At this year’s DefCon, a technology conference for hackers, roboticist David Jordan presented his company’s Aerial Assault drone, a drone equipped with an arsenal of software tools for detecting and recording weaknesses and locations of within-range wireless networks. An August 11 post to the Popular Science website on the Las Vegas conference is titled “DRONE AT DEFCON HACKS FROM THE SKY.” (http://www.popsci.com/drone-defcon-hacks-sky)
With the sky as network perimeter, a field of wireless networks become a battleground of targets. The drone can detect, hover over and hack a wireless network or relay the GPS coordinates back to its operator to slate a later attack. Kelsey Atherton, the writer of the Popular Science article, reminds us, “At their core, drones are little more than computers that fly.” The Aerial Assault drone is available to consumers for $2,500. Information from WikiLeaks, according to the same article, revealed that defense contractor Boeing was investigating the feasibility of a hacking drone for military applications earlier this year. With the integration of drones into the U.S. arsenal, where do we draw the line between hobby drones and weaponry?
Earlier models of hacking drones provided unprotected wireless networks that harvested data from users who unknowingly joined the service. (https://www.rt.com/usa/312072-aerial-assault-hacking-drone/) Such drones could hover and harvest data from corporate users on lunch breaks in public squares and other exterior environments.
Alongside developments such as these, 2015 brought the introduction of drones like the Skyjack, built to hack and control other drones in the sky or within radio range from Linux machines on the ground.
With flying hacker drones available to hackers and hobbyists, there must be a means for individuals hacked in this manner to begin to investigate intrusions and theft of data.
In my own experience, telling the police you suspect a cyber-crime has occurred meets with inaction and a reply that there is no probable cause. Yet, so far as I understand it, without a police referral there is no possibility of involving the FBI, the organization actually tasked with cyber-crime.
For an individual who is being hacked or monitored (without forensic “artifacts” that allow an intrusion to be traced) to have a chance of even discouraging surveillance by a hacker drone, it must be possible to trace ownership of a drone. If drones do not have flight plans for each time they lift off, in addition to having a transponder they should be restricted to operation in a limited airspace. The plan or area of flight should be publicly documented with information that identifies both owner and flying machine. The information should be readily accessible to the public and conveyed in a manner that is reasonably understood by the lay person.