Iran Will Not Allow Inspections of Secret Nuclear Sites

Primer: The Iranian Resistance has been monitoring the Islamic Revolutionary Guard Corps-controlled entity tasked with building the nuclear bomb, the Organization of Defensive Innovation and Research (Sazman-e Pazhouheshhaye Novin-e Defa’i), known by its Persian acronym SPND, for nearly two decades. SPND is comprised of 7 subdivisions, each of which carries out a certain portion of nuclear weapons research.

The unit responsible for conducting research and building a trigger for a nuclear weapon is called the Center for Research and Expansion of Technologies for Explosion and Impact (Markaz-e Tahghighat va Tose’e Fanavari-e Enfejar va Zarbeh), known by its acronym METFAZ.

Since April 2017, when the NCRI found out about a new military location being used by SPND, the coalition has focused its attention on all the potential SPND sites that we suspected were tasked with building the bomb. The NCRI’s investigation inside Iran was conducted by the network associated with the Mujahedin-e Khalq (MEK), which was responsible for blowing the cover off the program, particularly since 2002. More here.

photo

***

In December 2015, the IAEA decided to “close” the file on outstanding concerns about possible military dimensions of Iran’s nuclear program.
Without ever admitting to weaponization activities, Iran convinced the international community to wipe the slate clean. The IAEA’s report on the possible military dimensions of Iran’s nuclear program left many questions unanswered. In addition to prohibiting on site inspections of suspected military sites, Iran can delay IAEA
inspections of suspected sites without facing consequences. The JCPOA creates a minimum of a 24 day delay possibly longer between a formal IAEA request to access
a suspicious site and the date Iran must allow access. As Mr. Tobey explains, “24 days … [is] ample time for Iran to hide or destroy evidence.” More here.

***

“Iran’s military sites are off limits,” he said. “All information about these sites are classified. Iran will never allow such visits. Don’t pay attention to such remarks that are only a dream.”

Iranian President Hassan Rouhani followed up later by saying the U.S. call was unlikely to be accepted by the U.N. nuclear watchdog.

So much for what John Kerry and Barack Obama pledged to America right?

***

Decertifying the nuclear deal without walking away gives the Trump administration an opening to confront the Islamic Republic’s foreign meddling.

Jonathan Schanzer
11 October 2017 The Atlantic

President Donald Trump is taking considerable heat for his expected announcement this week that he will “decertify” the 2015 Iran nuclear deal. Critics say he is heedlessly discarding a deal that has been working, and needlessly putting America on a collision course with Iran.

As it turns out, Trump is actually not poised to “rip up the deal.” By decertifying it, the president and his advisors are, in fact, signaling their intent to strengthen it, with the help of Congress, so that the deal advances U.S. national security interests. Those interests are key criteria for the certification process, which takes place every 90 days, as laid out in the Iran Nuclear Agreement Review Act (INARA) of 2015. Right now, with the Iranians hindering inspection of military sites, working feverishly on their ballistic missile program, and banking on the nuclear deal’s sunset clauses, which all but guarantee Tehran an advanced nuclear program in roughly a decade, it’s hard to argue the deal is working for the United States.

Decertification has the potential to change all of that. The move will plunge Iran and the other parties involved in the nuclear deal into a state of limbo. It will prompt all sides to consider what the deal is worth to them, and what further compromises they may be willing to make to satisfy the national interests of the United States, as laid out by the Trump administration.

Under President Barack Obama, whose foreign-policy legacy was anchored to the nuclear deal, the promise of deferring (not preventing) Iran’s nuclear ambitions superseded all else. As a result, the fear of Iran walking away paralyzed Washington and prevented the Obama White House from making even reasonable demands of Tehran. The credible threat of a U.S. response to Iranian aggression was effectively off the table. So was the imposition of meaningful new sanctions, for that matter.

The coming decertification announcement provides an opportunity to break this paralysis. Trump is effectively telling Tehran that he sets the terms for the nuclear deal because he is not tethered to its success the way Obama was. The administration will then have a chance to chart its own Iran policy. As the 60-day INARA review period plays out, Trump can regain U.S. leverage, establish new red lines on Iranian behavior, and (unlike his predecessor) actually enforce them. If he does it right, he can do all of this without exiting the deal.

In response to decertification, Iran’s leadership will undoubtedly threaten to walk away from the table. But it’s not that simple. There are benefits the Iranians have yet to reap from the deal—beyond the more than $100 billion in released oil funds—ranging from increased foreign investment to greater integration with the global economy after years of economic isolation. In other words, Iran can still cash in considerably, but not if it balks at Trump’s calls to fix the deal.

The Europeans, Russians, and Chinese, are also reluctant to go along with Trump’s certification gambit. Some are already howling with disapproval. But some are already voicing their willingness to work with the White House. As the primary investors in Iran’s recent economic rebound, they have little choice but to try to resolve American concerns.

Of course, even the Chinese, Russians, and Europeans understand that they have a daunting task ahead of them. Iran is on a collision course with the West, one that has little to do with the nuclear file. Rather, it is about what the nuclear deal negotiators chose to ignore: Iran’s aggression across the Middle East.

Iran has harassed American ships in the Persian Gulf, held American sailors at gunpoint, bankrolled the murderous Assad regime in Syria, supported the Houthi rebels in Yemen, and furnished the majority of Hezbollah’s operating budget. And those are just a few of the highlights.

Tehran’s broader efforts to dominate the Middle East are also intensifying. From the deployment of its Revolutionary Guard Corps to far-flung corners of the region to the conscripting of Shiite irregular proxies to fight or hold territory in Syria and Iraq, Iran’s footprint continues to grow.

For American policymakers, Iran’s bid for regional hegemony is just as troubling as its nuclear ambitions. Together, they represent a dual Iranian strategy that cannot be separated, despite the P5+1’s efforts to do so back in 2015. This is why Trump should build on his decertification announcement with the rollout of a new Iran policy that actively counters these activities.

As it happens, the timing is fortuitous. The administration is slated to complete and roll out its Iran Policy Review by October 31st. If the policy lives up to the hints dropped by senior officials, the United States will once again push back on Iran’s malign behavior. If done right, it will do so wherever possible, and by using every pressure point available.

Such a policy would include designating the Revolutionary Guards as a terrorist group (a move mandated by statute by October 31st), but also new tranches of Treasury sanctions on Iranian bad actors, and other economic pressure. The financial targets figure to be non-nuclear in nature, to ensure that the United States remains compliant with the nuclear deal. But the pressure should be palpable.

From there, Washington is also expected to actively target Hezbollah, Iran’s most powerful and active proxy. The Trump administration and Congress have already signaled they will take aim at Hezbollah’s economic interests, while also weakening their positions across the Middle East.

Beyond that, Washington can take further steps to strengthen America’s allies, such as the Sunni Arab states and Israel, who are also willing to challenge Iranian aggression. This could mean greater intelligence-sharing and bilateral cooperation, but could also include new hardware and military capabilities. More broadly, the United States must signal that Iranian threats to its allies will be seen as threats to the United States itself.

Admittedly, none of this will be easy. The Middle East is a dangerous region that doesn’t respond well to change. The same can be said for Washington in the Trump era. But whatever challenges loom will be the cost of shattering the paralysis in Washington that has reduced America’s Iran policy to a false binary of either hewing to the nuclear deal or war.

The choices to counter Iranian aggression before the nuclear deal were many. President George W. Bush understood this at the tail end of his presidency. President Obama even understood this at the beginning of his. But Obama then chose to limit his options through the nuclear deal. This has not served America well. It’s time to restore those options. Decertification and a new Iran policy, if done right, can potentially put America back in the driver’s seat after two years of going along for the ride.

Russia has Provided N Korea Additional Hacking Platforms

Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.

Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.

The compromised documents include wartime contingency plans drawn up by the US and South Korea.

