics companies for months, impersonating brands and even diverting real cargo shipments to unapproved locations so that the stolen goods can be sold or shipped elsewhere.

The impact, the researchers said, extends far beyond the logistics industry:

“Such crimes can create massive disruptions to supply chains and cost companies millions, with criminals stealing everything from energy drinks to electronics. The most targeted commodities are food and beverage products.”

Although the cyberattacks were mostly seen in North America, cargo theft is a problem across the world, impacting consumers and businesses that rely on the often-overlooked network of trucks, trains, ships, planes, and people.

In these attacks, cybercriminals compromise the accounts of carrier companies that transport goods from one location to the next. By posing as legitimate carriers, they can place real bids on shipments and then redirect them to unauthorized destinations, where they or their partners will receive and steal the cargo.

Researchers found that attackers take control of these accounts in at least one of three ways.

1. Fake load boards

Attackers may post a fake order on what’s called a “load board,” a digital marketplace that connects shippers with carriers so that cargo can be assigned and accepted. But when legitimate carriers inquire about the fake load board posting, the criminals reply with an email that includes a malicious link that, when clicked, installs Remote Monitoring and Management (RMM) software. (To make the scam more convincing, the cybercriminals also compromise a “broker” account so their load board posting looks legitimate.)

Despite the sneaky install method, RMM software itself is entirely legitimate. It’s used by IT support teams to remotely fix issues for employees. But that legitimacy makes RMM software perfect for any cybercriminal campaign because it may raise fewer red flags from older antivirus tools.

Once the attackers gain access to a carrier’s account, they can also deploy malware to steal account credentials, giving them greater access to a company’s network.

2. Compromised email accounts

A second observed attack method involved hijacking an active email address and then impersonating the owner when responding to emails about cargo orders and shipments. Here, too, cybercriminals inserted malicious links into emails that eventually install RMM tools.

3. Social engineering

Finally, researchers also observed the attackers sending direct phishing emails to carriers, using classic social engineering tricks—like sending a bogus bill to lure victims into clicking malicious links.

While many of the well-tested security best practices still apply—like not clicking on links inside emails—one of the strongest defenses is to use a security product that notifies users about RMM tools (also sometimes referred to as Remote Desktop Programs) installed on their device. RMM tools are legitimate, but because of their abuses in cybercriminal campaigns, it is important that every installation is verified and tracked.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.