Sorry if the audio feels a bit rushed on this one, I'm recovering from dental surgery atm so it's a bit difficult to speak. But I had to get this video out, the topics were too interesting :)))
Just one small thing, the Lora protocol definitely does not have a large enough bandwidth to transfer stolen data - Lora could be used to transfer user credentials, and for everything else a 4G module is necessary. I used Lora and for long distances the bandwidth is ridiculously small, just for transferring a few bytes per second.
I was thinking, what about a directional wifi antenna stuck on top of the drone, dont those give pretty long range? Then you can point it at some router set up outside or something so your device can have wifi
Then wouldn't the fastest solution use local storage and then just send the drone back? Ditching the drone on the roof of a corporate office building seems like a stupid move either way. You can store an arbitrary amount of data on fairly cheap storage that doesn't use a ton of power. You just have to get away before anyone notices you, but that's the case with pretty much any hack operation like this.
Lora would replace the modem for controlling the devices which would be performing the attacks from the attacked network over Wi-Fi after the first credentials were leaked then they could also find the data on other machines on the local network at that point which may have LAN connection and push the data up to the attackers backend even faster.
I prefer calling my method the "pi with a huge external battery in a USPS flat rate envelope that drives by a target and all the other futures targets AND gets shipped home attack." Of course I mean that is what I would call it if I did do something like this.
It'd be interesting how companies would have to send someone to the roof to check for hacker drones. Like, imagine going to the roof and finding a couple of drones with a bunch of hardware strapped to them.
I guess you could use spikes (maybe electrified) like they use to stop birds landing on buildings or tangle wires like they have over prisons to stop helicopters and drones from landing
For the drone case, I think a "Mosquito attack" would be a suitable name. The drone lands, siphons some data, and flies off again while also having the opportunity to leave some nasty viruses behind. Edit: Grammar
Ironically I made SpiPi - a quadcopter with a Pi running Kali and (especially Aircrack :) ) - as a Uni project for my degree over a decade ago...surprised it took this long to be "discovered"
yes it's such a simple idea, and 90% cheaper and easy to execute than finding a 0day to exploit i am wondering why it hasn't been using... may be 4g modem can trace back to them??
@@vaisakh_km I think one could get away with using a prepaid simcard, you can buy those in cash and you can probably register with some fake info or something.
@@vaisakh_km it probably is being used. Look at shellshock that shit was vulnerable for decades until it was officially found but I have a hard time believing it wasnt used before.
"Discovered" is Orwellian newspeak for somebody got caught. Dig deep enough and you will find hackers using stock RC planes 10+ years ago for sniffing networks. More up to date and closer to home in the UK there's been a couple of cases where Pirate radio operators have dropped transmitters onto tall but otherwise inaccessible roof tops.
Mmm bird analogies would work well honestly. 'stalking' for when the drone/attacker is staying within the area *of the victim itself* and is trying to find a good place to 'nest' while also trying to find an attack vector. 'Nesting' for when the drone is staying within the area *where the victim frequently tends to be* (work building, home, some coffee shop) and, after a vector has been found, optionally, 'littering'. 'littering' for when the drone is setting up devices ('litters') that can run independently from the drone's power, probably making multiple trips to carry the tools to nest so that the attack can be carried out without risking the drone and thus making finding the culprit all the more difficult. As for the attack itself: 'swooping' So in this case it'd be a simple 'swooping' attack where the drone only 'nested' and didn't 'litter'. While if the drone *did* litter it would be a 'litter swooping' attack, as it'd be the litter carrying out the attack instead of the drone (so to speak).
I like that. Just add Drone on the front and you are good. Drone Stalking Drone Nesting Drone Littering *What these attackers didn't do* Drone Swooping/Litter Swooping
The problem with using a Lora module is the bandwidth is so slow. And the range is line of sight. It's not often actually several kilometers. The 4g modem would have been much faster and allow the hackers to work from the comfort of their own homes.
@@goranjosic I didn't propose Lora as a solution. I simply pointed out that, assuming they are using a paid service, there is an opsec risk to using a 4g service.