They also include reports to the allies’ senior commanders.

Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.

Mr Rhee belongs to South Korea’s ruling party, and sits on its parliament’s defence committee. He said some 235 gigabytes of military documents had been stolen from the Defence Integrated Data Centre, and that 80% of them have yet to be identified.

The hack took place in September last year. In May, South Korea said a large amount of data had been stolen and that North Korea may have instigated the cyber attack – but gave no details of what was taken.

North Korea denied the claim. The isolated state is believed to have specially-trained hackers based overseas, including in China. More here.

Russia is always part of the rogue nation process, it is curious of the timing as you read on. TransTeleCom is owned by Russia’s state-run railway company and has fiber optic cables that follow all the country’s main train lines, including all the way up to the North Korean border.

photo

Related reading: North Korea gets new internet access via Russia

Reuters: North Korea has opened a second internet connection with the outside world, this time via Russia, a move which cyber security experts said could give Pyongyang greater capability to conduct cyber attacks.

Previously traffic was handled via China Unicom (0762.HK) under a deal dating back to 2010. TransTeleCom now appears to be handling roughly 60 percent of North Korean internet traffic, while Unicom transmits the remaining 40 percent or so, Dyn said.

The new external connection was first reported by 38 North, a project of the U.S.-Korea Institute at Johns Hopkins School of Advanced International Studies (SAIS).

TransTeleCom declined to confirm any new routing deal with the North Korean government or its communications arm. In a statement, it said: “TransTeleCom has historically had a junction of trunk networks with North Korea under an agreement with Korea Posts and Telecommunications Corp signed in 2009.”

North Korea’s internet access is estimated to be limited to somewhere between a few hundred and just over 1,000 connections. These connections are vital for coordinating the country’s cyber attacks, said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye, a cyber-security company.

Boland said the Russian connection would enhance North Korea’s ability to command future cyber attacks.

Having internet routes via both China and Russia reduces North Korea’s dependence on any one country at a time when it faces intense geo-political pressures, he said.

Many of the cyber attacks conducted on behalf of Pyongyang came from outside North Korea using hijacked computers, Boland said. Those ordering and controlling the attacks communicate to hackers and hijacked computers from within North Korea.

“This will improve the resiliency of their network and increase their ability to conduct command and control over those activities,” Boland said.

The Washington Post reported earlier that the U.S. Cyber Command has been carrying out denial of service attacks against hackers from North Korea designed to limit their access to the internet. (wapo.st/2yRbg8w)

In February 2005, the TTK became the largest party in terms of the European Internet Exchange London Internet Exchange (LINX). In July 2005, the TTK became the fifth operator in Russia, received the right to provide long-distance services (after Rostelecom, Tsentrinfokoma, Golden Telecom and MTT). “TransteleCom” JSC provides communications services in Kazakhstan and for a map of locations and services, go here.

S Korea Pursuit of the Blackout Weapon

As the United States flew B1 Lancers based out of Guam in exercises with South Korea and Japan over the Korean Peninsula, the Trump White House was meeting with Pentagon officials on expanded details and strategies with regard to North Korea.

Meanwhile, China continues to demand that all sides tone down the threatening talk and military activities. Has anyone asked China if they are accepting North Korea’s nuclear weapons as a standard condition?

Additionally, more sanctions are taking place including naming four cargo ships under North Korea’s authority from being received in several ports due to hidden illicit cargo transports as recently exposed in Egypt.

Moving to preemptive strategies, South Korea is developing a new weapon called a ‘blackout weapon’ which is not to be confused with an EMP. This blackout weapon, known as a graphite ordnance was developed and used by the United States during the first Gulf War and later in the Balkans.

The purpose of this weapon is to destroy the power grid in hostile nations as a part of the tactics applied where military actions are likely to escalate.

Known as “blackout bombs,” the warheads can be dropped by a plane over power stations. A form of cluster bombs, they split into several canister-like “sub-munitions,” which in turn release carbon graphite filaments that short-circuit the electricity supplies.

South Korea is adding the weapons to its arsenal as part of one of its recently-developed military programs, the so-called “Kill Chain,” which aims to detect an imminent missile attack from the North and react with a pre-emptive strike.

No shots are actually fired and there is no injury or death component to using the blackout bombs. The objective is the merely destroy power stations by short circuiting the systems.

The BLU-114 was developed as a highly classified weapon intended to effectively neutralize electrical power infrastructure without destroying it. This weapon also has been referred to as the ‘soft-bomb’ or the ‘graphite bomb’. Like many other cluster bombs it can be released from virtually any tactical aircraft operated by the United States or allied countries.

The BLU-114 disperses large numbers of chemically treated carbon graphite filaments which short-circuit electrical power distribution equipment such as transformers and switching stations. Used in large numbers it can even shut down the entire power grid of a given country. This weapon represents an excellent sample of non-lethal weaponry with near zero collateral damage.

The CBU-94 Blackout Bomb is the main application for the BLU-114 warhead. It was reported to be employed during the conflict of the former Yugoslavia in 1999 short-cincturing the electrical power infrastructure of Serbia during operation Allied Force. It has been suggested that the BLU-114 or a very similar warhead was integrated into the Tomahawk missile and the AGM-154 JSOW standoff weapon.

  photo

A tactic known as a ‘kill chain’ does not represent death but rather it is a pillar as part of a first strike mission to begin the process of neutralizing battle-space.

Applying all intelligence including satellite reconnaissance as well as cyber and signals intelligence is part of the operations in the stepped process to execute war strategies.

The second and third prongs of South Korea’s defense strategy include missile defense and retaliatory strikes from aircraft in the event North Korea launches a missile. They include the Korean Air and Missile Defense (KAMD) system, and the Korean Massive Punishment and Retaliation (KMRR) plan. KAMD is a controversial plan to develop a system to intercept short-range missiles. KMRR is a concept for destroying Pyongyang in the event of a North Korean nuclear first strike.

But it is the first and most dangerous part of the new military strategy – the “Kill Chain” – that has diplomatic observers worried. Such a pre-emptive strike would almost certainly lead to war – and not just any war, but regional nuclear war.

 

Lies in the Sky, Terror on the Ground Part 2

Part one of this investigation, go here.

Additional information regarding the requirements by TSA, go here.

Could 9/11 happen again? The answer is yes but it would not follow the same model as that fateful day. Follow this narrative to see the gaps.

Then, the new director of the FBI gave some compelling testimony this week about the drone threat.

The FAA was warned in 2009 that people with terrorist ties were licensed to fly and repair aircraft. Eight years later, it is, incredibly, still the case.

Nader Ali Sabouri Haghighi’s own pilot certificate, it turned out, had been revoked years earlier for providing false information, but the Federal Aviation Administration conveniently mailed him a new one. Haghighi had called the FAA hot line claiming to be a professional pilot named Daniel George who had lost his license. He then recited George’s license number and other personal details that he’d obtained from their business dealings. Without asking further questions, the FAA agent sent Haghighi a license with George’s name on it.

It ought to have been difficult for the black-haired, brown-eyed Iranian to use a pilot’s license belonging to a fair-skinned, gray-haired American nearly 20 years his senior, except for one factor: FAA pilot licenses do not include photographs of the pilot. Haghighi was able to pull off his ruse for nearly four years until Danish police found the license in the rubble of the crash.

Almost a decade after Haghighi’s brazen identify theft, the FAA still does not include pilot photos on its licenses, and the agency does not fully vet pilot information before issuing them credentials. Last year, a leading congressional overseer of the FAA, then-Representative John Mica, called US pilot licenses “a joke” and said that a day pass to Disney World in his native Florida contains more sophisticated security measures.

FAA officials defend their licensing practices, noting that pilots are also required to carry a government-issued ID such as a driver’s license to prove their identity. The pilot certificate, they say, is more an indicator of the pilot’s level of training than a security tool, and commercial airports and airlines generally issue their own IDs for access to tarmacs, planes, and other secure areas.

