Welcome back, aspiring cyberwarriors!

I want you to imagine a scene for a moment. You are sitting at your keyboard on one of the upper floors of a secure building in the middle of a restricted area. There is a tall fence topped with electrified barbed wire. Cameras cover every angle. Security guards patrol with confidence. You feel untouchable. Then you hear it. It’s a faint buzzing sound outside the window. You glance over for just a moment, wondering what it is. That tiny distraction is enough. In those few seconds, a small device silently installs a backdoor on your workstation. Somewhere 20 kilometers away, a hacker now has a path into the corporate network. 

That may sound like something out of a movie, but it is not science fiction. In this series, we are going to walk through the process of building a drone that can perform wireless attacks such as EAP attacks, MouseJack, Kismet reconnaissance, and similar operations. A drone is an incredibly powerful tool in the hands of a malicious actor because it can carry roughly a third of its own weight as payload. But “hacking through the air” is not easy. A proper hacker drone must be autonomous, controllable over a secure channel at long distances, and resilient to jamming or suppression systems. Today we will talk through how such drones are designed and how they can be built from readily available components.

Most wireless attacks require the attacker to be physically near the target. The problem is that you can’t reach every building, every fenced facility, and every rooftop. A drone changes the entire equation. It can fly under windows, slip through partially open spaces, or even be transported inside a parcel. As a boxed payload moves through residential or office buildings, it can quietly perform wireless attacks without anyone ever suspecting what is inside. And yes, drones are used this way in the real world, including military and intelligence operations. On June 1, 2025, over 100 FPV drones that were smuggled into Russia, were concealed in modified wooden cabins on trucks, and remotely launched from positions near multiple Russian airbases. These drones conducted precision strikes on parked aircraft at bases including Belaya, Dyagilevo, Ivanovo Severny, Olenya, and Ukrainka, reportedly damaging or destroying more than 40 strategic bombers and other high-value assets.

The FPV drones were equipped with mobile modems using Russian SIM cards to connect to local 3G/4G cellular networks inside Russia. This setup enabled remote operators in Ukraine to receive real-time high-resolution video feeds and telemetry, as well as maintain manual control over the drones via software like ArduPilot Mission Planner. The cellular connection allowed precise piloting from thousands of kilometers away, bypassing traditional radio frequency limitations and Russian electronic warfare jamming in some cases. In Part 2 we will show you how this type of connection can be established.

Drones are everywhere. They are affordable. They are also flexible. But what can they really do for a hacker? The key strength of a drone is that it can carry almost anything lightweight. This instantly increases the operational range of wireless attacks, allowing equipment to quickly and silently reach places a human cannot. A drone can scale fences, reach high-rise windows, hover near targets, and potentially enter buildings. All while remaining difficult to trace. That is an enormous advantage.

Let’s start learning how the platform works.

Implementation

Most drones are radio-controlled, but the exact communication method varies. One channel is used to receive operator commands (RX) and another to transmit video and telemetry back to the operator (TX). Different drones use different communication combinations, such as dedicated radio systems like FRSKY, ELRS, or TBS for control, and either analog or digital channels for video. Some consumer drones use Wi-Fi for telemetry or even control both ways.

For a hacker, the drone is first and foremost a transport platform. It must be reliable and durable. When you are performing attacks near buildings, lamp posts, tight corridors, or window frames, high speed becomes far less important than protecting the propellers. This is why Cinewhoop-style drones with protective frames are such a strong choice. If the drone brushes a wall, the frame absorbs the impact and keeps it flying. You can find the 3D models of it here

The drone also needs enough lifting power to carry your hacking gear. Ideally at least one-third of its own weight. That allows you to attach devices such as Wi-Fi attack platforms, SDR tools, or compact computers without stressing the motors. Because distance matters, Wi-Fi-controlled drones are usually not ideal. Wi-Fi range is typically around 50–100 meters before responsiveness begins to degrade. Professional long-range drones that use dedicated control radios like FRSKY, ELRS, or TBS are a better fit. Under good conditions, these systems can maintain control several kilometers away. Since attackers typically operate near structures, precise control is critical. FPV drones are especially useful here. They allow the pilot to “see” through the drone’s camera in real time, which is essential when maneuvering near buildings or through tight openings. Open-source flight controller platforms such as Betaflight are really attractive. They are flexible, modifiable, and easy to service. If the frame is damaged in a crash, most of the core components can be reused.

In truth, the specific drone model is less important than the pilot’s skill. Good piloting matters. Before we look at attacks, we need to understand how control can be improved and how it can be extended beyond visual range.