I don't think you'd have to do that, just launch a few blocks away or something, land on the roof, then you are already established. I think the main thing though is how long you can keep the drone on the roof before it's charge becomes too low to fly back. So i imagine they'd wanna launch pretty close by to have as much battery on board as possible left for them to hang there longer
Drone attacks are going to revolve around remote connection to a device as if you were there, yet not. In that case, to make it hardware agnostic, the name of the attack should be a Poltergeist Attack, where you use a remote controlled malicious device to connect as if you were there. It doesn't just include drones, but can also include any device under your control you use remotely.
Warflying. Also: Why the heck would you not strap a CAMERA or at the very least a motion sensor to the drone to detect humans? I can't imagine they wanted to lose those drones.
This is something I would've done, perhaps a script running on the pi to auto launch the drones off so you have a better chance of getting your equipment out automatically.
the GPD, unless reported specifically as a miniature laptop was probably a typo of GPS since they may want to know when they're detected without using the drone's built-in GPS. I think there's an unfortunate sociological problem here as well: landing on the top floor of the building (the only place that is likely unseen) means you're likely to be targeting the C-suite office, where users have escalated privileges. Security by obscurity is mocked, but should businesses rethink putting their most important credentials on the top floor? Will a new need for security guards to patrol or monitor roofs arise?
I wanna call it "Proxy nodding" or "nodeing" because I had an idea on attached a drone with such devices and use them to set up proxy nodes to further boast signal, or create a small web. This idea was for LoRa or "Meshtastic" communication only. Probably be good for directly breaking into places that rely on electronic security via wifi.
my man this is absolutely beautiful. being an engineering student who's pretty interested in particle physics and nuclear power i am stoked to try this
A name could be such a bird species that replace eggs from other birds with their own, like the Indigobird, Cowbird or Cuckoo. So, a Cuckoo hack maybe? Fly in, replace the eggs, and let the non-suspecting parents hatch the horror.
😂😂 Not monitoring the Bicoin transaction for multiple confirmations before releasing the decryption key is what makes this hack so human and hilarious😂😂
I think that the means in which the drone is used also matters. Wasp's would be any hack that is faciliated by a drone initially, but the drone is removed from the equation once the 'wasp' leaves after delivering the payload 'the venomous sting' and everything from thereon out can be done via the network or automation built into the malware like a virtual venom from the 'wasp'. A different name is needed for attacks that the drone remains a longterm factor.
the GPD was a redundancy backup for their man on the inside, he would probably have been expected to intercept the drone incase of crash or deployment failure, they could access the GPD to re-establish a connection with the primary controller manually. They must not have gotten a chance to get to the roof with an alibi and thus the drone was discovered before it was recovered
Warflying (or driving, walking etc.) is not inherently an attack. Flying around merely collecting WiFi data like SSIDs, channels, coordinates etc. can be considered warflying. It's recon.
After seeing how it attacks I suggest maybe Arial Wireless Phishing (AWP). Aerial because it uses a flying drone to get near its target. Wireless because it is controlled remotely and uses a wireless access point to lure the victim. Phishing because it uses a fake login page to give the victim a false sense of security. Or maybe just simply Aerial Data Snooping (ADS) Pls pardon my knowladge if its confusing im just starting my networking journy and im still going through the basics XD
Don't want to give anybody Ideas but if I had to do a pentest with a drone I would like you said use a smaller drone. But also, I wouldn't let the drone at the top of the building but rather use it as a transportation medium. Like carring a little box with power, lora, and a dev board to to what ever building you want. And if you are very fancy even a giro movement sensor that shorts the board if the box is moved.
i would use a bigger drone as smaller drone props are higher pitch and noise travels further, but yeah just rig it with a servo to disconnect the load, even ad a small solar panel if needed
@@llortaton2834 I don't get what you are saying, you must of misinterpreted what I said, I said I would use a drone with bigger propellers aka a bigger drone to haul the payload to the roof in which the load can be disconnected and the drone flown back to safety, I wouldn't call it a heavy load either when you'd really only need a raspberry pi or other pi or bone equivalent with a lora board and lipo or lipo bank and buck boost converters for the solar and the 5v dc
@@chri-k your not wrong there, you could probably set up a point to point 2.4 or 5ghz setup which would still be better than dropping a modem on the roof with a registered sim card
This sounds is kind of a DarkVishnya attack. May be call it Air Vishnya attack? Since the devices are not physically connected to a device on the network.
