dana liebelson

Dana Liebelson

Reporter

Dana Liebelson is a reporter in Mother Jones' Washington bureau. Her work also appears in Marie Claire and The Week. In her free time, she plays electric violin and bass in a punk band.

Get my RSS |

Advertise on MotherJones.com

Now There's a Zombie Drone That Hunts, Controls, and Kills Other Drones

| Fri Dec. 6, 2013 11:50 AM EST

When 27-year-old Samy Kamkar—a security researcher who famously made one million Myspace friends in a single day—heard the announcement on Sunday that Amazon was planning to start delivering packages via drone in 2015, he had an idea. He knew that whenever new technology, like drones, becomes popular quickly, there are bound to be security flaws. And he claims that he found one within 24 hours and promptly exploited it: America, meet the zombie drone that Kamkar says hunts, hacks, and takes over nearby drones. With enough hacks, a user can allegedly control an entire zombie drone army capable of flying in any direction, taking video of your house, or committing mass drone-suicide. 

"I've been playing with drones for a few years," Kamkar, who is based in Los Angeles, tells Mother Jones. "I'm sure that with most of the drones out there, if you scrutinize the security, you'll find some kind of vulnerability." Kamkar says that the Amazon announcement was an opportunity to point out that drone security has room for improvement. 

Kamkar's hack, also known as "Skyjack," was performed on a Parrot AR Drone 2 (More than 500,000 Parrot drones have been sold since 2010, and it's been used to help collected flight data for the European Space Agency.) It's unknown what kind of drone Amazon will end up using, but these drones have high-definition photo and video, a flying range of about 165 feet, and can be controlled using an iPhone or an iPad. Kamkar equipped his drone with a battery, a wireless transmitter, and a Raspberry Pi computer—the total of which costs about $400, including the drone. Then, he wrote software (which he made available on the open-source website GitHub, for anyone to use) that he says allows his drone to find wireless signals of other Parrot drones in the area and disconnect the wireless connection of another drone's original user, giving Kamkar—or any user with the software—control over both drones. The drones can even be forced to self-deactivate and drop out of the sky. "How fun would it be to take over drones carrying Amazon packages…or take over any other drones, and make them my little zombie drones. Awesome," writes Kamkar. 

Parrot did not respond to request for comment, but the BBC notes that, "experts said Parrot appeared to have ignored well-known guidelines" to prevent this kind of hack. Christopher Budd, a threat communications manager for Trend Micro, a data security company, tells Mother Jones that "reading what he's got, on the face of it, it certainly sounds like a plausible proof-of-concept" but says Parrot still needs to validate it. 

Here's a video:

So does this mean that your Amazon blender will be attacked by a hoard of hungry zombie drones? Not necessarily: "Amazon would be able to make drones that are immune to this," Kamkar tells Mother Jones, claiming that the Parrot Drone's wi-fi system is not fully encrypted, which is a security measure that Amazon would be likely to take. (Amazon did not respond to Mother Jones request for comment.) "I just want people to be concerned enough that it forces these drone makers to take an additional look at them. When you have enough people scrutinizing technology, you're going to have added security and added attention, and that's the benefit."

That's certainly how companies have responded to Kamkar's hacks before: After he crippled Myspace in 2005 using what some called the fastest spreading virus up to that point—(he was arrested and convicted under California penal code, and Kamkar says, "community service was a blast!")—Myspace revamped its security procedures. Still, even if Amazon manages to fend off the zombie drones, it faces other obstacles—including states that have banned drones, potential collisions in urban areas, and major privacy concerns. 

"Drones are an impressive piece of technology and part of me is super excited whenever I get it outside and fly it around," Kamkar says. "But part of me is a little fearful." 

5 Shocking New Revelations on NSA Cellphone Tracking

| Wed Dec. 4, 2013 7:01 PM EST

Not a month goes by without former National Security Agency contractor Edward Snowden, unleashing new government surveillance allegations, but on Wednesday, the Washington Post dropped a bombshell: The NSA is tracking cellphones around the world at a rate of almost five billion records per day. This revelation is particularly shocking because it affirms fears that the government is keeping tabs on the physical location of Americans. The newspaper notes that in terms of potential impact on privacy, the location-tracking report may be "unsurpassed." Here's five things you need to know from the mind-boggling new report: 

1. The NSA can find you in a hotel and can probably tell if you're having an affair: 

Cellphones broadcast location data to towers even when they're not being used or the GPS is turned off. The NSA gets cellphone location data by "tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones." This allows the agency to keep tabs on someone, even if he or she travels abroad with a cellphone, "into confidential business meetings or personal visits to medical facilities, hotel rooms, private homes and other traditionally protected spaces." Once the NSA has that information, it can use it to figure out who a person is visiting, where, and how often.  

