In a previously unreported August memo, the Department of Homeland Security urged state and local police to conduct exercises to test their ability to respond to weaponized drones.

The Department of Homeland Security issued warnings to state and local law enforcement agencies this summer regarding the “growing illicit use” of commercial drones, internal documents show. Among the recommended steps was to conduct “exercises to test and prepare response capabilities.”

A DHS memo from August, which has not been previously reported, paints US cities as woefully underprepared for the “rising” threat of weaponized drones. The capabilities of unmanned aircraft systems (UAS) are “progressing faster” than available countermeasures offered under “federal prevention frameworks,” the memo says, adding that it’s common for state and local authorities to observe “nefarious” and “noncompliant” flights but still lack the authority to intervene.

The memo states that violent extremists in the US are increasingly searching for ways to modify “off-the-shelf” drones to ferry dangerous payloads, including “explosives, conductive materials, and chemicals,” with major advancements in the area being propelled largely by rampant experimentation on foreign battlefields, including those in Ukraine.

The document indicates that DHS has been urging local agencies for months to scout for possible launch sites near and around critical assets, while offering a slew of recommendations designed to mitigate a threat that the agency insists is growing by the day. Local officials have been advised to reposition CCTV cameras to aid in capturing evidence of airborne threats, and to start training local police on how to handle downed drones believed to carry hazardous and explosive materials. Additionally, the agency has urged local agencies to generously deploy, where legal, sensors capable of detecting and identifying commercial drones.

The memo, first obtained by Property of the People, a nonprofit focused on transparency and national security, was circulated roughly three months before the recent flurry of alleged drone sightings along the East Coast—growing national interest in which has been driven in part by the government’s own nebulous response.

New Jersey residents have been steadily reporting bright lights and flying objects in the sky over the past few weeks. At the same time, federal authorities have worked to downplay the significance of the reports. While Homeland Security secretary Alejandro Mayorkas conceded in an interview on Sunday that “people are seeing drones,” DHS had issued a statement days earlier declaring that “numerous detection methods” had failed to corroborate “any of the reported visual sightings.”

In the memo obtained by WIRED, DHS displays less confidence in its ability to detect menacing drones. The document, which authorities were instructed not to make public, states that “tactics and technology to evade counter-UAS capabilities are circulated and sold online with little to no regulation.” In reality, the ability of police to track errant drones is hindered by a range of evolving technologies, the memo says, including “autonomous flight, 5G command and control, jamming protection technology, swarming technology, and software that disables geofencing restrictions.”

The mystery in New Jersey and similar phenomena in Pennsylvania, New York, and Maryland, among other states, have put a spotlight on the ongoing efforts of state and federal legislators to expand the government’s access to counter-UAS technology. Speaking to reporters via Zoom on Saturday, a DHS official said the agency is urging Congress to “extend and expand existing counter-drone authorities,” and ensure “state and local authorities are provided the tools they need to respond to such threats as well.”

Currently, only a handful of federal agencies—including DHS and the Departments of Energy, Justice, and Defense—are legally permitted to bring down a drone inside US airspace.

Property of the People’s executive director, Ryan Shapiro, says the August memo makes clear that DHS is working steadily to obtain new technologies and legal privileges for law enforcement. But any impact to Americans’ civil liberties, he says, should not be justified by simply pointing to a “nebulous, misleadingly constructed threat.”

While terms like “violent extremists” conjure images of neo-Nazis and domestic terrorists hoping to incite a second US civil war, Shapiro says the government has also deceptively applied such labels to help undermine animal rights groups at the behest of corporations. Activists have relied heavily on drones over the past decade, he says, to help gather evidence of cruelty on factory farms—where recording undercover has been criminalized under so-called “ag-gag” laws.

During Saturday’s briefing, FBI officials said authorities had received roughly 5,000 drone tips in connection with the East Coast sightings, ultimately generating around 100 viable leads. Most of the reports appeared consistent, they said, with misidentified flights landing and taking off from major airports in the region.

While the FBI worked to allay concerns stemming from the recent sightings, it also urged Americans not to wholly dismiss the idea that rogue drones pose a serious threat. “It is well known to us that criminals breaking the law do, in fact, use \[drones\] to support their actions,” an official said, adding that, in contrast, the recent widespread sightings appear largely benign.

In a statement to WIRED, a DHS spokesperson said the agency is continuing to “advise federal, state, and local partners to remain vigilant to potential threats and encourages the public to report any suspicious activity to local authorities.”

Intel Officials Warned Police That US Cities Aren’t Ready for Hostile Drones

Experts say the catchall term for online fraud furthers harm against victims and could dissuade people from reporting attempts to bilk them out of their money.

The rise of so-called pig butchering investment scams over the past few years largely caught the world unawares, capitalizing on conditions surrounding pandemic lockdowns and global economic instability to fool people into giving away their money to attackers. But as researchers and law enforcement have scrambled to raise awareness about the crisis—including scammers’ use of forced labor—any way they can, the term “pig butchering” itself has emerged as an attention-grabbing and recognizable symbol. Because the term was coined by scammers themselves, though, officials from the intergovernmental law enforcement organization Interpol now say that they will stop using it.

The wording originated from a Chinese version of the phrase, _shāzhūpán_, in which scammers were referring to victims as pigs who were being gradually fattened for slaughter. The attacks are typically investment or romance scams in which attackers cold contact many people at a time and then develop a rapport with those who respond, eventually convincing them to send money, typically in cryptocurrency, to scammers under the guise of making a potentially lucrative investment. Invoking scammers’ derogatory terminology, though, is dehumanizing and further perpetuates the stigma that many scam victims feel about having been deceived. Interpol says that, beyond its own organization, it is encouraging everyone to stop using the term and replace it with more straightforward names like “investment scams” or “romance baiting.”

“‘Pig butchering’ is a phrase which would appear to have been created by the gangs to talk about their victims and how they deal with them,” Nick Court, an assistant director in Interpol’s financial crime and anti-corruption program, tells WIRED. “I think we’re giving the gangs too much credit if we use that phrase. More importantly, we’re damaging how victims may perceive themselves. I don’t think anyone would want to be called a victim of pig butchering.”

Interpol says its web pages, previous press releases, and working materials such as factsheets will be updated to remove the terminology, with prior news announcements on its site including an explanation about the change in terminology. The agency says it has advised the 196 member countries it works with of the change in language too.

In recent months, both independent researchers and some at major tech companies have told WIRED they had concerns about the phrase “pig butchering,” its origins, and implications.

The criminal enterprises behind the scams run complex logistical operations, spanning both physical and digital activity. More than 200,000 people are believed to have been trafficked to giant “scam centers” in Southeast Asia, where they are forced to scam victims abroad and can be beaten or tortured if they refuse or try to leave.

Workers set up legitimate-looking social media accounts they can use to target potential victims, and they follow scripts for interacting with targets. Managers of the scam operations also oversee efforts to launder money once victims have made payments. With billions being made from the fraud, those running these scams have quickly reinvested some of the ill-gotten gains to incorporate artificial intelligence and make the scams more efficient.

Mina Chiang, the founder of anti-human-trafficking firm Humanity Research Consultancy, says she is not a fan of the “pig butchering” name not only because of its dehumanizing impact but also because it “restricts people’s imagination of the nature of the scam factories.”

“Those hundreds of compounds with hundreds of thousands of workers don't just work on romance-investment scams, they also do ‘task scams,’ ‘sextortion,’ ‘sport gambling scams,’ ‘fake-authority-related scams,’ and many more,” Chiang says, pointing out the United Nations’ Office on Drugs and Crime has called the behavior “organized fraud.”

“Focusing on only one type of scam would risk missing the bigger picture that scams are being organized and industrialized by transnational criminal groups,” Chiang adds, “and that scam tactics are constantly changing as long as the criminals are able to extract money from their victims.”

Interpol’s Nick Court says the organization recognizes that the “pig butchering” umbrella includes multiple types of criminality. He notes that there may be multiple different names for each sub-category of activity, but almost all of it falls under the international legal definition of fraud. He adds, too, that while not everyone agrees that phrases like “romance baiting” are a perfect replacement for “pig butchering,” it is necessary nonetheless to move away from the original name.