But the flawed airman licenses are part of a troubling pattern of lax oversight of more than 1 million FAA-approved airmen — including pilots, mechanics, flight attendants, and other aviation personnel — that has made the agency vulnerable to fraud, and the public vulnerable to those who mean to do harm, a Spotlight Team review has found.

After the 9/11 attacks, Congress called on the FAA to overhaul its licensing for more than 600,000 US-certified pilots. But the FAA’s changes so far have been modest, such as making licenses with higher-quality materials to reduce forgeries. Today, FAA security procedures remain geared more toward the convenience of pilots than the needs of a nation engaged in a “war on terror,” often failing to challenge airmen’s claims on their applications and seemingly unaware of deceptions.

Haghighi, for example, continued to finagle help from the FAA even after he went to jail in Denmark for flying without a valid license and endangering his passenger. After his release, the FAA issued him a medical certificate that helped him land a job at an airline in Indonesia in 2014. All he had to do was change one letter in the spelling of Sabouri and alter his birth year. An official at another federal agency eventually tipped off the FAA to Haghighi’s duplicity.

Or take the case of Richard Hoagland. Beginning in 1994, he purchased homes, registered a plane, obtained a pilot license, and even got married under the name Terry Symansky, according to court records. The ruse wasn’t discovered until Symansky’s nephew was doing family research on Ancestry.com and found that his late uncle was listed as alive. The FAA never caught on that the real Terry Symansky had been dead since 1991, issuing Hoagland a new private pilot certificate in Symansky’s name as recently as 2010. Hoagland is now serving a two-year sentence in federal prison for identity theft.

FAA procedures also make it easy for pilots to hide damaging information, by simply not reporting it. That’s because the agency relies on them to self-report felony convictions and other crimes that could lead to license revocation. Among the licensed pilots currently listed in the airman registry are Carlos Licona and Paul Grebenc, United Airlines pilots who were sentenced to jail in Scotland earlier this year for attempting to fly a commercial airliner with alcohol in their blood. Under FAA rules, an alcohol-related offense, especially related to flying, can be grounds for license revocation or suspension, though the FAA decides on a case by case basis.

But as of Sept. 1, Grebenc and Licona were still listed in the FAA’s active airman registry. Agency records showed that as of January, four months after the men were arrested, there were no reported incidents or enforcement actions related to the pilots.

FAA officials stress that they are not the police officers of the skies, leaving that job to an alphabet soup of agencies including the Transportation Security Administration, Homeland Security, and the FBI. The FAA merely issues the airman certificates and keeps the database that helps these investigators do their work. And, while FAA officials admit they don’t routinely investigate information that pilots, mechanics, and others list on license applications, the TSA says it continuously reviews the FAA database against the Terrorist Screening Database, additional terrorism-related information, and other government watch lists. Since 2010, the TSA has completed 28 million airman threat assessments.

But it is hardly a fail-safe system. Outside reviewers have repeatedly found that the FAA’s Airman Registry is riddled with errors and gaps, making it difficult for law enforcement officials to rely on. More than 43,000 pilots received licenses even though they did not provide the FAA with a permanent address, according to a 2013 audit by the Department of Transportation inspector general. Two years earlier, the Department of Homeland Security inspector general found that 8,000 of the Social Security numbers on file belonged to dead people, in part because the FAA doesn’t purge its files of dated information. Another 15,000 didn’t match the airmen’s personal information on file.

When asked whether the FAA vets the information on airman certificate applications, officials did not answer directly. The FAA issued a statement reading, “Pilots are expected to provide accurate and complete information on all FAA forms.”

Agency officials also said that, when pilots apply for medical certificates — a crucial document needed to fly — they conduct a one-time check against the national drivers’ database for drug- or alcohol-related convictions.

The lack of accurate information can have serious consequences. Last October, when a student pilot from Jordan intentionally crashed a twin-engine plane near a major defense contractor in East Hartford, Conn., law enforcement officials initially feared terrorism and converged on the Illinois address he had given the FAA. But the student, Feras M. Freitekh, had listed the address of a family friend, a place where he had never lived, so law enforcement descended on a house nearly 900 miles from his actual home.

Most worrisome, even with ongoing TSA vetting, people with suspected or proven ties to terrorism still keep active airman certificates.

FAA-Approved offenders

Mark Schiffer couldn’t believe what he was finding.

Schiffer, the chief scientist for a company that helps banks detect fraud, was simply testing an algorithm to check names against publicly available watch lists that included suspected terrorists and other bad actors. In April 2009, he was using data from the FAA Airman Registry for his test because the list was large and readily available.

But he kept turning up terrorists.

There was Fawzi Mustapha Assi, who was on the FBI’s most-wanted list for five years before being convicted of providing material support to Hezbollah in 2008. Though imprisoned, he had an active pilot’s license, which never expires. His release was expected in a few years.

Also on the list was Myron Tereshchuk, an FAA-certified mechanic and student pilot, who was convicted in federal court in 2005 for possession of biological agents or toxins that could be used as weapons. Tereshchuk was also in prison, but he, too, was expected to be released in a few years.

And there was Abdelbaset Ali Mohmed al-Megrahi, who was sentenced to life in prison for his role in the bombing of Flight 103 over Lockerbie, Scotland. Scottish authorities released him in 2009 on compassionate grounds after he was diagnosed with terminal cancer. He still had a valid aircraft dispatcher certificate from the FAA.

“Holy cow,” Schiffer said to himself.

In all, Schiffer and his company, Safe Banking Systems of New York, confirmed eight matches between FAA-approved airmen and various watch lists.

“The results were as unexpected as they are chilling,” Safe Banking Systems said in a June 2009 report distributed to nearly 40 lawmakers and top government officials, including the FAA administrator and then-Secretary of State Hillary Clinton.

But no one responded until a New York Times reporter asked the Transportation Security Administration about the certified airmen with terror ties listed in the Safe Banking Systems report. The following day, in June 2009, the TSA advised the FAA to revoke airman certificates for six of the eight names that SBS gave to the reporter.

The Department of Homeland Security’s inspector general, in an 18-month investigation released in July 2011, found that the TSA’s ability to screen airmen for national security threats is hampered by the quality of information the FAA provides. The TSA could not properly vet thousands of airmen because of missing or inaccurate data within the FAA’s registry, according to the report. From 2007 to 2010, the TSA recommended the revocation of 27 licenses, but that number would likely have been larger had all of the information been complete.

The inspector general also found that the TSA doesn’t screen for broader criminal activity, allowing airmen who “have outstanding warrants or are known fugitives” to escape detection. The IG said that one US-approved pilot was actually a “drug kingpin” serving 20 years in a foreign prison.

Since then, the TSA and FAA have stepped up their screening for national security threats, reviewing the FAA database four times a year to ensure accuracy.

The Spotlight Team wanted to check whether the heightened scrutiny has improved the FAA’s record in preventing bad actors from having pilot’s licenses. At the request of the Globe, Safe Banking Systems tested the public part of the airman registry and again found problems.

Running the same name-matching program in January 2017, SBS found five active airmen on watch lists with possible ties to terrorism or international crime, including Tairod Nathan Webster Pugh, a former Air Force mechanic who bought a one-way ticket to Turkey in 2015. His packed bags included flash drives with maps, a letter to his wife about jihad, and his Federal Aviation Administration airman certificate, according to court records. When he was arrested, Pugh was headed to Syria to offer himself as an aircraft mechanic.

In May, Pugh was sentenced to 35 years in prison for attempting to provide material support to the Islamic State, though he is appealing.

On Aug. 1, Pugh’s name still appeared on the FAA’s list of active airmen. But Pugh was removed by Sept. 1, days after the Globe requested his records. FAA officials now say that Pugh’s license was actually revoked in 2015, though on Friday, they could not explain why his name continued to be on the active list for another two years.

