show image

Game of drones: Watch out for cyber criminals in the sky

Drones are getting smaller, smarter and sneakier – and regulation protects them from you, rather than you from them. Rasika Sittamparam eyes the aerial battle

The atmosphere in Davos had never been more intense. Threats of terrorism and anti-Trump protesters with ‘Kill Trump’ banners loomed over the annual World Economic Forum gathering in the Swiss ski resort. Physical security had to be increased at the last minute, the SonntagsBlick daily reported, and the Graubünden Cantonal Police deployed 1,000 officers alongside 4,000 Swiss soldiers who marched through the heavy snowfall, to protect more than 70 global leaders arriving on the scene. Also on duty was an invisible force powered by artificial intelligence – scanning the no-fly zone above the congress centre in real time for rogue drones.

Besides carrying missiles or capturing images on powerful cameras, drones are now known to carry sophisticated computers too. These can be used to hack into mobile devices – and wi-fi networks. A successful hack would mean that confidential discussions taking place in Davos would not have stayed in Davos: anything from trade secrets to national security information. And before you know it, it could be in the hands of hacktivists such as Anonymous.

Up in Zurich, alarms were raised at Credit Suisse’s HQ because of a rogue drone that was found lying on the office’s rooftop 12 months ago, a source tells Spear’s. The episode was presented as a potential security breach in a confidential conference at the bank, when the drone’s hacking abilities were revealed to some of its employees worldwide. The Swiss multinational declined to comment.

The aerial mapping tool that the Swiss police used at Davos, DroneTracker, was supplied by Dedrone, a tech start-up backed by ex-Cisco CEO John Chambers. Amit Samani, the UK head of Dedrone, notes that the firm’s technology also provided the drone shield for several US presidential debates in 2016. He tells us that one of Europe’s biggest telcos encountered a similar threat recently – the company sought Dedrone’s advice on a motionless drone found on the rooftop of its data centre. ‘What they couldn’t tell was how long it had been there,’ says Samani.

Game of dronesAs well as stealing data potentially worth millions, these drones can drop acid into data centres to achieve a complete system shutdown, which Samani likens to a corporate apocalypse. The loss from a shutdown can reach billions, according to a recent report by Lloyd’s of London. Alarmingly, the telco’s dormant drone was not inactive either: ‘The battery might have run out in terms of it flying off, but it was still gathering data,’ Samani adds. ‘Here is the challenge. We know that it’s on the rise.’

Dedrone has noticed drones carrying out espionage activities on boardroom meetings, even going as far as tracking senior executives who meet off-site on weekends. Individuals, too, are being targeted. HNWs in mountainous holiday villas, for instance, on private islands or on superyachts are not safe. ‘Don’t think that because you are far away from everybody it means you can skimp on network security,’ warns Harry Chenevix-Trench of Blackstone Consultancy, which advises corporates and HNWs on security, including drone technology.

Roddy Priestley of cybersecurity expert S-RM agrees. ‘The current risk to private clients from drone technology is small, but this may change,’ says Priestley.

With drones, the possibilities are endless, warns Chenevix-Trench: ‘It’s one of the few bits of technology that I would say overdelivers – they can go anywhere and they can do anything they want.’ These devices have evolved to be smaller and just about the right size to carry any form of miniaturised gadgets, unlike the previously known military drones, Chenevix-Trench notes. Recent attacks on Russia’s Syrian military base are an example, he says: bomb-laden mini-drones damaged Sukhoi fighter jets. ‘The drone used to be a symbol of US power, but what we’re seeing now is that the tiny ones could be co-opted by terrorist groups, non-state actors, and anybody really,’ he adds.

These incidents are the tip of the cyber iceberg, according to defence and cybersecurity consultant Anthony Hamilton, especially in London. ‘The UK government would not be getting ready to spend significant sums of taxpayers’ money on solutions for advanced drone threats if they did not perceive the threat to be significant, for both government and also UK commercial enterprises,’ says Hamilton, whose clients include major corporations in the City.

The biggest challenge with drones, Samani says, is lack of information. ‘There is no tangible data to prove how big the problem is,’ he says. What we do know is that the market for drone technology is massive – estimated to be worth $127 billion by PwC, which recently launched a drone unit in the UK to help its clients capitalise on the technology’s commercial potential. ‘Where and how drones operate doesn’t have limitations within its regulation at the moment,’ explains unit leader Elaine Whyte.

As Dedrone’s Samani points out, drones are currently under protection under aviation law. So, malicious or not, they are treated as mini-aircraft whose flight paths cannot be actively intercepted, merely ‘avoided’ using tracking software like DroneTracker. (At Davos different rules applied – rogue drones there could have been dealt with.)

This aerial free-for-all could soon be a thing of the past: there is news of a drone bill coming in the spring that could change the way they are regulated. That would be welcome to corporates and HNWs alike. S-RM’s Priestley is hopeful of change to what he calls the current ‘embryonic and fragmented’ legislation: ‘It will introduce some welcome measures to bring maturity to the way that drones are regulated in the UK.’

But Dedrone’s Samani is doubtful. ‘We’re at a situation where we’re attempting to create a legislation without the government having any accurate datasets, and therefore it’s very complex,’ he says.

Unmanned, legally uninterruptible, cheap and publicly accessible drones are almost invincible in the air, covertly threatening cities worldwide. The threat is as far-reaching as Hong Kong, where a drone was reported to be hacking and stealing print jobs from the 30th floor of a building. ‘It’s a cat-and-mouse game,’ Samani says of the battle between rogue drones and the counter-measures deployed.

Did the drone software detect drones hovering above the heads of Donald Trump, Theresa May and the thousands of HNWs in Davos this year? As it turns out, the Swiss police tell us that none was seen this year. But next time, somebody might be listening.

Rasika Sittamparam is a writer at Spear's

This article first appeared in the March/April issue of Spear's. For all this and more, subscribe here: https://www.spearswms.com/subscribe/

Game of drones