 My name is Dark Skies. We run the Drone and Robotics Hacking Village here at DEF CON. We've been here for five years, started with the Skyjacker builds for Wi-Fi, hacking from the sky for red teams, and kind of evolved into a full village last year. So thank you for your interest in the drone and robotics industry and some of the new threats. This one is a swarm, next generation threat by RIS security. Thanks guys. How's everybody doing? My name is Jeff Parisi and standing next to me is Ryan Schofeld. He's the CEO of RIS Securities. We're a security company whose clients include stadiums, casinos, large tech firms, large cannabis installations. And we're here today to bring some of our experience in the real world with working with police and using drone mitigation detection techniques and public venues. I'll have Ryan talk a little bit about the company and then I'll come back with some case studies and talk about what we're doing. Thanks. Good morning. So the presentation Jeff's going to give primarily is somewhat technical and he'll talk about some specific technologies for swarming. I think the point of the swarm is that it's a high tech version of an old school attack from the standpoint of overloading resources all at once and the folks having to decide which threat they're going to go after first. This is something that we've seen in practice already today and something that we're working with firms globally now on their drone detection and mitigation strategies to see how it can best fit into our use cases which are primarily private sector. One of the things that we work with it you are all probably familiar with is the evolution of the small Linux computer and how penetration tools can now be lofted by small drones. When we first brought this specter up to some of our clients the immediate counter was well those batteries only last for a half hour or less and cracking is a factor of computational power and time. So how's 15 minutes really going to dig any information out of our network doesn't work that way. What we're seeing is that the drones use a very small portion of their flight battery power to get to the roof and then land there and stay there. Then the drone is left for a few days where it uses penetration software to discover passwords and then the operator comes back days later and retrieves the drone with a short quarter mile flight. So the battery power objection is not really valid from what we're seeing. We're also seeing Linux computers get smaller smaller faster faster. I think the teensy well the teensy four is not a Linux computer but it's incredibly fast. Microcontroller is just released yesterday running at 700 megahertz the RPI the Raspberry Pi four again faster faster. So one of the things that we're doing at RIS is investigating rooftop leakage. Security firms often perform perimeter tests for Wi-Fi signals. One of the areas that is overlooked often is the rooftop so that's becoming more important in our business. The other thing that's we're seeing as an evolution is the rise of the small drone or the non DJI drone. In previous in previous presentations we've referred these to these as racing drones. And one of the things that RIS does not want to do is impune or damage or malign the drone racing community. Because drone racing is a fantastic sports a fantastic hobby. It's a fantastic evolution of video games and technology. It gets people out of the house on the field teaches them how to solder build and repair. So drone racing is something that that we support fully as as a positive use of small drones but at the same time individuals that are seeking to gain an advantage are realizing that smaller drones are harder to detect through current detection methods. Especially since most current detection methods are focusing on the DJI product and focusing on the signals that are coming from the DJI product. Here is probably the most salient point of this discussion here right now and something I hope you all take back with you is that currently most if not all drone mitigation techniques are focused on the drone. We call them drone mitigation techniques. What we're finding in the field in law enforcement or working with law enforcement is that the drone is not the priority. The operator is the priority. The drone cannot be arrested prosecuted et cetera et cetera et cetera whereas the operator can. Also the once the drone is in the air and sending signals the first phase of flight has been completed. That is the the pre check to take off and advanced altitude. Well by that time the drone is on its way to do whatever it's to do. Drop leaflets at a baseball stadium who knows what we think is that if the industry were to develop SDR technology to determine to detect transmitters we would have a jump on that process. In other words as soon as a transmitter went on and the transmitters through RF is classified or characterized and then its position triangulated we'd have a much better chance at interdicting a malicious operator. There is no such thing as a malicious drone. It's a malicious operator. The photographs you see here are one was taken in Turkey in late 2017. The other was taken in Mexico also in late 2017. Both showing smaller drones than a phantom or an inspire or some of the larger DJI products being used to deliver small explosives. Both these drones were interdicted before they blew up. The other thing we're noticing is a trend towards high power systems. In the United States drone flights are allowed to visual line of sight whatever that means to whatever