Over the past few decades, Court says, law enforcement agencies, researchers, and those who work with various types of victims have launched similar initiatives to evolve the language used to describe other crimes, such as domestic violence, sexual assault, and online child sexual exploitation. In all of these cases, he says, the goal is to reduce stigma and attempt to create a safer space for people to come forward and report crimes.

“We do know that across a range of crime types, the use of language, the use of words matters a great deal,” Court says.

Stop Calling Online Scams ‘Pig Butchering,’ Interpol Warns

The marketing of illegal drugs on open platforms is “gaining prominence,” authorities note, while the number of drug transactions on the darkweb has decreased in recent years.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. Please also consider subscribing to WIRED

For every illegal drug, there is a combination of emojis that dealers and consumers use to evade detection on social media and messaging platforms. Snowflakes, snowfall, and snowmen symbolize cocaine. Love hearts, lightning bolts, and pill capsules mean MDMA, or “molly.” Brown hearts and dragons represent heroin. Grapes and baby bottles are the calling cards for codeine-containing cough syrup, aka “lean.” The humble maple leaf, meanwhile, is the universal symbol for all drugs.

The proliferation of open drug dealing on Instagram, Snapchat, and X—as well as on encrypted messaging platforms Telegram and WhatsApp—has transformed the fabric of illegal substance procurement, gradually making it more convenient, and arguably safer, for consumers, who can receive packages in the mail without meeting people on street corners or going through the rigmarole of the dark web. There is no reliable way to gauge drug trafficking on social media, but the European Union Drugs Agency acknowledged in its latest report on the drivers of European drug sales that purchases brokered through such platforms “appear to be gaining in prominence.”

Initial studies into drug sales on social media began to be published in 2012. Over the next decade, piecemeal studies began to reveal a notable portion of drug sales were being mediated by social platforms. In 2021, it was estimated some 20 percent of drug purchases in Ireland were being arranged through social media. In the US in 2018 and Spain in 2019, a tenth of young people who used drugs appear to have connected with dealers through the internet, with the large majority doing so through social media, according to one small study.

Some dealers these days are even brazen enough to boost their posts and pay for sponsored advertising. “Mushrooms and marijuana used to be hard to get and now they’re being marketed to me in beautiful packaging on Instagram,” says one 34-year-old in Austin, Texas that WIRED spoke to. Dealers ran hundreds of paid advertisements on Meta platforms in 2024 to sell illegal opioids and what appeared to be cocaine and ecstasy pills, according to a report this year by the Tech Transparency Project, and federal prosecutors are investigating Meta over the issue.

“You’re seeing a more sophisticated commoditization of the available marketplaces,” says Adam Winstock, a British consultant psychiatrist and addiction medicine specialist who is also the founder of the Global Drug Survey. The current drug-using younger generation are entirely used to getting everything online, he adds, reflecting the increasing integration of social media in people’s lives. “It’s convenient, \[and\] there’s less chance of violence.”

There are heightened concerns over the presence of super-strength opioids like fentanyl in drugs. But despite some contaminated pills having lethal effects on those who purchased them on the internet, Winstock says that drugs purchased through online networks are subject to “potentially better quality control”—with Telegram channels devoted to discussing the quality of drugs purveyed by certain dealers, and Amazon-style feedback sections within some vendors’ stores. “The question is where in the food chain that they’re cut,” Winstock says.

The menus provided by dealers through messaging apps and on social media are often lengthy and diverse, featuring prized varieties advertised for their purity and sold at significantly lower costs than equivalents available on the streets of London and New York. However, there’s been no formal evaluation of online and street drug sales that can attest to the relative purity and safety of what’s sold in either place—and illegal drugs always come with a safety risk, regardless of where they are bought from.

Even while traditional drug transactions continue to dominate, the apparent rise in sales of drugs through social media has coincided with a steep increase in the average value of transactions on the dark web, amid a fall in the overall number of transactions, according to the UN Office on Drugs and Crime’s 2024 World Drug Report. To the UNODC, this suggests “an increase in wholesale activities” on the dark web—though this could also reflect consumers who buy smaller quantities shifting from the darknet to the clearnet and encrypted messaging apps.

“End users seem to be buying their drugs on the dark web to a lesser extent than in previous years,” the UNODC said in its 2023 report. “Qualitative information provided by people who use social media suggests that the use of such media for drug purchasing purposes has been increasing, especially at the retail level.”

The shifting market trends also bring troubling developments. New and potentially more vulnerable population segments can be reached by exploitative drug dealers as they begin to sell on social platforms and the number of drug consumers in the US and around the world grows. The US Drug Enforcement Administration has warned that because dealers are “no longer confined to street corners and the dark web,” social media users’ posts and inboxes can be peppered by dealers seeking to purvey these addictive and, when misused, harmful drugs. “Social media extends the reach of the Sinaloa and Jalisco cartels directly into drug users’ phones, with potentially fatal consequences,” the DEA said in its 2024 national drug threat assessment report, bemoaning that dealers are more difficult to apprehend online than the streets.

Social media companies are under growing pressure to eradicate drug dealing on their platforms, says Ashly Fuller, a PhD candidate at University College London researching the sale and advertisement of illegal drugs to young people on social media. Data released by social media companies shows that millions of pieces of drug-related content are already taken down every year. (Facebook and Instagram took action against 9.3 million pieces of drug-related content last year, while Snapchat says it did so in 241,227 cases in the second half of 2023.) But these companies’ actions are sometimes indiscriminate. The accounts of organizations promoting drug harm reduction and social media personalities who post content about drugs and psychedelics, but who do not sell them, are being caught in the crossfire of efforts to get a grip on the issue.

A study by Fuller last year indicates that as many as 13 percent social media posts may advertise illegal drugs—underlining the scale of the issue Meta, X, TikTok, and Snapchat have on their hands. Drug sale advertisements could even be increasing in prevalence, according to a forthcoming study by Fuller which was shared with WIRED. She surveyed 1,100 13- to 18-year-olds and found that 60 percent of young people have seen drug-related content on social media (mostly for cannabis and psychedelics, which have been legalized or decriminalized in a few parts of the world). “They’re common enough that young people stumble upon them on TikTok and Instagram.”

In response, social media companies’ algorithms to detect drug-selling behavior are getting smarter and are aggregating images and emojis, Fuller says. “There is an understanding that seeing these ads on social media is correlated to a decreased risk perception, and young people are led to think the drugs are safer.” Of the teenagers she sampled, 10 percent reported purchasing drugs via social media. “Those exposed to drug ads were 17 times more likely to purchase drugs on social media compared to those who had not seen such ads,” she adds.

But according to Meta, no more than 1 in 2,000 views on Facebook is of content that violates its restricted goods policy. Between July and September 2024, Meta says that 96 percent of drug sales content that violated its terms was removed before a user reported it. TikTok, meanwhile, removed 99.5 percent of content violating its policy on alcohol, tobacco, and drugs before it was reported, according to its Community Guidelines Enforcement Report for the second quarter of 2024.

Meta, SnapChat, and TikTok declined to offer an on-the-record statement. X did not respond to requests for comment. A Telegram spokesperson said: “Telegram actively combats misuse of the platform, including for the sale of illicit substances. Moderators, empowered with custom AI and machine learning tools, remove millions of pieces of harmful content each day to keep the platform safe.”

The world’s first internet-facilitated sale, in the early 1970s and on the internet precursor Arpanet, was for an undetermined amount of cannabis. The agreement was between students. Today, strangers may contact you on social media offering drugs to buy. For as many people who believe this is something of a utopian development, you can be sure many more view it as dystopian—especially if the dealers are in fact scammers or selling dodgy goods.

“We were wondering if you will be interested in having a trip with our products,” one Instagram account messaged me recently. On X, meanwhile, posts related to psychedelics are regularly infiltrated by bots directing traffic to dealers. “Virtually all psychedelic post\[s\] are followed by bots selling microdoses,” leading psychedelics researcher Matthew Johnson posted on X in December. “All my blocking & spam reporting seems futile.” An account recently replied to one of my posts, linking to the profile of their apparent boss: “He’s got all Psyche meds & acids.”

