Intelligent Machines

The Next Wave of Botnets Could Descend from the Skies

Researchers are developing hacking drones that could build a wireless botnet or track someone via cell phone.

The buzz starts low and quickly gets louder as a toy quadricopter flies in low over the buildings. It might look like flight enthusiasts having fun, but it could be a future threat to computer networks.

Hacking on high: The SkyNet drone, built from a toy quadricopter and a small computer, can fly for up to 13 minutes, or land and then operate for nearly two hours.

In two separate presentations last month, researchers showed off remote-controlled aerial vehicles loaded with technology designed to automatically detect and compromise wireless networks. The projects demonstrated that such drones could be used to create an airborne botnet controller for a few hundred dollars.

Attackers bent on espionage could use such drones to find a weak spot in corporate and home Internet connections, says Sven Dietrich, an assistant professor in computer science at the Stevens Institute of Technology who led the development of one of the drones.

“You can bring the targeted attack to the location,” says Dietrich. “[Our] drone can land close to the target and sit there—and if it has solar power, it can recharge—and continue to attack all the networks around it.”

Dietrich and two students presented details of their drone, dubbed SkyNet, at the USENIX Security Conference in mid-August. They used a quadricopter—a toy that costs less than $400—to carry a lightweight computer loaded with wireless reconnaissance and attack software. They controlled the homemade drone with a 3G modem and two cameras that send video back to the attacker. It cost less than $600 to build.

The researchers showed that the drone can even be used to create and control a botnet—a network of compromised computers. So instead of controlling a botnet via a command-and-control server on the Internet—a common technique that can lead investigators back to the operator—the hackers can issue commands via the drone. This method creates an “air gap”—where two systems, or networks, are physically separated—that could prevent investigators from identifying those responsible for an attack.

In the past, others have demonstrated radio-controlled planes and model rockets capable of scanning for wireless networks. A pair of security consultants also unveiled a repurposed Army target drone at the Black Hat Security Briefings conference in August that could scan for and compromise wireless networks. Dubbed the Wireless Aerial Surveillance Platform, or WASP, the drone flies fairly silently. It can find and track cell phones, illustrating another use of the devices, said one of the presenters, Richard Perkins, a security consultant to financial institutions.

“We could identify a target by his cell phone and follow them home and then focus on attacking their less secure home network,” he says.

In both cases, the drone attacks are designed to get around the heavily guarded “front door” of information networks—the main connection to the Internet. Wireless networks are typically less secure.

“People see the threat coming from the Internet,” Dietrich says. “What they are forgetting is that behind their back, there is that wireless network that may not be properly protected.”

The best defense against wireless attacks is to be aware of what’s happening on internal networks, says Tom Kellerman, chief technology officer of the wireless security firm AirPatrol. “If you are a Fortune 1,000, you should be concerned, because competitive intelligence has evolved,” he says. “It has taken on a whole new arsenal of capabilities due to cyber and wireless.”

Companies should have technology to detect rogue devices on their networks and lock down their existing wireless access points, he says.

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.
Subscribe today

Uh oh–you've read all five of your free articles for this month.

Insider Premium

$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.

  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Join in and ask questions as our editors talk to innovators from around the world.

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

You've read of free articles this month.