individual for me a drone about this big maybe a quarter mile maybe a half mile if I fudge it that's my line of sight. However the FAA and other governing bodies are interpreting line of sight a little differently. These products shown here these three products are add-ons to most radio transmitters. These add-ons then shift the frequency the 2.400 milliwatt frequency to a 900 megahertz higher power frequency. In fact all the units shown here are using a one watt of power. What this means is is a shift from the 2.4 band to to the ISM band the industrial scientific medical band and what some people in the FCC see as a exploitation of certain laws or loopholes and laws regarding power levels. The other thing that our industry is becoming aware of and becoming more concerned with is the advent of ready-made command and control and FPV systems. The particular system that you're seeing here was announced about a week ago from a major manufacturer and it gives the ability for any drone builder to place a command and control and FPV system on a drone. This particular company markets their product to the drone racing community. As a long time drone racer I competed at the first nationals in 2015 in Sacramento. I can tell you that digital systems usually fail the drone racer and that is because digital static, and you've all seen it, you all know what I'm talking about, distorts space and time. Packets or visual blocks of information hit the screen at wrong time and wrong place. Analog static is quite different. Analog static you have a clear picture and then it becomes fuzzy over time. But the placement of objects in that picture and the time at which they appear in the camera do not change so it's very possible for a pilot to fly through analog static. And that's why analog systems are generally preferred for racing. This system is marketed as a long range system which is also not really applicable for drone racing. Most league racing takes place within a baseball park or a football field. So the ability to fly 2.5 miles as advertised is not something a drone racer would particularly want to buy. So it's very questionable to me about products like this that are hitting the market. And on the nefarious side it's basically a swarm in a box. If one were able to purchase five or six of these one could then mount them to one's homemade bomb carrying or leaflet dropping drone and have a very capable system without much work. This system was also tested by rotor riot at 1.5 miles at ground level. As many of you already know drone detection be it with radar be it optical be it with other means is thwarted when a drone becomes close to the ground. It's hard to detect, hard to see. So this metric of 1.5 miles at ground level is important to our industry because it shows a capability that many of our clients fear. I'm going to move on quickly to questions and answers but before I do I just want to bring up drone detection again. Again drone detection right now is usually done through software defined radios sniffing out packets from known manufacturers and determining home positions of a pilot based on the packing information that's flying by. And that allows a home position to be determined whether or not the operator is still at that position we don't know. Now I'll start with the case study. A couple of months ago a redondo beach put on their annual beach life festival is a three day beach festival that culminated with Jason Mraz and Willie Nelson. It took place on two different stages or about 8 to 10,000 people per day for three days. The redondo beach police and other local police wanted to get a persistent drone in the sky to manage medical emergencies and also to detect and possibly mitigate rogue drones or drones that were not authorized to fly over that concert. We used an available drone detection system and that had mitigation capability the ability to repair with the drone and feed it its own instructions so it landed in a quarantine area. However we never got to use that as we thought we would and here's why. When we had a persistent view of the concert and the ability to detect drones that took off we were very able, we were very quickly able to relay that person from workstation to workstation to workstation. That is the drone company that was doing the VO, the drone company that was doing the detection and mitigation and the police command module where the police and their big screen were. So once we detected the drone it was very simple to ask the drone operator, hey we've got a drone over in this area, can you go look. Within seconds the drone VO was able to see where the drone operator was. We were then able to make a visual identification and usually it was the shadow of the transmitter that gave him off. Because we were able to see the shadow and see the hands on the stick. With that information the police and the command center were watching on the same screen we were and they were able to direct rolling units to go out and have a friendly talk with the drone operator to please land, put it in the trunk and come back and have a great time at the concert. Redondo Beach chose wisely so a soft approach and that's what happened all day long. A road drone would take off, we would be alerted of its home location, our visual observers were able to confirm where the operator was and they were able to send friendly police to tell them to back it up and enjoy the concert. So what that tells me, working with clients that have stadiums that protect concerts that have data centers, our clients, they're not