The TikTok deal is done, and Donald Trump is claiming a win, although it remains unclear if the joint venture he arranged with ByteDance and the Chinese government actually resolves Congress' national security concerns.
In a press release Thursday, TikTok announced the "TikTok USDS Joint Venture LLC," an entity established to keep TikTok operating in the US.
Giving Americans majority ownership, ByteDance retains 19.9 percent of the joint venture, the release said, which has been valued at $14 billion. Three managing investors—Silver Lake, Oracle, and MGX—each hold 15 percent, while other investors, including Dell Technologies CEO Michael Dell's investment firm, Dell Family Office, hold smaller, undisclosed stakes.
Apple is reportedly working on an AI pin of its very own to compete with OpenAI's non-existent pin. No, it doesn't really make much sense to us, either. In this episode, Devindra and Engadget Managing Editor Cherlynn Low discuss why Apple might be quick to jump on the AI pin trend, even before it jumps into smart rings. Also, we dive into Sony’s Bravia TV deal with TCL, and the aftermath of Verizon’s massive service outage.
TCL is taking over Sony’s Bravia TV business in a new joint venture – 0:58
Last week’s Verizon outage was resolved after 10 hours, no official word on what caused it – 8:39
Youtube CEO promises more AI video tools for creators while also denouncing deepfakes – 12:19
The FTC isn’t giving up on its Meta antitrust case – 14:22
Trump family earnings from crypto may total $1.4B in 2025, but likely much more – 19:00
Adobe Acrobat can now generate presentations and podcasts from your documents – 21:12
Why the heck would Apple make an AI pin?? – 25:15
Around Engadget: Sony LinkBuds Clip review, Volvo EX60 and Canon EOS R6 III reviews – 43:14
Pop culture picks – 46:34
Credits
Host: Devindra Hardawar Guest: Cherlynn Low Producer: Ben Ellman Music: Dale North and Terrence O’Brien
This article originally appeared on Engadget at https://www.engadget.com/ai/engadget-podcast-why-would-apple-want-to-make-an-ai-pin-130732754.html?src=rss
So it's come to this: Apple is reportedly working on a wearable AI pin. According to The Information, it is going to be a small device with "multiple cameras, a speaker, microphones and wireless charging." It sounds like the perfect gadget to pair with the long-awaited AI-powered Siri update, which will also reportedly work as a chatbot. But while many Apple rumors conjure up an air of excitement, the notion of an Apple AI pin sounds downright baffling. Worse, it just seems desperate.
Apple, the company known for taking its time to jump into new categories with more thoughtful solutions than its competitors, is reportedly chasing the specter of OpenAI's unreleased AI pin. Never mind that OpenAI has never actually produced any hardware, and that it arguably stumbled into its position as a leading AI player. And never mind that Humane's AI pin was a notorious failure that barely worked, and seemed pointless from the start.
If Apple's AI pin serves as a conduit to Siri, is it really that much more convenient than using an iPhone, AirPods or even an Apple Watch to do the same? The company has reportedly nixed plans to put cameras in the Apple Watch, and Bloomberg suggests it’s opting instead to focus on delivering its own smart glasses this year. But it’s not hard to imagine that faster hardware could let the Apple Watch handle more Siri and AI-related tasks on its own. It’s already a fairly self-sufficient device, allowing you to ask basic Siri queries, run apps and listen to music without an iPhone — the cellular models are even more capable since they can take calls and send messages.
At best, an Apple AI pin could just be a simple way for someone to access Siri if they don’t want to wear an Apple Watch, plug in AirPods or have their iPhone within shouting distance. But at least those devices do other things beyond talking to Siri. The same is true for Meta’s Ray-Bans and future smart glasses. Even without accessing AI, they’ll still let you listen to music, take calls and, well, be glasses for those who need prescription frames.
Given the vocal pushback against Meta's Ray-Ban smart glasses, which are also being banned on cruises, clubs and other venues, I'm also not convinced many people would be eager to prominently display a surveillance device throughout the day. Wired’s Julian Chokkattu was questioned about wearing a camera while he was testing the Humane AI Pin, and I’ve also had to explain to curious people why I was wearing Xreal’s smart glasses, which feature a prominent camera accessory.
Sure, we're already living in a panopticon of smartphone cameras, but it's also obvious when someone is using their phone to capture photos and video. An AI pin just dangling off of your clothes is a constant threat, an unblinking eye. Even if Apple implements some sort of capture notification, someone will always try to circumvent it.
While The Information notes Apple's AI pin may never actually see the light of day, I wouldn't be surprised if it does. This is the company that partnered with OpenAI just to make Siri appear slightly smarter with the debut of Apple Intelligence. And instead of building its own home-brewed AI models, it's banking on Google's Gemini to power Siri's big AI upgrade, as well as its future foundation models. When it comes to AI, Apple will do almost anything to avoid being seen as a straggler (and to avoid even more stock declines).
It’s genuinely strange that Apple, the company that let Samsung and Google get a multi-year head start on foldable smartphones and hasn't yet jumped into the world of smart rings, could fast-track an AI pin for 2027. It’s yet another example of how the AI hype cycle has warped priorities throughout the tech industry. But at least Apple’s fortunes don’t depend on standalone AI hardware as much as OpenAI.
This article originally appeared on Engadget at https://www.engadget.com/ai/an-ai-pin-is-beneath-apple-182744647.html?src=rss
Traditional methods of communication leave us vulnerable and reliant on systems controlled by companies and governments that have demonstrated they can’t be trusted with our data. Cell towers can be turned off, internet connections can be monitored, and messaging apps can be hacked or give your messages to the government without telling you. Meshtastic lets you build your own communication network that works completely on its own, without any central authority.
In this article, we will configure Meshtastic firmware on the Lilygo T-Echo device and connect it to the mesh network. Let’s get rolling!
What is Lilygo T-Echo?
Source: https://lilygo.cc
The Lilygo T-Echo is a small device that has a Nordic nRF52840 chip, a Semtech SX1262 LoRa radio, and an e-paper screen. This configuration makes it great for mesh networking when you need long battery life and long-range communication. The device can talk to other Meshtastic nodes from several kilometers away in cities and possibly tens of kilometers away in open areas, all while using very little power. You can find a list of devices compatible with Meshtastic after the link. The installation process will be similar to that of the Lilygo T-Echo. But different countries use diverse frequency ranges, so this should be taken into account when purchasing a device.
Step #1: Install the Meshtastic Firmware
Before your T-Echo or any other Meshtastic-compatible device can join a mesh network, you need to flash it with the Meshtastic firmware. The device ships with factory firmware that needs to be replaced with the Meshtastic software stack.
First, navigate to the official Meshtastic web flasher at flasher.meshtastic.org. You will see options for different device types and firmware versions.
Choose your device from the list and the firmware version. After that, connect your Lilygo T-Echo to your computer using a USB-C cable and click Flash.
You might need to trigger DFU mode. To do so, just click Button 1, as shown in the screenshot below.
Source: https://meshtastic.org/
First, download the UF2 file and copy it to the DFU drive. Once the transfer is complete, the device will automatically reboot and start with the new firmware.
Next, hold down button 2 to select your region and generate a random node name.
Step #2: Install the Meshtastic Mobile Application
To interact with your T-Echo from your smartphone, you need to install the official Meshtastic application. This app serves as your primary interface for sending messages, viewing the mesh network, and configuring your device settings.
On Android devices, open the Google Play Store or F-Droid and search for “Meshtastic.” The official application is published by Meshtastic LLC and should appear at the top of your search results.
The app requires several permissions, including Bluetooth access and location services, which are necessary for communicating with your T-Echo and displaying your position on the mesh if you choose to share location data.
Once the installation completes, open the Meshtastic app. You will be greeted with a welcome screen like the one below.
Step #3: Pair Your T-Echo with Your Smartphone
Now comes the important step of connecting your phone to your T-Echo device. This pairing process creates a secure Bluetooth link that lets your phone set up the device and send messages through it.
In the Meshtastic mobile app, look for a Scan button. The app will begin scanning for nearby Meshtastic devices that are broadcasting their availability over Bluetooth.
Tap on your T-Echo’s name in the device list to initiate the pairing process. The app will attempt to establish a connection with the device. During this process, the app may require you to enter a PIN code displayed on your T-Echo’s screen, though this security feature is not always enabled by default.
Once the pairing completes successfully, the app interface will change to show that you are connected to your device. You should see your node name at the top of the screen, along with battery level, signal strength, and other status information.
At this point, your phone can communicate with your T-Echo, but you are not yet part of a mesh network unless there are other Meshtastic nodes within radio range. The connection you have established is purely between your phone and your device over Bluetooth. The mesh networking happens over the LoRa radio, which operates independently of the Bluetooth connection.
Step #4 Customize Your Node Configuration
Open the Meshtastic app and go to the settings menu, indicated by a gear icon. In the settings, you will find several categories, including Device, Radio Configuration, Module Configuration, and more.
Start with the User settings. Here you can change your node’s name from the randomly generated default to something more meaningful. Tap on the Long Name field and enter a name that identifies you or your device. This name will be visible to other users on the mesh, so choose something appropriate. You can use up to 40 characters, though shorter names are generally better for display purposes. Below the long name, you will see a Short Name field limited to four characters.
In the Radio Configuration section, you will find settings that control how your T-Echo communicates over the LoRa radio. The most important setting here is the Region, which must be set correctly for your geographic location to comply with local radio regulations. For users in North America, select US. European users should select their specific country or the general EU_868 or EU_433 option depending on the frequency band they are using.
The Modem Preset determines the balance between range, speed, and reliability for your radio communications. The default setting is typically Long Fast, which provides a good compromise for most users. This preset utilizes a spreading factor of 11, which provides the best range while maintaining reasonable data rates for text messaging.
The Number of Hops setting controls how many times a message can be retransmitted through the mesh before it is dropped. The default value of 3 is suitable for most networks, enabling messages to travel through multiple nodes to reach distant recipients without generating excessive radio traffic. Besides that, you will find options for enabling various Meshtastic features, like MQTT, GPS, and Telemetry. We’ll explore these topics in future articles.
Important Note: By default, all nodes use a common encryption key, which means anyone with a Meshtastic device can read your messages. You can create private channels, but this goes out of the scope of this article.
Step #5: Send Your First Message
In the Meshtastic app, navigate to the Messages tab or screen. You will see a list of available channels. The LongFast channel is created by default and is where most mesh communication happens. Tap on this channel to open the message interface.
At the bottom of the screen, you will find a text input field where you can write your message. Please remember that Meshtastic is meant for short text messages, with a limit of 200 characters. Tap the send button to transmit your message.
Your T-Echo will receive the message from your phone over Bluetooth and then broadcast it over the LoRa radio. If there are other Meshtastic nodes within range, they will receive your message and display it to their users. If your message needs to reach a node that is not in direct radio range, intermediate nodes will automatically relay it through the mesh until it reaches its destination or the hop limit is exceeded.
You will see your message appear in the conversation thread with a timestamp. If other nodes are present on the mesh, you may see responses or other messages from those users. In my case, we can see somebody leave an emoji on my message. Besides that, T-Echo notifies you on its screen when you receive a new message, and you can switch to the Message tab by clicking Button 2.
Summary
In a world where our communications are constantly monitored, logged, and sold to the highest bidder, Meshtastic running on affordable hardware like the Lilygo T-Echo offers a way to communicate independently. This technology puts the power back in your hands, letting you create mesh networks that work completely outside the control of telecom companies and government surveillance. Whether you’re coordinating security in areas without cell coverage, preparing backup communications for when regular systems fail, or simply want to talk to your team without companies reading every word, Meshtastic gives you the tools you need.
Keep coming back, aspiring off-grid users! We’re diving deeper into this topic, so stay tuned for more updates.
Markets convulsed after President Donald Trump threatened steep tariffs on eight European nations unless Denmark cedes Greenland, with rhetoric including hints the U.S. might seize the territory by force, triggering a global risk-off move on January 20.
The crypto market shed nearly $150 billion in market capitalization as leveraged positions unwound violently, exposing Bitcoin’s continued treatment as a speculative asset rather than the safe haven its proponents claim it to be.