Some dealers lurking on social media are even more shady. The drug information organization Pill Report has told of people wiring cash to dealers and getting duped, with nothing sent to them. When one such person interviewed by WIRED sent money for cannabis through a cash transfer app but received nothing in the mail, he reported the account. “It became a threatening match and they sent photos of thugs with guns saying they were going to come for me,” he says.

In a VICE documentary on drug sales on social media, it took the host just 5 minutes to connect with a dealer in London. “Anyone can sell nowadays,” another dealer told the journalist. “You see little kids, 12-year-olds and everything, setting up accounts. It’s easy, isn’t it? You can sit at home, make an account, and make money. Who doesn’t want to do that?” As part of a separate research project, a 15-year-old was able to locate an account selling Xanax tablets in mere seconds on Instagram.

Telegram’s drug markets remain somewhat complicated to access for the average person, but are still far easier to access than those on the darknet. “The problem with darknet markets is that you need to install Tor, get a PGP, and have cryptocurrencies,” says Francois Lamy, an associate professor at Mahidol University in Thailand who researches the sociology of drug use. “It’s a little bit more difficult to navigate. With Telegram, you type a few keywords, and there you go. You can find everything.”

When the Telegram founder Pavel Durov was arrested outside of Paris, France, in August, prosecutors cited the scale of drug trafficking on the platform as part of the justification. The next month, a new Telegram user policy was introduced to “discourage criminals” and hand over the data of users who are accused of illegal behavior on the platform by authorities with search warrants. “While 99.999% of Telegram users have nothing to do with crime, the 0.001% involved in illicit activities create a bad image for the entire platform, putting the interests of our almost billion users at risk,” Durov said in a statement at the time.

But experts warn that any increased enforcement on Telegram will simply cause dealers to go elsewhere, disrupting a market that has largely established itself as a safer source of drugs. “If one supply avenue is closed by enforcement, another is soon found to replace it,” says Steve Rolles, senior policy analyst at the Transform Drug Policy Foundation, a UK-based NGO. “Enforcement has, somewhat ironically, actually accelerated these innovations—driving the evolution of ever more sophisticated sales models. The only way such markets can be defeated in the longer term is to replace them through legal regulation.”

Drug Dealers Have Moved Onto Social Media

Staffers at the Cybersecurity and Infrastructure Security Agency tell WIRED they fear the new administration will cut programs that keep the US safe—and “persecution.”

Donald Trump helped create the US government’s cybersecurity agency during his first term as president. Six years later, employees of that agency are afraid of what he’ll do with it once he retakes office.

Trump’s alliances with libertarian-minded billionaires like Elon Musk and his promises to cut government spending and corporate oversight have alarmed staffers at the Cybersecurity and Infrastructure Security Agency, the component of the Department of Homeland Security that defends US government computer systems from hackers and helps state and local governments, private companies, and nonprofit groups protect themselves.

CISA, which the Trump administration and Congress created in 2018 by reorganizing an existing DHS wing, became a target of right-wing vitriol after its Trump-appointed director rebuffed the president’s election conspiracy theories in 2020 (prompting Trump to fire him) and after it worked with tech companies to combat online misinformation during the 2022 election.

The incidents turned a once-obscure agency with bipartisan credibility into a conservative bogeyman. House Republicans have accused CISA of spying on and censoring Americans, and the GOP senator who will soon oversee the agency wants to eliminate it.

Now, with Trump returning to office vowing to purge disloyal civil servants and turn DHS into an immigration-crackdown machine, CISA employees are acutely worried about the fate of their still-fledgling agency, according to interviews with four current staffers and another US cyber official, all of whom requested anonymity to speak candidly about a sensitive subject.

“We believe it's our responsibility to help those who don't really have the ability to help themselves,” says one CISA employee. “We take our missions seriously, which is why we are all concerned, to a T, about if any decisions are going to affect our mission negatively.”

**Scaling Back Corporate Accountability**

CISA is bracing for change in several areas that were key to US president Joe Biden’s cybersecurity agenda.

Biden’s cyber strategy called for companies to take more responsibility for the security of their products and services, and CISA led that effort with its campaign encouraging companies to make their systems “secure by design” and “secure by default.” Agency officials pushed tech firms to make security features free and automatic and to pay closer attention to the quality of their code. Hundreds of companies have signed CISA’s secure-by-design pledge and vowed to take cybersecurity more seriously.

CISA employees and Biden administration officials expect the Trump team to kill Biden’s corporate responsibility initiatives. “They do not think it's the role of the US government to make \[the\] private sector act in a certain way,” says a US cyber official.

A second CISA employee predicts that “compliance efforts like secure-by-design may not have the support that they currently benefit from.”

That retreat from corporate oversight will be a top priority of Musk and other tech billionaires who have flocked to Trump. “The tech influence here, assuming Elon Musk stays in Trump's good graces, is going to be significant,” the cyber official says.

Without high-level White House backing, CISA’s secure-by-design campaign “becomes toothless,” says the first CISA employee. “Some companies will be less inclined to follow these \[guidelines\] if they don't believe that the executive branch is going to support them.”

CISA employees are also watching uneasily to see if Trump officials pressure the cyber agency to water down its draft regulation requiring critical infrastructure operators to report cyber incidents. Congress mandated the rule in a 2022 spending bill, but groups representing infrastructure operators have complained that the draft requirements—which must be finalized by late 2025—are too onerous. Trump could force CISA to scale back the rules in order to appease the private sector.

Trump and his allies want to “get rid of anybody who can enforce the rules, because then the rules don't matter,” the cyber official says. “In CISA’s instance, that's going to be pretty significant.”

CISA is also bracing for changes to its election security mission. The agency has already dramatically scaled back conversations with social media companies about online misinformation following a right-wing backlash, but Trump’s team could force CISA to abandon even more of its election security work. CISA staffers worry that Trump will block the agency from participating in state and local election officials’ “Trusted Info” initiative, which encourages Americans to listen to their local election supervisors instead of provocative online claims.

“I think that work is probably dead,” says a third CISA employee.

South Dakota governor Kristi Noem, Trump’s pick to lead the Department of Homeland Security, embraced election conspiracies after Biden’s win in 2020. “Kristi Noem is a Trump loyalist who has backed him in election denial claims, and now she's going to be in charge of the agency that oversees \[CISA\],” says the cyber official. “I have a lot of questions about what happens there.”

The third CISA employee expects to see the “persecution of those who have done election security work” once Trump takes office.

**Weakening Authorities**

Trump’s victory could also have serious consequences for other CISA missions.

Under Biden, CISA gained broader authority and new funding to monitor other agencies’ networks for suspicious activity, turning it into the centralized defender of federal networks that many experts always hoped it would become. That could change under Trump, especially if senior officials close to Trump bristle at CISA’s oversight.

“I can absolutely see the new administration coming in and saying, ‘Hey, you guys are not letting agencies do what they need to do. You have … too much power \[to look\] at how the agencies do things. We're going to reduce your power,’” says the first CISA employee. “That will prevent us from doing the very necessary work that we need to do to protect the American people.”

One of CISA’s most formidable powers over other agencies could be watered down for an unexpected reason.

CISA can order the rest of the government to rapidly patch vulnerabilities and make other security improvements, and it has repeatedly used this authority in response to emerging digital crises. But while these directives only apply to federal agencies, some businesses treat them like unofficial government dictates and push their security teams to implement them.

If corporate leaders complain about these directives’ effects on their bottom lines, Trump’s team could force CISA to scale back its use of this authority.

The Trump administration could also try to cut costs at CISA by slashing the free services that it provides to state and local governments and critical infrastructure providers.

“My concern would be that some of those programs would just kind of fall to the wayside,” says the first CISA employee, who also fears that CISA’s “ability to express to the nation what we do and what services we offer” will “come under attack.”

**Dimming the Stars**

Trump’s influence on CISA could also undermine the agency’s long-running uphill battle to attract talented experts away from lucrative industry jobs and into public service.