I would disguise the pi and batteries as a vent or something. Then drop the payload on the roof and bring the drone home. A small piece of tin would allow you to pick up with a magnet to remove payload.
One other things that drones might do is they might be carrying devices on them to do a mousejack attack. This can also work on keyboards too. What they would do is inject keystrokes through vulnerable receivers for Bluetooth mice and keyboards. They might could make it appear that you typed a command to download and run a file. Such file would be malware that has some sort of nefarious purpose. It can be anything, they might steal your login passwords and user names, encrypt your files or even take control of your computer or all three. They might even make your computer a part of a bot net that does things like DDOS attacks even. They might install crypto miners on the computer too. They could do a variety of bad things if they ever got into your computer in any way. Not all wireless keyboards and mice are vulnerable to that attack but search before you buy if it is a concern to you. I know if I lived in a place where my computer would be closer to other rooms or apartment units I would be a little bit more concerned about it. The fact is where I am the nearest person is 300 feet away. Some WiFi routers don't have a strong enough signal to be picked up that far away or at least provide a stable connection from such a distance.
What about "Drone-Own" ? Bet the company was like thanks for free drones. The hackers by using a specialist drone also because of low volume of the expensive might be traceable via its serial number..
I heard Hak5 was in Watch Dogs 2. Or their gear was at least, one or the other. But yea, hacker drones are pretty popular these days. And they're becoming smaller and more badass each year. Maybe I'll build me one for Xmas 😜
Hi Seytonic , great insight. I totally agree that drone-hacking can be a mouthful. I sure they'll come up some more befitting but I can only think of drioning (even though it has multitude of meanings including drone, male bee for mating and parasite ) and drone-swipe.
This seems like a really crude setup as the entire thing could have been done way more covertly and cheaply. The biggest issue i have with their setup is the 4G modem. If the surrounding area has for example a parking lot, i would just use a shorter range transmitter that would transmit the data to some device in a parked car which could either have the 4G modem or just be checked once in a while. The whole thing could have easily been strapped to a way smaller drone and if they took some time, they could also design their own and fit the electronics inside so that it would look less suspicious. Overall a pretty bad execution on the hackers side.
the reason they used mini laptop because it was the main device connected to company network where rpi just acted as 4lte gateway, so in practice they control rpi using reverse ssh then connect to min laptop , from laptop they connect to company network using wifi
Soon these drones will be monstrous and they’ll be used to take entire armored vehicles along with kidnapping joggers and preferably golfers, rich golfers.
Depending on weight, a couple solar cells could extend the project (hack) lifetime. Better yet, if the hack goes unnoticed, but you have drained your batteries, over several days it may provide enough to recharge the drone just enough to perform a recovery.
Naming this will depend a lot on how the tactics actually evolve. If you're doing simple reconnaissance ala old school war driving it would seem straight forward to call it war droning or a war droid. If you plan to fly hardware to a facility like this and abandon it then it becomes a Kamakazi drone as its sacrificed in the attack. Personally, and depending on hardware I might go with something like a Cyber-Pi, Borg-Pineapple or just an IG-88 attack. These being translated as a Cybermen-esk RPi driven attack, a Borg-esk drone carrying a Wifi Pineapple or simply an assassin drone ala IG-88. We can’t presume that all drones used for this will be airborne. At the company I work for we did an experiment where we essentially built the mouse droid form star wars controlled by ardupilot and slapped a company logo on the side. With this we were able to tailgate through security and enter a facility full of security minded people and get little more than curious glances. A smaller version built with knowledge of our facility could have gotten through without drawing any attention. The larger version could have housed all of the hardware used here, essentially enter through the front door and carried out the same attack. By just making this look like one of our potential company projects we were able to get through a lot of doors that would have otherwise been closed. When we explained to leadership that we didn’t even really need to get through those doors they started to get the point.
i think it is much smarter to use the drone to drop a smaller payload, move the drone somewhere where you can pick it up later, and only then start doing something.
@@chri-k That was closer to our V2 concept but with a ground based drone since an aerial approach would have drawn attention from our existing security. All the drone has to do is get the payload close enough access the wifi while preferably staying unnoticeable.
