Lawfare Drone Smackdown

Did the Secret Service Watch the Lawfare Drone Smackdown?

By Benjamin Wittes
Tuesday, January 27, 2015, 2:07 PM

Over at Defense One, Patrick Tucker has an interesting article headlined: "Did the White House Use Drone Killing Technology?" It opens:

At about 3 a.m. on Monday morning, a small quadcopter drone, or unmanned aerial vehicle, crashed on the White House lawn. White House officials said that the drone, by itself, was unarmed and didn’t represent a threat. Authorities quickly located the owner, a government employee, who has managed (so far at least) to convince the Secret Service that he made an innocent mistake flying his drone outside of the White House in the wee hours of the morning.

The White House won’t comment on whether or not they took any special steps to bring down the small UAV. But the White House may have employed the same anti-drone technology that the military is trying to perfect to protect ships and planes from future drone swarms. There are plenty of ways to knock a drone out of the sky, everything from surface to air missiles to hunter-killer robots to, yes, lasers. But for a cheap off-the-shelf drones operating off a simple radio or Wi-Fi signal, the best method is simple jamming.

Tucker later goes on to say that "Reports suggest that the drone seems to have crashed on its own, begging the question, is the White House equipped with an off-the-shelf drone jamming kit? If not, why not?"

I have a wee little bit of experience with taking down drones using signal jamming, as folks who remember the Lawfare Drone Smackdown may recall.

The drone smackdown, for those who don't remember, was a friendly competition of drones we put together in September 2012 as an experiment with the proliferation of powers of attack to the individual level. The drones fought one another in individual dogfights. My team won using a variety of crude cyber attacks on the other drones. One of those attacks involved wifi jamming, which turned out to be really easy to do. Here's how I described it at the time:

Attack #3: Buying Time with a Handy WiFi Jamming Approach

I was concerned about [my other attacks], because—while lethal—they left gaps. . . . We needed an attack we could deploy very quickly and which would hold off an opponent drone while we attacked it, finished off another drone, or simply regrouped and figured out what to do.

I went on YouTube and Google looking for information about WiFi jamming. I figured that there simply had to be, somewhere on the market, a cheap product (under $200) that could jam a WiFi network. In fact, I learned, I already owned such a product: An old Android phone I no longer used. This Handy YouTube video claimed I could turn it into a WiFi jamming device and promised I could use it to clear out a Starbucks by making its WiFi network unusable (I haven’t tried that, and you shouldn’t either. It’s surely illegal.):

The 14-year-old accomplice and I tried it, and it did not disappoint. Connect the Android phone configured as this video suggests to a drone’s WiFi network, and the channel ceases to function within ten seconds or so. The drone automatically goes into hover mode, and the user is left wondering what has happened and how he has lost control. We reasoned that this attack, which is very hard to defend against and which comes on very quickly, can be used to stun a drone that is attacking, to disable one drone while we attacked another with [our other attacks] or to stun a drone that is password protected while we try to finish it off with a physical attack.

The attack has additional benefits. Even when the 14-year-old accomplice turns off the jamming . . . the user usually still has to disconnect from the channel and then reconnect in order to reestablish control over the drone. Sometimes, we found to our delight, doing so causes the drone to ground itself---meaning that the attack could sometimes be more lethal than we originally understood.

But this attack too has its weaknesses. For one thing, it is not a kill. For another, while we could deploy it very quickly, it’s not 100 percent reliable. Sometimes, we found as we tested it, the user could regain control of the drone, despite the jamming. Sometimes, control would flit in and out. We came to think of it as a great emergency measure—and potentially crucial in a three-way dogfight or in situation in which pairing is on—but more of a stopgap measure to buy ourselves time than our best initial attack. We also found that we could use it while implementing [a different attack]—most of which involves configuring one’s own computer to spoof an iPhone and requires relatively little actual communication with the drone itself.

Here is a video of the 14-year-old accomplice demonstrating and explaining the WiFi jamming attack:

One additional note about this attack: We remained entirely vulnerable to it throughout the Smackdown. As noted above, there are ways to secure the WiFi channel the drone uses and to encrypt its communications with its control module. But this is beyond me. So the way we fought, it was plausible that we might end up with a Drone Smackdown stalemate in which both combatants simply jammed the other’s WiFi signal—thereby preventing either from controlling their drones. We all live with risk, and Operation Stux2bu swallowed this risk. If Alice Beauheim figured out the WiFi jamming attack, we’d have to call it a draw.

WiFi jamming was key to our initial victory against Paul Rosenzweig and we used it again when, in the middle of the final round, John Procter sent his drone careening into the field of battle. In both cases, it performed exceptionally well—causing almost instantly a total lack of control over the drone from which our opponents did not recover.

I would assume that the Secret Service has something more than an old Android phone protecting the White House from small drones. If not, the agency is free to borrow mine any time. The 14-year-old accomplice, now 16, would be happy, I am sure, to train agents in its use.