Global Governments Attempt to Peel The Onion Router

The Dark Web 07g

Tor has been embraced by lawful and unlawful users alike. It helps those who value their online privacy and dissidents who live in countries with oppressive governments, but it also provides ways for cyber criminals, terrorists and other bad guys to avoid identification. This has made breaking Tor’s anonymity a top priority for government agencies both at home and abroad.

What is Tor?

Short for The Onion Router, Tor is a network of donated servers run by volunteers around the globe. Tor works by routing traffic through a random network of computers called relays. For example, say you are located here in Maryland and want to access a web page on a server in Australia. Under normal circumstances, you type in the URL and the packets take a more-or-less direct route from your computer to the Australian server and back.

With Tor, the packets may bounce from relay to relay anywhere in the world, and at each at each step the traffic is encrypted. Each relay only knows where the packet came from and where it is going next. No single computer in the chain knows the entire route. This is what makes Tor users so difficult to identify.

In the United States:

The United States government seems to be of two minds about Tor. On one hand, Tor is a brainchild of the U.S. military. It was created to protect whistleblowers and journalists operating in restricted areas from repartitions, and in 2012, over half of the Tor Project’s revenue came from government grants.

On the other hand, the National Security Agency (NSA) has been working to unmask Tor’s users. The classified documents released by Edward Snowden in 2013 revealed the NSA has had success in separating Tor traffic from regular Internet traffic. This is due to their ability to monitor huge chunks of Internet traffic through connections to the large telecommunications companies that provide Internet access to most of the country’s population.

They have been less successful in separating one Tor user from another. Their best success has come from not from the Tor package, but from the browser it comes from. The default Tor package uses the Firefox browser, which has some vulnerabilities. Most of these vulnerabilities come from plugins like Javascript and Adobe Flash.

Most governments cannot use the NSA’s technique for separating Tor traffic from normal traffic because they lack the close ties to telecom companies or the ability to monitor large swaths of Internet activity in real time.

In Russia:

Last year the Russian Ministry of the Interior ran a contest for Russian nationals and companies with a goal of finding a workable method of de-anonymizing Tor’s users. The grand prize? A contract worth a cool 4 million rubles, equivalent to $111,000 USD. News reports indicate the contract was awarded, but the Russian government did not name the winner.

In China:

While the Chinese government has been silent on what efforts they are taking to unmask Tor users, it is known they have taken the approach of blocking access to the Tor software and public relays. The “Great Firewall of China” is capable of deep packet inspection and can identify and block non-public relays based on specific protocols unique to Tor. It is possible for Tor users in China to get around these blocks using different techniques.

What’s in Tor’s Future?

The Tor Project has a core of a small number of employees, but uses a network of volunteers and crowdsourced labor to patch vulnerabilities and keep its users anonymous. When the annual Black Hat security conference announced a panel on how to de-anonymize Tor users, the team went to work on closing the loophole before the conference even took place. It seems that for now, Tor will remain a useful tool for those who wish to keep their online activities secret, for better or worse.

About The Author:

Scott N. Schober is a Cyber Security Expert and the President and CEO of Berkeley Varitronics Systems, Inc., a 40-year-old provider of advanced wireless RF test and security solutions. Scott has overseen the development of numerous cell phone detection tools used to enforce a ‘no cell phone policy’ in correctional, law enforcement, corporate, university, military and secured government facilities.

Teachers Have New Enemy In War On Cheating


Back in the days before the Internet, ethically-challenged students could make a quick buck by selling copied test questions to other students who still needed to take the test. Now students are trading copied tests on the Internet using social media instead of in the hallways.

In the old days, most tests were not standardized so students in one district might take a totally different test than students just a few miles away. The few standardized tests such as the ACT and SAT were given to almost all students within just a few days.

Tests are copyrighted material, and testing companies monitor social media services like Facebook and Twitter using automated software. The software scans user comments, looking for keywords or trigger phrases. Scanning social media for advanced tests such as college admittance and professional licensing exams has been going on for a long time, but social media monitoring for K-12 tests is fairly new.

Adoption of Common Core standards has led to an increase in the number of standardized tests, and changes to the school schedule in some areas has lengthened the testing window significantly. Students in one state might be taking the same test as students in a different state with as much as a month between them. If a student who took the test early shares information about the contents and material it covers, students who take the test later have an unfair advantage.

Test Security and Privacy Concerns

Last month the test publishing company Pearson came under fire for deleting a New Jersey student’s tweet regarding a question on a Common Core test. Pearson also informed the New Jersey Department of Education (DOE), which then contacted the superintendent asking school staff to discipline the student. Parents and Common Core critics blasted the test publisher and the New Jersey DOE, accusing them of spying on students and invading their privacy.

Originally an unnamed state DOE employee indicated the deleted tweet included a link to a picture of the test, but that wasn’t the case. The student’s message did not compromise the test contents.

Pearson issued a statement defending their actions, though they did change their policies regarding matching online accounts to students. Pearson had been matching the names to school rosters, now they are giving the names to the state DOE.

Smartphones, Social Media and Test Security

Even though a cell phone was not involved in this particular incident, they do pose a significant threat to testing integrity. Students use them to cheat by looking up answers, and most smartphones come with social media apps built right in. A few snaps with a smartphone camera can compromise the entire test. Berkeley Varitronics Systems offers tools educators can use to detect and locate cell phones being used in the classroom or before they even get that far. Contact us for more information about maintaining the integrity of your testing environment.

About Us

Berkeley Varitronics Systems (BVS) designs and manufactures innovative, RF analysis and wireless threat detection tools for businesses, government and educational organizations to manage secure facilities and maintain wireless networks.

Why Healthcare Hacking Has Become Big Business


As banks and large retailers have taken steps to harden their networks, hackers have turned their attention to healthcare providers. Just recently, Premera announced a breach that took place last year may have exposed the personal and financial data of approximately 11 million customers. Last month, the nation’s second largest health insurance company reported the information of approximately 80 million people was exposed to hackers in a breach discovered on January 29th.

There are several reasons hackers have focused their attention on healthcare companies, even though companies in the industry don’t usually handle financial transactions.

Healthcare companies keep patients’ personal and financial data. Many patients use online payment options, which means their records may have information such as bank accounts and debit/credit card numbers. Even without financial data, criminals can use personal data to commit crimes such as identity theft and insurance fraud. They can also use email addresses to target patients for phishing scams. While email addresses are easy to change, other information such as names, birth dates, physical addresses and social security numbers are much more problematic if compromised.

Healthcare companies keep and share patient records. As part of the Affordable Care Act, healthcare providers are required to maintain their records electronically and share the data with other healthcare providers. This means if a patient must visit a doctor while on a trip or sees a specialist at another facility, the new doctor can access their records and information. This is important because patients can’t always tell the new provider important details like life-threatening allergies to medications.

Sharing information has real benefits for providers and patients, but it also increases risk of exposure. Because healthcare providers share data, if a criminal uses a patient’s data to obtain prescription drugs, the false prescriptions could become a part of the patient’s record and affect a doctor’s medical decisions in the future. For example, some drugs are incompatible. If a false record shows a patient is taking a drug that is not compatible with the preferred medication, a doctor may be forced to choose a less effective alternative medication.

Healthcare companies are a soft target. Companies in the healthcare industry are more focused on regulatory compliance than security. In the wake of the ACA many small software companies sprang up offering patient record and database software. Some healthcare companies developed their own software, but many opted to purchase off-the-shelf products from these companies. Many have gone out of business or been absorbed into other software companies, leaving the healthcare provider without security updates.

Even when security problems are known and updates are available, they often go for long periods without being patched. WhiteHat Security recently revealed only 24% of known security flaws in the healthcare industry are patched at any given time. Even more troubling, the average length of time for a healthcare site to fix security problems is a whopping 158 days.

Healthcare companies must take steps to harden their networks against hackers. Security breaches can have long-lasting effects on a patient’s financial and physical health.

Learn more about healthcare and other hacking targets. Subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit for more terms and definitions.

These Are Your Must-Have Secure Mobile Messaging App Features



When you send a text or MMS from your phone the normal way, you can’t control what happens to the information once it leaves your device. Wireless carriers are required to save messages for a certain length of time to assist authorities in criminal investigations. The recipient can save the message indefinitely, or send it to someone else without your knowledge or permission.

That means those risqué photos, videos or texts you sent to your significant other could come back to haunt you in the future. There are web sites where people post pictures and messages of a private nature sent by their exes as a form of revenge. Relatively innocuous business-related messages could prove damaging if taken out of context later. Even if you don’t have a disgruntled ex or business partner, the recipient’s device could be lost or stolen, or their cloud accounts hacked.

Several messaging and social media apps have sprung up in response to these security concerns. But how secure are they? Let’s examine the features you should look for in a messaging app that will keep your private messages under wraps.

End-to-End Encryption

Encryption uses a public and private key to encode and decode the messages. A secure messaging app should generate and store the keys on the user’s device, not on a server. The keys should only leave the device by action of the user, such as creating a backup or transmitting them to a new device. This means that even if a company is subpoenaed or required to deliver your private messages to the authorities, they technically cannot.

In-Transit Encryption

Encryption during transmission is important because these apps use a data connection instead of the phone connection. If you or the recipient is on WiFi, the messages could be intercepted and read by a third party. The app should also encrypt stored messages, in case the device is hacked or falls into the wrong hands.

Permanent Deletion

The digital storage on a smartphone works much like a PC’s hard drive. By default when you delete something, the operating system marks the space as available, but doesn’t actually remove the data until something overwrites the space. A secure messaging app should either remove the information completely, or only store the messages in RAM. Some messaging apps automatically delete the messages once they are read or after a specific length of time.

User Friendliness

While this isn’t a security feature in itself, it’s still important. Most secure messaging apps require both parties to be using the same app. If you choose one that isn’t user-friendly, it will be difficult to convince others to join and they may not stay. If you’re choosing a messaging app for business purposes, your employees may be tempted to find their own solution and resort to easier to use but less secure apps instead.

Which Messaging App Should I Use?

Most mass market messaging apps were not designed with security in mind. Apps like Yahoo! Messenger, AIM, Google Hangouts, SnapChat and Viber encrypt messages during transit, but leave them vulnerable to being read at other points.

Of the more popular messaging apps, iMessage and FaceTime are the most secure but are limited to Apple products. On the Android exclusive side, users concerned about security can use TextSecure. Other secure messaging apps such as Cyber Dust, Silent Text and ChatSecure support both platforms.

The best way to decide which app is right for you is to ask your contacts or employees and find out if there is a secure messaging app they are already using. If they are using an app without robust privacy protection, try out a few different apps and determine which one has the features you need the most.

Learn more about texting security features. Subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit for more terms and definitions.

How Easy Is It For Hackers To Jack The Tower?


Earlier this month the Government Accountability Office issued a 46-page report outlining security vulnerabilities in critical Federal Aviation Administration (FAA) systems. The report concerns the national airspace system (NAS) used to track and direct public and private aircraft. Many of these issues are common in all types of organizations, so look over the FAA’s list of shortcomings and see how many might be affecting your company.

Interconnectivity: The NAS is not connected to the Internet, but it is connected to outside networks. The report indicates there are too many unnecessary connections between the NAS and these other networks. Security shortcomings in the connected networks could open access points into the NAS, leaving it vulnerable to attack.

Passwords: The report found some servers did not have sufficiently strict password requirements. The password requirements are actually less strict than I usually recommend.The FAA’s minimum number of characters in a password is eight. For maximum security your organization should require a minimum of twelve characters. Passwords should have at least one upper and lower case letter, and should contain numbers and special characters. The passwords should also automatically expire after a certain length of time.

User Authentication: Regulations state only authorized users can have access to the system, and users should have the minimum number of permissions required to perform their duties. The investigators found users with excessive permissions and improper security documentation.

Encryption: Another alarming detail is the FAA did not always ensure sensitive data was encrypted during storage and/or transmission. The investigation found network devices supporting certain systems did not encrypt authentication data, and some systems used weak encryption to store passwords.

Auditing & Monitoring: The report also indicated the FAA did not have adequate systems in place to monitor network traffic or ensure the NAS was logging security-related events. If an attack were to occur, the administrators may not be able to detect and respond to malicious activities in time.

Patching: Investigators found the FAA did not always take steps to ensure key systems were fully patched or kept up-to-date. Some systems were missing patches dating back more than three years, and some servers supporting key systems were so old they had reached end-of-life and were no longer supported. This leaves the systems vulnerable to security loopholes and exploits that have been fixed under newer software releases.

Unlike the FAA, lives may not depend on your network security. That doesn’t mean your organization can afford to relax. Ensuring your network is hardened against hackers is an essential part of running a business.

The Hidden Privacy Upside of Net Neutrality



On February 26th the Federal Communications Commission voted in favor of stronger net neutrality rules. The vote reclassifies both wired and wireless broadband internet service providers (ISPs) as utilities under Title II of the Communications Act of 1934. Most of the media attention has focused on the ruling barring ISPs from blocking or prioritizing internet traffic and forcing companies running services that require a lot of bandwidth to pay extra for faster speeds. While these provisions are important, the act also includes regulations that could increase consumer privacy and help unsatisfied customers file complaints against broadband service providers.

Wireless Consumer Privacy Under Current Regulations

Wireless service providers were already classified under Title II, but only for voice service. Cellular companies have long used their man-in-the-middle status to track users’ mobile browsing habits and the apps they use. Because the carrier has personal information about account holders, the device’s location data and can identify each device at the network level, they can assemble detailed demographics lists to sell to mobile advertising networks.

This allows ad companies to target consumers with a level of precision that worries consumer privacy advocates. For example, if a mobile advertiser wants to target Latino families with pets in northern Los Angeles, the carrier could probably assemble such a list based on the account and browsing information available only to them.

Wireless Consumer Privacy Under Title II

Under the new ruling, Title II Section 222 requires broadband providers to “protect the confidentiality of proprietary information” of “other telecommunications carriers, equipment manufacturers, and customers.” The law was originally written to protect consumers and businesses against AT&T’s monopoly on landline services and telephone directories.

If “proprietary information” applies to data such as user account information, browsing records and location data, carriers would be required to protect the data and could not sell it to third parties without the customer’s consent. Until now, these protections have been severely lacking. In a talk that took place in Boulder, CO on the 9th, FCC Chairman Tom Wheeler shared a story of an unnamed telecommunications carrier that put sensitive customer information on the web with no encryption or password. Anyone could find a customer’s information with just a simple Google search.[1]

Broadband Consumers Finally Get an Ally with Some Clout

Another important but often overlooked feature of the ruling allows consumers to complain about their ISP directly to the FCC. Telecommunications and cable companies have some of the lowest customer approval scores of any industry. Until now, the FCC could only take action if the complaint involved misleading or deceptive claims. Unsatisfied broadband consumers could only take other complaints to the company directly or to advocacy groups with no powers of enforcement. Title II Sections 206-209 and 216-217 allow the FCC to investigate complaints and take action if necessary.

Even though the ruling passed 3 to 2, this isn’t the end of the net neutrality debate. The FCC vote was divided on party lines and some politicians are already vowing to fight the regulations. At least one carrier has already promised a lawsuit. If the ruling is challenged, any replacement regulations should keep the consumer protection parts intact.


Billion Dollar Bank Hackers Use Old Phishing Technique


Last week the internet security firm Kaspersky Lab released a report on a highly-successful group of cybercriminals who targeted banks and may have stolen up to a billion across 100 financial institutions worldwide. While Kaspersky Labs did not name the victimized organizations, the report indicates they were mostly located in China, Russia and the United States. The attacks included a lengthy reconnaissance phase, with the criminals masquerading as legitimate users for long periods of time. The FBI and Secret Service said the U.S. financial system has not been affected, so perhaps the criminals were uncovered before they could strike.[1]

The malware the cyber criminals used, opened a back door into the company’s computer networks, allowing them access to learn the organizations’ systems. It even gave the hackers the ability to monitor webcams and embedded cameras in laptops to conduct long-term observation of employees. Once the criminals were familiar with the network, they were able to steal money in a variety of different ways depending on the organization. With some banks, they manipulated ATM machines to dispense cash at predetermined times, which were then picked up by money mules. At others, they artificially inflated the balance on legitimate accounts, then transferred the money to other banks in a different country.

As sophisticated and patient as they were, the hackers relied on email spear phishing to launch the initial phase of their attack. It’s an old-school technique favored by hackers because it works.

What is Spear Phishing?

Have you ever gotten an email asking you to “verify” your bank, eBay or PayPal account? Those emails are a form of phishing. When you click on a link in the email, it takes you to a web page that looks very much like the real thing, but is run by criminals attempting to steal your information.