![fellow fellow - พรุ่งนี้ไม่มีใครรู้ feat. INK WARUNTORN [OFFICIAL MV]](http://i.ytimg.com/vi/QP6JyjYx_W0/mqdefault.jpg)
![F.HERO Ft. JSPKK x ลำไย ไหทองคำ x M-PEE - ไม่สนิทบิดหมด (Thai Riders Anthem) [Official MV]](http://i.ytimg.com/vi/kPJZ0UihBfk/mqdefault.jpg)
Sorry if the audio feels a bit rushed on this one, I'm recovering from dental surgery atm so it's a bit difficult to speak. But I had to get this video out, the topics were too interesting :)))
Get well soon
Don't worry it's alright. Get well soon
apt get well soon 😊
ITS OK I LOVE YOU DADDY
It sounds fine to me, almost no difference.
An idea for the drone attack could be "Drone nesting"
The drone will perch on a building and kind of make it its nest.
Especially if you you use multiple LOrA devices
How about "Roo(t)sting"?
This is it lol drone nesting
Yes please "drone nesting" sounds awesome
A smarter hacker would have just laid the egg and left.
Just one small thing, the Lora protocol definitely does not have a large enough bandwidth to transfer stolen data - Lora could be used to transfer user credentials, and for everything else a 4G module is necessary.
I used Lora and for long distances the bandwidth is ridiculously small, just for transferring a few bytes per second.
I was thinking, what about a directional wifi antenna stuck on top of the drone, dont those give pretty long range? Then you can point it at some router set up outside or something so your device can have wifi
Finally an arduino/stm32 nerd brotherein.
Then wouldn't the fastest solution use local storage and then just send the drone back? Ditching the drone on the roof of a corporate office building seems like a stupid move either way. You can store an arbitrary amount of data on fairly cheap storage that doesn't use a ton of power. You just have to get away before anyone notices you, but that's the case with pretty much any hack operation like this.
Lora would replace the modem for controlling the devices which would be performing the attacks from the attacked network over Wi-Fi after the first credentials were leaked then they could also find the data on other machines on the local network at that point which may have LAN connection and push the data up to the attackers backend even faster.
Lora for admin then stolen data physically on an sd card?
I'd call that drone attack a "Pi in the Sky" attack or something similar.
Wi-fi-pi-spy-fly-by?
@@stocktonjoans NO LMAO.. lets stick with pi in the sky
@@finnandmick845 I'll get my coat
How about Skynapple attack?
I prefer calling my method the "pi with a huge external battery in a USPS flat rate envelope that drives by a target and all the other futures targets AND gets shipped home attack."
Of course I mean that is what I would call it if I did do something like this.
It'd be interesting how companies would have to send someone to the roof to check for hacker drones.
Like, imagine going to the roof and finding a couple of drones with a bunch of hardware strapped to them.
scalp the hw and the drones.. yaay free stuff XD
I’ll do this for companies for a small fee but in exchange I get the stuff…
plot twist: it’s me, I’m the hacker
Nah jk lol
I guess you could use spikes (maybe electrified) like they use to stop birds landing on buildings or tangle wires like they have over prisons to stop helicopters and drones from landing
@@scarface3935 LMAO!!!!!!!!!!
everybody gangsta until they find a dron with a gun or taser strapped to it
For the drone case, I think a "Mosquito attack" would be a suitable name. The drone lands, siphons some data, and flies off again while also having the opportunity to leave some nasty viruses behind.
Edit: Grammar
Such a good name
That’s actually a perfect name
how about Mossie the slang for mosquito fighters in PS2
That's it, guys! "Mosquito attack" officially coined!
Commenting to boost. Very good name.
Ironically I made SpiPi - a quadcopter with a Pi running Kali and (especially Aircrack :) ) - as a Uni project for my degree over a decade ago...surprised it took this long to be "discovered"
yes it's such a simple idea, and 90% cheaper and easy to execute than finding a 0day to exploit
i am wondering why it hasn't been using... may be 4g modem can trace back to them??
This, i thought this was relatively known already
@@vaisakh_km I think one could get away with using a prepaid simcard, you can buy those in cash and you can probably register with some fake info or something.