Control via 4G

Flying a drone among urban buildings introduces challenges like concrete and steel obstruct radio signals, limiting line-of-sight range. Even if your drone has a long-range radio system, once it disappears behind a building, control becomes unreliable. But what if you could control the drone over mobile networks instead? Modern 4G cellular networks now offer reliable data coverage even inside many urban structures. If we can use cellular data as a control channel, the drone’s reachable range becomes limited only by its battery life, not by line-of-sight. Today’s 4G networks can provide sufficient bandwidth for both control signals and video feeds. Although the latency and responsiveness are not as good as dedicated radio links, they are quite usable for piloting a drone in many scenarios. Considering that drones can reach speeds up to 200 km/h and have flight times measured in tens of minutes, an attacker theoretically could operate a drone more than 20 km away from the controller using 4G connectivity.

4G > Wi-Fi Gateway > Drone

The simplest way to use 4G connectivity is to bridge it to the drone’s Wi-Fi interface. Most consumer drones broadcast a Wi-Fi access point that a mobile phone connects to for control. Commands are sent over UDP packets, and video is streamed back as an RTSP feed. In this setup, the drone already acts like a networked device. If you attach a small computing device with a 4G modem, you could connect to it over a VPN from anywhere, and relay commands to the drone. But this approach has major drawbacks. The control protocol is often closed and proprietary, making it difficult to reverse-engineer and properly relay. Additionally, these protocols send frequent packets to maintain responsiveness, which would saturate your 4G channel and compete with video transmission.

4G > Video Gateway > Drone

A much cleaner alternative is to use a video gateway approach. Instead of trying to tunnel the drone’s native protocol over the cellular link, you attach a small smartphone to the drone and connect it to the drone’s Wi-Fi. The phone itself becomes a bridge. It controls the drone locally and receives video. From the remote operator’s perspective, you are simply remoting into the phone, much like remote controlling any computer. The phone’s screen shows the drone’s video feed, and the operator interacts with the virtual sticks via remote desktop software. The phone app already handles control packet encoding, so there’s no need to reverse-engineer proprietary protocols.

This clever hack solves multiple problems at once. The phone maintains a strong local Wi-Fi link to the drone, which is hard to jam at such short range. The operator sees a video feed that survives 4G network variations better than high-bandwidth native streams. And because the app handles stick input, the operator doesn’t need to worry about throttle, roll, pitch, or yaw encoding.

You can connect to the phone over 4G from any device using remote-access software like AnyDesk. With simple GUI automation tools, you can bind keyboard keys to virtual controller actions on the phone screen.

Here is the Bash script that will help with it. You can find the link to it here

This Bash script allows you to control virtual joysticks once you connect via AnyDesk to the phone. You will use the keyboard to simulate mouse actions. When launched, the script identifies the emulator window (using xwininfo, which requires you to click on the window once), calculates the centers of the left and right virtual sticks based on fixed offsets from the window’s corner, and then enters a loop waiting for single key presses.

For each key (A/B for throttle, W/S/A/D for pitch and roll, Q/E for yaw), the script uses xdotool to move the cursor to the virtual stick, simulate a short swipe in the desired direction, and release. This effectively mimics a touchscreen joystick movement. The script runs on Linux with X11 (Xorg), requires xdotool and x11-utils, and gives a simple keyboard-based alternative for drone control when a physical gamepad isn’t available. Although Kali Linux is not suitable here, many other distros such as Debian Stable, antiX, Devuan, Linux Mint, openSUSE, Zorin OS, or Peppermint OS work well. So while Kali is often the go-to for security work, there’s still a list of usable operating systems.

Telemetry data is also available to the remote operator.

In the system we describe, another script monitors screen regions where telemetry values are displayed, uses OCR (optical character recognition) to extract numbers, and can then process them.

Here is another bash script that will help us with this. It will repeatedly screenshot a selected drone ground control window, crop out the battery and altitude display areas, use OCR to extract the numeric values, print them to the terminal, and speak a “low battery” warning if the percentage drops below 10%..

Find it on our GitHub here

With control and telemetry automated, full 4G-based drone operation becomes extremely flexible. This method is easy to implement and immediately gives you both control and status feedback. However, it does introduce an extra link, which is the Wi-Fi phone. The phone’s Wi-Fi signal may interfere with the drone’s normal operation, and the drone must carry some extra weight (about 50 grams) for this setup. In Part 2, we will go further. We will move from 4G > Wi-Fi > Drone to 4G > UART > Drone, using a custom VPN and SIM. That means the phone disappears completely, and commands are sent directly to the flight controller and motor control hardware. This will give us more flexibility.