Tariff Shock Drives Historic Divergence
Trump’s Saturday announcement targeted Germany, France, the UK, the Netherlands, Finland, Sweden, Norway, and Denmark with 10% tariffs starting February 1, escalating to 25% by June 1, unless a Greenland deal is reached.
ING economists warned that “additional tariffs of 25% would probably shave 0.2 percentage points off European GDP growth,” compounding recession fears already gripping the continent.
The tariff threat effectively reopened the trade war between the EU and the U.S., despite a temporary truce reached in late July, raising the stakes and bringing a far tougher approach.
European officials brought forward the option of activating the so-called anti-coercion instrument, the EU’s trade “bazooka“, allowing the bloc to impose tariffs and investment limits on offending nations.
French President Emmanuel Macron announced he would request the instrument’s activation, while Manfred Weber from the European Parliament’s largest party indicated the July deal was now “on ice.”
EU capitals is considering hitting U.S. with €93 billion worth of tariffs or restricting American companies from bloc’s market in response to President Donald Trump’s threats, per FT. pic.twitter.com/VuAefTw5yt
European countries hold approximately $8 trillion in U.S. bonds and stocks, making Europe by far the largest U.S. lender and exposing the deep interdependence that could turn this standoff into a full-blown crisis.
Germany’s export-reliant economy faces particularly acute pressure, with ING economist Carsten Brzeski warning the new tariffs would be “absolute poison” for the fragile recovery underway.
German exports to the United States fell 9.4% from January to November compared with a year earlier, and the trade surplus dropped to its lowest level since 2021.
Meanwhile, gold’s parabolic rally pushed prices past $4,800 per ounce to all-time highs.
TD Securities’ Daniel Ghali told Bloomberg that “gold’s rally is about trust. For now, trust has bent, but hasn’t broken. If it breaks, momentum will persist for longer.“
Crypto Markets Suffer Violent Unwind
Bitcoin’s collapse alongside traditional risk assets exposed the crypto’s failure to serve as a geopolitical hedge, despite years of positioning as “digital gold.”
CoinGlass liquidation data revealed $998.33 million in long positions wiped out over 24 hours, with Bitcoin accounting for $440.19 million as cascading margin calls accelerated during thin Asian trading hours.
Galaxy Digital’s Alex Thorn noted that “Bitcoin isn’t quite doing the thing that it’s built to do, at least in real time,” while Bitunix analyst Dean Chen observed that “among crypto-native investors, it is increasingly framed as a geopolitical hedge and a non-sovereign store of value.”
“However, for the broader market, Bitcoin is still largely traded as a high-beta risk asset,” he concluded.
Derivatives markets paint an increasingly bearish picture for the months ahead.
Sean Dawson of Derive.xyz warned that “rising geopolitical tensions between the US and Europe—particularly around Greenland—raise the risk of a regime shift back into a higher-volatility environment, a dynamic not currently reflected in spot prices.”
Options data shows strong put open interest concentrated across the $75K-$85K strikes for the June 26 expiry, with Dawson noting that “from an options perspective, the outlook remains mildly bearish through mid-year. Traders are paying a premium for downside protection.“
Bloomberg Intelligence strategist Mike McGlone delivered an even more dire assessment, warning that Bitcoin’s inability to hold long-term averages in 2025 suggests the price could eventually drop as low as $10,000.
Duke University’s Campbell Harvey also claimed in academic research that Bitcoin “is hardly a safe-haven asset,” noting its correlation with gold has broken down completely.
Institutional Demand Offers Potential Floor
Despite the bearish technical picture, not all analysts have turned pessimistic.
MEXC data showed that on January 16 alone, Bitcoin ETFs added 1,474 BTC, accounting for $1.48 billion in weekly inflows, while 36,800 BTC left exchanges.
These are signs of strong institutional demand and tightening supply that could limit downside.
In fact, as Cryptonews noted recently, the chance of Trump turning back on the tariff decision is high, with 86%, and that would greatly benefit Bitcoin after February 1.
Historical tariff patterns show 86% chance that Trump reverses Europe tariffs before February 1, as Bitcoin's 24/7 markets prepare to signal policy shifts first.#Trump#Tariffs#Europe#Bitcoinhttps://t.co/eGxEedfe06
Speaking with Cryptonews, Bitfinex analysts also noted that “Bitcoin spot volumes remain normal, funding rates are close to neutral, and there has been no spike in exchange inflows that would signal reactive selling,” suggesting the selloff reflects macro-linked noise rather than a crypto-specific catalyst.
For now, whether Bitcoin’s current consolidation represents capitulation or merely the calm before a deeper storm remains the central question facing crypto markets as February approaches.
The crypto market faced a sharp selloff overnight as renewed trade conflict fears between the United States and the European Union shook global risk sentiment. Bitcoin and major altcoins reversed recent gains, with traders reacting to fresh tariff headlines and the possibility of escalating economic retaliation on both sides of the Atlantic. While crypto is often viewed as a separate market, this move once again showed how quickly digital assets can behave like high-beta risk trades when macro uncertainty spikes.
According to analyst Darkfost, the liquidation impact was immediate and aggressive. More than $800 million worth of leveraged positions were wiped out in a matter of hours, including roughly $768 million in long liquidations. The scale of long closures suggests that traders were positioned for continuation to the upside, but were caught offside as prices rolled over sharply.
What stood out most was where the damage occurred. Darkfost noted that Hyperliquid recorded the largest share of forced liquidations, with $241 million, while Bybit followed closely with $220 million. The wave of liquidations appears partly tied to the announcement of new tariffs targeting Europe, which triggered an equally fast response from EU policymakers, reigniting the broader “trade war” narrative across markets.
CME Opens the Door to Fresh Volatility
Darkfost warns that the timing of this selloff matters as much as the liquidation size. As soon as CME trading opened, Bitcoin saw a sharp downside move, suggesting that institutional flows and macro-linked positioning played a direct role in the shakeout. In past risk-off episodes, the CME open has often acted like a volatility trigger, especially when markets are already fragile, and leverage is elevated across major exchanges.
This is why the next few hours are critical. The same type of move could easily repeat at the opening of the US markets, where liquidity conditions and headline sensitivity tend to amplify reactions. If sellers press again, the market could see another cascade of forced closures, particularly in high-beta altcoins that remain vulnerable after the overnight wipeout.
The message is straightforward: stay cautious and avoid overexposure to leverage while the macro backdrop remains unstable. Liquidations can create sharp bounces, but they can also reset momentum quickly if fear spreads across risk assets.
Darkfost adds that attention should remain on incoming political updates. The market is now trading the narrative, not just the chart. Further statements could arrive at any moment, and as history has shown, Trump often delivers market-moving headlines right in the middle of the weekend.
Bitcoin Holds Fragile Rebound As Crypto Tests Macro Nerves
Bitcoin is trading near $93,100 after a sharp rejection from the $96,000–$97,000 supply zone. The chart shows BTC still struggling below key moving averages, with momentum capped by the declining blue trendline overhead. This reinforces the idea that the latest upside attempt was more of a rebound than a clean trend reversal.
Structurally, price is forming higher lows after the violent breakdown from the $110,000 area. However, the rebound remains vulnerable as long as BTC stays trapped beneath resistance and fails to reclaim the mid-$90,000s with conviction. The recent candles also highlight hesitation, with wicks suggesting aggressive selling into strength.
The red long-term moving average is rising near the low-$90,000s, acting as a potential dynamic support zone. If Bitcoin holds above that level, it keeps the recovery structure intact and prevents a deeper reset toward prior liquidity pockets.
This matters for the broader crypto market. When BTC remains range-bound under resistance, altcoins usually struggle to sustain rallies and become more sensitive to liquidation-driven volatility. Risk appetite can return quickly, but it requires Bitcoin to break above resistance and hold. Until then, crypto remains in a fragile stabilization phase, not a confirmed bullish continuation.
Featured image from ChatGPT, chart from TradingView.com
A new report from blockchain analytics firm Chainalysis shows that Iran’s crypto ecosystem boomed in 2025, with Bitcoin playing a growing central role for both ordinary citizens seeking financial refuge and the Islamic Revolutionary Guard Corps (IRGC), which now dominates much of the country’s on-chain activity.
According to the report, Iran’s crypto economy processed more than $7.78 billion in value in 2025, growing faster for most of the year than in 2024.
The report found that crypto activity in Iran is closely correlated with major political shocks, regional conflict, and domestic unrest, making blockchain data a real-time barometer of instability inside the country.
Bitcoin as a flight to safety
One of the clearest trends identified in the report is a surge in Bitcoin withdrawals to personal wallets during mass protests in late 2025 and early 2026. Comparing activity before protests began with the period leading up to Iran’s nationwide internet blackout on January 8, Chainalysis observed sharp increases in both transaction volumes and transfers from Iranian exchanges to self-custodied Bitcoin wallets.
The behavior suggests Iranians are using Bitcoin as a flight to safety amid accelerating currency collapse and political uncertainty.
The Iranian rial has lost roughly 90% of its value since 2018, with inflation running between 40% and 50%. In that environment, Bitcoin’s censorship resistance and portability offer a rare form of financial optionality — especially during protests, capital controls, or the risk of needing to flee the country.
Chainalysis notes that this pattern mirrors Bitcoin adoption during crises elsewhere, where citizens turn to self-custody when trust in state-controlled financial systems breaks down.
The report shows pronounced spikes in Iranian crypto activity following major geopolitical and domestic events, including, the January 2024 Kerman bombings, which killed nearly 100 people at a memorial for IRGC-Quds Force commander Qasem Soleimani.
The report also marked a spike in activity after Iran’s October 2024 missile strikes against Israel, following the assassinations of Hamas and Hezbollah leaders and during the 12-day war in June 2025, which included the U.S.-Israeli strikes on Iranian military infrastructure, cyberattacks on Iran’s largest crypto exchange Nobitex, and disruptions at Bank Sepah, a key IRGC-linked financial institution.
IRGC is dominating Iran’s crypto economy
While Bitcoin has become a lifeline for many civilians, Chainalysis warns that Iran’s crypto ecosystem is increasingly dominated by the IRGC. Addresses linked to IRGC-affiliated networks accounted for around 50% of all crypto value received in Iran in Q4 2025, a share that has steadily grown over time.
IRGC-linked wallets received more than $3 billion on-chain in 2025, up from over $2 billion in 2024.
Chainalysis said this figure is a lower-bound estimate, based only on wallets publicly identified through sanctions designations by the U.S. Treasury’s OFAC and Israel’s National Bureau for Counter Terror Financing.
The true scale is likely larger, given the use of shell companies, facilitators, and undisclosed wallets.
These networks span multiple countries and are used to move illicit oil revenues, launder funds, evade sanctions, and finance Iran’s regional proxy groups.
Iran's currency has collapsed and is now officially worth $0.
Chainalysis concluded in their report that crypto, particularly Bitcoin, is playing somewhat of a dual role in Iran: its a financial escape valve for citizens and a sanctions-evasion tool for the state and its security apparatus.
As Iran faces mounting internal dissent, economic dysfunction, and external pressure, on-chain data shows Bitcoin increasingly being used outside government control, especially during moments of crisis.
These findings underscore how Bitcoin’s permissionless design cuts both ways — serving as a lifeline for civilians facing political instability while also enabling state and paramilitary actors, reinforcing the case that Bitcoin itself is neutral infrastructure for a couple different actors.
Apple's next-gen Siri is still far off, but this week the company announced that it'll be using Google's Gemini AI for its new foundation models. In this episode, Devindra and Engadget's Igor Bonifacic discuss why Apple teamed up with Google again, instead of OpenAI or Anthropic. Also, they chat about Meta's Reality Lab layoffs, which is refocusing the company on AI hardware like its smart glasses.