@@vaisakh_km it probably is being used. Look at shellshock that shit was vulnerable for decades until it was officially found but I have a hard time believing it wasnt used before.
"Discovered" is Orwellian newspeak for somebody got caught. Dig deep enough and you will find hackers using stock RC planes 10+ years ago for sniffing networks. More up to date and closer to home in the UK there's been a couple of cases where Pirate radio operators have dropped transmitters onto tall but otherwise inaccessible roof tops.
Of course, these attacks are gonna get more sophisticated in the future. You told us all the ways to improve upon their flaws.
I like the term "fly by" attack.
Mmm bird analogies would work well honestly.
'stalking' for when the drone/attacker is staying within the area *of the victim itself* and is trying to find a good place to 'nest' while also trying to find an attack vector.
'Nesting' for when the drone is staying within the area *where the victim frequently tends to be* (work building, home, some coffee shop) and, after a vector has been found, optionally, 'littering'.
'littering' for when the drone is setting up devices ('litters') that can run independently from the drone's power, probably making multiple trips to carry the tools to nest so that the attack can be carried out without risking the drone and thus making finding the culprit all the more difficult.
As for the attack itself: 'swooping'
So in this case it'd be a simple 'swooping' attack where the drone only 'nested' and didn't 'litter'.
While if the drone *did* litter it would be a 'litter swooping' attack, as it'd be the litter carrying out the attack instead of the drone (so to speak).
This guy birds. Fantastic idea.
Some dude down there said Packet Perching
I like that. Just add Drone on the front and you are good.
Drone Stalking
Drone Nesting
Drone Littering *What these attackers didn't do*
Drone Swooping/Litter Swooping
The problem with using a Lora module is the bandwidth is so slow. And the range is line of sight. It's not often actually several kilometers. The 4g modem would have been much faster and allow the hackers to work from the comfort of their own homes.
It also adds a degree of traceability when discovered that you'll have to account for.
@@willstikken5619 yeah, definitely easier to follow Lora radio signal to source, then 4G
@@goranjosic I didn't propose Lora as a solution. I simply pointed out that, assuming they are using a paid service, there is an opsec risk to using a 4g service.
Great video.
The Hacker Drone operators must have been close to the office to land on the roof.
with a 4G modem you could have a 3rd party assemble and release these anywhere.
some drones can fly km's
I don't think you'd have to do that, just launch a few blocks away or something, land on the roof, then you are already established. I think the main thing though is how long you can keep the drone on the roof before it's charge becomes too low to fly back. So i imagine they'd wanna launch pretty close by to have as much battery on board as possible left for them to hang there longer
Drone attacks are going to revolve around remote connection to a device as if you were there, yet not. In that case, to make it hardware agnostic, the name of the attack should be a Poltergeist Attack, where you use a remote controlled malicious device to connect as if you were there. It doesn't just include drones, but can also include any device under your control you use remotely.
Ideally the drone didn't need to stay on the roof, they could have simply dropped a battery powered rig via the drone.
I think a simple name for attacks like this would be "Droning"
We did this with a Parrot drone in 2014 "Try and keep up " You seem like a blast from the past to me
Warflying. Also: Why the heck would you not strap a CAMERA or at the very least a motion sensor to the drone to detect humans? I can't imagine they wanted to lose those drones.
This is something I would've done, perhaps a script running on the pi to auto launch the drones off so you have a better chance of getting your equipment out automatically.
the drones come with cameras, they tried to fly away but due to skill issue they crashed
Packet Perching - the act of using a drone to physically pen test a facility remotely
If malware drones get popular enough, will we have to use physical anti-malware weapons?
"Blow that piece of junk OUT OF THE SKY!"
This represents a serious security threat.
I wonder if businesses will be allowed to secure their airspace in the future.
@@neighbor472 rsk 4 life
"What you are seeing is advanced warfare!"
the GPD, unless reported specifically as a miniature laptop was probably a typo of GPS since they may want to know when they're detected without using the drone's built-in GPS.
I think there's an unfortunate sociological problem here as well: landing on the top floor of the building (the only place that is likely unseen) means you're likely to be targeting the C-suite office, where users have escalated privileges. Security by obscurity is mocked, but should businesses rethink putting their most important credentials on the top floor? Will a new need for security guards to patrol or monitor roofs arise?