In addition, SBS turned up a long-time American Airlines mechanic who attempted to broker a deal that would have moved seven Airbus A300s to Iran, which the United States has identified as a state sponsor of terrorism; a Florida businessman who was planning on illegally shipping navigation systems used for steering planes, ships, and missiles to Turkey; and an Irish pilot sanctioned by the US Office of Foreign Assets Control for his connections to a company and plane that were also sanctioned. The mechanic and Florida businessman both have been released from prison, while the Irish pilot has not been charged with a crime.

In August, when the Globe requested information about the airmen identified by SBS, FAA records contained no indication that any of the five had faced FAA enforcement action.

“Have things really changed? Does the government know who they are dealing with?” said David Schiffer, Safe Banking Systems’ chief executive officer (and Mark Schiffer’s father). “The fact that some are licensed while still incarcerated is unbelievable. We certainly view this as a very serious threat to national security.”

A History of Deceit

Long before the crash in Denmark, Nader Haghighi had spent years duping the FAA. When his name came across the desk of federal investigator Robert Mancuso in late 2008, Haghighi had already racked up a significant criminal record for stealing a plane, had had his pilot’s license revoked, and had even been deported from the United States in 2006, according to federal investigative reports and court records. And the FAA was receiving two new calls per month about Haghighi’s scams.

Mancuso, a special agent for the US Department of Transportation Inspector General’s Computer Crimes Unit, began investigating a report that Haghighi had tried to illegally obtain a pilot’s license online using Daniel George’s name. Mancuso quickly discovered that George was just one more victim of a con man who used at least a dozen aliases and falsely claimed to have a degree from the Massachusetts Institute of Technology and a job at Lockheed Martin.

But Haghighi made a mistake when he initially tried to get George’s license. He had collected George’s personal information when he hired the professional pilot to fly a plane for him. But when Haghighi entered the stolen information online to get a copy of George’s license, Haghighi neglected to change the e-mail address on the account, so George received notification about the new license and contacted the FAA. The agency intercepted the certificate before it was sent out.

And Mancuso thought that was the end of it, though he kept investigating Haghighi.

Then, when Haghighi crashed with George’s license in his possession a few years later, Mancuso made a stunning discovery: Haghighi had found yet another way to get a license. He called the FAA directly, posing as George and complaining that he had never received the certificate he had requested weeks earlier. The FAA, without further investigation, mailed out a new copy to Haghighi’s post office box in Texas, something an FAA employee told Mancuso was “not uncommon for our office to do, based on a phone call from the airman.”

“I was shocked,” said Mancuso, who traveled to Denmark to testify against Haghighi. “I assumed that some type of fraud alert would be placed on Mr. George’s record to prohibit this from happening, especially when it was sent to the same bad address.”

The FAA said pilots today can no longer request duplicate certificates by telephone, but they can get them online or by mail.

During his trial in Denmark, Haghighi tried yet another scam, insisting that his real name wasn’t Haghighi or George but the one on another passport recovered from the crashed plane. But the judge didn’t believe him and sentenced Haghighi to 10 months in prison for endangering passengers, including children, flying without a valid license or a required co-pilot on multiple occasions.

Even then, Haghighi was not through tricking the FAA. A year after his release from prison, in February 2014, he contacted the agency to secure another medical certificate, which is needed for pilots to fly.

On his application, he changed his name from “Sabouri” to “Saboori” and his birth year from 1972 to 1973. According to a US Department of Transportation investigative report, Haghighi lied repeatedly on the form, claiming that he had not visited a medical professional in three years, even though emergency responders had found him unconscious inside a crashed plane just two years earlier.

His word was good enough for the FAA, which gave Haghighi a new certificate that he promptly used to land a job with Susi Air, an Indonesian airline.

Flying again

Haghighi is an extreme example, but his case is by no means isolated. At least one other pilot on the FAA registry, Re Tabib, won his license back after he went to prison for attempting to smuggle aircraft parts to Iran and was formally declared a security threat by the TSA.

In 2006, federal officers seized thousands of aircraft parts, some packed in suitcases, and “shopping lists” from the California home of Tabib, an Iranian-born FAA certified pilot. He was arrested on charges of attempting to illegally export parts for F-14 Tomcat jets to Iran.

Tabib, a veteran airman who at one time piloted private flights for the designer Gianni Versace, pleaded guilty and served time in federal prison from July 2007 until January 2009. Yet, according to court records, the FAA issued him an Airline Transport Pilot certificate, the highest-level license for pilots, just three months after his release, allowing him to fly large jets.

Unlike other pilots with a criminal record, Tabib made no attempt to hide his past, alerting the agency about his felony conviction on an application form that calls on candidates to disclose any previous arrests or convictions. But the FAA — which can suspend flying privileges for anyone with an ATP license it judges not of “good moral character” — did not revoke or suspend his license.

As of August, FAA records revealed no incidents or enforcement records connected to Tabib. The agency declined to comment further on Tabib’s case but said it examines possible violations of the “good moral character” standard on a case by case basis. The agency said that a criminal conviction is not automatic grounds for action against an ATP license.

In June 2009, just months after Tabib received his new certificates from the FAA, Safe Banking Systems, the New York fraud detection company, matched Tabib’s name to public watch lists and passed it along with others to The New York Times.

The TSA responded to the story by advising the FAA to revoke Tabib’s certificate. Tabib’s airman certificates gave him “insider access” that, combined with his connections to Iran, could render him a security threat, according to a 2010 decision by an administrative law judge.

Tabib fought the decision for years and finally reached a settlement with the TSA in 2012. His attorney, Robert Schultz, said the law permitting the TSA to revoke airman licenses is unconstitutional because it treats airmen as presumed guilty without proper due process.

“Mr. Tabib was a professional pilot who was denied the right to earn a living for years based on mere suspicion,” Schultz said, referring to the TSA threat assessment. Last year, the FAA issued him new commercial pilot and flight instructor certificates.

This time, Tabib’s name was kept out of the FAA database of active airmen that the public can download to review the full list of pilots and mechanics. As a result, his name did not appear this year when Safe Banking Systems checked for airmen who had been on terror watch lists. More than 350,000 airmen were excluded from the public database at their request.

Recent social media posts show Tabib in front of a King Air C90 turboprop aircraft. A photo from this spring shows him wearing an aviation headset in the cockpit of a plane at the Azadi airport in Iran. His Facebook page says he’s now a flight instructor and pilot at John Wayne Airport in Orange County, Calif. Tabib is flying again.

Con air

Mario Jose Donadi-Gafaro, a US-licensed pilot, died along with six others in a horrific plane crash in Venezuela in 2008 when his plane plummeted into a bustling neighborhood a few minutes after takeoff. He never made a distress call, and questions still remain nine years later about the cause of the accident.

But another mystery is how Donadi-Gafaro, a pilot who also moonlighted as a drug trafficker, kept a US pilot’s license as long as he did.

Donadi-Gafaro’s criminal career began at least a decade before the crash. His initial US felony drug conviction in 1999 for importing cocaine into Miami International Airport should, under FAA rules, have immediately triggered agency scrutiny of his license.

But even after the pilot was convicted a second time — this time in Venezuela — in 2006 for attempting to transport cocaine on an aircraft, the FAA did not revoke Donadi-Gafaro’s license. Instead, the agency gave him a promotion. He applied for and was issued his Air Transport Pilot’s License, the gold standard of US airmen ratings, on July 23, 2007. Almost a decade after the crash in Venezuela that killed him, the FAA still listed Donadi-Gafaro as an “active” pilot, including him in its database as recently as March 2016.

The agency finally deactivated his license in 2016 after the Globe began asking questions about it. The FAA declined to comment on whether Donadi-Gafaro had reported his conviction, saying that information is protected under the Privacy Act.