Meta announces 1000+ layoffs, closes 3 VR studios as it shifts focus to AI hardware – 2:12
Gemini can now pull context from the rest of your Google apps including photos and Youtube history – 12:31
Framework raises the price of its desktop by $460 because of the global RAM shortage – 18:36
NVIDIA may revive the RTX 3060 and kill off 5070 Ti due to its VRAM demands – 21:57
Apple creates a subscription bundle for Pro creative apps like Final Cut Pro, Logic, and others – 23:00
Tesla’s Full Self Driving is also going subscription only, a year costs $999 – 29:15
Matthew McConaughey trademarks himself to fight unauthorized AI likenesses – 33:27
Apple announces that its long delayed ’smarter Siri’ will be powered by Google Gemini – 35:15
X finally responds to Grok’s CSAM and nudity generation with limits – 51:46
Cursor claims their AI agents wrote 1M+ lines of code to make a web browser from scratch, are developers cooked? – 57:52
Credits
Host: Devindra Hardawar Guest: Igor Bonafacic Producer: Ben Ellman Music: Dale North and Terrence O’Brien
This article originally appeared on Engadget at https://www.engadget.com/computing/engadget-podcast-why-did-apple-choose-gemini-for-next-gen-siri-150000993.html?src=rss
“I would never wish death upon anyone, but I have read some obituaries with great satisfaction.” - Winston Churchill
OPINION -- I associate myself with at least the latter part of that quote from Winston Churchill with regard to Aldrich Ames. To my knowledge, I met Ames on only one occasion. It was during a cocktail party in 1989 or 1990 when he oversaw the CIA operations group responsible for what was then Czechoslovakia. I have no clear recollection of that event, but I was later told that fellow traitor Robert Hanssen was also in attendance. If so, to paraphrase Shakespeare: ‘Hell was empty and the devils were there’.
While I can recall little about meeting Ames at that party, my colleagues and I lived – and still live – with the consequences of his betrayal. The loss of an agent is a very personal thing for those responsible for securely handling him or her. I saw that impact up close early on in my career.
Toward the end of my training as an operations officer in late 1982, I was summoned to the office of the then-chief of Soviet Division (SE). In that era, a summons to a meeting with any Division Chief - much less the head of what was then the most secretive operational component – could be unnerving for any junior officer. The initial moments of my appointment with then-C/SE, Dave Forden, were appropriately unsettling. He began by asking me whether I had stolen anything lately. Having never purloined anything ever, I was taken aback. After I answered no, he asked if I could pass a polygraph exam. Again surprised, I responded that I could the last time I took one. ‘Good’, Forden said, ‘you are coming to SE to replace Ed Howard in Moscow’. Howard, whom I had met during training, had been fired from CIA for a variety of offenses. He later defected to the USSR, betraying his knowledge of CIA operations and personnel to the KGB.
After completing training, I reported to SE Division. Shortly thereafter, I was told I would not be going to Moscow after all. Instead, I was informed, I would be going to Prague. Initially, I was a bit disappointed not to have a chance to test my skills against our principal adversary. In hindsight, however, that change in plan was fortuitous. While I could not know it at the time, my SE colleagues who went to Moscow would be there during the grim mid-1980’s period in which our agents were being rolled-up by the KGB. Many CIA officers involved with those cases would have to live for years thereafter wondering what had happened to their agents and whether anything they had done had contributed to their arrests and executions. My colleagues’ ordeals would only end with the revelation that one of our own was a spy.
But Ames was more than a spy. He was a killer. His career floundering and burdened by growing debt, Ames decided to solve his money problems by selling the identities of several low-level CIA agents to the KGB. Consequently, on April 16, 1985 he walked into the Soviet Embassy and passed on the following note: "I am Aldrich H. Ames and my job is branch chief of Soviet (CI) at the CIA. […] I need $50,000 and in exchange for the money, here is information about three agents we are developing in the Soviet Union right now.” He attached a page from SE Division's phone list, with his name underlined, to prove he was genuine. Within weeks, fearful that Soviet spy John Walker had been fingered by a CIA agent within the KGB, and worried that he might likewise be exposed, Ames decided to comprise all of the CIA and FBI Soviet sources he knew of. “My scam,” he later said, “was supposed to be a one-time hit. I was just going to get the fifty thousand dollars and be done with it, but now I started to panic.”
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
Accordingly, on June 13, 1985, Ames passed the Soviets what he called “the Big Dump.” That tranche of documents contained the identities of at least 11 CIA agents. Brave men who had risked all in deciding to serve freedom’s cause, many of them would be arrested, interrogated and ultimately executed.
Ames’s rationalization of this act says everything about the kind of man he was. “All of the people whose names were on my list knew the risks they were taking when they began spying for the CIA and FBI,” he said, before adding that, "They knew they were risking prison or death.”
He would repeatedly seek to justify his actions by claiming that his espionage for the USSR was morally equivalent to what Western services had long done against their adversaries. Oleg Gordievsky, a British spy within the KGB and one of the few agents betrayed by Ames who escaped, rightly rejected any such equivalency. "I knew,” he said, that “the people I identified would be arrested and put in prison. Ames knew the people he identified would be arrested and shot. That is one of the differences between us.”
Sentenced to prison, Ames would spend almost 32 years of his life behind bars. I like to think that punishment was worse than death. One hopes he whiled away hours in his cell thinking of what he’d done and the lives he took. He expressed contrition during the plea bargain and sentencing process to ensure leniency for his wife, Rosario, saying, for example, that, "No punishment by this court can balance or ease the profound shame and guilt I bear."
But I very much doubt the sincerity of such statements because he showed no signs of having a troubled conscience thereafter. Instead, in statements while incarcerated, Ames was at pains to give his actions a veneer of ideological justification. "I had,” he said, “come to believe that the espionage business, as carried out by the CIA and a few other American agencies, was and is a self-serving sham, carried out by careerist bureaucrats who have managed to deceive several generations of American policy makers and the public about both the necessity and the value of their work.”
“There is an actuarial certainty that there are other spies in U.S. national security agencies and there always will be.” That statement by former CIA Chief of Counterintelligence Paul Redmond in the wake of the Ames and Hanssen cases reflects a grim reality of the intelligence profession.
Nonetheless, when I joined CIA, it was accepted wisdom that the Agency had never had, and could never have, a spy in its ranks. With the benefit of hindsight, it is hard to understand how such a naïve conviction could have taken hold given the repeated penetration of our predecessor organization, the Office of Strategic Services (OSS), and our British counterparts by Soviet intelligence. “There will,” as CIA Chief of CI James J. Angleton said, “always be penetrations…it is a way of life. It should never be thought of as an aberration. Anyone who gets flustered is in the wrong business.”
Perhaps the downplaying of such a possibility was a natural reaction to the overreach of Angleton himself with his ‘HONETOL’ spy hunts which hindered the Agency’s ability to mount operations against the Soviets for years at the height of the Cold War. It was certainly a reflection of institutional arrogance.
Whatever the reason, the idea that a foreign intelligence service could recruit a serving CIA officer as a spy was inconceivable to many. That mindset makes the accomplishment of Redmond and the Agency team led by Jeanne Vertefeuille, concluding that reporting from a Soviet mole – ultimately determined to be CIA officer Aldrich Ames – was the cause of the losses, all the more remarkable.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
The years-long hunt for the agent the KGB called “KOLOKOL” (‘Bell’) ended on February 21, 1994 with the arrest of Ames by the FBI. The assessment of the damage that Ames had inflicted on U.S. national security in exchange for some $2.5 million from Moscow was, not surprisingly, extensive. Even in the analogue era, he was able to pass along voluminous documentary and oral reporting to Moscow. This included reporting on his own debriefing of Vitaliy Yurchenko, who defected briefly to U.S. before returning to the USSR.
But it was the review of Ames’s role in compromising our courageous agents that struck home with us. Their sacrifice is commemorated by the CIA ‘Fallen Agent Memorial’ and other memorials within Agency spaces. And one hopes that someday the Russian people, too, will come to realize that Military/Technical researcherAdolf G. Tolkachev (GTVANQUISH); KGB Line PR officer Vladimir M. Piguzov (GTJOGGER); KGB Line PR officer Leonid G. Poleschuk (GTWEIGH); GRU officer Vladimir M. Vasilyev (GTACCORD); GRU officer Gennadiy A. Smetanin (GTMILLION); KGB Line X officer Valeriy F. Martynov (GTGENTILE); KGB Active Measures specialist Sergey M. Motorin (GTGAUZE); KGB Illegals Support officer Gennadiy G. Varenik (GTFITNESS); KGB Second Chief Directorate officer Sergey Vorontsov (GTCOWL); and the highest-ranking spy run by the U.S. against the USSR; GRU General Dmitry F. Polyakov (TOPHAT, BOURBON and ROAM); sacrificed everything for them and for their country.
“The life of the dead,” Marcus Tullius Cicero wrote, “is placed in the memory of the living.” For my part, I will remember Ames as the base traitor he was and the men he killed as the heroes they were.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
This week, SpaceX CEO Elon Musk and Secretary of Defense Pete Hegseth touted their desire to “make Star Trek real”—while unconsciously reminding us of what the utopian science fiction franchise is fundamentally about.
Their Tuesday event was the latest in Hegseth’s ongoing “Arsenal of Freedom” tour, which was held at SpaceX headquarters in Starbase, Texas. (Itself a newly created town that takes its name from a term popularized by Star Trek.)
Neither Musk nor Hegseth seemed to recall that the “Arsenal of Freedom” phrase—at least in the context of Star Trek—is also the title of a 1988 episode of Star Trek: The Next Generation. That episode depicts an AI-powered weapons system, and its automated salesman, which destroys an entire civilization and eventually threatens the crew of the USS Enterprise. (Some Trekkies made the connection, however.)
We are really glad to see you back for the second part of this series. In the first article, we explored some of the cheapest and most accessible ways to build your own hacking drone. We looked at practical deployment problems, discussed how difficult stable control can be, and even built small helper scripts to make your life easier. That was your first step into this subject where drones become independent cyber platforms instead of just flying gadgets.
We came to the conclusion that the best way to manage our drone would be via 4G. Currently, in 2026, Russia is adapting a new strategy in which it is switching to 4G to control drones. An example of this is the family of Shahed drones. These drones are generally built as long-range, loitering attack platforms that use pre-programmed navigation systems, and initially they relied only on satellite guidance to reach their targets rather than on a constant 4G data link. However, in some reported variants, cellular connectivity was used to support telemetry and control-related functionality.
MANPADS mounted on Shahed
In recent years, Russia has been observed modifying these drones to carry different types of payloads and weapons, including missiles and MANPADS (Man-Portable Air-Defense System) mounted onto the airframe. The same principle applies here as with other drones. Once you are no longer restricted to a short-range Wi-Fi control link and move to longer-range communication options, your main limitation becomes power. In other words, the energy source ultimately defines how long the aircraft can stay in the air.
Today, we will go further. In this part, we are going to remove the smartphone from the back of the drone to reduce weight. The free space will instead be used for chipsets and antennas.
4G > UART > Drone
In the previous part, you may have asked yourself why an attacker would try to remotely connect to a drone through its obvious control interfaces, such as Wi-Fi. Why not simply connect directly to the flight controller and bypass the standard communication layers altogether? In the world of consumer-ready drones, you will quickly meet the same obstacle over and over again. These drones usually run closed proprietary control protocols. Before you can talk to them directly, you first need to reverse engineer how everything works, which is neither simple nor fast.
However, there is another world of open-source drone-control platforms. These include projects such as Betaflight, iNav, and Ardupilot. The simplest of these, Betaflight, supports direct control-motor command transmission over UART. If you have ever worked with microcontrollers, UART will feel familiar. The beauty here is that once a drone listens over UART, it can be controlled by almost any small Linux single-board computer. All you need to do is connect a 4G module and configure a VPN, and suddenly you have a controllable airborne hacking robot that is reachable from anywhere with mobile coverage. Working with open systems really is a pleasure because nothing is truly hidden.
So, what does the hacker need? The first requirement is a tiny and lightweight single-board computer, paired with a compact 4G modem. A very convenient combination is the NanoPi Neo Air together with the Sim7600G module. Both are extremely small and almost the same size, which makes mounting easier.
Single-board computer and 4G modem for remote communication with a drone
The NanoPi communicates with the 4G modem over UART. It actually has three UART interfaces. One UART can be used exclusively for Internet connectivity, and another one can be used for controlling the drone flight controller. The pin layout looks complicated at first, but once you understand which UART maps to which pins, the wiring becomes straightforward.
Pinout of contacts on the NanoPi mini-computer for drone control and 4G communication
After some careful soldering, the finished 4G control module will look like this:
Ready-made 4G control module
Even very simple flight controllers usually support at least two UART ports. One of these is normally already connected to the drone’s traditional radio receiver, while the second one remains available. This second UART can be connected to the NanoPi. The wiring process is exactly the same as adding a normal RC receiver.