Multiple CISA employees say they worry that Trump’s election will mean the end of what one called “star hires” like senior advisers Bob Lord and Jack Cable, the corporate cyber veteran and young security whiz, respectively, who lead CISA’s secure-by-design program.

“I can absolutely see guys like Bob Lord and Jack Cable—big, well-respected individuals in the security community—deciding that they want to take their stuff elsewhere if they don't believe that the administration is serious about helping companies be more secure,” says the first CISA employee. Lord and Cable declined WIRED’s request to comment.

“This country has gotten so much more politicized over the past eight years to where it gets in the way of us doing our jobs,” the first CISA employee adds.

Trump’s promised changes to civil-service rules, which would expose more government workers to politically motivated firings, are also alarming CISA employees. “I worry about getting weaponized,” says the third CISA employee.

**Political Tensions**

When it comes to CISA’s fate, much will depend on whom Trump picks to lead the agency and how they navigate broader DHS politics.

The main contenders for CISA director—Karen Evans, a former Energy Department cyber official and White House IT official; Matt Hayden, who served as DHS’s assistant secretary for cyber policy during Trump’s first term; and Brian Harrell, who led CISA’s infrastructure protection wing under Trump—have cyber experience and bipartisan credibility. But if Trump passes over them, it’s not clear who will end up leading CISA.

“There’s not really a ton of star, right-leaning info security people out there who want to risk their credibility as a political appointee,” says the third CISA employee.

Even if CISA gets competent, well-liked senior officials, they will still be at the mercy of DHS leadership. Kristi Noem has touted her work on cybersecurity as South Dakota’s governor, including in an op-ed after her nomination that referenced CISA. But Noem was the only governor to reject money from a DHS cyber grant program for state and local governments in 2023, suggesting that she won’t support the program, which expires in late 2025.

A fourth CISA employee says they hope that once Noem and other Trump appointees “are briefed on the full extent of our nation’s cybersecurity problems, they will recognize the value of our work and its critical importance to national security.”

But even if Noem mostly leaves CISA to its own devices, her department’s leading role in Trump’s controversial immigration agenda—including promised mass deportations of undocumented immigrants—will likely inflame longstanding tensions between DHS and CISA.

“People within CISA don't want to be considered part of DHS,” says the first CISA employee. “They believe that CISA should be its own realm.”

Amid a migration surge during Trump’s first term, DHS asked CISA employees to volunteer to help safeguard the US-Mexico border. “I do not believe that people \[will\] want to be considered part of DHS if that type of stuff is going to continue,” the first CISA employee says.

With DHS leaning harder than ever before into immigration crackdowns, CISA employees are longing for a separation—with even the conservative Project 2025’s unorthodox reorganization proposal sounding appealing to some.

“DHS is gonna be a real awful place the next four years,” says the third CISA employee. “Maybe we should move to Transportation.”

**Quiet Concerns**

While they wait for Trump to signal his approach to cybersecurity, CISA employees are quietly exchanging worries about what’s next for their workplace.

“There have been unspoken concerns about what's going to happen once the administration changes,” says the first CISA employee. “Anything that we do is going to affect the American public in one way or another, so we need to know … what's going to be coming down the pike.”

The mood inside the agency is “uncertain,” says the second CISA employee.

“CISA’s staff isn’t interested in getting politicized,” says the third CISA employee. “We just want to do good work for the American public that makes things more secure and resilient.”

CISA director Jen Easterly said in a statement that she “could not be prouder” of the agency’s achievements.

“CISA’s been able to accomplish its mission thanks to a talented and dedicated workforce, bipartisan support in Congress, and partnerships across government and industry,” Easterly said. “It’s important this work continues as the nation’s critical infrastructure faces an ever evolving and complex threat environment.”

For now, agency employees are distracting themselves by doubling down on that work.

“We kind of bury ourselves into the day to day, just trying to do as much as we can until we get the call that this position or this branch is going to be eliminated,” says the first CISA employee. “We don't have any control over things right now, and I think that's what makes things scary for a lot of us.”

The Top Cybersecurity Agency in the US Is Bracing for Donald Trump

Digital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance.

Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car's license plate number at will to avoid traffic tickets and tolls—or even pin them on someone else.

Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he's able to rewrite a Reviver plate's firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image.

That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers that police use to track criminal suspects. “You can put whatever you want on the screen, which users are not supposed to be able to do,” says Rodriguez. “Imagine you are going through a speed camera or if you are a criminal and you don't want to get caught."

One of Reviver's license plates, jailbroken to show any image IOActive researcher Josep Rodriguez chooses.

Photography: IOActive

Worse still, Rodriguez points out that a jailbroken license plate can be changed not just to an arbitrary number but also to the number of another vehicle—whose driver would then receive the malicious user's tickets and toll bills. “If you can change the license plate number whenever you want, you can cause some real problems,” Rodriguez says.

All traffic-related mischief aside, Rodriguez also notes that jailbreaking the plates could also allow drivers to use the plates' features, including its built-in GPS tracking, without paying Reviver's $29.99 monthly subscription fee.

Because the vulnerability that allowed him to rewrite the plates' firmware exists at the hardware level—in Reviver's chips themselves—Rodriguez says there's no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display. That means the company's license plates are very likely to remain vulnerable despite Rodriguez's warning—a fact, Rodriguez says, that transport policymakers and law enforcement should be aware of as digital license plates roll out across the country. “It's a big problem because now you have thousands of licensed plates with this issue, and you would need to change the hardware to fix it,” he says.

IOActive says it repeatedly tried to contact Reviver about its findings over the past year, going so far as to describe its findings to US CERT, which then also tried to contact Reviver about the problem. Nonetheless, Reviver told WIRED that it only became aware of IOActive's jailbreaking research when WIRED reached out to the company last week.

In a statement, the company noted that jailbreaking a digital license plate to avoid tolls, tickets, or other law enforcement surveillance “would be a criminal act subject to prosecution by law enforcement.” The company adds that “the jailbreak technique identified by IOActive requires physical access to the vehicle and plate, plate removal, specialized tools, and expertise” and that “this scenario is highly unlikely to occur in real-world conditions, limiting it to individual bad actors knowingly violating laws and product warranties.” Reviver says it's also redesigning its license plates to avoid using chips vulnerable to Rodriguez's hacking technique in the future.

While Rodriguez agrees that jailbreaking a Reviver plate would require removing it from a vehicle, he disputes Reviver's claim that it would require “specialized tools” or “expertise.” To develop his jailbreaking method, he did use a fault-injection technique that required attaching wires to the plates’ internal chip, monitoring its voltage, and “glitching” that voltage at a specific moment to switch off its security features and gain the ability to analyze and rewrite its firmware. But once that reverse engineering process was complete, he used its results to develop a jailbreak tool that requires none of that technical complexity.

If that tool were to leak or be sold online—Rodriguez himself says he doesn't plan to publish his—he says anyone could use it to jailbreak their own plate in a matter of minutes. “They just need to connect a cable and install the new firmware, just like if you were jailbreaking your iPhone,” Rodriguez says.

Rodriguez also notes that his hacking technique could be used not just by a driver who wants to jailbreak their own plate, but also by someone targeting an unwitting owner of a plate too. If a hacker—or a parking valet or auto mechanic—could manage to remove a license plate and install their own firmware on it, Rodriguez warns, they could surreptitiously track a driver or even change their license plate number over the internet by programming the plate to connect to a server the hacker controlled.

In addition to the physical access and time necessary to pull off that hack, however, a license plate saboteur would also need to overcome a feature of Reviver's plates that sends a notification to the owner when it's detached from a vehicle. That would require jamming the plate's radio communications while tampering with it, Rodriguez notes, an added wrinkle that makes the attack even less practical, though perhaps not impossible.

Rodriguez isn't the first to hack Reviver's systems. In 2022, security researcher Sam Curry found vulnerabilities in the company's web infrastructure that allowed him to make himself an administrator in its backend database, with the ability to track or change license plates at will. Unlike Rodriguez's hardware hacking, however, Reviver was able to quickly patch its web-based bugs to prevent Curry's technique.

Although Curry's web hacking method was far easier to pull off prior to Reviver's patch than Rodriguez's hardware hacking, he says that Rodriguez's method would likely hold real appeal for certain scofflaw drivers, who might want to jailbreak their Reviver plates or simply buy pre-jailbroken plates online. “If you want to swap your license plate number, James Bond style, then drive at crazy speeds or something, you can change it for a few hours and change it back without even pulling into a parking garage,” says Curry. “The people who are causing havoc on the road would probably be into this.”

Digital license plates are currently legal to buy and register in California and Arizona (Michigan also briefly allowed them), with many more states considering legalizing them in years to come. As that rollout continues, Rodriguez and Curry argue that license plate makers, transit regulators, and law enforcement all need to be aware that any system that relies solely on license plates as an identifier may be susceptible to digital license plate hacking—with potentially chaotic consequences.

“You should assume people will mess with them,” says Curry. “And people need to accept the implications of that.”

_Updated 12:48 pm EST, December 16, 2024: Clarified Michigan's policy on digital license plates._

Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets

The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more. Please also consider subscribing to WIRED

_The original version of_ _this story_ _appeared in Quanta Magazine._

For thousands of years, if you wanted to send a secret message, there was basically one way to do it. You’d scramble the message using a special rule, known only to you and your intended audience. This rule acted like the key to a lock. If you had the key, you could unscramble the message; otherwise, you’d need to pick the lock. Some locks are so effective they can never be picked, even with infinite time and resources. But even those schemes suffer from the same Achilles’ heel that plagues all such encryption systems: How do you get that key into the right hands while keeping it out of the wrong ones?

The counterintuitive solution, known as public key cryptography, relies not on keeping a key secret but rather on making it widely available. The trick is to also use a second key that you never share with anyone, even the person you’re communicating with. It’s only by using this combination of two keys—one public, one private—that someone can both scramble and unscramble a message.

To understand how this works, it’s easier to think of the “keys” not as objects that fit into a lock, but as two complementary ingredients in an invisible ink. The first ingredient makes messages disappear, and the second makes them reappear. If a spy named Boris wants to send his counterpart Natasha a secret message, he writes a message and then uses the first ingredient to render it invisible on the page. (This is easy for him to do: Natasha has published an easy and well-known formula for disappearing ink.) When Natasha receives the paper in the mail, she applies the second ingredient that makes Boris’ message reappear.

In this scheme, anyone can make messages invisible, but only Natasha can make them visible again. And because she never shares the formula for the second ingredient with anyone—not even Boris—she can be sure the message hasn’t been deciphered along the way. When Boris wants to receive secret messages, he simply adopts the same procedure: He publishes an easy recipe for making messages disappear (that Natasha or anyone else can use), while keeping another one just for himself that makes them reappear.

In public key cryptography, the “public” and “private” keys work just like the first and second ingredients in this special invisible ink: One encrypts messages, the other decrypts them. But instead of using chemicals, public key cryptography uses mathematical puzzles called trapdoor functions. These functions are easy to compute in one direction and extremely difficult to reverse. But they also contain “trapdoors,” pieces of information that, if known, make the functions trivially easy to compute in both directions.

One common trapdoor function involves multiplying two large prime numbers, an easy operation to perform. But reversing it—that is, starting with the product and finding each prime factor—is computationally impractical. To make a public key, start with two large prime numbers. These are your trapdoors. Multiply the two numbers together, then perform some additional mathematical operations. This public key can now encrypt messages. To decrypt them, you’ll need the corresponding private key, which contains the prime factors—the necessary trapdoors. With those numbers, it’s easy to decrypt the message. Keep those two prime factors secret, and the message will stay secret.

Illustration: Mark Belan/_Quanta Magazine_

The foundations for public key cryptography were first discovered between 1970 and 1974 by British mathematicians working for the U.K. Government Communications Headquarters, the same government agency that cracked the Nazi Enigma code during World War II. Their work (which remained classified until 1997) was shared with the US National Security Agency, but due to limited and expensive computing capacity, neither government implemented the system. In 1976, the American researchers Whitfield Diffie and Martin Hellman discovered the first publicly known public key cryptography scheme, influenced by the cryptographer Ralph Merkle. Just a year later, the RSA algorithm, named after its inventors Ron Rivest, Adi Shamir and Leonard Adleman, established a practical way to use public key cryptography. It’s still in wide use today, a fundamental building block of the modern internet, enabling everything from shopping to web-based email.

This two-key system also makes possible “digital signatures”—mathematical proof that a message was generated by the holder of a private key. This works because private keys can be used to encrypt messages too, not just decrypt them. Of course, this is useless for keeping messages secret: If you used your private key to scramble a message, anyone could just use the corresponding public key to unscramble it. But it does prove that you, and only you, created the message, since as the holder of the private key, only you could have encrypted the message. Cryptocurrencies like bitcoin couldn’t exist without this idea.

If two cryptographic keys instead of one is so effective, why did it take millennia to discover? According to Russell Impagliazzo, a computer scientist and cryptography theorist at the University of California, San Diego, the concept of a trapdoor function just wasn’t useful enough before the invention of computers.

“It’s a matter of technology,” he said. “A person in the 19th century thought of encryption as being between individual agents with military intelligence in the field—literally, in a field with guns firing. So if your first step is ‘pick two 100-digit prime numbers to multiply together,’ the battle is going to be over before you do that.” If you reduce the problem to something a human can do quickly, it’s not going to be terribly secure.

But while computers helped make public key cryptography possible, they’ve also created cracks in its armor. In 1994, the mathematician Peter Shor discovered a way for quantum computers to efficiently reverse the trapdoor functions that underlie most current public key cryptography systems, including prime factorization. This algorithm, if implemented, would act like an all-purpose “reappearing ink,” capable of making any invisible message reappear. Goodbye, internet security.

Luckily, quantum computers themselves are “still in the ENIAC phase,” Impagliazzo said, referring to the room-size machine built for the US Army in 1945. By the time quantum computers become sophisticated enough to pose a real threat to public key cryptography, its original trapdoor functions could be replaced by “quantum-safe” versions called lattice problems. Of course, this new computational “ink” may also become susceptible to attack in the future. But that’s the great thing about public key cryptography: As long as we can find new functions to use, we can just keep reinventing the wheel. Or in this case, the key.

_Original story_ _reprinted with permission from Quanta Magazine, an editorially independent publication of the_ _Simons Foundation_ _whose mission is to enhance public understanding of science by covering research developments and trends in mathematics and the physical and life sciences._

The Simple Math Behind Public Key Cryptography

Plus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more.

What a week! On Monday, police arrested 26-year-old Luigi Mangione and charged him in the murder of UnitedHealthcare CEO Brian Thompson. Mangione’s five-day run from authorities ended after he was spotted eating at a McDonald’s in Altoona, Pennsylvania, about 300 miles from Manhattan, where Thompson was gunned down on the morning of December 4. Authorities say they found Mangione carrying fake IDs and a 3D-printed “ghost gun,” the model of which is known as the FMDA, or “Free Men Don’t Ask.”

Meanwhile, a flood of mysterious drone sightings across New Jersey and neighboring states caused so much havoc, it quickly gained federal attention. While many people wondered why the US military couldn’t just shoot down the drones, the FBI, Department of Homeland Security, and independent experts say the drone mystery may not be much of a mystery, and the drones are probably mostly just airplanes.

As for more terrestrial threats, we dove into the far-right realm of “Active Clubs,” small groups of young, fitness-focused men who are steeped in extremist ideology and linked to several violent attacks. While the man who helped invent the Active Club network, Robert Rundo, was sentenced in federal court this week, Active Clubs around the world are proliferating.

Finally, we investigated cheating schemes that use tiny cameras to gain an illicit edge in poker, and we interrogated the ways humans will use generative AI to make the world a more dangerous place.

But that’s not all. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Back in May, Microsoft jubilantly announced Recall, an AI feature for some Windows PCs that silently takes screenshots every five seconds and then allows you to easily search through the resulting digital footprint. Forgotten where you saw a recipe online? Tapping a couple of keywords into Recall could, in theory, find the dish again. It didn’t take long for the privacy and security community to find gaping holes in the feature.

In response, Microsoft delayed Recall’s launch and eventually made some significant changes—such as making Recall opt-in rather than on by default, better encrypting information captured by Recall, and adding authentication to access data that it stored. Recall finally launched for some users this month.

However, this week, testing of Recall by Tom’s Hardware demonstrated that a key safeguard put in place by Microsoft can still fail. With a Recall setting called “filter sensitive information” turned on, Tom’s Hardware’s tests found that it still took screenshots of some sensitive information—such as credit card numbers and Social Security numbers. When the publication typed a credit card number and a username and password into a Notepad window, they were gathered in the screenshots. “Similarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that,” Avram Piltch writes. The tool, however, didn’t record details when they were entered on a couple of online stores.

Microsoft pointed to its product information that says the system will get better over time and that people should report if sensitive information is captured by Recall. While that may be the case, it’s unlikely that any system can correctly determine what is and isn’t sensitive every time. And that could make it a bigger target for hackers.

**14 North Koreans Identified and Indicted as Fraudulent IT Workers**

For years, North Korean nationals posing as tech workers have tried to get hired by global businesses so they can send their wages back to help the Hermit Kingdom pay for its nuclear programs. Increasingly, some companies are revealing they were targeted, and investigators are unravelling the schemes. This week, the US government indicted 14 North Koreans for their alleged role in generating $88 million, stealing sensitive business information, and attempting to use that information to extort more payments from companies. To get hired, the FBI alleges, the IT workers stole real identities, paid people in the US to use their home Wi-Fi connections, or paid them to attend job interviews. Researchers from Google-owned cybersecurity firm Mandiant who focus on North Korea say that in recent months they’ve seen IT workers following through on leaking sensitive data and demanding more cryptocurrency than ever before—although, they say this desperation could be a sign of the schemes becoming less effective.

**Cleo File-sharing Software Exploited to Spread Cybercriminal Malware**

File-sharing software firm Cleo this week warned customers to implement a new security patch to prevent a wave of intrusions by cybercriminals actively exploiting a vulnerability in its code. Researchers at security firm Huntress Labs told news outlet Recorded Future that at least two dozen organizations have already been breached by the hackers exploiting the Cleo flaw. Huntress has found a sample of malware found on those victims’ networks it calls Malichus, and says it appears to have been used by a sophisticated hacker group. Huntress also noted that Blue Yonder, a software firm breached by the Termite ransomware gang in November, had a vulnerable instance of Cleo’s software exposed on its network, and some evidence suggests the same cybercrime group may now be using the software’s vulnerability to hit other victims. Cleo first released a patch for the bug currently being exploited in October, but hackers appear to have circumvented it, and the company is urging customers to apply its new patch now.

**US Sanctions Chinese Hackers Who Allegedly Hijacked Thousands of Firewalls**

For five years, UK cybersecurity firm Sophos engaged in a cat-and-mouse game with a mysterious group of Chinese hackers targeting the company’s firewalls as a vector to break into its customers’ networks, as WIRED chronicled in October. Sophos went so far as to download surveillance “implants” to its devices that the hackers were testing to better monitor and preempt their intrusion techniques—and to gain more information about who they were and where they operated. Now, following Sophos’s revelations, those hackers have been hit with sanctions from the US government, and one of them has been indicted by name. Sichuan Silence Information Technology, based in Chengdu, and an alleged hacker named Guan Tianfeng are accused of hijacking 81,000 firewalls by exploiting a zero-day vulnerability that Guan is said to have discovered. Sichuan Silence, a known seller of disinformation tools to the Chinese government, and Guan are accused of targeting 23,000 firewalls in the US specifically, 36 of which were used in US critical infrastructure networks. The US State Department also issued a $10 million bounty for information about the company or Guan.

Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers

A flurry of drone sightings across New Jersey and New York has sparked national intrigue and US government responses. But experts are pouring cold water on America’s hottest new conspiracy theory.

Across New Jersey, reports of mysterious drone sightings have been rising for weeks, with people contacting authorities and posting on social media about aerial vehicles behaving strangely, especially at night. The reports have spread in New York City as well, with alleged sightings in Staten Island, Brooklyn, and Queens. The United States Federal Aviation Administration imposed a temporary ban in New Jersey this week on flying drones over the Army's Picatinny Arsenal in Wharton and a golf course owned by US president-elect Donald Trump in Bedminster. While the mystery has become a growing sensation, virtually no information has been available about whether the sightings are connected or represent anything out of the ordinary.

Vague and noncommittal statements from state and federal authorities have only complicated the matter and fueled public intrigue. On Thursday, though, a joint FBI and Department of Homeland Security statement emphasized that ongoing state- and federal-level investigations have found no evidence of foreign involvement or a threat of any kind. The Department of Defense shared the same conclusion in a press conference on Wednesday. Furthermore, the FBI and DHS added that none of the sightings have been verified to have been drones at all.

“We are supporting local law enforcement in New Jersey with numerous detection methods but have not corroborated any of the reported visual sightings with electronic detection,” US authorities said in a statement. “To the contrary, upon review of available imagery, it appears that many of the reported sightings are actually manned aircraft, operating lawfully. There are no reported or confirmed drone sightings in any restricted air space.”

Multiple federal agencies have been collaborating with New Jersey State Police on the investigation, but the FBI and DHS noted in their statement that, “while there is no known malicious activity occurring in New Jersey, the reported sightings there do, however, highlight the insufficiency of current authorities,” seemingly referring to weeks of uncertainty about which institution was responsible for producing a public explanation for the sightings.

“Today, I spoke with Liz Sherwood-Randall, White House homeland security adviser, to discuss my concerns over the federal government’s response to recent drone sightings in NJ,” New Jersey governor Phil Murphy wrote in a social media post on Thursday. “I’ll continue to press the federal government, including the FBI, for answers on behalf of the public.”

Other politicians, including Senate majority leader Chuck Schumer and Senator Kirsten Gillibrand, Democrats from New York, and senators Cory Booker and Andy Kim, Democrats from New Jersey, sent a letter to the FBI, DHS, and Federal Aviation Administration on Thursday to demand more transparency and a briefing about the investigation.

As the frenzy escalates, though, security specialists note that there is no evidence of a threat or indication that the aerial vehicles people are seeing are anything unusual.

“There is nothing conclusive about these alleged drone sightings,” says Deviant Ollam, a New Jersey native and longtime physical security researcher. “It’s a famous and popular pastime of Americans to panic and make political hay out of things they don’t understand, and therefore, decide to fear.”

Reports of drone sightings, whether they ultimately prove to be accurate or not, are often difficult to investigate quickly and thoroughly, especially given that different levels of law enforcement and aviation authorities are all potentially involved and must collaborate. Doing a thorough investigation quickly is also costly, especially when new reported sightings continue to emerge. For example, over a few days in December 2018, repeated—ultimately verified—drone sightings at Gatwick Airport south of London resulted in more than 1,000 cancelled flights, chaos for more than 150,000 travelers, more than $63 million of lost revenue for airlines, and an expenditure of nearly $1.3 million for the local Sussex police force's investigation.

Ollam emphasizes that the speed with which such investigations can be accomplished correlates directly to how much funding officials have at their disposal. In the meantime, though, officials in the US have been scrambling to address theories about aliens and Iranian spy drones.

“Each of these ‘drones’ have a green light on the right, a red light on the left, and a strobe light, which is required by the FAA at night. So either the aliens and Iranians are complying with FAA law or it's something else,” former Air National Guard member and former Illinois Republican representative Adam Kinzinger said in a social media video on Thursday. “You're allowed to fly over military bases and sensitive national security areas. In fact, small planes and pilots do this all the time and there's no restriction on it. So the freak-out doesn't really make sense.”

Federal officials were clearly walking a delicate line on Thursday as they attempted to reassure the public without seeming disengaged.

“We take seriously the threat that can be posed by unmanned aircraft systems (UAS), which is why law enforcement and other agencies continue to support New Jersey and investigate the reports,” the DHS and FBI said in their joint Thursday statement. “Historically, we have experienced cases of mistaken identity, where reported drones are, in fact, manned aircraft or facilities.”

The New Jersey Drone Mystery May Not Actually Be That Mysterious

Small, easily weaponizable drones have become a feature of battlefields from the Middle East to Ukraine. Now the threat looms over the US homeland—and the Pentagon's ability to respond is limited.

A spectre is haunting the United States—the spectre of drone warfare.

Since the middle of November, unidentified unmanned aerial vehicles have lit up the skies above New Jersey, startling residents and baffling military and government officials. The US Army’s Picatinny Arsenal research and manufacturing facility in the state’s Morris County reported 11 confirmed instances of mysterious drones illegally entering its airspace since the middle of the month, while a dozen drones were spotted hovering over US Naval Weapons Station Earle in Monmouth County in early December. Similar sightings were reported in at least six other counties throughout the state; according to the Coast Guard, a group of drones even followed one of the service’s vessels “in close pursuit” near a state park.

The spate of drone sightings in the skies above New Jersey have caused alarm among state lawmakers, prompting one to call for a “limited state of emergency … until the public receives an explanation” regarding the source of the unidentified drones. One Republican US congressman even claimed the drones were originating from an Iranian “mothership” lurking off of the state’s coastline, an assertion the US Defense Department quickly batted down.

“As you know, Joint Base McGuire-Dix-Lakehurst possess \[sic\] capabilities to identify and take down unauthorized unmanned aerial systems and have utilized this capability to address overflights of the installation,” New Jersey representative Chris Smith told Defense Secretary Lloyd Austin in a December 10 letter. “I urgently request all capabilities possessed by the Department of Defense, especially those in use by JBMDL to be immediately deployed to identify and address the potential threats posed by \[drones\] over the state of New Jersey.”

Despite the growing chorus of concern from New Jersey lawmakers, the US military appears relatively unimpressed with the sudden incursions. In a December 11 statement, US Northern Command (NORTHCOM) revealed that the command had “conducted a deliberate analysis of the events, in consultation with other military organizations and interagency partners, and at this time we have not been requested to assist with these events.” The following day, White House national security communications adviser John Kirby stated that many of the alleged drone sightings that had alarmed civilian observers on the ground in recent weeks were, in fact, conventional manned aircraft. The Federal Bureau of Investigation and Department of Homeland Security echoed this assessment in a statement on Thursday, saying, “it appears that many of the reported sightings are actually manned aircraft, operating lawfully. There are no reported or confirmed drone sightings in any restricted air space.”

“At this time, we have no evidence that these activities are coming from a foreign entity or the work of an adversary. We're going to continue to monitor what is happening,” deputy Pentagon press secretary Sabrina Singh told reporters on Wednesday. “At no point were our installations threatened when this activity was occurring." (In an interesting confluence of events, the US Department of Justice that same day announced the arrest of a Chinese citizen for flying a drone over and taking photos of Vandenberg Space Force Base in California.)

The alarm over the sudden drone incursions over New Jersey, neighboring New York and Pennsylvania, and near sensitive US government sites in particular, even if overblown, isn’t completely unwarranted: Officials at North American Aerospace Defense Command (NORAD)—the joint US-Canadian military organization tasked with overseeing air sovereignty on the continent—revealed in October that they had received reports of nearly 600 incursions above domestic US military installations since 2022.

The issue is, US law severely limits how the US military can respond to these mysterious drones—even if the number of incidents has been growing for years.

Indeed, for several months earlier this year, unidentified drones repeatedly circled Plant 42 in California, the Edwards Air Force Base installation where defense contractor Northrop Grumman has been working on the Air Force’s vaunted new B-21 Raider stealth bombers. In December 2023, Langley Air Force Base in Virginia was targeted by a wave of mysterious drone overflights, prompting the Pentagon to relocate a contingent of F-22 Raptor fighter jets stationed there to another base. And the New Jersey incidents come on the heels of a mid-November series of drone incursions near RAF Lakenheath in the United Kingdom, which, while not a US domestic installation, hosts a strategically-important contingent of American fighter jets, among other capabilities.

It appears that Pentagon assets in the continental United States have been subject to such drone activity as far back as 2019, when a fleet of US Navy Arleigh Burke-class destroyers was shadowed by a swarm of drones for several days during maneuvers at a training range off the coast of southern California. Later that year, a series of mysterious drone sightings in eastern Colorado and western Nebraska and Kansas confounded not just local law enforcement and federal agencies, but alarmed Air Force officers at nearby F.E. Warren Air Force Base in Wyoming, home to one of the Pentagon’s many Minuteman III ICBM fields.

These incidents aren’t limited to US military facilities. In October 2023, several drones were detected in the airspace above the US Energy Department’s Nevada National Security Site, which is used for nuclear research and development, the Wall Street Journal recently reported. And back in 2019, the Palo Verde Nuclear Generating Station in Arizona—the most powerful nuclear power plant in the United States—was subject to a series of mass drone incursions that Nuclear Regulatory Commission officials would later characterize as a “drone-a-palooza,” albeit with grave concern over the potential vulnerability exposed by the incursion, according to email correspondence obtained by The War Zone in 2020.

“I would point out that restricted airspace will do nothing to stop an adversarial attack and even the detection systems identified earlier in this email chain have limited success rates, and there is even lower likelihood that law enforcement will arrive quickly enough to actually engage with the pilots,” one senior NRC security official at Palo Verde wrote in an email regarding the incident. “We should be focusing our attention on getting Federal regulations and laws changed to allow sites to be defended and to identify engineering fixes that would mitigate an adversarial attack before there our \[sic\] licensed facilities become vulnerable.”

While unmanned aerial vehicles have been in military use for generations for surveillance and reconnaissance, the US military is largely responsible for transforming modern drones into vehicles of precision violence during the early years of the Global War on Terrorism, a policy especially expanded under US president Barack Obama. In more recent years, the rise of cheap, commercially-available unmanned platforms like those used by hobbyists has turned the small drone into the weapon of choice for both nation states and irregular forces abroad, from militant groups like ISIS In Iraq and Syria and the Iran-backed Houthi rebels in Yemen to the Russian and Ukrainian militaries. With a potential conflict with China over Taiwan looming on the horizon amid the US military’s pivot to “great power competition,” the Pentagon is itself in the midst of a major surge in both unmanned capabilities and technology to defend against weaponized drones belonging to foreign adversaries.

The US military has been slowly but surely adjusting to the sudden spike in mysterious drone incursions near sensitive sites across the United States with an expanded counter-drone strategy. In early December, Defense Secretary Lloyd Austin signed the Pentagon’s new Strategy for Countering Unmanned Systems, which seeks to unify disparate DoD efforts to address the rise of drone threats both at home and abroad into a single coherent framework, one that implicitly acknowledges the potential for the rising tide of domestic drone threats to grow from intrusive surveillance risks to something more damaging.

“From the Middle East to Ukraine and across the globe—including in the US homeland—unmanned systems are reshaping tactics, techniques, and procedures; challenging established operational principles; and condensing military innovation cycles,” the unclassified fact sheet on the new Pentagon strategy states. “The relatively low-cost, widely available nature of these systems has, in effect, democratized precision strike.”

The Pentagon has been working overtime to field fresh counter-drone capabilities to US forces deployed overseas in recent years, including traditional firearms outfitted with computerized optics and remotely operated vehicle-mounted heavy weapons turrets, laser-guided rocket and missile systems, AI-assisted kinetic interceptors, radio frequency- and Global Positioning System-jamming electronic warfare suites, and even exotic directed energy weapons like high-energy lasers and high-powered microwaves, among others. As recently as late October, NORTHCOM was working in conjunction with the Federal Aviation Administration to demo fresh counter-drone tech as part of its Falcon Peak 2025 experiment at Fort Carson in Colorado.