2. Americans are definitely being tracked, but providing the exact number is "awkward:"

Like other programs revealed by Snowden, this one is intended for foreign intelligence but nonetheless collects Americans' data, allegedly by accident. The Snowden documents do not reveal how many Americans are targeted at home and abroad. Intelligence officials told the paper that the agency can't calculate how many, and "it's awkward for us to try to provide any specific numbers." (Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, confirmed to the Post that information isn't collected in bulk on cellphones in the United States "intentionally.") 

3. All the collected location data wouldn't fit in the Library of Congress: 

From the Post: "27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection."

4. Don't bother trying to hide. The NSA knows if you're trying to avoid them: 

From the Post: "Like encryption and anonymity tools online, which are used by dissidents, journalists and terrorists alike, security-minded behavior — using disposable cellphones and switching them on only long enough to make brief calls — marks a user for special scrutiny...for example, when a new telephone connects to a cell tower soon after another nearby device is used for the last time.​" And Chris Soghoian, principal technologist at the American Civil Liberties Union, told the Post that "the only way to hide your location is to disconnect from our modern communication system and live in a cave."

5. And you don't need to be a suspect to be targeted: 

This is the big one—"A central feature of each of these tools is that they do not rely on knowing a particular target in advance, or even suspecting one. They operate on the full universe of data in the NSA’s [repository] which stores trillions of metadata records, of which a large but unknown fraction include locations," wrote the Post. An intelligence lawyer said that the data collection is not covered by the Fourth Amendment, which outlaws unreasonable searches and seizures.​ 

Read the full report. 

 

Why America Isn't Ready for Amazon's Delivery Drones

| Mon Dec. 2, 2013 5:55 PM EST

"It looks like science fiction, but it's real." That's how Amazon, the online retailing giant, describes its new plan to deliver blenders, spice racks, and sex toys in 30 minutes or less via drone. On Sunday, CEO Jeff Bezos announced that his company is in the process of testing these new delivery drones and aims to have them ready by the time the Federal Aviation Administration (FAA) is expected to open up US airspace to unmanned aerial vehicles in 2015. But after that date, Amazon's blender-delivering drones will still face big obstacles, such as the states and cities that are hostile towards drone use; potential accidents with passenger planes; GPS and privacy concerns; and roving bands of laser-wielding package bandits. 

While many states are vying for the right to be official FAA drone test sites, others are doing their best to make their skies unwelcome to drones. Both Idaho and Texas have passed laws that restrict private citizens from using drones to take photos—and it's likely that Amazon drones will need to be equipped with cameras, according to the Washington Post. Another seven states have jumped on the drone-banning bandwagon, by stopping law enforcement (but not private companies) from using them for surveillance. There are also a number of cities and counties that are considering making their air spaces "drone-free zones." Charlottesville, VirginiaIowa City, Iowa, and St. Bonifacius, Minnesota, have banned drones for at least two years. Syracuse, New York, considered a bill in October that would have banned drones but decided to hold it until the FAA regulations shake out. And a Colorado town even considered issuing drone-hunting licenses. 

Here's a map showing which states have passed legislation restricting drone use, put together with help from the National Conference of State Legislatures and the ACLU. Many other states have introduced bills that are still under consideration, so check your own state legislature for more information: 

Currently, FAA rules prohibit drones from carrying people or property for compensation and only allow them for "important missions in the public interest" like search and rescue, patrolling the border, and firefighting. Unmanned aircraft are also prohibited from airspace over major urban areas—because of a higher likelihood of accidents with traditional aircraft, and other obstacles, such as buildings and power lines. When the FAA lifts drone restrictions in 2015, Amazon drones would likely be traveling in urban areas, given that they can only fly within 10 miles of a distribution center, many of which are located in the suburbs of major cities. But cities aren't likely to be any less dense in two years, raising the possibility of collisions. The FAA is still working on how to safely implement drones in urban areas—particularly by employing sensor technology—but it's still a legitimate concern, given that drones have already crashed into a lake, a Navy ship, and Manhattan

If Amazon can find a way to make drones work while avoiding cities or airplane flight paths, the company would still need to implement very precise GPS directions to ensure each package goes to the right place. (In many places, a foot or two can mean the difference between your front door and the sidewalk.) The Washington Post points out that technology isn't precise enough yet to let drones fly themselves, so one option would be to have pilots fly drones via computer, to avoid GPS mishaps. But that would require them all to have cameras, creating a slew of new privacy concerns: "We need rules so that we can enjoy the benefits of this technology without becoming closer to a surveillance state," says Allie Bohm, an advocacy and policy strategist for the ACLU.

