Confirmed, US Surveillance Aircraft Masked as Malaysian Planes to Spy on China

Limited Print and Electronic Distribution Rights:

This document, printed by SCSPI, is protected by law. Unauthorized posting of this publication online is prohibited. Permission is required from SCSPI to reproduce, or reuse in another form, any of its research documents for commercial use.

2020-09-18 | SCSPI

Previously, it was reported that US surveillance aircraft had been disguising as civilian planes of other countries operating alongside China’s coastlines, though lack of solid evidence. Recently, three days in a row, the SCSPI has found the US surveillance aircraft electronically impersonating Malaysian planes to conduct close-in reconnaissance near China’s coast by mysteriously broadcasting spoofed ICAO hex codes.

Worry as well as attention has been attracted from the international community once we released our findings. Media from the US, Canada, Russia, Malaysia and China made follow-up reports on this issue. After the cross verification from the open-source intelligence experts, our allegations turned out to be true.

On Sep 16, spokesperson Wang Wenbin of Chinese Foreign Ministry has also confirmed that the US military use ICAO hex codes of other countries to conduct close-in reconnaissance in China's coast, concurring what we had suspected. However, the US has made no comment on this so far.


What happened?

On the morning of Sep 8th, a United States Air Force (USAF) RC-135W (hex code: AE01CD) departed Kadena Air Force Base for a South China Sea mission. Later on the same route appeared a "Malaysian plane"(hex code:750548). It entered the South China Sea and patrolled intensively between Hainan Island and Paracel Islands, about only 50NM off the Hainan’s baseline, which obviously wouldn’t be a civilian aircraft’s route. Moreover, given their highly coincided tracks and timing, the mysterious “Malaysian plane” was suspected to be the RC-135W in disguise with a false hex code.


In the second such maneuver, around 3 am of September 9, USAF RC-135S (hex code: AE01D6) was spotted took off from Kadena for Northbound, but later on it stopped transmitting signals, and somehow replaced by a "Malaysian plane"( hex code: 752B29), which hovered over and over from 5 am to 11 am after entering the Yellow Sea, as close as about 56NM off Shandong.


The third incident on September 10, saw USAF RC-135W, with a Malaysian-assigned hex code “755CB7”, engaged in close-in reconnaissance on China, coming within 60NM of Guangdong, which revealed the original code “AE01CE” on leaving the South China Sea.


What we noticed has also got testified by open-source intelligence experts. Steffan Watkins, an independent research consultant based at Ottawa, made a cross check with on-site photos from photography amateurs and multiple ADS-B database such as, Radar Box24 and Flight Aware, and confirmed our allegations.



Common practice of US’s such maneuver, worldwide

The US surveillance aircraft impersonating other countries’ civilian planes might strike the public as strange even astonishing, but it’s never been a secret among military fans. Sputnik News has collected a couple of such examples of USAF using fake ICAO hex codes to disguise its spy planes, which seems to be a common practice.

On February 24, 2019, USAF RC-135W engaged in a mission off the northern Venezuela coast, using a false hex code of “3F9857”, according to @AircraftSpots.


On July 3, 2019, USAF RC-135W was spotted patrolling the Persian Gulf, using a spoofed hex code of “730000”, according to @GDarkconrad.


These cases are too numerous to mention. According to Wang Wenbin, spokesperson of Chinese Foreign Ministry, “The US reconnaissance aircraft have electronically impersonated civilian aircraft of other countries in the South China Sea for more than a hundred times, since the beginning of this year.”


Why are the US doing this?

Some questioned that, does the US need to perform such tricks to disguise themselves? Can’t they just turn it off once for all?

Indeed, it is unnecessary for military aircraft to have the transponder on all the time, which is usually turned off for confidentiality. However, they do have to turn it on in some special cases, like patrolling near China’s coast, for two reasons:

Live air traffic situation off Guangdong shown on Plane Finder at 11 am, Sep 16


Security comes as the first concern. When operating over the South China Sea, one of the busiest air domains in the world, US military aircraft has to turn on the transponder to prevent collisions and misidentifications.

The other reason is to cover for the reconnaissance operations. Basically, US reconnaissance aircraft are modified from civilian models. For example, the RC-135 series is modified from Boeing 707, a small number of which are still active in the world. Except for the painting, their appearance and radar characteristics are no different from each other. Moreover, the cabin width of the 707 is the same as the 737, the leading aircraft of Boeing nowadays, whose cross sections are also of similar size, which makes it harder to distinguish. If the transponder is turned off when conducting close-in reconnaissance, it will look abnormal on the radar, and easily be detected by the air traffic control department and air defense system of the adversary. By electronically masked as civilian aircraft of other countries could easily help them keep a low profile, because then they will be looking almost the same as the commercial airliners in terms of ADS-B signals as well as the radar reflections. Thus, it is of great practical value for the US military, especially when they are trying to strengthen reconnaissance on China.

The US military aircraft impersonating other countries’ aircraft (these aircraft usually do not exist), is mainly to cover up its own military operations. However, this behavior undoubtedly adds significant risks and unstable factors to global aviation safety, which will cause misjudgments, and be likely to bring danger to real civilian passenger aircraft, especially to those from the countries that are impersonated.

Tragic accident had happened due to the mix of the civilian and military aircraft as early as the cold war era. On September 1, 1983, a Korean Boeing 747, when flying over the Soviet’s Sakhalin Island, was misidentified as the USAF RC-135 that was also operating in this area, and shot down by a Su-15 fighter, causing all 269 passengers and crew killed.


With a view to maintaining and promoting the peace, stability and prosperity of the South China Sea, we launched the South China Sea Strategic Situation Probing Initiative (SCSPI). The Initiative aims to integrate intellectual resources and open source information worldwide and keep track of important actions and major policy changes of key stakeholders and other parties involved. It will provide professional data services and analysis reports to parties concerned, helping them keep competition under control, and seek partnerships.