Drone hacker can be named Cuckoo attack because it's like laying it's trap right in the persons building
I wanna call it "Proxy nodding" or "nodeing" because I had an idea on attached a drone with such devices and use them to set up proxy nodes to further boast signal, or create a small web. This idea was for LoRa or "Meshtastic" communication only. Probably be good for directly breaking into places that rely on electronic security via wifi.
I'm from 2056 and this attack is commonly called "droning"
😂😂🤣
drones were always "here", therefore the title should've been "Cyber Criminals Caught Hacking With Drones"
Dronenado 666! The dirty drunk Lahey craziest drone in the world, plus tornado.
I've heard of drone attacks being called "Danger Drones" and "War flying"
okk now that's cool and doog< name
my man this is absolutely beautiful. being an engineering student who's pretty interested in particle physics and nuclear power i am stoked to try this
there was "drive by" attacks, now there's "fly by" attack
The drone attack method should obviously be called CloudStrike.
Skyhack sounds pretty cool. 'Nakatomi Plaza was subject to a skyhack"
Hacker drones have been in use for the last ten years now
The drone attack where they just leave them on site, should be called a "Dive bomb attack"
Yes.
I dunno man, "Wi-fi-pi-spy-fly-by" has got a ring to it
Why not just WI-SPY then?
both of the above
That sounds more like a Kamakazi or Stuka attack depending on whether you plan to retrieve the gear or not.
A name could be such a bird species that replace eggs from other birds with their own, like the Indigobird, Cowbird or Cuckoo.
So, a Cuckoo hack maybe? Fly in, replace the eggs, and let the non-suspecting parents hatch the horror.
3:52 seytonic making a "proof of consept" of this reminds me of the arduino rubber ducky he made.
I'd suggest "fly on the ceiling attack".
Automated aerial penetration vectors
Aapv👍
Thanks Man! I love your informational viedeos and sometimes the info you give even helps me on projects and on.
😂😂 Not monitoring the Bicoin transaction for multiple confirmations before releasing the decryption key is what makes this hack so human and hilarious😂😂
That drone attack should be called a "Mosquito Attack". Just like a mosquito, it lands on its victim and bites and sits there.
Wasp hack. It's a small flying drone that attacks often unprovolked and has a sting that can wound very deeply relative to it's size.
I think that the means in which the drone is used also matters. Wasp's would be any hack that is faciliated by a drone initially, but the drone is removed from the equation once the 'wasp' leaves after delivering the payload 'the venomous sting' and everything from thereon out can be done via the network or automation built into the malware like a virtual venom from the 'wasp'.
A different name is needed for attacks that the drone remains a longterm factor.
the GPD was a redundancy backup for their man on the inside, he would probably have been expected to intercept the drone incase of crash or deployment failure, they could access the GPD to re-establish a connection with the primary controller manually. They must not have gotten a chance to get to the roof with an alibi and thus the drone was discovered before it was recovered
Sky hack? Drop hack? Cuckoo’s nest? Someone else mentioned Drone Nesting which I quite like 😂
It already has a name. "Warflying" is similar to the old wardriving. The early version of this was don with actual helicopters.
Warflying (or driving, walking etc.) is not inherently an attack. Flying around merely collecting WiFi data like SSIDs, channels, coordinates etc. can be considered warflying. It's recon.
that's totally different
The drone attack can be called a wi-spy attack
Dracking sounds like it could be a good name for drone hacking
You should call the drone attack a File UFO Attack.
I'd like to suggest we use the term "Dracking" (Hacking through drones).
another guy suggested Drone Nesting, sounds a bit nicer
After seeing how it attacks I suggest maybe Arial Wireless Phishing (AWP).
Aerial because it uses a flying drone to get near its target.
Wireless because it is controlled remotely and uses a wireless access point to lure the victim.
Phishing because it uses a fake login page to give the victim a false sense of security.