Finally, there's also the prospect of thievery. All it could take is an effective drone-destroyer—a hunting rifle? laser weapon? laser pointer?—for a bandit to be watching your movies, wearing your slippers, and making smoothies in your blender. Amazon claims that by 2015, it "will be ready" to unleash delivery drones in US skies—but America probably won't be. 

Park Service to Congress: Only YOU Can Prevent Government Shutdowns

| Fri Nov. 29, 2013 7:00 AM EST

Perhaps nothing is more emblematic of the frustration Americans felt during the October government shutdown, which cost the economy an estimated $24 billion, than the furor over the shuttering of more than 400 federal national parks. Republicans accused Democrats of keeping veterans from seeing the World War II monument in Washington, DC. Democrats blamed the Republicans (who effectively held the nation's budget hostage for 16 days until they couldn't politically afford to anymore) of seizing the park issue to distract from the economy. But now, the US National Park Service—which lost $450,000 a day in park entry and activity fees during the shutdown—has a new message for Congress: No, we're not going prepare for another government shutdown, because you need to do your job.

The smack-down took place at a hearing last week before the House Subcommittee on Public Lands and Environmental Regulation, which weighed in on a new bill introduced by Rep. Chris Stewart (R-Utah) in October. The Provide Access and Retain Continuity (PARC) Act, which has 17 Republican co-sponsors, would allow states to keep national parks operating in the event of another shutdown and would make them eligible for reimbursement by the federal government. (During the shutdown, six states entered into a similar agreement.) Right now, the government is only funded until January 15, meaning that Republicans could potentially pull the same shenanigans all over again in 2014. Stewart tells Mother Jones, "This bill is designed to provide some safeguards to local communities that rely heavily on access to public lands in the event that a shutdown does occur."

According to a National Park Service spokesman, more than 11 million people were unable to visit parks during the shutdown, and the park service lost about $7 million in park entry fees. The Park Service also estimates that communities within 60 miles of a national park suffered a collective negative economic impact of $76 million for each day of the shutdown. But Bruce Sheaffer, Comptroller of the National Park Service,testified that the agency "strongly opposes the bill." He said:

We have a great deal of sympathy for the businesses and communities that experienced a disruption of activity and loss of revenue during last month’s government shutdown and that stand to lose more if there is another funding lapse in the future. However, rather than only protecting certain narrow sectors of the economy...from the effects of a government shutdown in the future, Congress should protect all sectors of the economy by enacting appropriations on time, so as to avoid any future shutdowns.

Sheaffer took issue with other parts of the bill, noting that forcing the Park Service to rely on state revenue would be "a poor use of already strained departmental resources" and would "seriously undermine the longstanding framework established by Congress for the management of federal lands." While Sheaffer didn't object to another GOP-backed bill on the table—the Protecting States, Opening National Parks Act, which would reimburse states for National Park expenses incurred during the October shutdown—he concluded that planning for another shutdown "is not a responsible alternative to simply making the political commitment to provide appropriations for all the vital functions the federal government performs."

Scheaffer's position had support from Rep. Raul Grijalva, (D-Ariz.), who told Cronkite News Service at the hearing, "We shouldn’t be coming up with doomsday preparations." But Stewart says, "The [Park Service] opposition is odd and misses the point. Of course the preferred course of action is to avoid future lapses in funding." He adds, "While I cannot predict the future, I do not anticipate another shutdown during the 113th Congress."

When Mother Jones asked the National Park service whether it considered the GOP's fixation on funding national parks a way to deflect blame away from the shutdown, a spokesman said, "Your question asks us to speculate on an issue. We don't do that."

Fri Nov. 22, 2013 1:26 PM EST
Fri Nov. 1, 2013 11:31 AM EDT
Wed Jun. 18, 2014 6:00 AM EDT