Spear phishing works much the same way, except the emails are targeted toward a specific person or small group of people instead of broadcast to thousands. In today’s world of social media, it’s not difficult for criminals to find the names and email addresses of people within an organization. Once they have the person’s name and email address, the criminals simply write a convincing email that supposedly came from their boss or the company CEO. They attach the malware and instruct the employee to open the attachment in the message.

In this case, some of the emails were sent from compromised employee accounts. Once the bank employee opened the attachment, the embedded malware used a vulnerability in certain versions of Microsoft Office or Microsoft Word to infect the users’ computer.

How Can You Prevent Spear Phishing in Your Organization?

Instruct employees not to open email attachments they were not expecting, no matter who the message comes from. If an employee receives an email with a suspicious attachment from someone they know, have them double-check with the supposed sender before they open it.

Always install security updates and patches to computer operating systems and the programs your organization uses as soon as possible. In many cases, your IT staff can push updates out to computers on the network remotely.

Learn more about internet scams and security. Subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit for more terms and definitions.


Android & PC Tie For First Place In Malware


A report published last week by Alcatel-Lucent revealed malware on mobile devices has caught up to the infection rate on traditional PCs. The report was created by the telecommunications company’s Motive Security Labs and used data compiled from fixed and mobile networks using their Motive Security Guardian software. The software is deployed in networks around the world, and monitored traffic from nearly 100 million individual devices.

The report revealed 0.68% of mobile devices were infected with some type of malware. This may not sound like much, but with 2.3 billion mobile broadband subscriptions this estimate puts the number of infected smartphones and tablets at approximately 16 million. The report notes the estimate is probably conservative due to lack of coverage in China and Russia, where mobile malware infections are higher than average.

Android Makes Up Over 99% of Mobile Malware Infections

That the Android operating system makes up most mobile malware infections should come as no surprise. Its open source environment and the ability for users to install apps from third-party sources makes it easier for cyber criminals to distribute their malware. Apple and BlackBerry mobile devices have a more restricted app environment, and Windows Phone simply lacks the numbers to make a dent.

Another part of the problem is Android devices receive updates less frequently than PCs. In the United States, most Android devices run a version of the OS that is customized for each manufacturer, model and carrier. When Google releases a new version of the stock OS, the device manufacturer must test and tweak the OS for each supported device and carrier.

Top 20 Mobile Malware Infections of 2014

The report also gave information on the top 20 malware programs installed on Android devices. Six of the top 20 list consists of spyware apps that can monitor phone calls, SMS/MMS messages and track the user’s location via GPS data. Three spots went to adware programs. The rest of the list is made up of a wide variety of malicious apps.

Some apps open back doors into the device and allow the attacker to steal data for identity theft. A few are apps that send SMS messages to premium numbers to charge users on their phone bill. Others allow attackers to use the device as a proxy for illicit internet activity. There’s even a bot app that makes the mobile device part of a botnet, a type of malware usually targeted at PCs. New on the list this year are two ransomware programs, which claim to encrypt the information on the device and attempt to extort money from the user.

Mobile Malware is Growing in Sophistication

In the past mobile malware mainly consisted of adware, but some of the malware on the list have features previously targeted exclusively toward traditional computers. As the number of mobile devices grows and the device become more powerful, they will become an increasingly attractive target for hackers.

What Are Drone Operators All Waiting For?


Last week I talked about drone operators who don’t follow the rules. This week I’ll talk about legal drones, existing regulations and the new rules that are due out soon.

Commercial Use

Current FAA regulations prohibit the commercial use of drones, but companies can apply for a special permit. According to Reuters, as of February 3rd the FAA has received 342 requests but only granted 24. The most recent batch of approvals include companies that use aerial drones for filming movie and television footage, taking aerial photographs and surveys, monitoring flare stacks on oil rigs and checking farmers’ fields.

Companies are also interested in using drones to make deliveries. Amazon has applied for a commercial permit to test a drone delivery system, but has yet to receive approval. Online retailer Alibaba conducted a trial delivery program in China last week, using drones to deliver 450 packages of tea to volunteer customers in three cities.

Personal Use

The regulations that currently cover personal drones were created for model aircraft. Hobbyist operators can use them for non-commercial purposes. For example, an operator can use their drones to take pictures for their own enjoyment. If they plan on selling the pictures, they must apply for a permit.

They cannot fly higher than 400 feet above ground level, must remain at least 5 miles from an airport unless the operator notifies the control tower in advance and they must stay out of restricted zones. Restricted zones can be permanent such as around government buildings and military bases or temporary like the 30-mile radius no-fly zone around the stadium during the Super Bowl. Open stadiums often have temporary no-fly zones around them during events.

New Regulations Overdue

The slow pace of FAA approvals and prohibition of wider commercial use has frustrated many companies and private owners, but relief may be coming soon. The FAA turned a draft of their newly-revised rules over to the White House on October 23rd. The new rules were expected in 2014, but Transportation Secretary Anthony Foxx told reporters last month the new rules would be released soon. It’s not certain if the drone crash on the White House lawn has affected the release date.

One thing is certain… With more relaxed regulations, drones will become more common in the United States airspace. But not everyone wants drones flying overhead. When drones fly into restricted zones, organizations will need a reliable method to detect them and recognize the operator. The Berkeley’s Yellowjacket®-Tablet civilian drone detection system gives authorities the tools they need to identify unauthorized drones and the devices used to control them.


On February 22-23, we will be taking part in many cybersecurity presentations at Connected World CyberSecurity Conference in Birmingham, AL. BVS is both a sponsor and presenter at this event and we will be flying a drone for a live drone detection presentation using Our Yellowjacket®-Tablet with direction finding antenna. Please join us.

How Can We Prevent The Next White House Drone Crash?


Current Federal Aviation Administration regulations require civilian drones to stay under 400 feet in altitude and at least five miles from airports and other restricted areas. Unfortunately, not all drone operators follow the regulations.

Drones at the White House

On Monday, January 26th at 3:02 AM a Secret Service officer on duty at the White House spotted a drone flying overhead without setting off alarms. The drone crashed on the edge of the property, triggering a security lockdown and search. The operator turned out to be an undisclosed inebriated off-duty government employee flying a personal drone. He turned himself in several hours later,claiming he lost control of the drone and did not mean to fly it into a restricted area. His actions led DJI (the manufacturer of that particular drone model) to initiate a 15 mile radius no-fly zone around the White House to be included as a mandatory firmware update for all DJI drones.

He is not the first drone operator caught near the White House. On August 19th a drone operator was arrested after he crashed it into a tree just outside the White House grounds. Another was detained on July 3rd after Secret Service agents caught him flying a drone a block away.

Identification Difficulties

One of the major issues with drones is lack of traceability. There are no registration requirements, so finding the operator of a crashed drone is nearly impossible. Even when the drone is in the air, Finding the operator is difficult. If the operator is concealed inside a building or vehicle, locating them without using the right tools is like looking for a needle in a haystack. Fortunately, wireless threat detection tools such as Berkeley’s Yellowjacket-Tablet Wi-Fi Analyzer can catch a drone pilot red-handed by using realtime RSSI measurements and MAC address identification.

Drones Pose Air Safety Hazard

Even more alarming are reports of close encounters between civilian drones and low-flying aircraft. In November 2014, the FAA released list of 25 incidents that occurred starting June 1st. The incidents were reported by pilots and several involved passenger aircraft where the drone was spotted less than 200 feet away during takeoff or landing. The pilots reported seeing drones as high as 4,000 feet.

Drones are small and most weigh under 10 pounds, but the aircraft’s speed and the delicate construction of propellers and jet engines make a drone strike very dangerous. Impacts with birds of similar size have caused airplane crashes, including the U.S. Airways flight that landed in the Hudson River in 2009. According to wildlife organization Bird Strike Committee USA, a 12 pound bird striking an aircraft traveling at 150 MPH generates the same force as a 1,000 pound weight dropped from 10 feet. A drone of similar size would have the same effect and could easily set off a chain of events resulting in a crash.

Drone Payload Concerns

Some civilian drones have payload capacities up to 30 pounds, easily enough to carry contraband and even explosives or chemical weapons. In 2013 German police recovered a drone and bomb-making materials from right-wing terrorist groups. Just last week Mexican police in Tijuana recovered a crashed drone attempting to fly a load of drugs into the U.S. Here in the United States, criminals have used drones to fly drugs and prohibited cell phones into prisons.

Drones have the potential to improve our lives, but they also pose risks to security and public safety that should be addressed. Shutting down drone operators who disobey the law and put others at risk should be a top priority.

Source Links: