The drone threat: a guide to the bad and the very bad actors

In the wake of an environmental activist group threat to close London/Heathrow airport by flying drones close to the airport perimeter, Tony Reeves of Level 7 Expertise, looks at the different types of actors behind the rogue drone threat.

“The difference between a drone being a toy or a weapon is the decision made by the operator,” said a speaker at a recent counter-UAS event in London. A drone is merely the vehicle or tool through which the operator’s intent is expressed, and the huge advances in technology and ease of operation in recent years have put highly capable, stable, (comparatively) long-range air platforms within the grasp of almost anyone.

Including the ignorant, the politically motivated, the criminal and the terrorist.

What has become strikingly apparent is there is a close similarity between the nefarious drone operators above to similar groups operating in the cybersecurity world.  Perhaps the way that nefarious actors behave is a human trait rather than being defined by the tool.  Our analysis of the categories shows the following insights:

Uninformed hobbyist:  This person doesn’t know they’re doing anything wrong; they don’t know enough to check what is and what is not allowed, and where they are allowed to fly.  They probably have no understanding of how airspace works and what the rules and regulations might be in regard to flying near specific sites.  They are likely to be new to the hobby, not a member of any club or organisation, and don’t know what they don’t know.  These individuals are likely to be out in the open, unlikely to be hiding or seeking to avoid apprehension or showing any signs of nefarious intent.  They are likely to display surprise when engaged by security or police forces and cease quickly.

Disruptors:  This is a wide-ranging group, divided into a number of sub-categories but all characterised by knowing that they shouldn’t be flying where, when or how they are.  The further down the list we read, the less likely they are to want to be identified or apprehended, and as such the later sub-categories are not likely to out in the open, operating the drone in an overt manner.  In general, individuals in this category tend to have high confidence in their own skills – which, to be fair, are generally very high – but either ignore or aren’t willing to consider the risks that they may be taking, or present to others.

Disruptive (1) – Shortcut / risk taker. This person operates on the basis of “I know I shouldn’t, but probably won’t be caught.”  A good example is the pilot of the remote controlled aircraft flown near London/Heathrow Airport on 24 December 2018; he was a member of a model flying club and it would be surprising if he hadn’t been aware of the Gatwick incident.  With all this in mind, the fact that he was prepared to fly within 500m of Heathrow is still a surprises.  We include in this category those drone operators flying in populated areas, or as a common example in the USA, those who are prepared to invade an individual’s privacy by filming people within their own property.

Disruptive (2) – Deliberately outside the rules, for reputation. From what we can glean, these people tend to be male (there’s scope for a lot more research here) and motivated by internet kudos. He’ll post his videos on Youtube or other sharing sites and wants to fly higher / further / faster than anyone else.  If you take a look at the snapshot attached, the figure of relevance is 36060’ – that is a DJI Mavic being flown at 6 statute miles from the operator.  Identification of the operator can often be achieved through examination of their own videos, as they often take pictures and video of themselves.

Disruptive (3) – Deliberately unsafe. In an extension of the previous group, there are those who chose to fly in a deliberately unsafe manner; this could be for a variety of reasons, ranging from “internet kudos” as seen in close-up / aerobatic videos of roller coasters whilst in use, through to flying aggressively in and around large gatherings of people, and installations with volatile hydrocarbons, such as bulk fuel installations.  The main difference between this group and the former is the degree to which they are prepared to flout the rules and principles of safe flying, and the degree of risks posed to people, vehicles, vessels or installations.

Disruptive (4) deliberately disruptive. The final group in this category are those who fly in a manner to be deliberately disruptive; the classic ‘Insider threat’ would fall into this category, being someone who knows the operation well enough to cause maximum effect with careful planning and execution.  They are unlikely to want to be caught and as such will take steps to be covert when operating and avoid detection wherever possible.  The analysis conducted by the police and airport authorities of the London/Gatwick incident, which – if you accept what is being said publicly – included 115 reports of drone sightings over an extended period, many by “credible sources” i.e. police and security staff.  If true, it can be postulated that the drone operator knew the operations of the airport intimately, and understood exactly how to be disruptive, and also how to evade apprehension.  As can be seen below, the lines between disruption and protest (and indeed any of the categories) are blurred, and the shift from one to another is entirely down to the intent of the individuals or organisations concerned.

Protestors.  Protestors tend to carry or broadcast a strong message, and are not averse to being apprehended and/or arrested on live video.  Dependent upon their intent to make a large “splash”, protestors may or may not operate their drones overtly.  Drones are used extensively by anti-foxhunting groups, and are rapidly becoming a common tool of choice in capturing actions by protestors and law enforcement personnel.  There has been a very recent announcement in the UK  by the Extinction Rebellion protest group to carry out a non-violent protest in order to close Heathrow Airport.  It’s unusual for such an action to be announced ahead of time, and it’s unlikely that the authorities are willing to stand for such an action; their response is likely to be well-resourced.  There have been other protests using drone as the tool of choice recently, most notably the Greenpeace action on a French Nuclear Power facility, in which two drones were used.  The first drone was equipped with smoke grenades which were dropped on the roof of one of the buildings, and the second drone was used to film the event for subsequent broadcast via the Greenpeace social media channels.  Given the availability of live streaming applications such as Facebook Live and Periscope, it would be straightforward to broadcast the entire event live, and very difficult to shut down in a timely manner.

Criminals.  The criminal use of drones is largely confined to activities connected to financial gain.  The primary issue faced is the use of drones to smuggle contraband (usually mobile phones, drugs or money) into prisons. Typical modus operandi includes dropping packages inside the prison compound in an area where they can be recovered by the inmates, but a more advanced approach is to fly the drone with an underslung payload to a specific cell window, guided by the inmate’s use of a mobile phone flashlight.  The inmate then reaches out to the payload with an extended hook to retrieve the package and allow the drone to fly away.  The latter approach requires a more capable operator, but with the current capabilities of COTS drones, they could easily be 1-2km away from the prison itself.  One of the major challenges faced in the USA is the use of drones to act as cargo aircraft to transport drugs across the border with Mexico; these are incredibly hard to detect and stop, especially if the operator does not care about retrieving the device itself.

There is a new sub-group which has appeared recently, utilising drones to film live sporting events and place “in-play” bets.  There have been drones observed at horse racing events in the UK and American Football games in the USA, and while the legal position is as yet unclear, this in a use case which is very much on the increase.

Terrorists.  A committed terrorist is incredibly hard to stop, and there is a near-continuous ‘leakage’ of terrorist / insurgent drone tactics from the Middle East conflict areas – in particular Iraq / Syria and Yemen / Saudi Arabia.  As witnessed in the attacks in London Borough Market in June 2017, fundamentalist terrorists with a plan to die in the attack can and will cause mayhem.  The terrorist’s intent is to achieve their objective at all costs, and the use of altitude to overcome physical barriers is only now becoming a threat vector considered as a serious concern.  Highly capable drones have become easy to obtain and straightforward to operate.  A simple but reliable payload release mechanism for a DJI Phantom 3 can be bought online for less than £50, and while these devices were made with positive purposes in mind – such as deploying lifesaving equipment to swimmers in trouble – they can be easily turned to nefarious intent. Hard to detect, deliberately covert until the moment of attack, operating in small cells and highly motivated; the terrorist presents the hardest challenge for security organisations.

Other hostile actors i.e. Nation States or sponsored / supported actors.  Houthi-backed rebels have launched drone attacks on Saudi airports, using commercially available drones with a payload of explosives. Press reports says Saudi authorities have shot down the drones.

Share this: