March Madness
Hunter of drone pilots.
This article is for educational purposes. A look at national security issues. Transcripts of an interview that has taken place in the month of March, ‘24. Our contributing author who goes by the moniker Disruptor26 is a drone pilot who specializes in C5ISRT innovation and red teaming operations. He is one of the most sought after civilian drone operators in the states.
Disclaimer: The views, opinions, and expressions articulated by contributing author Disruptor26 on this website are strictly personal and do not represent the views or opinions of the company Warcloud Industries LLC. The company is not liable for any statements made by Disruptor26 on this platform. Visitors are encouraged to exercise their own discretion and judgment while interpreting the content provided by Disruptor26.
Everything in this interview is conducted Open Source Intelligence (OSINT) research.
From Kevin Finisterre, the architect of the course study materials. “DJI was less than forthcoming in their Statement about DJI Cyber Security and Privacy Practices: “Based on our analysis so far, only one party was able to download data from the server… The investigation is ongoing, and we will notify customers if evidence suggests that the data has been misused.” Later they semi publicly corrected the wording to say “DJI believes that other individuals may have accessed the information before September 27th, 2017” in their Notice of Data Breach letters a subset of people received. There is a solid chance you NEVER saw those updated words… ask yourself why?
This map is a visualization of the Flight Records that were in the 2017 AWS breach. It represents 6000 users, and approximately 380,000+ flight records, many including embedded photos.”
Everything in this interview is conducted Open Source Intelligence (OSINT) research.
Case Study Interview
Interviewer:
What’s up man? Thanks for taking the time out of your day to do this interview. You’ve found some interesting things I hear. But first give us a little background about yourself.
Disruptor26:
Yea bro, no doubt, thanks for having me. Where do I start?… Shit- man I think there’s novelty in hunting other drone pilots! One to build community, two I’m genuinely interested in seeing who is in the skies. There’s a lot you can learn from other pilots. I’ve been flying drones practically my whole life. I used to have UAVs and UGVs as a kid, tyco was the best! Completely rudimentary but shit was still cool, and ahead of its time. I’ve flown with some of the best FPV pilots across the world, and like to have my finger on the pulse of the industry. So naturally I want to see who flies when, where, and why. The Sentinel Society, which is my crew, decided early on, to make sure we became the best at this nerdy ass hobby. A lot of people think we are not, but we’re not, and not even scratching the surface. Our team mentors are insanely better than we are. While we knuckle drag, ethical hack, red team, and bullshit. Those dudes were shooters who flew drones in combat or went to battle it out with CCP’s pipeline (Chinese Communist Party) DJI company. One was even the first to fly an Ai drone in the battlespace. We owe those guys an immense amount of gratitude for educating us. G, Kev, and Jimothy, sup dudes!?
Interviewer:
That’s pretty cool. Can you elaborate on what you mean by hunting drone operators? Just for context. Then the follow up would be if you can, speaking briefly on the current state of the drone industry.
Disruptor26:
So again novelty in hunting drone operators right? Well, I shouldn’t say hunting, but more or less discovery of them, or whatever pronoun chosen. To see if they’re like-minded, careless, clueless, or criminal. If you’re a criminal we’ll hijack your drone or crash it for fun. We’ve gotten a few peeping toms and pedophiles like that, just using c-uas tactics, you know, software defined radios, directional finding, etcetera. Insanely fun and for a good cause. Clueless or careless we see the opportunity to teach and shed knowledge sets. Rogue prophets in the drone community exist and we like to think of ourselves as such.
The current climate of the drone industry is fragile right now. From legislature to FAA warnings. American companies have gone private and sell to mil and first responders, or those who have money. DJI still owns more than 70% of the industry. That’s the dangerous part. The CCP via DJI is continuously gathering intelligence, surveillance, and reconnaissance on critical infrastructure here in the United States. How do they do that? It starts with the drone operator firstly. We have clueless, careless, and criminal pilots out there. Whether they’re American, visiting, or immigrants.
If I can break it down further. Through the drone’s firmware (software) a backdoor is opened, a sync of data happens, it’s now online dwelling in cloud services. Anyone with enough education and a hacker heart can penetrate online clouds. Now imagine if your national interest is to create a product for your enemy to use, and you control everything on the back end. That’s the way we see DJI having CCP interests at the core. With all the talks about banning DJI they’ve made a pivot and created splinter cell companies that look identical from products to the genetic makeup of the enterprises. What we call white labeled. Total fakes, we kind of outed them and penetration tested their emotional resilience via linkedin with a couple posts and they blocked us. Check out SPECTA for example. There’s a couple others out there.
Interviewer:
Not to segway but let me ask you this. What are your thoughts on the border?
Disruptor26:
I mean the cartel is making an insane amount of money shepherding CCP nationals at the border. But make no mistake about it, they’re coming from all over the world. Every faction that hates America or wants to play the Cold War / GPC game. Is infiltrating the U.S. right now. And because we’re fighting this GPC (Great Power Competition) race or what I like to think as the Second Cold War… Nevertheless, it’s possible that the next kinetic war could be at the border. But people might ask why would we cut off our biggest trade asset? Would you consider them a pure threat? Bro, it’s a whole entire can of worms.
Interviewer:
Before getting into details tell us how D0tslash approached you with this AWS Leak.
Disruptor26:
Oh yea man it was a late night and old school hackers like Kev are like vampires man. They Straight up Rodney Barnes’ hacker version of Blacula. Anyways we stalk the earth on reverse hours, late nights of fighting crime and command lines. I was one of the first to get the link and see the dataset. Honored but earned, because I go back and forth with Kev like he’s my big brother. We talk shit at a PhD level. Well anyways, Kev sent a link and basically said “check it out”. This link was awkward as shit. Not the normal X links of us dissing people, scholarly articles, or white papers. But, I clicked it anyway, and … EUREKA!
Interviewer:
So within minutes he said you found something. Explain the origin of this ‘hunting drone pilots’ or red teaming with this data?
Disruptor26:
The map had all types of pings on it. It was like cere-bro. Every drone pilot’s flight logs. Well not everyone, but there were hundreds of thousands of dots on this interactive world map. So it felt like the temple of game. And I got to “hunt” and see who is who?
On the map legend there were multiple visuals that can be toggled on/off with an “eye icon” for visibility. For example; “flight log centroid” was signified as purple dots on the map. These purple dots were where pilots had possibly launched or deployed their drone from.. I was interested in a few things. But first I wanted to see who was flying in or around critical infrastructure and military bases.
In the beginning there were only two or three legend toggles. I could only see flight logs (purple), and I believe substations (yellow?). Upon looking at Los Angeles for myself or friends, I didn’t find anything or anyone that I specifically knew. So naturally I look to the south in San Diego and then over to Arizona where my buddy Alchemy is. Then boom! a major cluster of flights. I’m thinking to myself, “damn”. This is Pilot #1, and they must be a real drone pilot because they fly a ton. But also Pilot #1 might’ve been incredibly clueless to upload all of his footage, or just plain criminal! So out of curiosity I look Pilot #1’s up because his email was attached to flight logs on this great map that Kev put together.
Cluster Identification of Pilot #1
So I utilized a few OSINT websites to cross reference Pilot #1’s flight log emails. Turns out; his age, business, website, living quarters, etc. all didn’t add up to me. I don’t pry too much into people’s business, but this stood out as a person of interest. First 3 minutes I find out all of the above. Kevin hits me with “hey there’s an update, I got all the Military bases uploaded and here’s some emails too”. I hit the refresh button. Jackpot! All beige or tan blocks and shapes were designated for military camps and bases from different branches. QQ e-mails or 163 emails were connected to the other countries that weren’t American of course. It was their version of hotmail or gmail.
I zoom to the most immediate base, where the original cluster was, and guess who's there? Pilot #1.
He systematically appeared as these purple/raspberry dots all across the Southwest. I knew I had something concrete and serious within 10 minutes. Now mind you, this isn’t ALL of the data. But it’s for damn sure proof of concept. Or the fact that people are flying and tunneling out intel to DJI/CCP through a backdoor of some sort. The issue is real. Pilot #1 can just have a fascination with forts and bases or he could be getting paid to take recon photographs and visuals. Either way the intel was tunneled back to China either way. Just remember we are in this second cold war. National security is of the utmost importance. Flying in or around important places or critical infrastructure is a “hell-no”. This stuff gets mined, collected, and cataloged by the enemy.
Here is Pilot #1 Flying from Southwest states to the California coast launching from 5 additional sites near military facilities and bases.
Interviewer:
So where can I find this intel and map?
Disruptor26:
Some of all fears. So because the team over at CARTO (the map platform Kev originally used to display the intel) got sour and somehow wanted to charge him $14k for using their map interface. He did a crazy solid pivot and uploaded the Georeferenced images with EXIF lat / lon to archive.org so it has somewhere to live. If a company did that to me I’d make burner e-mails on guerilla mail, and just do their free trials with those burners. But naw I think by now he’s uploaded the photos to Flickr and each one has a mapped location of where it is. I’ll send you the links and you can put them on the youtube channel or wherever needed.
Interviewer:
Okay. Now there was a secondary pilot you had found some interesting information on. Can you illustrate for the audience what you’ve found?
Disruptor26:
Pilot #2 was an insane find. I saw the West Coast and South West. Decided to take my efforts to the East Coast taking a look at government buildings, where spy activities happen. So same tactics in looking for anomalies. I found another cluster in Virginia, more specifically Colonial Beach. I hovered over the cluster and found that the email was attached to a qq.com. I just wanted to label this person Pilot #2, simply because it was abnormal.
Pilot #2
Now in this Google maps screenshot it shows the fork in the road and here I have a theory that He’s for sure, up to no good. And is launching from a covert location. Seems to have parked at the Antique store and launched from the wooded area Southwest of the location near the Pine Hill Creek. (Left side of Ridge Road). Here in the wooded area.
Now a person would ask, “why launch from a covert location?” I personally don’t want to be seen while I’m flying. It’s just a habit of mine. It’s honestly, really a safety issue for me. I don’t like to have my head on a swivel while I’m having to fly around. I’m usually scanning at 20 feet and 200 feet, 360 degrees around me.
Anyways it get’s better the tan/beige military shapes you see in the first Pilot #2 photo. I looked up online and it just so happened to be the Naval Special Warfare Lab Facility. Meaning this person with a qq.com email which is directly tied to China and looked to be gathering intelligence of some kind here. Might just be a coincidence.
So I decided to look a little bit more at the area along the Potomac River, Colonial Beach, Langley, and DC. Boom! Another smaller cluster. Also conducted by Pilot #2 with the same qq.com email attached to the flight log. As you can see in the photo below.
Now that I found this pilot #2 (again). He had two locations he launched from. One from the water; almost as if he did a maritime hybrid heterogenous attack. And the other was directly from the Pentagon. But how did he launch from within the “Penthouse”. Is it possible that he dropped off a cyber payload, on top of the Pentagon roof itself?
Interviewer:
That’s incredible work man. Anything else you want to say? Where can people find you?
Disruptor26:
Thanks bro, I really appreciate it. I can only thank D0tslash (Kevin Finisterre) for trusting me and letting me get first looks at the project. Thanks to you and your team for doing the interview. It honestly was a blast to run that exercise.
Where people can catch me… I only have instagram right now. @Disruptor26 and you can check the crew page a few of us are controlling that thing. @Sentinel_Society on instagram.
“I found shit in their latest APK that implies they have an alternate mechanism to get info from your flight logs too
Now and they encrypt it and send it in the “statistics” bundle” 3/2024
-Kev aka D0tslash