Hack-A-Sat 4 winning team ‘mHACKeroni’ displays their banner and shows off their award for capturing first place during the two-day competition. Hack-A-Sat 4 was the first capture-the-flag hacking competition on an operational satellite held Aug. 11-12 in the Aerospace Village at the annual hacking conference DEF CON 31 in Las Vegas, Nevada. (Photo by Sarah McNulty, Space Systems Command)
WASHINGTON — The annual Hack-A-Sat contest, sponsored by the Space Force and Air Force Research Laboratory to help improve the cybersecurity of Defense Department satellites, literally got real this year — with Italy’s mHACKeroni beating out five international teams of cyber researchers vying to take control of a live, in orbit satellite.
“We are so proud of the entire Hack-A-Sat effort and particularly the development of Moonlighter as the first and only hacking sandbox in space,” said Col. Neal Roach, director of Engineering and Integration for Space Domain Awareness and Combat Power at Space Force’s Space Systems Command (SSC), in a press release today announcing the prize winners.
Moonlighter is a 3U CubeSat (that is, made up of three 10X10X10 centimeter units) built by The Aerospace Corporation in cooperation with SSC. It was launched on a SpaceX Falcon 9 to the International Space Station on June 5, and from there was deployed into low Earth orbit on July 6 for use not just in the Aug. 11-12 Hack-A-Sat 4 contest during this year’s annual hacker spree DEF CON 31 in Las Vegas, but also to serve as a future DoD cybersecurity testbed.
In previous Hack-A-Sats, competitors utilized ground-based satellite simulations (called FlatSats) and then, on a laboratory digital twin of the Moonlighter satellite, performed what is known in cybersecurity circles as a “capture the flag (CTF)” contest to find text strings, called “flags,” that are hidden in purposefully-vulnerable programs or websites.
This year, the five hacking teams — selected from more than 700 initially competing in the April qualifying round — competed in “two ground-based challenges and seven on-orbit challenges testing their space-relevant skills including spacecraft operations, radio frequency communications and reverse engineering,” the SSC press release explained. These included including hacking into Moonlighter to force it to take a picture of a ground target of their choice and downloading it to a ground station, and bypassing the satellite’s blocks on imaging of certain ground targets.
The three prize winners were:
First place, $50,000: mHACKeroni, a conglomeration of five Italian cyber research teams.
Second place, $30,000: Poland Can Into Space, created by Polish cyber researchers joined by members from Ireland and Germany; and
Third place, $20,000: jmp fs:[rcx], a combined team of Hack-A-Sat’s first-year champions from the US and United Kingdom.