‘We don’t know who they are’

A frustrated John Mica held up a plastic card as he addressed a 2016 hearing of his House subcommittee on the topic of “securing our skies.” The card, borrowed from then-Representative Tammy Duckworth, a pilot, was an example of a modern FAA certificate.

“An airline pilot has access to the controls, flying the plane,” said Mica, but a US pilot’s license lacks basic security features and includes only a decorative picture. “The only photo on this license are the Wright brothers, Orville and Wilbur. Orville and Wilbur, I blew it up here. OK?”

To make his point, the congressman held up an entry pass for Disney World. The card, decorated with Minnie Mouse, has a magnetic strip that is capable of linking identities to fingerprints. This allows Disney to track when cardholders enter or leave the park. The FAA license is primitive by comparison.

“This is Minnie Mouse,” said Mica, referring to the Disney pass. Then, nodding to Duckworth’s certificate in his other hand, he added, “and this is Mickey Mouse.”

Congress long ago called on the FAA to implement significant changes. The Intelligence Reform and Terrorism Prevention Act of 2004 mandated not only pictures of pilots, but also that pilot licenses include biometric capabilities such as fingerprints or iris scans.

“Fifteen years later, we see a system that has not complied with the laws that we have passed multiple times,” said Mica. “We have pilots that are flying planes. We don’t know who they are.”

The FAA said that it has made some improvements. In 2003, the agency switched from paper licenses to new “security-enhanced airman certificates,” the FAA said. The plastic documents include an FAA seal and, according to the FAA, are resistant to tampering, alteration, and counterfeiting.

But lawmakers have repeatedly challenged the agency on why the FAA has not followed congressional mandates regarding the licenses. Mica, in particular, voiced his concern publicly about the licenses in letters and hearings in 2010, 2011, 2013, and most recently, last year.

In 2017, the former congressman says he’s still concerned about the lack of progress and failure to have a “credible” document.

“We tried to get them to comply, but they never did fully comply,” Mica said. “Any credit card in your wallet has better capability.”

Many pilots and flight instructors opposed the photo IDs, some complaining that it could add to the cost of licensing without improving national security. In written comments to the FAA, pilots said the photo on the license was unnecessary because they are already required to carry other photo IDs — and because airport officials never ask to see pilot certificates anyway.

“Many of our members describe this effort as ‘security theater,’ putting a photograph on a document that authorities never ask for,” said Doug Stewart, chairman of the Society of Aviation and Flight Educators, in a 2011 letter.

“What is most critical in the issuance of an FAA pilot certificate from a security standpoint is the accurate establishment of the pilot’s identity, background descriptors, and qualifications,” wrote Robb Powers, chairman of the national security committee at the Air Line Pilots Association, International. “Presently, FAA does not verify the identity of the person requesting a pilot certificate other than through visual inspection of the individual’s driver’s license or passport.”

As of last month, the agency said it, along with the Department of Transportation, is “still evaluating options for including a photo,” a project expected to cost about $1 billion.

While the FAA has pondered additional security requirements for more than a decade, special interest groups have worked to quietly relax regulation for pilots. In a victory for advocates of general aviation, Congress eased the medical requirements for pilots seeking a basic license, requiring only a visit to the family doctor and participation in an online course provided by the Aircraft Owners and Pilots Association. And the FAA reauthorization bill now in the Senate includes an amendment to roll back some commercial pilot training requirements enacted after a 2009 regional airline crash that killed 50 and was blamed on pilot error.

‘What a nightmare’

Early into his new job, officials at Susi Air in Indonesia grew suspicious of Nader Haghighi and discovered that his passport number belonged to someone else. They alerted the United States.

Robert Mancuso, the Department of Transportation investigator who tracked Haghighi for years as the con man fooled authorities while using many aliases, including Nader Schruder, learned about the latest escapade and sent an e-mail to FAA officials.

“Hello all! It’s my yearly e-mail regarding Mr. Nader Schruder. He seems to have popped back up in Indonesia with his revoked FAA certificate . . . Can you also run a search for any pilots with the name ‘Nader Ali Saboori’ to make sure he doesn’t have another certificate.”

The FAA responded the next day: “I do show a record for SABOORI; Nader Ali with a First Class Medical certificate issued 2/27/14 . . . It’s probably the same airman.”

Haghighi soon after found himself without a job. He left Indonesia and was detained during a stopover in Panama after US authorities put out an alert. In November 2014, Haghighi pleaded guilty in US District Court in Houston to four counts of identity theft.

George, the man whose identity Haghighi stole, wrote a letter to the judge detailing the personal toll — hundreds of thousands of dollars in lost revenue from potential pilot positions and thousands of hours spent trying to figure out where Haghighi would turn up next.

“What a nightmare this man has been to me personally and professionally,” George wrote.

After Haghighi was released from federal prison in October 2016, he was deported to his native Iran — ending roughly 15 years of deception.

“It’s sad it went on this long. He was putting the public’s life in danger,” said Mancuso, now a special agent at another federal office of the inspector general.

Haghighi, in Facebook messages to a Globe reporter, expressed no remorse for his behavior and described the FAA in bluntly critical terms: “know the right person, pay the right amount in a right way and then the sky turns green.”

The Globe could find no evidence that Haghighi has a US pilot’s license today, but a Facebook photo update in March suggests he hasn’t given up hope: He was smiling from the cockpit of a plane with his hand inches away from the controls.

For full access to photos and videos go here.

Lies in the Sky, Terror on the Ground

BostonGlobe: The United States remains an easy mark for drug dealers, terrorists and others who prize anonymity when registering aircraft or getting licensed to fly. So much for the lessons of 9/11.

As he sought to unspool the story behind the tragedy, Asnaldo Del Valle Gonzalez would come face to face with what he calls “the monster,” the web of secrecy that surrounds thousands of planes like the one that devastated his family, making it nearly impossible to identify a plane’s real owners and hold them accountable.

A Spotlight Team investigation has found that lax oversight by the Federal Aviation Administration, over decades, has made it easy for drug dealers, corrupt politicians, and even people with links to terrorism to register private planes and conceal their identities. With the US stamp of approval — signified by a number on the tail fin that always begins with the letter “N” — owners often find more freedom from scrutiny and anonymity while traveling. This has allowed criminals and foreign government officials to mask illicit activities or keep wealth hidden from their home countries.

The registered owner of the crashed twin-engine Piper, a company called Aircraft Guaranty, is part of a nearly invisible private industry that sometimes operates from computer terminals inside FAA offices in Oklahoma, busily registering planes on behalf of foreign nationals — and working in a system that allows them to hide their names from the public. More than 1,000 planes are registered in Aircraft Guaranty’s name at an address in a Texas town of 2,500 that doesn’t have an airport. But it’s enough to give clients both anonymity and coveted US registration for their planes.

Gonzalez never did figure out who really owned the plane that crashed into his home — even when the name of the client Aircraft Guaranty had on file, Luis Nuñez, was revealed during court proceedings. A court official who visited the listed Miami address for Nuñez found cobwebs on the doorknob and a package addressed to someone else. A private detective working for Gonzalez’s attorneys spent a year searching for additional clues and for Nuñez, before concluding that he was nothing more than a “phantom person.” The Globe also was unable to locate Nuñez.

More than 16 years after aircraft were used as weapons in the worst terrorist attack in US history, the FAA still operates more like a file clerk than a reliable tool for law enforcement, enabling secrecy in the skies here and abroad. The price to register a plane is still just $5 — the same as in 1964, even though the agency has the power to raise it — generating little revenue that could be used to expand oversight. And the FAA does so little vetting of the ownership and use of planes listed in its aircraft registry that two of the airliners hijacked and destroyed on 9/11 were still listed as “active” four years after. And that’s prompt compared to this: The FAA didn’t cancel the registration for one TWA cargo plane until 2016, 57 years after it crashed in Chicago, killing the crew and eight people on the ground.