Connecting NanoPi to the flight controller
The advantage of this approach is flexibility. You can seamlessly switch between control modes through software settings rather than physically rewiring connectors. You attach the NanoPi and Sim7600G, connect the cable, configure the protocol, and the drone now supports 4G-based remote control.
Connecting NanoPi to the flight controller
Depending on your drone’s layout, the board can be mounted under the frame, inside the body, or even inside 3D-printed brackets. Once the hardware is complete, it is time to move into software. The NanoPi is convenient because, when powered, it exposes a USB-based console. You do not even need a monitor. Just run a terminal such as:
nanoPi > minicom -D /dev/ttyACM0 -b 9600
Then disable services that you do not need:
nanoPi > systemctl disable wpa_supplicant.service
nanoPi > systemctl disable NetworkManager.service
Enable the correct UART interfaces with:
nanoPi > armbian-config
From the System menu you go to Hardware and enable UART1 and UART2, then reboot.
Minicom is useful for quickly checking UART traffic. For example, check modem communication like this:
minicom -D /dev/ttyS1 -b 115200
AT
If all is well, then you need to config files for the modem. The first one goes to /etc/ppp/peers/telecom. Replace “telecom” with the name of the cellular provider you are going to use to establish 4G connection.
And the second one goes to /etc/chatscripts/gprs
To activate 4G connectivity, you can run:
nanoPi > pon telecom
Once you confirm connectivity using ping, you should enable automatic startup using the interfaces file. Open /etc/network/interfaces and add these lines:
auto telecom
iface telecom inet ppp
provider telecom
Now comes the logical connectivity layer. To ensure you can always reach the drone securely, connect it to a central VPN server:
This allows your drone to “phone home” every time it powers on.
Next, you must control the drone motors. Flight controllers speak many logical control languages, but with UART the easiest option is the MSP protocol. We install a Python library for working with it:
NanoPi > cd /opt/; git clone https://github.com/alduxvm/pyMultiWii
NanoPi > pip3 install pyserial
The protocol is quite simple, and the library itself only requires knowing the port number. The NanoPi is connected to the drone’s flight controller via UART2, which corresponds to the ttyS2 port. Once you have the port, you can start sending values for the main channels: roll, propeller RPM/throttle, and so on, as well as auxiliary channels:
Find the script on our GitHub and place the it in ~/src/ named as control.py
The NanoPi uses UART2 for drone communication, which maps to ttyS2. You send MSP commands containing throttle, pitch, roll, yaw, and auxiliary values. An important detail is that the flight controller expects constant updates. Even if the drone is idle on the ground, neutral values must continue to be transmitted. If this stops, the controller assumes communication loss. The flight controller must also be told that MSP data is coming through UART2. In Betaflight Configurator you assign UART2 to MSP mode.
We are switching the active UART for the receiver (the NanoPi is connected to UART2 on the flight controller, while the stock receiver is connected to UART1). Next we go to Connection and select MSP as the control protocol.
If configured properly, you now have a drone that you can control over unlimited distance as long as mobile coverage exists and your battery holds out. For video streaming, connect a DVP camera to the NanoPi and stream using VLC like this:
To make piloting practical, you still need a control interface. One method is to use a real transmitter such as EdgeTX acting as a HID device. Another approach is to create a small JavaScript web app that reads keyboard or touchscreen input and sends commands via WebSockets. If you prefer Ardupilot, there are even ready-made control stacks.
By now, your drone is more than a toy. It is a remotely accessible cyber platform operating anywhere there is mobile coverage.
Protection Against Jammers
Previously we discussed how buildings and range limitations affect RF-based drone control. With mobile-controlled drones, cellular towers actually become allies instead of obstacles. However, drones can face anti-drone jammers. Most jammers block the 2.4 GHz band, because many consumer drones use this range. Higher end jammers also attack 800-900 MHz and 2.4 GHz used by RC systems like TBS, ELRS, and FRSKY. The most common method though is GPS jamming and spoofing. Spoofing lets an attacker broadcast fake satellite signals so the drone believes false coordinates. Since drone communication links are normally encrypted, GPS becomes the weak point. That means a cautious attacker may prefer to disable GPS completely. Luckily, on many open systems such as Betaflight drones or FPV cinewhoops, GPS is optional. Indoor drones usually do not use GPS anyway.
As for mobile-controlled drones, jamming becomes significantly more difficult. To cut the drone off completely, the defender must jam all relevant 4G, 3G, and 2G bands across multiple frequencies. If 4G is jammed, the modem falls back to 3G. If 3G goes down, it falls back to 2G. This layering makes mobile-controlled drones surprisingly resilient. Of course, extremely powerful directional RF weapons exist that wipe out all local radio communication when aimed precisely. But these tools are expensive and require high accuracy.
Summary
We transformed the drone into a fully independent device capable of long-range remote operation via mobile networks. The smartphone was replaced with a NanoPi Neo Air and a Sim7600G 4G modem, routed UART communication directly into the flight controller, and configured MSP-based command delivery. We also explored VPN connectivity, video streaming, and modern control interfaces ranging from RC transmitters to browser-based tools. Open-source flight controllers give us incredible flexibility.
In Part 3, we will build the attacking part and carry out our first wireless attack.
If you like the work we’re doing here and want to take your skills even further, we also offer a full SDR for Hackers Career Path. It’s a structured training program designed to guide you from the fundamentals of Software-Defined Radio all the way to advanced, real-world applications in cybersecurity and signals intelligence.
As we expected, Meta has begun laying off more than 1,000 employees from its Reality Labs division, which focused on virtual reality and metaverse products, Bloomberg reports. The company will refocus on developing wearables, like its recent batch of AI-powered Ray-Ban smart glasses, according to a memo from CTO Andrew Bosworth.
The news isn’t too surprising. Reality Labs has lost more than $70 billion since the beginning of 2021, and while Meta has done a solid job of delivering desirable consumer VR headsets and smart glasses, that business hasn’t been nearly profitable enough to justify the cost. And of course, Mark Zuckerberg’s huge gamble on the metaverse, which involved renaming the company from Facebook to Meta in 2021, has gone nowhere.
According to Bloomberg, Meta’s metaverse plans will now focus on mobile devices, which could mean a combination of its future wearables as well as existing mobile apps. “With the larger potential user base and the fastest growth rate today, we are shifting teams and resources almost exclusively to mobile to continue to accelerate adoption there,” Bosworth wrote in a memo to staff this morning.
Meta isn’t dumping its VR headset plans entirely, but according to Bosworth the VR divion will “operate as a leaner, flatter organization with a more focused road map to maximize long-term sustainability.” Basically, don’t expect a Quest 3 follow-up anytime soon.
This article originally appeared on Engadget at https://www.engadget.com/ar-vr/meta-refocuses-on-ai-hardware-as-metaverse-layoffs-begin-145924706.html?src=rss
This article was first published at Hackers-Arise in April 2022, just 2 months after the Russians invaded in Ukraine.
At the request of the IT Army of Ukraine, we were asked to help the war efforts by hacking a large number of IP cameras within Ukrainian territory. In this way, we can watch and surveil the Russian army in those areas. Should they commit further atrocities (we certainly pray they will not), we should be able to capture that on video and use it in the International Criminal Court. At the very least, we hope the word goes out to the Russian soldiers that we are watching and that constrains their brutality.
In a collaborative effort, our team (you all) has been able to hack into a very large number. We have nearly 500, and we are working on the remainder.
Here is a sampling of some of the cameras we now own for surveillance in Russia and Ukraine.
To learn more about hacking IP cameras, become aSubscriber Pro and attend our IP Camera Hacking training.
I want you to imagine a scene for a moment. You are sitting at your keyboard on one of the upper floors of a secure building in the middle of a restricted area. There is a tall fence topped with electrified barbed wire. Cameras cover every angle. Security guards patrol with confidence. You feel untouchable. Then you hear it. It’s a faint buzzing sound outside the window. You glance over for just a moment, wondering what it is. That tiny distraction is enough. In those few seconds, a small device silently installs a backdoor on your workstation. Somewhere 20 kilometers away, a hacker now has a path into the corporate network.
That may sound like something out of a movie, but it is not science fiction. In this series, we are going to walk through the process of building a drone that can perform wireless attacks such as EAP attacks, MouseJack, Kismet reconnaissance, and similar operations. A drone is an incredibly powerful tool in the hands of a malicious actor because it can carry roughly a third of its own weight as payload. But “hacking through the air” is not easy. A proper hacker drone must be autonomous, controllable over a secure channel at long distances, and resilient to jamming or suppression systems. Today we will talk through how such drones are designed and how they can be built from readily available components.
Most wireless attacks require the attacker to be physically near the target. The problem is that you can’t reach every building, every fenced facility, and every rooftop. A drone changes the entire equation. It can fly under windows, slip through partially open spaces, or even be transported inside a parcel. As a boxed payload moves through residential or office buildings, it can quietly perform wireless attacks without anyone ever suspecting what is inside. And yes, drones are used this way in the real world, including military and intelligence operations. On June 1, 2025, over 100 FPV drones that were smuggled into Russia, were concealed in modified wooden cabins on trucks, and remotely launched from positions near multiple Russian airbases. These drones conducted precision strikes on parked aircraft at bases including Belaya, Dyagilevo, Ivanovo Severny, Olenya, and Ukrainka, reportedly damaging or destroying more than 40 strategic bombers and other high-value assets.
Operation Spiderweb by Security Service of Ukraine
The FPV drones were equipped with mobile modems using Russian SIM cards to connect to local 3G/4G cellular networks inside Russia. This setup enabled remote operators in Ukraine to receive real-time high-resolution video feeds and telemetry, as well as maintain manual control over the drones via software like ArduPilot Mission Planner. The cellular connection allowed precise piloting from thousands of kilometers away, bypassing traditional radio frequency limitations and Russian electronic warfare jamming in some cases. In Part 2 we will show you how this type of connection can be established.
Drones are everywhere. They are affordable. They are also flexible. But what can they really do for a hacker? The key strength of a drone is that it can carry almost anything lightweight. This instantly increases the operational range of wireless attacks, allowing equipment to quickly and silently reach places a human cannot. A drone can scale fences, reach high-rise windows, hover near targets, and potentially enter buildings. All while remaining difficult to trace. That is an enormous advantage.
Let’s start learning how the platform works.
Implementation
Most drones are radio-controlled, but the exact communication method varies. One channel is used to receive operator commands (RX) and another to transmit video and telemetry back to the operator (TX). Different drones use different communication combinations, such as dedicated radio systems like FRSKY, ELRS, or TBS for control, and either analog or digital channels for video. Some consumer drones use Wi-Fi for telemetry or even control both ways.
For a hacker, the drone is first and foremost a transport platform. It must be reliable and durable. When you are performing attacks near buildings, lamp posts, tight corridors, or window frames, high speed becomes far less important than protecting the propellers. This is why Cinewhoop-style drones with protective frames are such a strong choice. If the drone brushes a wall, the frame absorbs the impact and keeps it flying. You can find the 3D models of it here
The drone also needs enough lifting power to carry your hacking gear. Ideally at least one-third of its own weight. That allows you to attach devices such as Wi-Fi attack platforms, SDR tools, or compact computers without stressing the motors. Because distance matters, Wi-Fi-controlled drones are usually not ideal. Wi-Fi range is typically around 50–100 meters before responsiveness begins to degrade. Professional long-range drones that use dedicated control radios like FRSKY, ELRS, or TBS are a better fit. Under good conditions, these systems can maintain control several kilometers away. Since attackers typically operate near structures, precise control is critical. FPV drones are especially useful here. They allow the pilot to “see” through the drone’s camera in real time, which is essential when maneuvering near buildings or through tight openings. Open-source flight controller platforms such as Betaflight are really attractive. They are flexible, modifiable, and easy to service. If the frame is damaged in a crash, most of the core components can be reused.
In truth, the specific drone model is less important than the pilot’s skill. Good piloting matters. Before we look at attacks, we need to understand how control can be improved and how it can be extended beyond visual range.