really interested in the drone. They're not interested in detecting it, mitigating it. In fact many see the mitigation of a drone as a liability because once one takes over an aircraft then whatever happens to that aircraft and the people it lands on or crashes into becomes the responsibility of the takeover agent. So a lot of our clients say we don't want to mitigate a drone for that reason and others. So what the industry is lacking, here's where your should pick up, what the industry is lacking is a method of old school radio triangulation coupled with packet identification and analysis. Because if one, let's say one of our clients, a data center, we would be able to install fixed SDRs at several locations. These SDRs would be listening and waiting for a signal of a particular frequency, particular strength and would analyze the public portions of the packets to make an identification. Hey, is this a radio transmitter? Could this be controlling a drone? Then those fixed SDRs would be able to quickly triangulate where that operator signal is coming from, allowing automatic cameras to be focused, allowing security guards to be dispatched and that's the way we see mitigation. This industry lacks operator mitigation, operator detection. Those should be the keywords that you take away from this conference. The concept of drone mitigation and detection is actually becoming old school and we're seeing in the field that's not what we need, it's not what our customers need. So with that, I'd like to turn it over to questions. I'll field any technical questions and questions about security in the security industry. I'll hand over to Ryan. Oh, come on, I got my badge on and everything. One question. How much does it cost? Very good question. The question was, typically, do the drone operators we encounter understand the RF physics of electromagnetic radiation fall off distance? No, what they do, for the most part, is they rely on YouTube range tests. So there are great many people that are into unboxing of products and one of the first things one does when one unbox a product on YouTube is then start the range test process. I brought up a minute ago a group called Rotor Riot. Rotor Riot is a group of freestyle drone pilots who have a YouTube channel and now a company. But one of the first things they do is they range test products. That's how we know this command and control and FPV system can do a mile and a half at the ground because of open source testing. So to answer your question, no. Most of the people are relying on consumer off the shelf technology to help them obtain a goal. Whether that goal is buzzing a theme park or dropping leaflets in a stadium, which is really the threat that we experience here domestically. Explosives and bombs, I'm sure someday that'll happen, but that's not what we're seeing domestically right now. Another question. Yes, sir. The question was, what common protocols are used for controlling drones? Well, when one seeks to answer that question, one needs to start looking at market share and who builds the market share. And that would be DJI. DJI has two proprietary protocols, one called Ocusync and one called Lightbridge. Also, command and control is getting really fuzzy right now because there are companies that are coming out with proprietary command and control. So the classic radio control with the 20 millisecond frame, PPM, transmission over FM, that's becoming less popular as people move off of the crowded 2.4 to gain more range. And really, the reason one wants more range is to see something farther away or to do something farther away. Got you. The typical misuser of drone technology is either a rogue, single individual with an agenda such as the person that was dropping leaflets at stadiums turned out to be the same person was caught, prosecuted. Or the person who is unfamiliar through whatever means or reasons or social construct unfamiliar with the rules of flying their drone and do things that are considered to be trespassing unwillingly or unwittingly. For example, the theme parks are attractive nuisances. We have several theme parks as clients and the attraction of flying around a theme park is tremendous. So the people that are doing that are not doing it for evil nefarious reasons, they're just not aware of the potential problems that can be caused by it. So I don't think they're bad or evil people. In fact, our theme park also, the theme park that I'm thinking of also has a soft policy that's basically, hey, it came all this way to California to see this great place. Put the drone back in the trunk and join your family and have a great afternoon. So those are the type of people generally that we see. However, trends change, threats mature. There are some indications that there has been domestic escalations yet not successful of drone technology. So yeah, it's mostly the knucklehead to answer your question. Yes, sir. The question was, I had stated that our clients aren't necessarily interested in drone mitigation, but what about the stadium? What about a stadium that detects a drone coming at them at rapid speed? In that case, they would want to investigate and look at mitigation. But then again, there's a cost-benefit analysis that needs to go into that particular client. There is no league support in the NFL or major league baseball yet. So it's left up to the plant owner, the site owner, to protect that site. So a person that owns a stadium has to look at only amortizing the cost of a half-million-dollar system over game days. And that math doesn't really work out. So there are a lot of clients that would love to have the mitigation option. But the mitigation option, I'm speaking non-kinetic because kinetic mitigation is a non-starter domestically. Kinetic mitigation is not going to happen in this country. There's too many other good options. So the cost for electronic mitigation has to be amortized somehow. And a lot of clients in the entertainment industry, which is periodic, have trouble amortizing that cost. Also, the Department of Homeland Security is making waves that they wish to be the regulatory body that certifies the installation of counter-aircraft systems. That's the new term that they're using because it gives them a little bit more weight. So right now, mitigation is a very touchy subject because there are title 15 laws, telecommunication laws that are in play. There is the cost and need that's at play. But mitigation, in my mind, needs to be a part of the drone protection matrix. It's just a real tough sell right now. Anybody else? Yes. Are we at the horizon of swarm drones? Yes, we are. And the first indication of that would be the Border Patrol incident of about six months ago. Where more than one drone was used to buzz a Border Patrol installation and interfere with their work. So I think anybody that takes cues from the military knows that the military is investigating swarm aggression very heavily. And the reasons are obvious. There's even a Gerald Butler movie coming out this summer that features drone swarm attacks. There's even a fake TED talk where they talk about drone swarm attacks. So the concept and idea has firmly been planted in everybody's mind. And now we're seeing that tools are arriving to accomplish those goals. And that's what bothers us in the security business. Yes. The question was, if you're ringing your property with SDRs, how could one detect threats from without the property? Well, radio triangulation works in such a way where if you had three SDRs on the perimeter of your property, each one has a 360-degree area of reception. So that would be the 180 degrees of that circle would be on your property, 180 degrees would be looking out. And certainly any detection system needs to look beyond one's property line and also make determinations on intent by direction. So if you detect an object with a detection system, okay, so somebody's flying a drone, big deal. But if that drone is flying at 35 miles an hour on a vector straight towards your most important asset, then that raises the concern level. If it maintains that course and approaches the perimeter of your property, that's a threat. Do we have any airport clients? No, not right now. There's a division of the FAA called the Office of Airports Standards, Airports Something and Standards. And they're actually taking a step back with DHS to define what is an applicable airport system. The reason for that is because airports are full of radio frequency, common from everybody going everywhere. But we are working with some airport community people to, not anyone, particular airport, but airports in general. Yes, sir. How do you tell civil use from threat? Right now, only analysis of a drone's actions can help a person determine whether that drone is a threat. But there are going to be airspace registration systems put into place. Lance, how's it pronounced, L-A-N-N-C-E? Yeah, yeah, okay. So that system would be your protection as a commercial operator. In the case of the stadiums or in the case of the concert, there were drones there that were there legitimately to film the concert. Well, those were simply placed on a whitelist. So when their identifier was detected, it was simply ignored. So whitelisting would help you if you went to a ballgame to do professional work, where there was a local mitigation detection system. I think an FAA country-wide registration system or notification system like some that are being considered is going to be your friend. Right, actually what he's talking about is ADS-B. ADS-B is a second level airplane transponder. ADS-B on an airplane broadcast its position. But the receivers are micromanager, literally size of my thumb. So now drones can be equipped with an ADS-B receiver and would be able to detect any manned aircraft and avoid them. In fact, ADS-B is mandatory in all manned aircraft by 2020, January 1, so we're rapidly coming on it. And so there are some manufacturers, namely the Pixhawk family of autopilots, has already adopted ADS-B into their infrastructure. So any Pixhawk equipped drone is already going to be looking out in the sky for conflict and de-conflicting automatically. So yes, sir. And that's not the intent of the FAA. The intent of the FAA was for all manned aircraft to have it, even if you're in a kite with a propeller. And it's in the best interest of any manned vehicle to report their position in 2020 and beyond. Because the skies are going to be increasingly filled with unmanned aircraft. And for a manned aircraft to eschew something that may save their lives because of a regulation loophole seems like maybe they shouldn't be a pilot after all. But that's just my personal opinion. More questions? Anything about tech security? Well, I just want to thank, I'm sorry, I want to thank Drone Wars for inviting us here. It's been fascinating seeing all the activity that's going on outside. It's been wonderful talking to you. Ryan and I will be here for a couple more hours helping out. And if any of you have any questions, want to talk to us personally, please come up and thank you very much. I appreciate your attention.