Or maybe just simply
Aerial Data Snooping (ADS)
Pls pardon my knowladge if its confusing im just starting my networking journy and im still going through the basics XD
Only thing I can think of is these new attacks being a sort of "drive by drone attack"
The drone attack should be called “SkyScraping”
Pretty self explanatory 😂
Don't want to give anybody Ideas but if I had to do a pentest with a drone I would like you said use a smaller drone. But also, I wouldn't let the drone at the top of the building but rather use it as a transportation medium. Like carring a little box with power, lora, and a dev board to to what ever building you want. And if you are very fancy even a giro movement sensor that shorts the board if the box is moved.
i would use a bigger drone as smaller drone props are higher pitch and noise travels further, but yeah just rig it with a servo to disconnect the load, even ad a small solar panel if needed
@@llortaton2834 I don't get what you are saying, you must of misinterpreted what I said, I said I would use a drone with bigger propellers aka a bigger drone to haul the payload to the roof in which the load can be disconnected and the drone flown back to safety, I wouldn't call it a heavy load either when you'd really only need a raspberry pi or other pi or bone equivalent with a lora board and lipo or lipo bank and buck boost converters for the solar and the 5v dc
@@amb1u5 the problem is, if you are going to steal data, of which there is potentially gigabytes, LoRa is way too slow.
@@chri-k your not wrong there, you could probably set up a point to point 2.4 or 5ghz setup which would still be better than dropping a modem on the roof with a registered sim card
@@amb1u5
That doesn’t seem too efficient either, considering you would prefer to say undetected.
I would call this type of drone attack a Man-in-the-air attack.
The drone thing is interesting, maybe “Cuckoo Drone” or may just the generic “parasite drone”
Droning would be a neat name.
Past tense would be Droned of course.
This is obviously the opportune time to call it WAR-DRONING. Since it's so akin to war-driving. Who's with me!
WiFly attack?
Wi-fi-pi-spy-fly-by attack?
Yes, I like it! 😁
5:29 what about:
👉🏻Skyjack
As a name
From sky and hijack
As they are hijacking’s your stuff (AP, internal IP…etc)
This sounds is kind of a DarkVishnya attack.
May be call it Air Vishnya attack? Since the devices are not physically connected to a device on the network.
@4:56 Thanks for the ideas!
Since it was such a botched together job, how about Bumblebee Attack?
I love the little guys, but they're so bumbly!
I would disguise the pi and batteries as a vent or something. Then drop the payload on the roof and bring the drone home. A small piece of tin would allow you to pick up with a magnet to remove payload.
One other things that drones might do is they might be carrying devices on them to do a mousejack attack. This can also work on keyboards too. What they would do is inject keystrokes through vulnerable receivers for Bluetooth mice and keyboards. They might could make it appear that you typed a command to download and run a file. Such file would be malware that has some sort of nefarious purpose. It can be anything, they might steal your login passwords and user names, encrypt your files or even take control of your computer or all three. They might even make your computer a part of a bot net that does things like DDOS attacks even. They might install crypto miners on the computer too. They could do a variety of bad things if they ever got into your computer in any way. Not all wireless keyboards and mice are vulnerable to that attack but search before you buy if it is a concern to you. I know if I lived in a place where my computer would be closer to other rooms or apartment units I would be a little bit more concerned about it. The fact is where I am the nearest person is 300 feet away. Some WiFi routers don't have a strong enough signal to be picked up that far away or at least provide a stable connection from such a distance.
Yeah man, *Hacker Drone* ... I love the sound of that! ;D
"I'll use my hacker drone" hehehe, that sounds awesome!
What about "Drone-Own" ?
Bet the company was like thanks for free drones. The hackers by using a specialist drone also because of low volume of the expensive might be traceable via its serial number..
I can imagine them thinking of buying a third drone and strapping it with a powerful GPU to "crack the hashes" xD
You could call drone hacking "strafing", like a strafing run from air support, since like that, it's meant to fly in, do a job, and then leave.
I'm going to nickname it a Waluigi attack. The long name would be Wireless Aerial Attack. Shortened to WAA which is what Waluigi says.
They really should have released a small payload of hacking kit and then flown their drones out of there.
I heard Hak5 was in Watch Dogs 2. Or their gear was at least, one or the other. But yea, hacker drones are pretty popular these days. And they're becoming smaller and more badass each year. Maybe I'll build me one for Xmas 😜
Best name would be a "pi in the sky" attack or for the really cool "sky-pi"
Might as well add a camera to it so if anyone comes near the drone, it flies off.