Control via 4G
Flying a drone among urban buildings introduces challenges like concrete and steel obstruct radio signals, limiting line-of-sight range. Even if your drone has a long-range radio system, once it disappears behind a building, control becomes unreliable. But what if you could control the drone over mobile networks instead? Modern 4G cellular networks now offer reliable data coverage even inside many urban structures. If we can use cellular data as a control channel, the drone’s reachable range becomes limited only by its battery life, not by line-of-sight. Today’s 4G networks can provide sufficient bandwidth for both control signals and video feeds. Although the latency and responsiveness are not as good as dedicated radio links, they are quite usable for piloting a drone in many scenarios. Considering that drones can reach speeds up to 200 km/h and have flight times measured in tens of minutes, an attacker theoretically could operate a drone more than 20 km away from the controller using 4G connectivity.
4G > Wi-Fi Gateway > Drone
The simplest way to use 4G connectivity is to bridge it to the drone’s Wi-Fi interface. Most consumer drones broadcast a Wi-Fi access point that a mobile phone connects to for control. Commands are sent over UDP packets, and video is streamed back as an RTSP feed. In this setup, the drone already acts like a networked device. If you attach a small computing device with a 4G modem, you could connect to it over a VPN from anywhere, and relay commands to the drone. But this approach has major drawbacks. The control protocol is often closed and proprietary, making it difficult to reverse-engineer and properly relay. Additionally, these protocols send frequent packets to maintain responsiveness, which would saturate your 4G channel and compete with video transmission.
4G > Video Gateway > Drone
A much cleaner alternative is to use a video gateway approach. Instead of trying to tunnel the drone’s native protocol over the cellular link, you attach a small smartphone to the drone and connect it to the drone’s Wi-Fi. The phone itself becomes a bridge. It controls the drone locally and receives video. From the remote operator’s perspective, you are simply remoting into the phone, much like remote controlling any computer. The phone’s screen shows the drone’s video feed, and the operator interacts with the virtual sticks via remote desktop software. The phone app already handles control packet encoding, so there’s no need to reverse-engineer proprietary protocols.
This clever hack solves multiple problems at once. The phone maintains a strong local Wi-Fi link to the drone, which is hard to jam at such short range. The operator sees a video feed that survives 4G network variations better than high-bandwidth native streams. And because the app handles stick input, the operator doesn’t need to worry about throttle, roll, pitch, or yaw encoding.
Connecting to the phone via AnyDesk
You can connect to the phone over 4G from any device using remote-access software like AnyDesk. With simple GUI automation tools, you can bind keyboard keys to virtual controller actions on the phone screen.
Here is the Bash script that will help with it. You can find the link to it here
This Bash script allows you to control virtual joysticks once you connect via AnyDesk to the phone. You will use the keyboard to simulate mouse actions. When launched, the script identifies the emulator window (using xwininfo, which requires you to click on the window once), calculates the centers of the left and right virtual sticks based on fixed offsets from the window’s corner, and then enters a loop waiting for single key presses.
For each key (A/B for throttle, W/S/A/D for pitch and roll, Q/E for yaw), the script uses xdotool to move the cursor to the virtual stick, simulate a short swipe in the desired direction, and release. This effectively mimics a touchscreen joystick movement. The script runs on Linux with X11 (Xorg), requires xdotool and x11-utils, and gives a simple keyboard-based alternative for drone control when a physical gamepad isn’t available. Although Kali Linux is not suitable here, many other distros such as Debian Stable, antiX, Devuan, Linux Mint, openSUSE, Zorin OS, or Peppermint OS work well. So while Kali is often the go-to for security work, there’s still a list of usable operating systems.
Telemetry data is also available to the remote operator.
Telemetry example
In the system we describe, another script monitors screen regions where telemetry values are displayed, uses OCR (optical character recognition) to extract numbers, and can then process them.
Here is another bash script that will help us with this. It will repeatedly screenshot a selected drone ground control window, crop out the battery and altitude display areas, use OCR to extract the numeric values, print them to the terminal, and speak a “low battery” warning if the percentage drops below 10%..
With control and telemetry automated, full 4G-based drone operation becomes extremely flexible. This method is easy to implement and immediately gives you both control and status feedback. However, it does introduce an extra link, which is the Wi-Fi phone. The phone’s Wi-Fi signal may interfere with the drone’s normal operation, and the drone must carry some extra weight (about 50 grams) for this setup. In Part 2, we will go further. We will move from 4G > Wi-Fi > Drone to 4G > UART > Drone, using a custom VPN and SIM. That means the phone disappears completely, and commands are sent directly to the flight controller and motor control hardware. This will give us more flexibility.
That brings us to the end of Part 1.
Summary
Drones are rapidly transforming from hobby toys into serious tools across warfare, policing, intelligence, and hacking. A drone can slip past fences, scale buildings, hover near windows, and quietly deliver wireless attack platforms into places humans cannot reach. It opens doors to an enormous spectrum of radio-based attacks, from Wi-Fi exploitation to Bluetooth hijacking and beyond. For attackers, it means unprecedented reach.
See you in Part 2 where we begin preparing the drone for real-world offensive operations
As we enter 2026, cybersecurity will be among the most important issues your organization, and our society, will face. Let’s take moment to review the most important issues we will be facing to help you better prepare.
Rather than leveling off or declining, cyber attacks continue at an unprecedented pace. Recent trends and technological developments can help to inform us as to the nature of attacks in 2026.
Let’s take a look.
AI as Both Weapon, Shield, and Force Multiplier
Artificial intelligence is changing the way all of us work and that applies to your cyber adversaries as well. Hackers are quickly adapting to the new AI environment, leveraging its speed and scale to enhance their attacks. At the same time, organizations are deploying AI to detect threats, predictive modelling, and automated responses. In both cases, Artificial Intelligence (AI) becomes a force-multiplier enabling both sides to do more with less.
In 2026, we will certainly see more AI generated threats and those organizations who refuse to use AI to defend their networks and assets will likely not be here to enjoy 2027.
SCADA/ICS/OT Vulnerabilities
Industrial systems (SCADA/ICS/OT) will continue to be key targets in 2026. These systems have benefited from security through obscurity for decades, but now that the attackers understand how poorly secured these systems are, the attacks will accelerate.
Some of the key issues identified by this industry include:
47% SCADA/ICS/OT companies cite gaps in the skillsets and resources necessary to protect their systems.
41% identify lack of network segmentation between OT/IIoT and IT environments as key challenges.
Critical infrastructure systems remain particularly vulnerable to sophisticated attacks. Over 200 proprietary protocols not found among the TCP/IP stack makes this field particularly challenging, while being among the most important to national security.
Internet of Things (IoT)
IoT is growing exponentially while the security of these devices is stuck in a crawl. In 2026, these devices will be increasingly used as a vector to compromise devices within the home network (phones, computers, other IoT) and as an element of a larger botnet, used to perpetuate the largest DDoS attacks in history (this is an easy prediction to make as IoT every year is responsible for the largest DDoS attacks in history). IoT increases every person’s attack surface and the greater the attack surface, the greater the probability of compromise.
Unless the IoT industry implements some basic standards of security, in 2026 the world will become a much more dangerous place.
Identity Management
Identity management is crucial in cybersecurity because it controls who has access to your systems and data.Without strong identity management, you’re essentially leaving the keys under the doormat—even the best perimeter security becomes ineffective when you can’t verify and control who’s inside your system. Artificial intelligence (AI) will make identity management even more challenging in 2026 as attackers use;
Deep fakes and synthetic identities including fake voices, videos, images. This will make such identity management systems as biometrics less reliable.
Social engineering will be enhanced by enabling the attacker to personalize phishing attacks by replicating the writing style, voice, or social media presence of a trusted colleague.
As AI-generated content becomes increasingly ubiquitous, it will become harder and harder to distinguish between AI agents and real humans.
2026 may be the year you will need to implement AI to determine if someone is actually a human.
Cloud Security Complexity
Cloud is the top cybersecurity threat organizations feel least prepared to manage. Multi-cloud environments face sophisticated malware, insider threats, mis-configurations, and supply chain vulnerabilities. Organizations are struggling with “tool sprawl”—managing dozens of separate security tools that create blind spots and conflicting configurations.
Quantum Computing Threats
Quantum computing is coming! Probably not in 2026, but on the near horizon the threat looms of quantum computing breaking your encryption. Quantum computers can easily break the most widely used asymmetric cryptography and 2026 should be the year you begin to prepare with quantum-resistant devices and cryptography.
Geopolitical Impact
Wars are raging around the planet and these conflicts will lead to additional geopolitical risk. Some 60% of business and tech leaders rank cyber risk investment in their top three strategic priorities in response to ongoing geopolitical uncertainty. State-sponsored cyberattacks, disrupted supply chains, fractured alliances, and telecom infrastructure vulnerabilities are reshaping threat landscapes and business strategies.
Ransomware Evolution
Ransomware-as-a-Service (RaaS) is making sophisticated attacks more accessible. AI-driven ransomware can instantly detect vulnerabilities with increased focus on vital industries like finance, healthcare, and energy. The average data breach cost has reached $4.4 million in 2025.
Multi-stage ransomware with data theft, harassment, and long‑tail extortion remains the most disruptive form of cybercrime, and we predict record incident volumes projected into 2026.
Cybercrime ecosystems are moving more of their infrastructure and monetization on‑chain (crypto, mixers, DeFi), making take-down and attribution harder and enabling more resilient RaaS affiliate models.
Talent and Skills Shortages
Workforce gaps remain a critical barrier. Knowledge and skills shortages are the top obstacles to implementing AI-enabled cyber defense. Over half of all organizations are turning to AI tools and managed security services to compensate for missing expertise.
Remote Work Security
With hybrid work as the default, securing remote access has become paramount. Cyber criminals are exploiting remote sessions through phishing, credential theft, and AI-powered impersonation attacks, expanding the attack surface of your organization significantly.
Proactive resilience and continuous adaptation are no longer optional but essential for survival in 2026’s threat landscape.
Physical Security
If you attacker is within your perimeter defenses, GAME OVER! An attacker who can enter your facility and sit down to a computer may be one of the least anticipated attacks. This applies to the disgruntled insider as well. You can have the very best perimeter defenses, but if the attacker is inside your walls, that will all be for naught.
In 2026, make certain to secure your physical perimeter and test all your systems against such as attacks as RFID smart card attacks and social engineering.
Summary
We predict that 2026 will be another very challenging year for those of us cybersecurity. It is essential that you understand the coming threats and the methods to the thwart them. Hackers-Arise will address each of these issues in 2026 both in this blog and in our 2026 trainings.
Over the last few years, drones have moved from being niche gadgets to becoming one of the most influential technologies on the modern battlefield and far beyond it. The war in Ukraine accelerated this shift dramatically. During the conflict, drones evolved at an incredible pace, transforming from simple reconnaissance tools into precision strike platforms, electronic warfare assets, and logistics tools. This rapid adoption did not stop with military forces. Criminal organizations, including cartels and smuggling networks, quickly recognized the potential of drones for surveillance and contraband delivery. As drones became cheaper, more capable, and easier to modify, their use expanded into both legal and illegal activities. This created a clear need for digital forensics specialists who can analyze captured drones and extract meaningful information from them.
Modern drones are packed with memory chips, sensors, logs, and media files. Each of these components can tell a story about where the drone has been, how it was used, and who may have been controlling it. At its core, digital forensics is about understanding devices that store data. If something has memory, it can be examined.
U.S. Department of Defense Drone Dominance Initiative
Recognizing how critical drones have become, the United States government launched a major initiative focused on drone development and deployment. Secretary of War Pete Hegseth announced a one-billion-dollar “drone dominance” program aimed at equipping the U.S. military with large numbers of cheap, scalable attack drones.
Modern conflicts have shown that it makes little sense to shoot down inexpensive drones using missiles that cost millions of dollars. The program focuses on producing tens of thousands of small drones by 2026 and hundreds of thousands by 2027. The focus has shifted away from a quality-over-quantity mindset toward deploying unmanned systems at scale. Analysts must be prepared to examine drone hardware and data just as routinely as laptops, phones, or servers.
Drone Platforms and Their Operational Roles
Not all drones are built for the same mission. Different models serve very specific roles depending on their design, range, payload, and level of control. On the battlefield, FPV drones are often used as precision strike weapons. These drones are lightweight, fast, and manually piloted in real time, allowing operators to guide them directly into high-value targets. Footage from Ukraine shows drones intercepting and destroying larger systems, including loitering munitions carrying explosive payloads.
Ukrainian “Sting” drone striking a Russian Shahed carrying an R-60 air-to-air missile
To counter electronic warfare and jamming, many battlefield drones are now launched using thin fiber optic cables instead of radio signals. These cables physically connect the drone to the operator, making jamming ineffective. In heavily contested areas, forests are often covered with discarded fiber optic lines, forming spider-web-like patterns that reflect sunlight. Images from regions such as Kupiansk show how widespread this technique has become.
Outside of combat zones, drones serve entirely different purposes. Commercial drones are used for photography, mapping, agriculture, and infrastructure inspection. Criminal groups may use similar platforms for smuggling, reconnaissance, or intimidation. Each use case leaves behind different types of forensic evidence, which is why understanding drone models and their intended roles is so important during an investigation.
DroneXtractor – A Forensic Toolkit for DJI Drones
To make sense of all this data, we need specialized tools. One such tool is DroneXtractor, an open-source digital forensics suite available on GitHub and written in Golang. DroneXtractor is designed specifically for DJI drones and focuses on extracting and analyzing telemetry, sensor values, and flight data.
The tool allows investigators to visualize flight paths, audit drone activity, and extract data from multiple file formats. It is suitable for law enforcement investigations, military analysis, and incident response scenarios where understanding drone behavior is critical. With this foundation in mind, let us take a closer look at its main features.
Feature 1 – DJI File Parsing
DroneXtractor supports parsing common DJI file formats such as CSV, KML, and GPX. These files often contain flight logs, GPS coordinates, timestamps, altitude data, and other telemetry values recorded during a drone’s operation. The tool allows investigators to extract this information and convert it into alternative formats for easier analysis or sharing.
In practical terms, this feature can help law enforcement reconstruct where a drone was launched, the route it followed, and where it landed. For military analysts, parsed telemetry data can reveal patrol routes, observation points, or staging areas used by adversaries. Even a single flight log can provide valuable insight into patterns of movement and operational habits.
Feature 2 – Steganography
Steganography refers to hiding information within other files, such as images or videos. DroneXtractor includes a steganography suite that can extract telemetry and other embedded data from media captured by DJI drones. This hidden data can then be exported into several different file formats for further examination.
This capability is particularly useful because drone footage often appears harmless at first glance. An image or video shared online may still contain timestamps, unique identifiers and sensor readings embedded within it. For police investigations, this can link media to a specific location or event.
Feature 3 – Telemetry Visualization
Understanding raw numbers can be difficult, which is why visualization matters. DroneXtractor includes tools that generate flight path maps and telemetry graphs. The flight path mapping generator creates a visual map showing where the drone traveled and the route it followed. The telemetry graph visualizer plots sensor values such as altitude, speed, and battery levels over time.
Investigators can clearly show how a drone behaved during a flight, identify unusual movements, or detect signs of manual intervention. Military analysts can use these visual tools to assess mission intent, identify reconnaissance patterns, or confirm whether a drone deviated from its expected route.
Feature 4 – Flight and Integrity Analysis
The flight and integrity analysis feature focuses on detecting anomalies. The tool reviews all recorded telemetry values, calculates expected variance, and checks for suspicious gaps or inconsistencies in the data. These gaps may indicate file corruption, tampering, or attempts to hide certain actions.
Missing data can be just as meaningful as recorded data. Law enforcement can use this feature to determine whether logs were altered after a crime. Military analysts can identify signs of interference and malfunction, helping them assess the reliability of captured drone intelligence.
Usage
DroneXtract is built in Go, so before anything else you need to have Go installed on your system. This makes the tool portable and easy to deploy, even in restricted or offline environments such as incident response labs or field investigations.
To build and run DroneXtract from source, you start by enabling Go modules. This allows Go to correctly manage dependencies used by the tool.
bash# > $ export GO111MODULE=on
Next, you fetch all required dependencies defined in the project. This step prepares your environment and ensures all components DroneXtract relies on are available.
bash# > go get ./…
Once everything is in place, you can launch the tool directly:
bash# > go run main.go
At this point, DroneXtract is ready to be used for parsing files, visualizing telemetry, and performing integrity analysis on DJI drone data. The entire process runs locally, which is important when handling sensitive or classified material.
Airdata Usage
DJI drones store detailed flight information in .TXT flight logs. These files are not immediately usable for forensic analysis, so an intermediate step is required. For this, we rely on Airdata’s Flight Data Analysis tool, which converts DJI logs into standard forensic-friendly formats.
Once the flight logs are processed through Airdata, the resulting files can be used directly with DroneXtract:
Airdata CSV output files can be used with:
1) the CSV parser
2) the flight path map generator
3) telemetry visualizations
Airdata KML output files can be used with:
1) the KML parser for geographic mapping
Airdata GPX output files can be used with:
1) the GPX parser for navigation-style flight reconstruction
This workflow allows investigators to move from a raw drone log to clear visual and analytical output without reverse-engineering proprietary formats themselves.
Configuration
DroneXtract also provides configuration options that allow you to tailor the analysis to your specific investigation. These settings are stored as environment variables in the .env file and control how much data is processed and how sensitive the analysis should be.
TELEMETRY_VIS_DOWNSAMPLE
This value controls how much telemetry data is sampled for visualization. Higher values reduce detail but improve performance, which is useful when working with very large flight logs.
FLIGHT_MAP_DOWNSAMPLE
This setting affects how many data points are used when generating the flight path map. It helps balance visual clarity with processing speed.
ANALYSIS_DOWNSAMPLE
This value controls the amount of data used during integrity analysis. It allows investigators to focus on meaningful changes without being overwhelmed by noise.
ANALYSIS_MAX_VARIANCE
This defines the maximum acceptable variance between minimum and maximum values during analysis. If this threshold is exceeded, it may indicate abnormal behavior, data corruption, or possible tampering.
Together, these settings give investigators control over both speed and precision, allowing DroneXtract to be effective in fast-paced operational environments and detailed post-incident forensic examinations.
Summary
Drone forensics is still a developing field, but its importance is growing rapidly. As drones become more capable, the need to analyze them effectively will only increase. Tools like DroneXtractor show how much valuable information can be recovered from devices that were once considered disposable.
Looking ahead, it would be ideal to see fast, offline forensic tools designed specifically for battlefield conditions. Being able to quickly extract flight data, locations, and operational details from captured enemy drones could provide immediate tactical advantages. Drone forensics may soon become as essential as traditional digital forensics on computers and mobile devices.
EXPERT PERSPECTIVE — Each of my eight trips to Ukraine since retiring from the CIA in the summer of 2023 has been filled with unique challenges. Each time I’ve witnessed first-hand the sacrifices the Ukrainians are making on a daily basis to fight for their country’s independence. And while each trip has been physically exhausting, each one has also been highly inspiring because the Ukrainians are fighting to protect many of the traditional American values that I grew up believing in, including the right to self-determination, liberty and national sovereignty.
But my latest visit to Ukraine was by far the most difficult. Not just because the Russians are significantly increasing their air attacks on Ukrainian towns and cities or because Ukraine is once again going through a very cold winter while facing significant power shortages caused by Moscow’s attacks against energy infrastructure targets. But mainly because for the first time, I heard Ukrainians questioning my country’s commitment to helping them defend their country. Because I heard Ukrainian interlocutors conclude that the U.S. was not a reliable partner and because Ukrainians who are fighting to protect their country, questioned whether the U.S. was willing to abandon support for their cause in order to secure potential business deals with Russian dictator Vladimir Putin and his regime.
Remembering all the Americans I had served with over the years, especially those who made the ultimate sacrifice defending liberty and the honor of our country, it is extremely painful to consider the possibility that my country might choose to placate someone like Putin and, in doing so, turn its back on those who have suffered from Putin’s aggression.
After more than 10 years of being at war, the Ukrainians are clearly fatigued. Russia's constant attacks against civilian targets are taking a toll. Families throughout the country are living without regular access to electricity and are subjected to daily mass Russian drone and missile attacks.
Ukraine's own internal corruption challenges, including the "Operation Midas" investigation, which resulted in the resignation of President Zelensky’s longtime advisor and head of the Presidential Office, Andriy Yermak, have raised questions among many Ukrainians about Zelensky and his Administration. The scandal also opened the door for many of the opponents of continued support to Ukraine to claim that Ukraine is a corrupt country led by corrupt leaders.
Of course, these critics forget that the Midas investigation is actually evidence of Ukraine’s efforts to deal with corruption and a development that highlights Kyiv’s determination to create a more transparent government based on “rule of law” principles. And there is no comparison between Ukraine’s efforts to deal with corruption, and Russia’s lack of transparency and complete rejection of “rule of law” governance.
Ukrainian fears about being abandoned by Washington are linked to the perception that the U.S. is going to end its support for Kyiv. Fears that are amplified by the recent leaking of the "28 Point Plan" that was initially presented to Kyiv by the U.S. as part of Washington’s efforts to bring the war to an end and revelations that the bulk of the plan was written by the Kremlin and then delivered to the U.S. Special Envoy for the Middle East and Russia Steve Witkoff by Russian Sovereign Wealth Fund head Kiril Dmitriyev.
These leaks bore many of the hallmarks of a Russian disinformation campaign, and whether or not the Kremlin leaked this information, there is little doubt that Moscow is using the leaks to undermine the U.S. internationally; to drive a wedge between the U.S. and its allies in Europe; to undermine the morale of the Ukrainian population; and to deceive international and domestic audiences into believing Russian President Vladimir Putin is trying to find a peaceful resolution to the war that he started.
Moscow has worked relentlessly to create the impression in Washington, Brussels and Kyiv - that the Ukrainian Armed Forces are on the verge of collapse, and it is only a matter of time before Putin achieves his military objectives.
The Ukrainians, on the other hand, are trying to counter this narrative and demonstrate that the Russians continue to make minimal battlefield gains while paying a tremendous price in terms of personnel and resources.
While people are tired, few appear ready to surrender or give up. Many equate surrender to betrayal of the memories of those Ukrainians who have died since 2014 fighting to defend the country from Russia.
Putin’s effort to control the narrative on Ukraine is partially linked to his desire to cover up how bad his own hand is at present. Putin does not want the West to focus on how the Russian military continues to struggle to take small amounts of territory, while suffering high casualty rates. He does not want others to focus on Russia’s own struggles with growing financial, economic and social problems that threaten the long-term stability of his regime and the future of Russia itself.
In recent years, the Kremlin has shifted its limited financial resources to the Military-Industrial complex, resulting in cutbacks to social spending and bringing an end to support of critical civilian infrastructure projects. While this policy has resulted in an increase in defense production, it is bankrupting the country and in recent months even Russia’s defense industry has had to implement spending cutbacks. Many factories and production sites across Russia are unable to pay workers and have been forced to reduce their work week to three or four days per week.
The money that Putin was once able to use to incentivize Russians to join the military and fight Ukraine is drying up, forcing him to once again consider mobilization plans, which will no doubt be highly unpopular with many Russians, especially with the “elites” living in the country’s main population centers.
The war has also drained off workers, resulting in significant labor shortages. Putin’s war is threatening to plunge Russia into the chaotic and painful social and economic conditions that the country faced in the early and mid-1990s.
Before leaving on my latest trip to Ukraine, I was asked to speak at an event in Washington D.C. focused on the future of U.S.-European relations. During that event, one attendee told me that recent polling in the U.S. showed that - since President Trump’s January 2025 inauguration - support for Ukraine among Republicans had risen significantly. This claim was supported by a report published by Defense One based on polling conducted by the Ronald Reagan Institute and a previous report published by the Chicago Institute on Global Affairs. These signs are heartening. In a system where the population’s interests should be considered by elected leaders, this means that the United States Government should be continuing its support for Ukraine.
The growing public support for Ukraine should give Ukrainians some hope that the U.S. is not going to abandon them. But it is hard for the Ukrainians to hear that message when it is often drowned out by much more negative news about alleged backroom deals made between Putin’s couriers and individuals close to President Trump and the very real possibility that those couriers are using their access to actively pursue a whisper campaign to influence the President and his policy decisions. That, combined with targeted leaks and distortions of facts to exaggerate the perception that Washington now prefers Moscow to Ukraine and the Europeans is painting a Russian-preferred narrative.
What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.
It is correct when President Trump says that he inherited a terrible situation in Ukraine. I also agree that as the elected leader of the most powerful country in the world, President Trump has a responsibility to try to end the bloody and senseless conflict.
The President deserves credit for trying, although I do not agree with his periodic claims that the Ukrainians, or their President, are guilty of starting the war - or that Kyiv does not want to end the war. Vladimir Putin is guilty of starting the conflict and despite all of President Trump’s efforts and the Ukrainians willingness to try to find a compromise, Putin has continued to make maximalist demands and drag out the conflict in hopes of stealing more of Ukraine’s territory and feeding Russia’s defense industrial complex, which is now the sole functioning part of Russia’s struggling economy.
It appeared President Trump recognized this reality in October, when he canceled plans to meet with Putin in Budapest and levied new sanctions on the Russian Energy sector. Unfortunately, the President allowed Putin to manipulate the U.S. team into thinking Putin was ready to negotiate in November, opening the door to a lot of Russian disinformation and information warfare designed to undermine the U.S., Ukraine and its allies - but not designed to bring the war to an end.
Over the past year, I have seen the level of political infighting within Ukraine increase. During a discussion with one Ukrainian General in September of 2024, the General opined that historically, Ukraine had never lost a war to Russia but had lost many wars to itself. He warned that internal political struggles in the country allowed the Russians to identify and exploit the political ambitions of some leaders and use these ambitions to divide the country and undermine national unity.
Ukraine is again facing the threat of serious internal divisions that the Kremlin will manipulate and use to achieve its military and political objectives. It appears likely that the Ukrainian government will hold elections in 2026, and the U.S. and the West should be ready to help Kyiv protect those elections from Russian interference. There is also little doubt that Russia itself will not hold fair elections in 2026 or as long as Putin remains in power.
As an American, I pray that our elected leaders will not repeat the mistakes made by British Prime Minister Neville Chamberlain when trying to deal with Adolf Hitler. The appeasement of Hitler by forcing allies to cede territories to the Nazi regime in Berlin did not lead to “Peace in our Time”. It led to a much greater and more horrific World War that could have been stopped if the English and French had taken decisive action against Hitler at that time.
To “Make America Great Again”, Americans need to stand up for what is right. Right - is not appeasing Putin. Justice is not allowing Putin to get away with stealing large portions of Ukraine’s territory and then benefit from killing more than a million Ukrainian and Russian citizens in a war that was designed to protect Putin’s personal power and re-establish an empire that has collapsed twice in the last 150 years.
As an American, I pray that we find our way through this very confusing and troubled period, hold the aggressor, Putin, accountable for his crimes, and successfully bring this war to an end while protecting Ukraine’s sovereignty and America’s reputation in the world.
All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
Hello world of Hackers Arise, in this post, we delve into the complex world of Russian disinformation campaigns on the internet. As Master OTW clearly established in his interview with Yaniv Hoffman (watch the video below), the disinformation campaign carried out by the high-ranking Russian authorities is not something new. It has been developed for decades, and they have truly become extremely adept at it, especially now with the use of the internet and social media. Throughout the years, they have dedicated themselves to spreading hatred, envy, and resentment worldwide, which we could classify as Psychological Warfare Operations, but taken to the extreme, as they not only aim to misinform or influence to achieve specific strategic targets but also intend to divide and confront the entire world.
However, we do not say this capriciously; there are foundations and information that support our arguments, we also do not intend to hide or minimize the fact that all nation-states carry out this type of operations, but in the case of the Russian authorities, their intention redefines the concept of pure malevolence.
https://www.youtube.com/watch?v=t2P6iADGnpE
With the rise of social media and interconnected platforms, information dissemination has become a powerful tool for shaping public opinion. Russia, among other countries, has been at the forefront of exploiting these channels to advance its strategic goals. This article aims to shed light on the methods, motives, and implications of Russia’s disinformation campaigns while underlining the importance of critical thinking and media literacy in navigating the digital landscape.
Understanding Disinformation:
Disinformation is the dissemination of false or misleading information with the intention to deceive or manipulate the public. Russia has become notorious for employing sophisticated techniques to influence global narratives on a wide range of issues, from political events to social debates and international relations. Understanding the multifaceted nature of disinformation is crucial in recognizing and countering its effects.
The following link leads to a study whose key points I will list below with the aim of understanding the main characteristics of this type of operations carried out by the Russian authorities.
Russia employs an array of methods to propagate disinformation effectively. These include the use of bots and troll farms to flood social media with false narratives, the creation and distribution of deceptive content, and the manipulation of search engine algorithms to amplify biased information. By utilizing these methods, Russia can create an illusion of consensus and spread narratives that align with its geopolitical interests.
“The Russian Federation has engaged in a systematic, international campaign of disinformation, information manipulation and distortion of facts in order to enhance its strategy of destabilisation of its neighbouring countries, the EU and its member states. In particular, disinformation and information manipulationhas repeatedly and consistently targeted European political parties, especially during the election periods, civil society and Russian gender and ethnic minorities, asylum seekers and the functioning of democratic institutions in the EU and its member states.
In order to justify and support its military aggression of Ukraine, the Russian Federation has engaged in continuous and concerted disinformation and information manipulation actions targeted at the EU and neighbouring civil society members, gravely distorting and manipulating facts.” Source (Picture below)
The mass media outlets mentioned above are either state-owned or corporations serving the state. However, Putin does not like independent journalism doing its job, and that’s why he took actions against them. Source Take a look at the amount of budget allocated by the Russian high command for those platforms to deploy disinformation.
Motives Behind the Campaigns:
The motives driving Russia’s disinformation campaigns are diverse and can be linked to political, economic, and security-related goals. Destabilizing rival countries, sowing discord among allies, discrediting political opponents, and undermining democratic processes are some of the key objectives pursued through t
hese campaigns. Understanding these motives is essential in formulating an effective response.If you still don’t believe that they spread hate all over the internet, take a look at these myths whose explanations are debunked in the source we provided.
And what about the Russian troll farm?
Implications and Impact:
The impact of Russian disinformation campaigns is far-reaching. They can polarize societies, erode trust in democratic institutions, and exacerbate existing divisions within nations. In international affairs, disinformation can escalate tensions between countries and influence public opinion on foreign policy matters. Moreover, the erosion of trust in media sources can lead to a decline in accurate information and the rise of echo chambers. Russian officials and pro-Russian media capitalized on the fear and uncertainty caused by the COVID-19 pandemic, actively spreading conspiracy theories. Among these theories, they focused on false U.S. bio-weapon infrastructure claims. One notable example is an article published by New Eastern Outlook on 20th February, available in both Russian and English, alleging that the U.S. deployed a biological weapon against China.
Fighting Back:
Countering Russian disinformation requires a comprehensive approach. Governments, tech companies, and civil society must collaborate to identify and expose false narratives, invest in media literacy programs, and enhance cybersecurity measures to protect against information warfare. Educating the public on critical thinking and fact-checking is a powerful tool in combating the spread of disinformation, but it is also our responsibility as hackers and advocates of freedom within the cyberspace; we must make this responsibility our mission, our duty, to ensure free access to information.
Conclusion:
The internet has opened up new frontiers for information dissemination, but it has also become fertile ground for disinformation campaigns. Russia’s approach to shaping narratives on a global scale requires a vigilant and proactive response from the international community. By fostering media literacy and promoting responsible online behavior, we can safeguard the integrity of information and fortify our societies against the perils of disinformation.
EXPERT OPINION – The recently leaked 28-point peace plan to end the war in Ukraine is nothing short of an appeasement that satisfies the maximalist demands of the aggressor in the conflict, Russian President Vladimir Putin. This is nothing short of the side on the verge of victory (eg, the free world) conceding to the side on the verge of defeat (Putin, the leader of the anti-west coalition). Sadly, it comes at a time when the situation on the battlefield is more or less a draw, both sides are effectively attacking energy infrastructure, and Russia’s economy is moving toward recession.
According to Russian data, third Quarter GDP growth in Russia was 0.6%. The expectation is that Q4 data will show the beginning of a recession. Sberbank has just decided to let 20% of their workforce go. Russia has for the first time, begun to sell gold reserves, presumably to make up for lost revenue from the recently imposed sanctions on Rosneft and Lukoil. Russia’s wartime transition to a command economy is not sustainable with a declining workforce sapped by the loss of young men sacrificed in Ukraine and those who have voted with their feet by leaving Putin’s kleptocracy.
The key points of the 28-point plan amount to nothing less than surrender by Ukraine and make in vain the sacrifices made by their valiant soldiers and citizens in their three plus years of war of full-scale war since Russia’s deadly invasion.
The agreement will be remembered in history with the same ignominy of the Munich Agreement of 1938 and will have the same consequence of setting the stage for a larger war to come.
Perhaps most egregious in the terms of the draft agreement is the re-establishment of the Russian Orthodox Church in Ukraine and the establishment of Russian as the official language. This indignity on top of the kidnapping of hundreds - if not thousands - of Ukrainian children to Russia and the forced conscription into the Russian army of men from Russian occupied territory. Then, of course, there is the massacre of innocent citizens by Russian soldiers in places like Bucha, all of which will go unaccounted for under the draft agreement. No judgement at Nuremberg for Russian war criminals.
What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.
The plan U.S. officials have negotiated is nothing more than cultural genocide against the people of Ukraine. That the U.S. would be part of an agreement that almost certainly would result in the arrest, deportation and incarceration of a generation of brave Ukrainians who have bravely resisted Putin’s aggression is simply unthinkable.
Mr. Trump, every member of your national security team should be required to watch episode nine of the brilliant HBO series Band of Brothers. The episode’s title is “Why We Fight” and the reasons for standing up to autocracy and evil portrayed in that episode are perfectly applicable to the situation today with the free world standing strong against the aggression of a malevolent dictator.
The Trump Administration’s desire to end the violence in Ukraine is commendable, but not at the price of setting the stage for the next war by giving victory to the aggressor. The men who reportedly negotiated the key points of the agreement have no experience dealing with Russia or Russians of the KGB ilk. The promises of “peace” offered by the Russian side are a chimera at best. Putin and the gang of thieves in his government know perfectly well how to manipulate representatives of the character of Steve Witkoff, President Trump’s real estate specialist now in charge of negotiating with Russia over Ukraine. Perhaps those negotiators are working with the idea of “Commander’s intent” that the President believes an agreement can be reached and counted upon with a counter-party like Putin. This is a serious misjudgment with serious consequences.
Those who have studied Putin for decades, understand clearly that he wants nothing but the destruction of the United States, our system of government and the set of ideals for which we stand. This is core to his beliefs. Putin and his security services will do everything they can to undermine the United States. One should not be surprised if the Russian services do not use every opportunity in the context of the Epstein revelations to attack every angle of the political spectrum in the U.S. that they can, including President Trump.
President Trump is now facing the most significant foreign and national security moment of his presidency. It appears the representatives he has chosen to negotiate with the Russian side have left him in a position to be remembered forever in history as the Chamberlain of the 21st century. Mr. Trump would do well to recognize that history does not remember Neville Chamberlain for any achievements in his political career in economic or domestic policy in Great Britain. He is remembered solely for Munich and "peace in our time". Mr. Trump is setting himself up to be remembered by history similarly. Sadly, it could also be the legacy of the country that was once the pillar of strength of the free world.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis inThe Cipher Brief
DEEP DIVE — Entire cities in the Darfur region of Sudan have been burned and razed, millions have fled their homes, and unspeakable terror and violence plague those left behind. When fighting erupted on April 15, 2023, between the Sudanese Armed Forces (SAF) under Abdel Fattah al‑Burhan and the Rapid Support Forces (RSF) led by Mohamed Hamdan Dagalo, better known as Hemedti, few predicted the conflict would become one of Africa’s worst humanitarian disasters.
There is, however, more to this war than just an internal battleground. The war in Darfur is no longer simply a domestic power struggle. It has become a multilayered proxy battlefield involving Egypt, Turkey, the United Arab Emirates (UAE), Saudi Arabia, Russia, Iran and more — each supporting rival Sudanese actors to secure strategic footholds.