Today, thousands of planes are registered using practices that can allow for anonymity of ownership. A Spotlight review shows that one out of every six aircraft is registered through trusts, Delaware corporations, or using post office box addresses, techniques commonly used to make it hard to discern the true owner. The number is likely even higher because the FAA acknowledged that it does not verify the validity of documents filed for the registry’s more than 300,000 planes.

There are 314,529 aircaft with N-numbers in the FAA’s registry.

54,232 of those aircraft are registered using known secrecy tactics.

7,610 are registered to companies known for providing trust services to non-U.S. citizens.

Critics, including federal investigators who’ve scrutinized the aircraft registry, say it is little more than “a big file cabinet” in which precious little information has been verified, leaving the door open for people with bad intentions to hide behind a US registration.

FAA officials essentially agree. They stress that they have a “robust oversight system” that includes a team of special agents to investigate fraudulent plane ownership, but say they don’t have the resources to determine whether information on US plane registration forms is accurate.

“The FAA is constantly working to strengthen the integrity of Registry information,” according to an FAA statement to the Spotlight Team that came after months of correspondence about the registry’s shortcomings. “The agency is developing a plan to significantly upgrade and modernize the aircraft registration process.”

But that’s no guarantee reforms will come swiftly, if at all. The FAA has a reputation for making change at a snail’s pace even when problems are clearly identified: The agency, for example, still doesn’t put a photo of the pilot on airman’s licenses 13 years after Congress called for it.

“It is like walking through thick glue. They just don’t move very quickly at the FAA, and it’s a chronic problem,” said former North Dakota senator Byron Dorgan, who served as chairman for the Senate aviation panel in 2009 and 2010. “I would have thought after 2001 that we would have made more progress by now with respect to verifying the ownership of aircraft.”

Today, the public often only discovers the gaps in US oversight when something goes wrong or criminal investigators get involved:

The Venezuelan air force shot down a US-registered, drug-loaded plane near Aruba in 2015, leaving a trail of bodies and cocaine floating in the bright blue sea. Records showed the aircraft was registered to a Delaware shell company and managed by Conrad Kulatz, a Fort Lauderdale attorney in his late 70s.

Federal agents investigating US-registered planes that bore the hallmarks of drug smuggling in 2013 found that three had been illegally registered here in the name of a Mexican national. He fooled the FAA simply by listing a Texas strip mall near the Mexican border as his address and claiming to be a US citizen.

Early this year, US officials labeled Venezuela’s vice president, Tareck El Aissami, a foreign narcotics kingpin, freezing access to his US assets, including a luxury jet. The Treasury Department charged that the jet, registered at the FAA in the name of a shell company, was actually controlled by El Aissami, who, in addition to drug trafficking, also has been accused of aiding Islamic extremists. But, at the FAA, the jet’s registration remains valid in the name of 200G PSA Holdings.

In 2015, federal authorities broke up a scheme to deliver US airplanes registered through trusts to an Iranian airline that US officials say helps to transport troops and materiel to the brutal regime of Bashar Assad in Syria. Though the sale was stopped, the names of the people who planned to sell the airliners to Mahan Air were not revealed publicly.

Photo, Mohammed Atta, 911 attacker crop duster

With so little oversight, there may be more dangerous people in control of American-registered planes whose names have not come to light. The 9/11 conspirators considered using private crop-dusting planes to launch terror attacks before deciding to hijack commercial planes instead. Three months before the World Trade Center attack, terrorist Zacarias Moussaoui was trying to acquire crop dusters in Oklahoma. There is no reason to think his efforts would have been blocked or even noticed by the FAA’s Aircraft Registry just a few miles away in Oklahoma City.

Responding to the Globe’s findings, US Representative Stephen Lynch, a Massachusetts Democrat who has long promoted corporate transparency, said the public urgently needs to know whether there are other potential terrorists among the thousands of unknown individuals who control US-registered planes.

“The FAA has basically abdicated their responsibilities,” said Lynch, who in July filed a bill requiring that the real owners of US-registered planes be publicly disclosed. “We have all these aircraft being operated by who knows who and for what purpose. . . . It’s not the exception, it is the rule, and I think it is important to hold the FAA accountable.”

Family pictures, fitness schedules, sticky notes, and birthday balloons decorate the computer terminals inside the FAA Civil Aviation Registry’s public documents room in Oklahoma City.

This is where members of the public can look up information on US-registered planes, but the terminals at the back are rarely used, according to the man at the desk, and when a Globe reporter tried one, it was slow and balky. Most of the other terminals — many of them seemingly better machines equipped with double monitors — are used by the same people day after day, and they’ve dotted their workstations with personal items.

They work for aircraft title companies, law firms, and companies that create trusts — the way for foreign nationals to register their planes here legally and without attracting public attention. Companies actually lease terminals in the document room, allowing Aircraft Guaranty to boast to potential clients that it has an office inside the FAA’s Mike Monroney Aeronautical Center.

For anywhere from a few hundred to several thousand dollars, the agents will create a legal trust to “own” private aircraft on behalf of their actual owners, whose names are typically not disclosed to the public. The registration form itself is even easier to complete — less work than registering a car in most states. Once the paperwork is done, agents can turn it in at the cashier’s window in the corner of the document room, paying a $5 registration fee whether the plane is a $20,000 Piper Tomahawk or a $20 million Learjet.

Then, the FAA is supposed to review the registrations for completeness, but a 2013 outside review found that the FAA is not very thorough. The Department of Transportation inspector general audit estimated that records for more than half the aircraft registered to non-US citizens through trusts were incomplete.

In part because US plane registration is so cheap, easy, and often anonymous, it is extremely popular for people registering internationally. Two-thirds of business jet owners worldwide register their planes in the United States, according to a 2014 estimate on the website Corporate Jet Investor. Another bonus: US-registered planes are believed to attract less attention when traveling internationally.

Defenders of these “noncitizen trusts” say they’re an important tool for businesses, especially companies that include foreign nationals among their owners or executives. US corporations conducting global business might have key officers who do not meet the FAA’s citizenship requirements. Additionally, noncitizens who plan to relocate planes from the United States sometimes set up trusts so that the plane has a legal owner while in transit.

Under US law, foreigners can’t legally register a plane here unless they have a US citizen or US-based legal entity to serve as their representative in dealing with the FAA. It is a longstanding safeguard that, in practice, safeguards nothing.

Champions of the trust system also point out that the FAA has tightened up the rules in recent years, requiring the trustees to disclose agreements with their clients to the FAA at the time of application for registration. The trusts don’t have to keep the names of their clients in the FAA’s permanent record, but they are supposed to make the information available to investigators when asked.

The FAA checks for the completeness of the paperwork, and trusts are often reviewed by the agency’s legal counsel’s office. However, the agency does not verify that the trust information is accurate, nor are they required to under the law. When the Department of Transportation inspector general tried to get the names of the real owners directly from trust companies in 2013, investigators said some trustees either refused to provide the information or took months instead of the two days allowed by the FAA to turn over the names.

The FAA, similarly, puts few restrictions on who can hang out their shingle as a trust company set up to register aircraft. As a result, the industry is a hodgepodge of banks, businesses, and individuals, including several lacking recognizable websites or phone numbers. At least three operate offshore in Germany, the Netherlands, and the United Kingdom — even though the whole point of such trusts is that they are supposed to provide a US contact for the FAA.

A Georgia-based trust company called Plane Fun Inc. exemplifies the elusiveness of several of the trust agents contacted by the Spotlight Team. Plane Fun lists a modest, split-level home in Snellville, Ga., as its headquarters, with more than 200 planes registered to the address.

