Drones have become cheaper, accessible, simple to operate, powerful, silent and easily programmable in last few years leading to cybercriminals using it for cybercrimes. A drone is a small flying machine that can be used for various positive purposes such as aerial photography, fun, search and rescue operations, crop spraying, livestock management and many more. Drones are operated by remote control or through a mobile app. Drones are often called UAVs (unmanned aerial vehicles) or UAS (unmanned aerial systems).
From a cybercriminal perspective, drones are an ideal tool to carry out malicious attacks because they generally provide a greater layer of separation between the bad actor, the aircraft itself, and the actions executed. Drone along with Raspberry Pi (small single-board computer), camera, mobile battery, memory card and a wireless router with infrared emitter is all that is needed to commit most of the cyber crimes like hacking, man in the middle attack(listen to the data traffic), voyeurism and sextortion(cyber blackmail).
How are drones used for cybercrimes :-
- Cybercriminals use a hacking technique call “Mousejacking”, where the drones use the vulnerabilities or exploits available in the wireless adaptors and the wireless mouse and keyboards which many people use a lot nowadays. They make the drones near your office or home, where you use your computer with wireless mouse/keyboard. Then the equipment on drone make a connection to the computer through unsecured wireless adaptor and then transfer a very small program and get it installed on the computer, which takes a second or two which the victim hardly notices. Once Installed that computer opens a backdoor channel to hackers to access data via man in the middle attack.
- Cybercriminals make drone fly over private areas like bedroom or bathroom and take video or photos of the people or activity inside without them knowing about it and then the criminals use this for sextorting(had written and article on sextortion before) or blackmailing the victims.
How to protect oneself from these cybercrimes:-
- Best option is to avoid all sorts of wireless devices to connect to computer and move back to wired devices.
- Use only wireless devices which send only encryted data and wireless adaptor which uses some form of authentication.
- Install good antivirus and firewall software to monitor installations and data transfer.
- Keep your operating system, application software allways updated with latest security patches or updates.
- Always lock or hibernate your computer when you move away from it.
- Limit the number of devices that can connect to the computer to known devices.
- Cover your bathroom and bedroom windows with curtains.
If you are victim of such cybercrime :-
Immediately call 1930 cyber helpline number or file a complaint at cybercrime.gov.in. Change your passwords/pins of your banking accounts, email, social media and any other accounts you feel are important as they may have been compromised by now. Run antivirus and malware scan on your computer device, better is backup and format or factory reset your computing device. Don’t be afraid, discuss the first threat of sextortion/blackmail with your confidant or police and discuss on the steps to take next.
Remedies available to victim legally(India) :-
Lodge a complaint at nearby cyber or regular police station under :
Sextortion is a punishable offence by law and attracts Section 108(1)(i)(a) of Criminal Procedure Code(CrPC), section 354(C) 354 (D), 383, 384, 503, 506, 507, 509 of Indian Penal Code (IPC), and Sec.67 of Information Technology Act 2000/2008 is also applicable.
Data Theft, destruction and criminal tress pass is dealt by IPC sections 378, 424, 425 & 441 and IT Act Sections 43, 66, 66C, 66D & 66E.
Section 108(1)(i)(a) of the Criminal Procedure Code empowers the victim to call the magistrate of her locality and inform him/her about the person whom she believes could circulate any obscene matter. The magistrate has the power to detain such person(s) and can order him to sign a bond to stop him from circulating the material. This might deter the accused. This is a quick remedial section because the victim can lodge the complaint with the magistrate without any direct evidence against the accused.
IPC Section 354(C) deals with Voyeurism, 354(D) deals with Stalking, 378 deals with Theft, 383 & 384 deals with Extortion and punishment for extortion, 424 for extracting data illegally, 425 deals with destruction of property including digital properties,441 with criminal trespass, 503 – 509 deals with criminal intimidation.
Section 43 (Penalty and compensation for damage to computer, computer system, etc), section 66 (punishment for computer related offences – a person committing data theft, transmitting virus into a system, destroying data, hacking, or denying access to the computer or network to an authorized person )section 66C(which prescribes penalties for identity theft and states that anyone who fraudulently or dishonestly uses a person’s identity information) and Section 66D (punishment for fraud by impersonation using computer resources), Section 66E(Violation of privacy) and Section 67 for punishment for publishing or transmitting obscene material in electronic form in the Information Technology Act.
If you find this useful, please like it and share, also if you have any questions or topics you want me to cover please add them in the comments section.