Skip to content ↓ | Skip to navigation ↓

As Christmas approaches, and in this Age of Technology, there is simply no doubt in my mind that the majority of us will be shopping for the latest and greatest toys, gadgets and general stocking fillers for our loved ones. There is also no doubt that some of the purchased gifts will contain electronic circuitry, chips and I/O interfaces to entertain both young, and old minds alike. Toys to some, however, may be a potential weapon to others.

Take the average modern PC or laptop—in the right hands, it is an instrument of meaningful fun, entertainment and/or production. But in criminal or mischievous hands, it can be leveraged toward a host of activities, ranging from cyber bullying, hacking, terrorism, circulating child abuse images, and even offering up the potential to participate in taking down some unfortunate organisation on the internet with a DDoS attack—just for fun, or as part of a more malicious and malevolent act.

I like to try to stay in front of the curve of new and emerging threats, and so for the last six months I have been very interested in the new-age threats, which arrive in the form of big-boys-toys in the more physical sense—toys that take us outside to play, and to help us while away the time.

Technological toys were once unimaginable to myself when I was a young lad, which only existed in the writings and mind of H. G. Wells. But these are toys that can also be employed to serve up a very malicious purposes to kill-on-mass, maim, and in their lesser aggressive guise, conduct discreet and covert surveillance and recognisance. Have you guessed yet? Yes, I am talking about those must-have drones.

Now having experimented with a number of models, I can conclude that these toys can serve as a perfect economical weapon to deliver payload to an unexpected target in the form of say a small explosive, which could be remotely detonated, through to the transportation of toxic, or ‘BC’ [Biological, Chemical] agents which could be deployed to an awaiting, and captive audience. In fact, the possibilities to leverage such a toy for the purpose of a malicious act are actually only limited again by the imagination of the attacker.

To get into the real-time mode, let us understand the implications of the near-miss, which occurred on July 22, 2014, when an Airbus A320 had a close call after it was confronted with a mini-drone. Then, take this to the next level. Given on this occasion, the aircraft was only flying at 700 feet, and with these toy-drones, which can have operational capabilities of up to one hour flying time, with a control rage of one mile, maybe we can start to see the threat implication.

Now, imagine a set of would-be attackers locating themselves on, or close to the threshold of a major airport. Here the risk rating really does start to look significant. Add to this scenario the fact that these drones could be augmented with small containers of say inflammable materials, and we can visualise the potential severity of the implications, and potential use of subverted groups who are hell-bent on making a statement.

But then – what if we are looking to get close to an intended desk-bound target on the 17th floor. Again, such toys as these can offer the opportunity to fly outside the window, or even to fly directly at the intended target to deliver some form of small, on-impact-on-boarded-explosive.

Let us also look back at a real-life event in which a small drone entered the close proximity of the German Chancellor Angela Merkel. Agreed on this occasion it was just a nuisance prank, but think about the implications of say a HALO (High Altitude Low Operation) attack, which could have been carrying some form of adverse payload. As I said, it is the imagination that is only the limiter as to how such a toy could be used!

We then come to the lesser capabilities of gathering intelligence. Here we are seeing the use of highly functional tools enabling the would be miscreant with the cut-down powers as are used by the larger security agencies – falling into the hands of attackers, to conduct recognisance, and other such activities of meaningful surveillance.

The real point of this is, we have just entered an era in which low cost technology, and toys can now offer up real-time capability to kill, injure, disrupt, and view their intended target, or targets in support of criminal or terrorist operations. Thus, given such a threat is now in existence, and no doubt will be leveraged at some point-in-time in the future, we now need to start thinking about the mitigations, defences, and safeguards to protect against such potential threats.

Maybe the answer is placing some discreet physical netting around high-risk areas to block the potential of any intended craft flight path. Or is the answer to deploy systems which will cause an effective emission of an electronic spectrum to flood the close proximity of promiscuous airspace, thus to assure that the intended area is electronically sanitized against the possibility of any aggressive air-born signal having any control effect over is distant craft?

Or is it that with such toy-drones there will need to be an associated licence required to both purchase and operate such a device? Or would it be justified on security grounds to ban any such toy crafts, or even futuristic unmanned, and commercial carriers be banned from flying in Designated Restricted Zones (DRZ), such as London, and other high-value commercial areas?

Or would it be realistic to impose limitations as to what range a craft may be flown at without some form of qualification? I agree, overall indirect protection, but at least it is something to think about in an attempt to drive a modicum of security, and to reduce the potential unfettered access to take flight, devoid of any restrictions.

There is, however, no doubt in my mind whatsoever that we will see such tools harnessed to accommodate an aggressive purpose, and in my humble opinion we need to start thinking now about the defences – before we witness the employment of these toys in anger against some unsuspecting innocent target.

JW1About the Author: John Walker is a Visiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), CTO and Company, Director of CSIRT, Cyber Forensics at Cytelligence Ltd., Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts,and is a Certified Forensic Investigation Professional.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Image courtesy of ShutterStock.

 

Hacking Point of Sale
  • Hi John Walker ,I totally agree with your real time example of Germany and AirbusA320. these low price toys can be used in military operations also.And placing these drone in high risk areas will secure us .and i totally agree with your opinion about the usage of these toys in defense purposes.

  • From a practical and safety (even security) standpoint there's no doubt that we'll reach a point that these need to be regulated to some degree, as much as I dislike government regulation; the potential for abuse and opportunity to harm others is pretty steep. Plus, can we really ensure the safety of commercial flights when one of these could easily be flown into the engine of a jet (accidental or otherwise)?

    On the other hand they provide an awesome new opportunity for loads of fun and even pranks, providing hours of entertainment and offer some other uses for a variety of tasks (I know some photographers who are now using them to film weddings, etc…). I believe it was Tom Mabe who has a YouTube video of him pranking people in the park with a "flying ghost" which was actually tethered to a drone flying quietly (and high) above.

    Great read, thanks!

  • Thank you for your comments – much appreciated. There is no doubt that in the age of technology there are multiples of instruments which may be aligned to serve up profiles of adversity to underpin criminal or terrorist intent, and whilst I am aware and supportive of the agencies and law enforcement engagements to secure society from such threats, I am equally aware (as they are) that to combat threats in 2015 onward there is need for more imagination and new ways of thinking to deliver effective security.

    Best wishes and a Happy 2015 to all.

  • its really the future. you can use those drones to do everything you like, I just want send mine to the grocery store:)

  • John Walker

    Am I missing something here – it was in 2014 when I
    predicted the obvious & multiple threats posed by Drones, and in fact at
    that time did some filed research – connecting various extras to the sad
    aircraft to replicate what could be an armament, explosive charge, or other
    materials of potential harm [talcum powder in place of some other harmful
    element] the adverse possibilities are only limited by imagination.
    Today we are now hearing the discussion about the ‘accidental’ threat to Aircraft but feel we are still missing the point in this time on Internal Terrorist Threats, and the potential of an attack which could be mounted from the ground with explosive carrying single, or multiple drones being flown toward an aircraft.