That brings us to the end of Part 1.

Summary

Drones are rapidly transforming from hobby toys into serious tools across warfare, policing, intelligence, and hacking. A drone can slip past fences, scale buildings, hover near windows, and quietly deliver wireless attack platforms into places humans cannot reach. It opens doors to an enormous spectrum of radio-based attacks, from Wi-Fi exploitation to Bluetooth hijacking and beyond. For attackers, it means unprecedented reach. 

See you in Part 2 where we begin preparing the drone for real-world offensive operations

The post Drone Hacking: Build Your Own Hacking Drone, Part 1 first appeared on Hackers Arise.

DEEP DIVE — From stolen military credentials to AI-generated personas seamlessly breaching critical infrastructure, digital identity fraud is rapidly escalating into a frontline national security threat. This sophisticated form of deception allows adversaries to bypass traditional defenses, making it an increasingly potent weapon.

The 2025 Identity Breach Report, published by AI-driven identity risk firm Constella Intelligence, reveals a staggering increase in the circulation of stolen credentials and synthetic identities. The findings warn that this invisible epidemic, meaning it's harder to detect than traditional malware, or it blends in with legitimate activity, is no longer just a commercial concern—it now poses a serious threat to U.S. national security.

“Identity verification is the foundation of virtually all security systems, digital and physical, and AI is making it easier than ever to undermine this process,” Mike Sexton, a Senior Policy Advisor for AI & Digital Technology at national think tank Third Way, tells The Cipher Brief. “AI makes it easier for attackers to simulate real voices or hack and steal private credentials at unprecedented scale. This is poised to exacerbate the cyberthreats the United States faces broadly, especially civilians, underscoring the danger of Donald Trump’s sweeping job cuts at the Cybersecurity and Infrastructure Security Agency.”

The Trump administration’s proposed Fiscal Year 2026 budget would eliminate 1,083 positions at CISA, reducing staffing by nearly 30 percent from roughly 3,732 roles to around 2,649.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

The Industrialization of Identity Theft

The Constella report, based on analysis of 80 billion breached records from 2016 to 2024, highlights a growing reliance on synthetic identities—fake personas created from both real and fabricated data. Once limited to financial scams, these identities are now being used for far more dangerous purposes, including espionage, infrastructure sabotage, and disinformation campaigns.

State-backed actors and criminal groups are increasingly using identity fraud to bypass traditional cybersecurity defenses. In one case, hackers used stolen administrator credentials at an energy sector company to silently monitor internal communications for more than a year, mapping both its digital and physical operations.

“In 2024, identity moved further into the crosshairs of cybercriminal operations,” the report states. “From mass-scale infostealer infections to the recycling of decade-old credentials, attackers are industrializing identity compromise with unprecedented efficiency and reach. This year’s data exposes a machine-scale identity threat economy, where automation and near-zero cost tactics turn identities into the enterprise’s most targeted assets.”

Dave Chronister, CEO of Parameter Security and a prominent ethical hacker, links the rise in identity-based threats to broader social changes.

“Many companies operate with teams that have never met face-to-face. Business is conducted over LinkedIn, decisions authorized via messaging apps, and meetings are held on Zoom instead of in physical conference rooms,” he tells The Cipher Brief. “This has created an environment where identities are increasingly accepted at face value, and that’s exactly what adversaries are exploiting.”

When Identities Become Weapons

This threat isn’t hypothetical. In early July, a breach by the China-linked hacking group Volt Typhoon exposed Army National Guard network diagrams and administrative credentials. U.S. officials confirmed the hackers used stolen credentials and “living off the land” techniques—relying on legitimate admin tools to avoid detection.

In the context of cybersecurity, “living off the land” refers to attackers (like the China-linked hacking group Volt Typhoon) don't bring their own malicious software or tools into a compromised network. Instead, they use the legitimate software, tools, and functionalities that are already present on the victim's systems and within their network.

“It’s far more difficult to detect a fake worker or the misuse of legitimate credentials than to flag malware on a network,” Chronister explained.

Unlike traditional identity theft, which hijacks existing identities, synthetic identity fraud creates entirely new ones using a blend of real and fake data—such as Social Security numbers from minors or the deceased. These identities can be used to obtain official documents, government benefits, or even access secure networks while posing as real people.

“Insider threats, whether fully synthetic or stolen identities, are among the most dangerous types of attacks an organization can face, because they grant adversaries unfettered access to sensitive information and systems,” Chronister continued.

Insider threats involve attacks that come from individuals with legitimate access, such as employees or fake identities posing as trusted users, making them harder to detect and often more damaging.

Constella reports these identities are 20 times harder to detect than traditional fraud. Once established with a digital history, a synthetic identity can even appear more trustworthy than a real person with limited online presence.

“GenAI tools now enable foreign actors to communicate in pitch-perfect English while adopting realistic personas. Deepfake technology makes it possible to create convincing visual identities from just a single photo,” Chronister said. “When used together, these technologies blur the line between real and fake in ways that legacy security models were never designed to address.”

Washington Lags Behind

U.S. officials acknowledge that the country remains underprepared. Multiple recent hearings and reports from the Department of Homeland Security and the House Homeland Security Committee have flagged digital identity as a growing national security vulnerability—driven by threats from China, transnational cybercrime groups, and the rise of synthetic identities.

The committee has urged urgent reforms, including mandatory quarterly “identity hygiene” audits for organizations managing critical infrastructure, modernized authentication protocols, and stronger public-private intelligence sharing.

Meanwhile, the Defense Intelligence Agency’s 2025 Global Threat Assessment warns:

“Advanced technology is also enabling foreign intelligence services to target our personnel and activities in new ways. The rapid pace of innovation will only accelerate in the coming years, continually generating means for our adversaries to threaten U.S. interests.”

An intelligence official not authorized to speak publicly told The Cipher Brief that identity manipulation will increasingly serve as a primary attack vector to exploit political divisions, hijack supply chains, or infiltrate democratic processes.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Private Sector on the Frontline

For now, much of the responsibility falls on private companies—especially those in banking, healthcare, and energy. According to Constella, nearly one in three breaches last year targeted sectors classified as critical infrastructure.

“It's never easy to replace a core technology, particularly in critical infrastructure sectors. That’s why these systems often stay in place for many years if not decades,” said Chronister.

Experts warn that reacting to threats after they’ve occurred is no longer sufficient. Companies must adopt proactive defenses, including constant identity verification, behavioral analytics, and zero-trust models that treat every user as untrusted by default.

However, technical upgrades aren’t enough. Sexton argues the United States needs a national digital identity framework that moves beyond outdated systems like Social Security numbers and weak passwords.

“The adherence to best-in-class identity management solutions is critical. In practice for the private sector, this means relying on trusted third parties like Google, Meta, Apple, and others for identity verification,” he explained. “For the U.S. government, these are systems like REAL ID, ID.me, and Login.gov. We must also be mindful that heavy reliance on these identity hubs creates concentration risk, making their security a critical national security chokepoint.”

Building a National Identity Defense

Some progress is underway. The federal Login.gov platform is expanding its fraud prevention capabilities, with plans to incorporate Mobile Driver’s Licenses and biometric logins by early 2026. But implementation remains limited in scale, and many agencies still rely on outdated systems that don’t support basic protections like multi-factor authentication.

“I would like to see the US government further develop and scale solutions like Login.gov and ID.me and then interoperate with credit agencies and law enforcement to respond to identity theft in real time,” Sexton said. “While securing those systems will always be a moving target, users’ data is ultimately safer in the hands of a well-resourced public entity than in those of private firms already struggling to defend their infrastructure.”

John Dwyer, Deputy CTO of Binary Defense and former Head of Research at IBM X-Force, agreed that a unified national system is needed.

“The United States needs a national digital identity framework—but one built with a balance of security, privacy, and interoperability,” Dwyer told The Cipher Brief. “As threat actors increasingly target digital identities to compromise critical infrastructure, the stakes for getting identity right have never been higher.”

He emphasized that any framework must be built on multi-factor authentication, phishing resistance, cryptographic proofs, and decentralized systems—not centralized databases.

“Public-private collaboration is crucial: government agencies can serve as trusted identity verification sources (e.g., DMV, passport authorities), while the private sector can drive innovation in delivery and authentication,” Dwyer added. “A governance board with cross-sector representation should oversee policy and trust models.”

Digital identities are no longer just a privacy concern—they’re weapons, vulnerabilities, and battlegrounds in 21st-century conflict. As foreign adversaries grow more sophisticated and U.S. defenses lag behind, the question is no longer if, but how fast America can respond.

The question now is whether the United States can shift fast enough to keep up.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.