But the home is owned by Kathleen Schumacher, who told the Globe she is not involved with the business. “I handle nothing on it; my son does,” Schumacher said. Despite repeated attempts, the Globe was unable to reach Schumacher’s son, Kenneth, who she said is the operator of Plane Fun.

Aircraft Guaranty, with offices in Texas and Oklahoma, is much bigger and more visible than Plane Fun. The nearly 30-year-old business describes itself as “one of the most well respected and trusted Trustee Service providers in the aviation industry.” But, like the manager of Plane Fun, Aircraft Guaranty owner Debbie Mercer-Erwin didn’t want to talk about her work.

Only after numerous attempts to interview Mercer-Erwin, including a visit to the single-family home in Oklahoma City where she has an office, did the Globe receive a statement from the company’s attorney.

Aircraft Guaranty “fully complies with all US laws and FAA and other regulations in providing this specific service to its customers,” wrote attorney Wallace C. Magathan III of Miami. He noted that the firm voluntarily follows federal “know your customer” rules, which require company officials to collect “personally identifiable information” from clients that may include name, date of birth, address, and identification number.

Magathan added that Aircraft Guaranty “is not in the business of thoroughly investigating its customers’ private business affairs.” He declined to answer the Globe’s questions about individual clients.

But detailed information about some of Aircraft Guaranty’s more unsavory past clients has come to light. One of them, Fausto Veliz Urbina, was sentenced to 78 months in federal prison for cocaine trafficking before being deported to Mexico in 2010. According to federal court records in Florida, he registered a plane through Aircraft Guaranty on behalf of a Mexican shell company, Consorcio Melun SA de CV, in 2012, something investigators discovered while looking at a fleet of planes suspected of involvement in drug trafficking.

A former Guatemalan vice president, Roxana Baldetti, has been indicted in the United States on federal drug charges and is currently jailed in her homeland. According to media reports, she regularly jetted around in a Raytheon 400A that FAA records show was registered by Aircraft Guaranty on behalf of a Panamanian company, Best Advisors Group Inc. Baldetti resigned and was arrested on fraud charges in 2015 amid media reports of her many luxury purchases, including multimillion-dollar homes.

And there’s Luis Nuñez, the “phantom person” whose plane — registered through Aircraft Guaranty — crashed into Asnaldo Gonzalez’s house. Gonzalez’s inability to find the real owner prevented his family’s attorneys from suing for damages to rebuild his family’s life.

Analysts say there’s a good reason that trust companies like Aircraft Guaranty are attractive to shady characters: Anonymity is good for business.

“Criminals find that US planes allow them to fly under the radar far more easily than if using some dodgy Russian aircraft,” said Kathi Lynn Austin, an expert in arms trafficking and executive director of the Conflict Awareness Project. “The simple act of flying out of US airspace — where regulatory standards are perceived to be high — conveys a level of legitimacy on its aircraft and its operator. The American flag also makes it easier for corrupt officials to wittingly turn a blind eye.”

In 2009, a jet registered on behalf of a foreign owner through Wells Fargo crashed in a remote area of the Bahamas, triggering scrutiny of the FAA’s noncitizen trust policy. FAA officials briefly shut down the option for foreigners to register through noncitizen trusts, amid concern that some plane owners were making side agreements that made ownership hard to trace, especially in an emergency.

“There was a frustration that everybody had,” Joe Standell, counsel to the FAA’s Aeronautical Center at the time, recently told the Globe. “You let them register airplanes as an owner trust. But look what that does; nobody is accountable.”

Trust companies such as Aircraft Guaranty teamed up with businesses to ensure the survival of noncitizen trusts, arguing they are crucial to companies with multinational executives who want to own American-registered aircraft. In all, a dozen associations along with 70 companies and law firms combined forces to deluge the FAA with comments.

“If it isn’t broken, don’t fix it,” advised Conrad Kulatz, the Florida attorney linked to the drug-laden plane shot down off Aruba in 2015, in a 2012 e-mail to the FAA. “I have never had a problem arising from trustee registration of aircraft in over 30 years practicing law in South Florida.”

The FAA eventually backed off, allowing foreign plane owners to use noncitizen trusts as long as they met some new conditions: share the trust agreements with the FAA and agree to provide ownership information within 48 hours when requested.

A bright orange fireball erupted on the screen of Jeroen Lucas’s video camera while he filmed a commercial for his media firm in the early morning of Jan. 29, 2015. His frame captured the Aruba skyline twinkling at dawn as a flaming streak twisted and turned over the Caribbean Sea.

Minutes before the flash appeared, a business jet had failed to respond to air traffic controllers, and soon the Venezuelan Air Force marked the private jet in its crosshairs. A shot transformed the white and green Challenger 600 into a Roman candle spiraling through thick gray clouds. The plane crashed in the water, killing three people. More than a ton of cocaine floated on the waves.

The aircraft was obtained by two Colombian drug kingpins, Dicson Penagos-Casanova and Juan Gabriel Rios Sierra, who worked as key members of an international drug trafficking ring that supported multiple cartels bringing cocaine to the United States, federal prosecutors said in the indictment.

But the aircraft’s tail number, N214FW, told a different story, tracing the ownership of the plane to a company incorporated in Delaware, a state that often requires minimal public disclosure about the owners of a business. FAA records showed that the cocaine-packed plane was owned by Dinama Aircorp Inc., formed in Delaware less than two weeks before it purchased the airplane in 2013. According to FAA records, the president and sole officer of the firm was Kulatz, the Fort Lauderdale attorney who, a few years earlier, sent an e-mail to the FAA opposing efforts to make plane ownership more transparent.

There are nearly 200 other planes registered to the same address as Dinama Aircorp in Delaware, including a jet that was seized in 2014 by the Dominican Republic, according to a Globe analysis. Kulatz and another attorney are listed as the key officers of the firm that registered the seized plane.

Kulatz did not respond to repeated calls and correspondence from the Globe. At one point, a receptionist at his office said Kulatz had retired. In July, the Florida bar association listed him as ineligible to practice law because he did not meet the continuing legal education requirement.

Penagos-Casanova and Rios Serra are like many drug traffickers who actively seek American planes because they believe they can more easily “fly under the radar,” according to Benjamin Barron, an assistant US attorney in the Central District of California, who prosecuted the pair. To ensure success, they paid aircraft owners a fee of about 30 to 35 percent of the cocaine shipment and bribed Venezuelan military and government officials, according to federal court records. Kulatz has not been accused of wrongdoing in connection with the case.

“They hope they will attract less suspicion particularly by using expensive jets that are US-registered and might appear to be something that a corporation might use,” Barron said. “It’s all a way of avoiding detection and getting the cocaine safely from point A to point B.”

But Delaware makes hiding especially easy for corporations of all kinds, setting some of the nation’s most lenient rules. For as little as $90, people can create a Delaware-based company to “own” anything they don’t want to be associated with by name. Delaware goes further in protecting privacy than most states, not requiring a list of officers for some types of firms.

Transparency International, a global anticorruption organization, calls Delaware a haven for transnational crime and “a place where extreme corporate secrecy enables corrupt people, shady companies, drug traffickers, embezzlers, and fraudsters to cover their tracks when shifting dirty money from one place to another.”

More than one-third of all US aircraft — 122,336 — are registered to corporations. Of those, nearly 11,000 are registered to firms in Delaware.

A review of FAA records by the Globe found that about 3,500 aircraft are registered to more than 2,000 companies located at a single Wilmington address that is home to a business incorporator.

It is impossible to know how many planes are registered to non-US citizens through trusts because the FAA does not keep track. The Globe identified several businesses that provide the service. Together they have more than 7,500 aircraft registered across the country.

Law enforcement officials say these easy-to-create shell companies can be significant roadblocks in trying to convict criminals. A Los Angeles DEA agent who investigates narcotics-related aircraft said the dummy ownership makes it harder for him to draw a direct connection between drug dealers and their product.