“By all indications, \[small unmanned aerial systems\] will present a safety and security risk to military installations and other critical infrastructure for the foreseeable future,” NORTHCOM boss Air Force general Gregory Guillot told reporters at the time. “Mitigating those risks requires a dedicated effort across all federal departments and agencies, state, local, tribal and territorial communities, and Congress to further develop the capabilities, coordination and legal authorities necessary for detecting, tracking and addressing potential sUAS threats in the homeland.”

But US military officials also indicated to reporters that the types of counter-drone capabilities the Pentagon may be able to bring to bear for domestic defense may be limited to non-kinetic “soft kill” means like RF and GPS signal jamming and other relatively low-tech interception techniques like nets and “string streamers” due to legal constraints on the US military’s ability to engage with drones over American soil.

“The threat, and the need to counter these threats, is growing faster than the policies and procedures that \[are\] in place can keep up with,” as Guillot told reporters during the counter-drone experiment. “A lot of the tasks we have in the homeland, it’s a very sophisticated environment in that it’s complicated from a regulatory perspective. It’s a very civilianized environment. It’s not a war zone.”

Defense officials echoed this sentiment during the unveiling of the Pentagon’s new counter-drone strategy in early December.

“The homeland is a very different environment in that we have a lot of hobbyist drones here that are no threat at all, that are sort of congesting the environment,” a senior US official told reporters at the time. “At the same time, we have, from a statutory perspective and from an intelligence perspective, quite rightly, \[a\] more constrained environment in terms of our ability to act.”

The statute in question, according to defense officials, is a specific subsection of Title 10 of the US Code, which governs the US armed forces. The section, known as 130(i), encompasses military authorities regarding the “protection of certain facilities and assets from unmanned aircraft.” It gives US forces the authority to take “action” to defend against drones, including with measures to “disrupt control of the unmanned aircraft system or unmanned aircraft, without prior consent, including by disabling the unmanned aircraft system or unmanned aircraft by intercepting, interfering, or causing interference with wire, oral, electronic, or radio communications used to control the unmanned aircraft system or unmanned aircraft” and to “use reasonable force to disable, damage, or destroy the unmanned aircraft system or unmanned aircraft.”

As The War Zone points out, 130i limits when and where the US military can actually deploy counter-drone assets outside of immediate self-defense in the face of an imminent threat. Notably, it requires the defense secretary to “coordinate” with both the US transportation secretary and Federal Aviation Administration (FAA) administrator regarding any counter-drone implementation that “might affect aviation safety, civilian aviation and aerospace operations, aircraft airworthiness, or the use of airspace.” Not only that, but 130i authority is only applicable to a specific list of installations, mainly those dealing with nuclear deterrence and missile defense functions of the US national security apparatus.

This, in turn, limits what kinds of counter-drone systems the US military can actually employ domestically. Service members may be up to their eyes in fresh counter-drone tech overseas, but the regulatory environment at home is rigid enough that “hard kill” solutions like missiles, guns, and other kinetic interceptors aren't even considered potential options because there’s simply too much risk that they might end up inflicting collateral damage on innocent, unsuspecting civilians in nearby neighborhoods. Even “soft kill” solutions like RF and GPS jamming require coordination with the FAA and other federal agencies to prevent potential harm to civilian air travel, approvals that could slow down the reaction time among base security forces amid a potential drone incursion.

“Given the impact of GPS denial, just across infrastructure and all that stuff, it is a very, very difficult capability to get permissions to utilize,” as one official told The War Zone at Falcon Peak.

While the Pentagon’s broad new counter-drone strategy is a step in the right direction when it comes to bolstering domestic drone defenses, Congress is taking action as well. In the compromise version of the annual National Defense Authorization Act defense budget legislation unveiled in December, lawmakers included language calling upon the Pentagon to not just conduct an assessment of the counter-drone technology landscape at large, but generate recommendations on how policy changes could reduce the amount of burdensome bureaucratic coordination between federal agencies required to address the growing number of drone incursions—and, in an ideal world, allow the US military to move quickly and decisively to counter intrusive drones at sensitive installations before they become dangerous.

“We agree that US troops have the inherent right of self defense, including from \[drone\] attacks, wherever they may be,” the explanatory statement accompanying the compromise NDAA says.

At the moment, the Pentagon seems unconvinced that the Northeast drone sightings and earlier incursions are connected to a foreign adversary. But with lawmakers increasingly concerned with the potential threat to sensitive installations and critical infrastructure in their states, the US military’s renewed approach to counter-drone defense can’t come soon enough.

Why the US Military Can't Just Shoot Down the Mystery Drones

AI creates what it’s told to, from plucking fanciful evidence from thin air, to arbitrarily removing people’s rights, to sowing doubt over public misdeeds.

OpenAI CEO Sam Altman expects AGI, or artificial general intelligence—AI that outperforms humans at most tasks—around 2027 or 2028. Elon Musk’s prediction is either 2025 or 2026, and he has claimed that he was "losing sleep over the threat of AI danger." Such predictions are wrong. As the limitations of current AI become increasingly clear, most AI researchers have come to the view that simply building bigger and more powerful chatbots won’t lead to AGI.

However, in 2025, AI will still pose a massive risk: not from artificial superintelligence, but from human misuse.

These might be unintentional misuses, such as lawyers over-relying on AI. After the release of ChatGPT, for instance, a number of lawyers have been sanctioned for using AI to generate erroneous court briefings, apparently unaware of chatbots’ tendency to make stuff up. In British Columbia, lawyer Chong Ke was ordered to pay costs for opposing counsel after she included fictitious AI-generated cases in a legal filing. In New York, Steven Schwartz and Peter LoDuca were fined $5,000 for providing false citations. In Colorado, Zachariah Crabill was suspended for a year for using fictitious court cases generated using ChatGPT and blaming a "legal intern" for the mistakes. The list is growing quickly.

Other misuses are intentional. In January 2024, sexually explicit deepfakes of Taylor Swift flooded social media platforms. These images were created using Microsoft’s “Designer” AI tool. While the company had guardrails to avoid generating images of real people, misspelling Swift's name was enough to bypass them. Microsoft has since fixed this error. But Taylor Swift is the tip of the iceberg, and non-consensual deepfakes are proliferating widely—in part because open-source tools to create deepfakes are available publicly. Ongoing legislation across the world seeks to combat deepfakes in hope of curbing the damage. Whether it is effective remains to be seen.

In 2025, it will get even harder to distinguish what’s real from what’s made up. The fidelity of AI-generated audio, text, and images is remarkable, and video will be next. This could lead to the "liar's dividend": those in positions of power repudiating evidence of their misbehavior by claiming that it is fake. In 2023, Tesla argued that a 2016 video of Elon Musk could have been a deepfake in response to allegations that the CEO had exaggerated the safety of Tesla autopilot leading to an accident. An Indian politician claimed that audio clips of him acknowledging corruption in his political party were doctored (the audio in at least one of his clips was verified as real by a press outlet). And two defendants in the January 6 riots claimed that videos they appeared in were deepfakes. Both were found guilty.

Meanwhile, companies are exploiting public confusion to sell fundamentally dubious products by labeling them “AI.” This can go badly wrong when such tools are used to classify people and make consequential decisions about them. Hiring company Retorio, for instance, claims that its AI predicts candidates' job suitability based on video interviews, but a study found that the system can be tricked simply by the presence of glasses or by replacing a plain background with a bookshelf, showing that it relies on superficial correlations.

There are also dozens of applications in health care, education, finance, criminal justice, and insurance where AI is currently being used to deny people important life opportunities. In the Netherlands, the Dutch tax authority used an AI algorithm to identify people who committed child welfare fraud. It wrongly accused thousands of parents, often demanding to pay back tens of thousands of euros. In the fallout, the Prime Minister and his entire cabinet resigned.

In 2025, we expect AI risks to arise not from AI acting on its own, but because of what people do with it. That includes cases where it _seems_ to work well and is over-relied upon (lawyers using ChatGPT); when it works well and is misused (non-consensual deepfakes and the liar's dividend); and when it is simply not fit for purpose (denying people their rights). Mitigating these risks is a mammoth task for companies, governments, and society. It will be hard enough without getting distracted by sci-fi worries.

Source

Wired