We should call it an Ariel ambush attack
Love your work man!
Thanks my dude : )
considering most attacks follow the same naming scheme, maybe "Dracking"
Hi Seytonic , great insight. I totally agree that drone-hacking can be a mouthful. I sure they'll come up some more befitting but I can only think of drioning (even though it has multitude of meanings including drone, male bee for mating and parasite ) and drone-swipe.
call the drone attacks "SKY FISHING" or "BLACK WING ATTACK"
Droneware sounds like a fitting name
Well we had "drive by attacks" from cars so logically this is a "fly by attack"
A "WiFi fly by" attack perhaps. Maybe even "WiFly" for short.
Hacker drones should be called skynet attacks.
I am not trying to give ideas here
Le hacker taking notes
This seems like a really crude setup as the entire thing could have been done way more covertly and cheaply. The biggest issue i have with their setup is the 4G modem. If the surrounding area has for example a parking lot, i would just use a shorter range transmitter that would transmit the data to some device in a parked car which could either have the 4G modem or just be checked once in a while. The whole thing could have easily been strapped to a way smaller drone and if they took some time, they could also design their own and fit the electronics inside so that it would look less suspicious. Overall a pretty bad execution on the hackers side.
DNA - Drone Network Attack
Keep it simple and descriptive 😉
Airdrop attack, Skynet attack, ummm shooting the moon
An Idea for the name, A malicious drone can be called "Flyware".
Squidy -- like the flying squid hacker drones in the Matrix
the reason they used mini laptop because it was the main device connected to company network where rpi just acted as 4lte gateway, so in practice they control rpi using reverse ssh then connect to min laptop , from laptop they connect to company network using wifi
Soon these drones will be monstrous and they’ll be used to take entire armored vehicles along with kidnapping joggers and preferably golfers, rich golfers.
5:26 Dracking or Drocking
Scary. Imagine what a swarm can do.
awesome as always Seytonic its a pleasure ❤
Depending on weight, a couple solar cells could extend the project (hack) lifetime. Better yet, if the hack goes unnoticed, but you have drained your batteries, over several days it may provide enough to recharge the drone just enough to perform a recovery.
This is my thought too. A solar panel or two and you'd be way ahead. It would allow you to load up your batteries during weekends.
Thp has had em, they land in roofs above smart tvs and gather infor then leave , watched one hit all my neighbors
For the drone attack I would call it a Fly n' Spy attack
Naming this will depend a lot on how the tactics actually evolve.
If you're doing simple reconnaissance ala old school war driving it would seem straight forward to call it war droning or a war droid.
If you plan to fly hardware to a facility like this and abandon it then it becomes a Kamakazi drone as its sacrificed in the attack.
Personally, and depending on hardware I might go with something like a Cyber-Pi, Borg-Pineapple or just an IG-88 attack. These being translated as a Cybermen-esk RPi driven attack, a Borg-esk drone carrying a Wifi Pineapple or simply an assassin drone ala IG-88.
We can’t presume that all drones used for this will be airborne. At the company I work for we did an experiment where we essentially built the mouse droid form star wars controlled by ardupilot and slapped a company logo on the side. With this we were able to tailgate through security and enter a facility full of security minded people and get little more than curious glances. A smaller version built with knowledge of our facility could have gotten through without drawing any attention. The larger version could have housed all of the hardware used here, essentially enter through the front door and carried out the same attack.
By just making this look like one of our potential company projects we were able to get through a lot of doors that would have otherwise been closed. When we explained to leadership that we didn’t even really need to get through those doors they started to get the point.
i think it is much smarter to use the drone to drop a smaller payload, move the drone somewhere where you can pick it up later, and only then start doing something.
@@chri-k That was closer to our V2 concept but with a ground based drone since an aerial approach would have drawn attention from our existing security. All the drone has to do is get the payload close enough access the wifi while preferably staying unnoticeable.
wow, now that's a lot of name for same thing
someone suggested drone nesting and i think that fits most things
I knew somebody using a WiFi pineapple on a drone 2 years ago . Not new just newly discovered, even using captive portals .
I think we should call it
Airborne cyber intrusion drones
(Or A.C.I.D)
We should call the attack Getting Dr0wned