Blog

Top

Drone attacks. How can we fight back?

Sam Holt

Nov 01 2018

When writing on any subject, I like my articles to be read and understood by all, including professionals, and those who merely have a passing interest. This is why I'm going to try to drill down in this article to try and show the technology in its simplest terms, but also include some of the more complicated aspects.

UAVs (unmanned aerial vehicles) are currently being utilised more and more by criminals to commit crimes. There have been incidents where drones were used to fly contraband into prisons, flying narcotics over the border, or performed unauthorised surveillance on military or secret facilities.

Drones can be remotely controlled by a human pilot, or pre-programmed with a specific route and destination to make them truly automated.

There have been recent discussions about the possibility of weaponizing drones to carry bombs or airborne pathogens into highly populated places such as the Superbowl, or a target such as the White House or Parliament.


Dubai International airport has recently been the target of drone attacks - even though the situation has been shrouded in secrecy.

Drone analysis is a type of forensics which allows you to analyse information acquired from a drone which could show data such as the following:

  • Owner information
  • Mac address information (unique identifier)
  • Flight details (GPS location, altitude, speed) before, during and after flight
  • Video evidence (captured by the on board camera)
  • Data on the flight controller (mobile device or controller piloting the drone)
  • 'Home' location (Some drones have an auto return function)

All of this information is important when investigating a suspected drone related crime.

ISIS has threatened that its next terror attack will involve a small drone targeting the Eiffel Tower in France.

The terror organisation’s latest propaganda depicts a small drone flying near the Eiffel Tower and red crosshairs hovering over the Parisian landmark. According to a report from The Sun, the image was publicised by Muharir al-Ansar, an ISIS-affiliated media group. (October 24)

I have acquired a set of drone data, that I would like to analyse in this article, showing step by step the analysis of the drone journey and the functionality to use this as evidence.

The data that can be acquired from a captured drone can be quite complicated, so it's important to use a tool to parse the data from its CSV data dump into a more readable format. We are looking to isolate the important information into appropriate columns so that we can ingest the data into a review platform.

The tool I used to parse the original data dump is called Datcon. It's a free download available at https://datfile.net/DatCon/downloads.html. Datcon allows you to parse data files from the following popular brands such as Phantom 3, Phantom 4, Phantom 4 Pro, Inspire 1, Spark, and Mavic Pro drones.

Once Datcon is installed, the raw data dump from the drone can be imported into the program, set the options for the output, and a CSV file is output that we can use for further analysis.

This is what the output from the CSV file looks like when opened with Excel. This file shows data from all of the different parts of the drone. This is a large amount of data and shows everything including distance from home, latitude, longitude, number of satellites, internal bus clock, acceleration along the x,y,z axis, velocity, distance travelled, and many more.

The review platform I will be using is AccessData Quin-C. Quin-C allows you to import the data using custom columns for the different type of analysis we will be doing. The custom columns I will be creating are Altitude and interval (time) as Geo latitude and longitude already exist in Quin-C. The Quin-C widgets I will be using are the Coding panel, Spreadsheet, Maps, and Video.

One we have imported the data from the CSV into Quin-C, we can go ahead and allocate the different columns in the CSV to the custom columns we created within Quin-C.

This shows the 4 columns representing the data as imported into Quin-C.

Once the data is imported, we can represent this on the grid with timestamp according to each reported GPS location, this in turn allows us to overlay this onto a map.

So you can see here the data as overlaid on to a map. This allows us to have a visual representation of the drone and it's basic history on an easy to read interface. The section below shows the altitude of the drone at each step in its journey and interval marks (timeline) that can be played alongside the video to show all of the statistics and the corresponding evidence for the drone flight.

The data in this specific example shows the drone starting up and taking off, gaining altitude as it makes its journey across Christiansburg, VA, until it reaches interval:25, where the drone rapidly loses altitude as it was shot down. The altitude zero values along the graph show that the drone remains powered up and tracking GPS as it was transported in a vehicle for the remainder of its journey, and the last points available on the map before it was powered down can be seen.

drone footage from Sam Holt on Vimeo.

With all of the evidence that we can now place together, from the raw data for every moving part in the drone, overlaid on an easy top read map and graph, accompanied by the video taken from the sky, this makes for compounding evidence which could be used for prosecution or improving the data already in a case against the suspect.

I hope you enjoyed this article, it was a short piece of text showing how simple it can be to analyse the large amount of data a drone can output. It also showcases the ability of Quin-C to take data in a raw format and display it against values within a timeline or graph. For example, we could treat the data from an Apple Watch or Samsung Galaxy gear in the same manner, allowing us to track an individuals movements and overlay that data against other data acquired from the target such as email or WhatsApp data. This could show us the precise location an individual was standing in when an email was sent.

I don't have very much experience working with these types of datasets, but with technology advancing as quickly as it is, we are all learning on a day by day basis, and I try to keep up to date with the latest updates as they happen.

I wanted to say thanks to Keith Lockhart of AccessData for his help in making this article happen. Keith is a technology evangelist and has great passion and energy for new and evolving technology.

I hope you have some questions about this or any of my other articles. Please feel free to post them below. Give this article a 'Like' if you enjoyed it.

(Names, locations, data may have been changed in this article for demonstrative purposes)

This blog post originally appeared on Sam Holt’s personal LinkedIn page. Read it here.

About the author:
Sam Holt is a Senior International Engineer at AccessData and compliance champion, authoring papers on GDPR, ISO27001, PCI-DSS, and writing privacy and IT policies to adhere and comply.

###

Contact us today to learn more about our products and our
approach to improving how you collect, analyze and use data.
Tell Me More