Recently, a 40-year old Japanese man landed a drone carrying radioactive sand atop the Prime Minister’s office to protest nuclear power. Another guy attempted to deliver drugs, a cell phone and a knife to a prison inmate. Various extremist groups are also experimenting with modified Consumer drones.

Consumer drones may not yet be ubiquitous, but they are going to be in the near future. While there maybe legitimate uses for consumer drones (aerial videography, site surveying, recreation, etc), I would like to talk more about the criminal applications of consumer drones, specifically: adversaries interested in inflicting human casualties and causing maximum damage. (i.e: terrorists, criminals etc.)

Why drones? Well, for starters, drones let you:

1.) remotely control the entire operation
2.) bypass physical security/authentication
3.) automate payload delivery based on GPS coordinates
4.) carry chemical agents (i.e: anthrax) or explosives

Also, they are incredibly inexpensive and requires no face-to-face interaction with the target.

The economics makes sense. If you are an extremist terrorist group, using weaponized drones is a no brainer.

It’s not difficult to send a swarm of drones equipped with explosives to a public gathering or a sporting event.

I don’t want this post to sound like blatant fear mongering, rather: I am interested in opening up some discourse about countermeasures.

What can we do about such threats?

I am not entirely sure, but these are some solutions I could think of:


1.) GPS Spoofing: It is possible to convince an enemy drone (ED) to land at a location of your choice by remotely sending the ED false GPS coordinates. This is not a theory. In 2011, an American UAV (Unmanned Aerial Vehicle) Drone was captured by Iranian forces. The adversary allegedly used this type of attack to accomplish the capture.

2.) Intercepter Drone: The only way to fight a drone is with another drone. What if you have a small army of drones programmed to intercept any flying drone within a given perimeter, then capture that drone and use it as evidence in a court of law to prosecute the enemy drone’s (ED) pilot? Yes, that is very doable.

3.) RF Jamming: You can easily find schematics for building your own Drone RF Jammer online. Again, the protocol would be: to kill any enemy drones entering a given perimeter by RF interference.

4.) Electro magnetic pulse (EMP): You could also use an electro magnetic pulse to disable an enemy drone. Boeing has tested putting an EMP on a drone as well. It’s called CHAMP (Counter electronics high power microwave advanced missile project — phew….what a mouthful). Keep in mind, this is all old news. (watch it in action)

CHAMP approached its first target and fired a burst of High Power Microwaves at a two story building built on the test range. Inside rows of personal computers and electrical systems were turned on to gauge the effects of the powerful radio waves. Seconds later the PC monitors went dark and cheers erupted in the conference room. CHAMP had successfully knocked out the computer and electrical systems in the target building. Even the television cameras set up to record the test were knocked off line without collateral damage. – Boeing

5.) Nets: I was thinking about a bunch of high tech solutions, but forgot to list a very low cost, effective solution: Nets. I don’t see why this wouldn’t work either. It might not be aesthetically pleasing from a architectural standpoint, but it can get the job done – unless of course the enemy drones are equipped with some sort of a ‘net cutting’ tool. (Thanks to reader Patrick Doyle from Chemical Facility Security News for the suggestion)

Side note: I am not sure if RADAR would be such an effective method of thwarting unwelcome enemy drones though. The small size and low altitude makes it very difficult for RADAR to detect consumer drones.

Know of any clever criminal uses of consumer drones and how to stop them? I’d love to hear about it.

So, just a few hours ago AnonymousOwn3r apparently took down pretty much the entire GoDaddy infrastructure along with its millions of customers..and should I say…business *gasp* owners.

It’s a bit too early and fresh to conjure up any definite theories about how this happened – especially at this scale, but it’s certainly interesting. Moreover, it gives us a very tiny glimpse at the thought of the not-so-illusive notion of cyber warfare. 

My guess is that this has been in the works (ie: planning mode) for a long time by whoever actually executed it and it seems like there’s a bit more creativity involved here ..other than the standard DDOS methods – or maybe Godaddy is just too fucking stupid and deserves it. Who knows.

I’ll keep my ear to the street and update this if/when any news reaches me – Meanwhile, if you have a GoDaddy account, run the other direction.

Update: 9/13/2012: Apparently Godaddy is blaming the outage on corrupted router tables. Not only is this pure bullshit, It’s a very poor attempt at public relations by GoDaddy. This is obviously a security breach involving DoS/DDos and/or possible a SQL injection attack on their DNS interface. Nothing else makes much sense to me personally. I don’t know why everyone at Godaddy is so committed to this “internal router table corruption” story – other than the obvious motivation to minimize bad press.