“If I can’t demonstrate the individual who owned the aircraft or whose name was on the registration paperwork received money to knowingly and intentionally purchase this vessel in a drug transaction, then almost always there is no prosecution,” said the agent, who spoke on condition of anonymity because the case is ongoing.

Penagos-Casanova and Rios Serra acquired a second drug-loaded plane that crashed in the Caribbean Sea due to engine failure in May 2015, according to court papers. In all, authorities recovered more than $70 million worth of cocaine from the two planes.

Both men pleaded guilty in US District Court in Los Angeles to “conspiracy to possess cocaine on board a United States-registered aircraft with intent to distribute.” They are awaiting sentencing.

Colombian kingpins are not the only suspicious users of aircraft registered to corporations set up by Kulatz, the Florida attorney. He and his wife are listed as officers of Delaware-based Secure Aircorp Inc., which owns the Gulfstream American 2 jet that was seized in 2014 by the Dominican Republic, according to FAA records.

N522HS was seized as part of an investigation by the Dominican Republic’s Justice Ministry Anti-Corruption Department into possible money laundering and embezzlement by one of the country’s senators, Felix Bautista. According to Dominican media reports, authorities said Bautista attempted to evade prosecution and the forfeiture of his aircraft by changing the plane’s tail number about two months before he was indicted. While businesses and individuals may request specific tail numbers to act as vanity plates, criminals utilize the tactic to evade detection, much like switching a license plate on a car.

FAA officials in a statement said such number changes are routine: “The Registry does not generally deny requests for a number change,” in part because they can still track planes by their serial numbers.

Likewise, FAA officials appeared to have no idea that plane N214FW had been shot down off Aruba or that it was controlled by alleged international drug lords. About 15 months after the plane crashed, the agency sent a notice to Dinama Aircorp reminding the company to renew registration for N214FW. Over several months, the agency sent multiple letters to the same address and all came back to Oklahoma City marked “Return to sender.”

30 years of frustration

Ronald Reagan was president when Congress took the FAA to task for not doing enough to keep criminals from secretly acquiring US-registered planes as well as pilot’s licenses.

At the 1988 hearing held by the House Committee on Public Works and Transportation, members wanted to know why the FAA so rarely revoked aircraft and airmen certifications for individuals knowingly violating controlled substance laws in the Aviation Drug-Trafficking Control Act of 1984. Over a four-year period, the FAA revoked the certifications of only three aircraft and six airmen.

Law enforcement officials explained that criminals were able to hide behind a veil of anonymity created through fictitious owners, fake addresses, post office boxes, illegible signatures on documents, repeated changes in ownership, and the switching of tail numbers. These administrative issues — found on paper and documents — created hurdles for law enforcement officers attempting to fight the US war on drugs.

“Aircraft identification and registered owner identification is an elusive veil, behind which the smuggler finds refuge,” testified Carol Knapik, then a detective with Florida’s Broward County sheriff’s office. “All to his advantage that there is no true piece of identification required for the registration of an aircraft.”

Congress directed the agency to make information in the aircraft registry more reliable, prompting common-sense reforms at the FAA such as using computer software to validate addresses and requiring that signatures be legible.

But after 9/11, the continuing weakness of FAA oversight — and the urgent need for reliable information — became increasingly obvious. An internal agency audit of the aircraft registry in 2010 found unreported address changes and sales that left the ownership of about one-third of the more than 300,000 aircraft on the registry in question. In response, the FAA required reregistration of all aircraft with mandated renewal.

Three years later, the inspector general at the Department of Transportation identified a concerning pattern among trusts set up on behalf of foreigners: 5,600 of the aircraft records maintained by the FAA were incomplete, often lacking key information on owner identities. And, in a follow-up letter, the investigators identified several trust-owned aircraft that should have set off alarms:

An FAA inspector was unable to obtain information about who was flying a US trust-registered Boeing 737 in the United Arab Emirates. The plane was suspected of not following US regulations and possibly being used for illegal activity.

Hours before the United Nations Security Council met in 2011 to approve a no-fly zone over Libya, a US plane registered to a trust approached the Tripoli International Airport without a landing permit.

And one aircraft was registered in a trust arrangement on behalf of a Lebanese politician who was “backed by a well known US government-designated terrorist organization.”

It wasn’t until March 2017, after months of questions from the Globe, that FAA officials sat down with the inspector general to address its seven major concerns. After the meeting, the inspector general said the FAA had addressed three of them, tackling issues of data integrity and security.

‘A crown jewel target’

Today, US air security is a study in contrasts. Since the attacks of 9/11, the government has made enormous changes to security procedures in commercial air travel, creating a whole new agency to screen passengers before they board. Since hijackers seized and weaponized four commercial airliners that September morning in 2001, the public has gotten used to a host of small indignities, from removing shoes to whole-body scans and dogs sniffing their carry-ons, all in the name of safety on planes.

But there have been far fewer security improvements for planes used in general aviation that, collectively, represent three-quarters of all US air traffic.

Partly, that may reflect some security analysts’ view that private planes can do far less damage as tools of terror than airliners.

But private planes have been used in attacks such as Joseph Stack’s 2010 suicide crash into the IRS offices in Austin, Texas, which killed an IRS agent and injured 13 others. Stack had posted a suicide note about the “greed” of the IRS on the same day he burned down his own house and deliberately flew his Piper Dakota into the four-story office building.

The 9/11 conspirators had bigger ambitions for small planes. Zacarias Moussaoui, one of the masterminds who had looked into buying crop-dusters in Norman, Okla., and possessed “a computer disk containing information related to the aerial application of pesticides” when he was arrested, according to his 2001 indictment. The indictment said that lead hijacker Mohammed Atta made similar inquiries in Florida in 2000 and 2001.

In June, all these years later, the head of US Homeland Security called commercial aviation “a crown jewel target” for terrorists.

“The threat has not diminished. In fact, I am concerned that we are seeing renewed interest on the part of terrorist groups to go after the aviation sector,” said John Kelly, then-Department of Homeland Security secretary and now President Trump’s chief of staff, during remarks on enhanced aviation security for commercial flights in June.

Scars that won’t heal

For Asnaldo Gonzalez, the failed oversight of US-registered planes had a devastating effect. The federal lawsuit filed on his behalf by Podhurst Orseck, a Miami-based firm, against the plane’s owner was dropped partly because the true owner couldn’t be found to hold accountable. To this day, nine years later, Gonzalez still cannot afford to rebuild his shattered home.

“Absolutely everyone is in total and absolute silence,” said Alfredo Jose D’Ascoli Centeno, an attorney for the Gonzalez family in Caracas.

Before the crash, Gonzalez’s own multistory dwelling was the largest home on the block. It served as an imposing reminder of an accomplished dream — a house built to fit his entire extended family.

Now the cement walls peel with black and gray scars. The bedrooms, once filled with the laughter of his grandchildren, resemble oversized emptied ashtrays. An old couch, two plastic chairs, and wall decorations of homes shifted sideways are among the only family items left behind in the uninhabitable house.

“What I’m looking for is for everyone involved in this tragedy to be held responsible,” said Gonzalez, who continues to pursue the case in Venezuela. “My family and I are fighting without any type of economic resources, and we will fight to the end. “

As Gonzalez recounts his nightmare, voices of children echo from the elementary school across the street as they change classes and play at recess. His wife, Carmen, folds her hands inside of her lap and presses her lips together. The story makes her breathe in hard.

Gonzalez’s grandson, Joecruz, who was rescued from his burning crib and is now 9, paces in the background as he listens to the familiar story that always ends with the same terrifying climax: The explosion. The terror. The deaths.

Joecruz wears his baseball cap low, covering his dark hair and a burn scar that stretches across his forehead. Below his deep brown eyes on both of his cheeks are two more scars, constant reminders he’s unable to erase.

Part Two, coming soon.