“The current phase has Darfur as a killing field. The Sudanese protagonists have sorted out somewhat the areas each controls. Still, on the political front, both are committed to eliminating the other in a fight to the finish,” United States Ambassador to Sudan during the George W. Bush administration, Cameron Hume, tells The Cipher Brief. “There may be agreement on a time-limited humanitarian ceasefire, but no one is aiming at a durable political settlement between the two main parties.”
Infographic with a map showing areas controlled by the army, the Rapid Support Forces and neutral groups in Sudan as of September 23, 2025, according to the Critical Threats Project at the American Enterprise Institute and the AFP. (Infographic with a map showing areas controlled by the army, the Rapid Support Forces and neutral groups in Sudan as of September 23, 2025, according to the Critical Threats Project at the American Enterprise Institute and the AFP (Graphic by AFP) (Graphic by Olivia Bugault, Valentina Breschi, Nalini Lepetit-Chella/AFP via Getty Images)
United Arab Emirates
Despite official denials, the UAE remains the RSF’s cornerstone patron in Darfur, suspected of funneling advanced weaponry — including Chinese CH-95 and “Long Wang 2” strategic drones for 24-hour surveillance and strikes, Norinco-guided bombs, howitzers, and thermobaric munitions —via a covert air bridge of more than 240 UAE-chartered flights from November 2024, often landing at Chad’s Amdjarass airfield or South Darfur’s Nyala base.
These supplies, additionally routed through Libyan intermediaries like Khalifa Haftar’s networks and Ugandan/Somali airfields, have empowered RSF assaults, such as the latest siege and takeover of El Fasher. Economically, UAE-based firms like Hemedti’s Al-Junaid control Darfur’s Jebel Amer and Songo gold mines, exporting $1.6B in 2024, reportedly laundered via seven sanctioned Dubai entities to fund RSF salaries, Colombian mercenaries and further arms.
“The United Arab Emirates is the key sponsor of the RSF in strategic terms. Its interest is to convert influence in western Sudan into leverage over corridors, gold monetization and logistics, and to prevent an outcome in which Islamists consolidate in Khartoum,” Dr. Andreas Krieg, Associate Professor at King’s College London, tells The Cipher Brief.
Sudan’s gold — its primary export — has also become a lifeline for the UAE, feeding Dubai’s markets with more than ten tons a year from RSF-controlled areas. The trade aligns with Abu Dhabi’s long-term ambitions and its stance against the Muslim Brotherhood, as well as its past reliance on RSF fighters in Yemen. Despite Emirati denials and Sudan’s failed genocide case against the UAE at the ICJ, evidence ties the UAE directly to embargo breaches, from passports recovered in Omdurman to Emirati-made vehicles found at RSF sites.
As the UAE expands its influence through RSF control of Darfur’s 700-kilometer Red Sea corridor, reviving stalled DP World and AD Ports projects to rival Saudi NEOM, it effectively uses the militia as a proxy to secure resources and block SAF dominance. Approximately 70 percent of Sudan’s gold production from RSF-controlled areas is smuggled through Dubai, while overall illicit exports account for around 40 percent of the country’s total gold output.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
Turkey
Ankara, seeing the Darfurian conflict as both a threat to its regional ambitions and a challenge to Islamist allies, has backed al-Burhan’s forces with drones worth $120 million, delivered through Egypt. Their weapons supply assisted SAF in retaking Khartoum earlier this year but comes with deeper incentives: ideological ties with Burhan’s Islamist faction and strategic objectives for Red Sea access.
“Turkey’s quiet intelligence-sharing and counterterrorism pacts give it outsized sway over local regimes,” John Thomas, managing director of strategic policy firm Nestpoint Associates, tells TheCipher Brief.
The result, experts say, is a dangerous and growing proxy war between the UAE and Turkey — one now fought with advanced drones and air defenses across Sudan’s skies. The stalemate has fractured the country, spilled instability into Chad and Libya, and left tens of thousands dead, a toll experts warn could further destabilize the Horn of Africa.
Beyond the pace and scale of Turkish arms transfers, the presence of Turkish private military contractors (PMCs) in Africa merits closer scrutiny.
“In addition to the pace and spread of Turkey’s arms flow, I would say the presence of Turkish PMCs in Africa is something policymakers really ought to focus on more closely,” Will Doran, Turkey researcher at the Foundation for Defense of Democracies, tells The Cipher Brief. “A lot of these PMCs, like Erdogan himself, are warm towards the Muslim Brotherhood and have some questionable ties to Islamist militias on the ground in the Sahel. This isn’t to say Turkey is backing the region’s big names in terrorism. For one, Ankara’s deployed against al-Shabaab in Somalia, but the PMC trend is worrisome nonetheless.”
Egypt
Egypt views Sudan as a vital flank for its national interests. The Nile River flows from Sudan into Egypt, and Cairo has long been vigilant about any instability upstream. Egypt supports General Abdel Fattah al-Burhan and his Sudanese Armed Forces (SAF) because Cairo views them as the most dependable group to safeguard Egypt’s key national interests — namely, the Nile River corridor, which is Egypt’s sustenance for water and trade, and the southern border, which it shares with Sudan.
According to Dr. Krieg, “Egypt is the principal state backer of the army.”
“Its strategic priorities are the security of the Nile heartland, avoidance of an Islamist resurgence, and denial of hostile basing or rival influence along the Red Sea,” he continued.
Egypt, already hosting more than a million refugees, also fears that if Khartoum collapses into chaos, the resulting instability — such as refugee flows, arms trafficking, or militant activity — could spill over the border into its territory. Diplomatically, Cairo has kept direct intervention limited and insists on a Sudan-led solution, yet it retains close military and political ties to Burhan.
Saudi Arabia
Riyadh shares a parallel concern: as the Gulf kingdom pursues its Vision 2030 and Red Sea coastal investments, it has an interest in a stable Sudan firmly aligned with its regional agenda. Riyadh has backed the SAF via financial and diplomatic support, while also positioning itself as a mediator.
“Saudi Arabia is perhaps the outside player with potential influence that gets the least attention,” said Amb. Hume.
Dr. Krieg also observed that “Saudi Arabia has positioned itself as a convenor and would prefer a unified state that secures the Red Sea.”
“Chad and the Haftar camp in eastern Libya function as corridors and logistics enablers, and their choices directly affect the intensity of fighting in Darfur,” he explained. “Those intermediaries in Libya and Chad are all part of the UAE’s Axis of Secessionists; a network of non-state actors that are all tied to Abu Dhabi directly or indirectly.”
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Iran
Since late 2023, Iran has resumed ties with SAF leader Abdel Fattah al-Burhan after a seven-year break, sending Mohajer-6 and Ababil drones, artillery, and intel via seven Qeshm Fars Air flights to Port Sudan from December 2023 through July 2024. This aid helped SAF retake Khartoum in March 2025 and strike RSF in Darfur. In addition, Iran uses Sudan’s Yarmouk arms factory to counter the UAE-backed RSF. Tehran’s overarching goal? Access to Port Sudan to support the Houthis in Yemen and spread Shiite influence — risking wider regional proxy conflict.
“Iran’s military support has helped shift momentum toward the SAF. As one of many foreign actors exacerbating Sudan’s internal tensions, Iran contributes to the country’s unfolding humanitarian disaster,” Jonathan Ruhe, Director of Foreign Policy at the JINSA Gemunder Center for Defense & Strategy, tells The Cipher Brief. “And as one of many foreign actors trying to claim concessions from the government and vying to exploit Sudan’s natural resources, Iran helps worsen the country’s already high levels of impoverishment.
Research Fellow at the Foundation for the Defense of Democracies, Husain Abdul-Hussain, also underscored that while Iranian involvement in Sudan is still in its infancy, “it will certainly grow as the war grinds on.”
“The more reliant Islamist militias become on Iran, the stronger they become and the more indebted to Tehran,” he explained. “Eventually, relations between Iran and Sudanese Islamist militias will be similar to its relations with Islamist militias in Lebanon (Hezbollah), Iraq (Hashd Shaabi), Gaza (Hamas) and Yemen (Houthis). Note that Sudan Islamist militias are Sunni (like Hamas in Gaza), and unlike Shia Iran and its Lebanese and Iraqi Shia militias. The Houthis are their own breed of Islam (Yazidis) but are allied with Shia Iran.”
Russia
Moscow, meanwhile, has played both sides in Sudan’s civil war for profit and power. Before 2024, the Wagner Group, now under Russia’s Defense Ministry, backed the RSF with arms like surface-to-air missiles, in return for gold from RSF-held mines like Jebel Amer — smuggling up to 32.7 tons worth $1.9 billion via Dubai from 2022 to 2023 to skirt Ukraine war sanctions and fund operations. This fueled RSF violence, including the 2023 to 2025 massacres in el-Geneina and el-Fasher.
Around midway through last year, in the aftermath of Prigozhin’s demise, Moscow flipped to bolstering the SAF in its quest for a Port Sudan naval base. Russia subsequently vetoed a UN ceasefire resolution last November to keep up its influence in Khartoum, while reports emerged of Russian mercenaries operating in West Darfur, worsening the fear and displacement.
“Russia linked commercial and security networks remain present around gold flows and in facilitation roles close to the RSF camp,” said Dr. Krieg.
Why So Many Foreign Players?
At the heart of Sudan’s crisis lie three intertwined forces: geography, resources, and regional rivalry. Poised along the Nile, the Red Sea, and the Horn of Africa, Sudan is pivotal to everything from Cairo’s water security to the maritime goals of Gulf States to the influence ambitions of Moscow and Ankara. Moreover, its ports and resource-rich land have morphed domestic infighting into a lucrative war economy.
“Material backing has lengthened the war and structured its geography,” Mr. Krieg said. “The result is not a decisive victory for either side but a hardening of zones, with the RSF advantaged in a peripheral theatre where it can police corridors and extract revenue, and the army entrenched where the state’s core institutions, population and donor attention reside.”
Why It’s So Hard to End the War
With so many players in the field and a deep distrust among warring parties, ending the war in Sudan has become extraordinarily difficult. The United States, for its part, leads the “Quad” alongside the UAE, Egypt, and Saudi Arabia, pushing for a three-month humanitarian truce. The RSF agreed to a deal on November 6, and Washington is now pressing the Sudanese army to do the same in hopes of easing the fighting and starting talks on the war’s deeper causes.
If the war in Sudan continues, the U.S. faces a growing humanitarian catastrophe: estimates suggest more than 150,000 deaths and over 14 million people displaced, with nearly 25 million facing acute hunger. Regionally, unchecked control of the RSF in Darfur could destabilize the Red Sea corridor, a vital route for global trade and U.S. allies. Domestically, failure to resolve the conflict would erode U.S. credibility on human rights and genocide prevention, heighten refugee pressures in North Africa and Europe, and contradict the moral precedent set during the 2003 Darfur genocide.
“Washington will be paying more attention,” one White House-connected source tells The Cipher Brief. “It isn’t ignored. It is a conflict Trump wants to see ended.”
Dr. Krieg asserted that Sudan is entering a consolidation phase in which the Rapid Support Forces have turned Darfur into a defensible rear area and administrative base. The fall of El Fasher removed the last significant government foothold in the region. It gave the RSF control of the interior lines across West, South, Central, and much of North Darfur, as well as access to Libya and Chad for resupply and commerce.
He thus asserts that Sudan’s future is likely to go one of two ways.
“The Sudanese Armed Forces still hold the Nile corridor, the capital area and much of the east, which creates a west versus centre geography. That configuration points to two near-term paths. Either the front stabilises into a frozen conflict that resembles an informal partition, or the RSF seeks to push east through North Kordofan and test the approaches to the center,” Dr. Krieg added. “Humanitarian conditions are acute, with siege tactics, displacement and food insecurity now baked into the conflict economy. The political tempo has slowed rather than accelerated, since battlefield gains in Darfur give the RSF reasons to bank advantages before contemplating concessions.”
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
Login
Historical tariff patterns show 86% chance that Trump reverses Europe tariffs before February 1, as Bitcoin's 24/7 markets prepare to signal policy shifts first.
Iran's currency has collapsed and is now officially worth $0.
– 
The mass media outlets mentioned above are either state-owned or corporations serving the state. However, Putin does not like independent journalism doing its job, and that’s why he took actions against them. 
And what about the Russian troll farm? 
