A new era of space cybersecurity begins with Hack-A-Sat 4

Welcome to a special edition of the Linked Into AFRL newsletter, dedicated to telling you all about the revolutionary Hack-A-Sat competition. 

When this first-of-its-kind satellite hacking challenge began in 2020, it brought the best cybersecurity researchers in the world together to put our systems to the test. The event, sponsored by AFRL and Space Systems Command, has provided an opportunity to hack in an open, collaborative online environment with the goal of improving the security and resilience of space systems. Each year, Hack-A-Sat offered increasingly realistic space challenges, fostering a community of researchers interested in building better tools and gaining a better understanding of the space and cyber environment.

Together we've accelerated progress in space cybersecurity. And it’s all been leading up to this. 

The finals for Hack-A-Sat 4, taking place at DEF CON this weekend from Aug. 11 to Aug. 13, will make history when it officially brings the competition to space. This year the finalists will compete in on-orbit challenges on the Moonlighter CubeSat, the only satellite designed to advance cybersecurity for space systems.

Follow @hack_a_sat on Twitter and for game updates and watch event coverage on the AFResearchLab YouTube channel this weekend. Let the games begin!

How did AFRL’s Hack-A-Sat team bridge the gap between the U.S. government and the super-secretive hacker community?  It all started with a team from AFRL dedicated to doing whatever it took to prevent a future satellite hack from threatening not just the security of our nation, but our way of life. 

In their 2022 AFRL Inspire talk, “Hacking in the Name of Space Security,” Hack-A-Sat founders Delia Jesaitis and Steve Colenzo explain what it took to get support for this unconventional event and why it was so imperative to do so. 

Each year Hack-A-Sat has offered increasingly realistic space challenges by advancing technology supporting the final event competition from FlatSat hardware to a Digital Twin software simulation to this year's on-orbit satellite called Moonlighter. 

Hack-A-Sat 1

The inaugural Hack-A-Sat, held in the spring of 2020, was designed to spark interest and advance the skills of security researchers to secure space systems. 

Over two days, competitors worked through a series of challenges on physical hardware called a flatsat. The teams then had the opportunity to have one of their solutions uploaded to an on-orbit satellite.

Hack-A-Sat 2

The second annual Hack-A-Sat was open to all cybersecurity researchers seeking to level up their space cybersecurity skills and knowledge. 

The top teams competed in a 24-hour virtual attack-and-defend style capture-the-flag event in Dec. 2021. It was an epic showdown involving collaborative hacking in a space-simulated environment while viewers caught the action.

Hack-A-Sat 3

Hack-A-Sat 3 focused the community on a single mission — learn space faster. The top teams faced their most realistic space challenge yet, as the competition in Oct. 2022 utilized digital twin technology to simulate the experience of hacking an on-orbit space system. 

In the meantime, the team at The Aerospace Corporation was designing, building and testing a satellite called Moonlighter to become the first hacking sandbox in space. 

The successful launch of Moonlighter on June 5 marked the beginning of a new era for space cybersecurity. 

Moonlighter is a toaster-sized CubeSat that was designed to be hacked. Yes, you read that right. 

Moonlighter carries a cyber payload consisting of a firewall to isolate the subsystem and a fully reprogrammable payload computer that behaves like a flight computer. This allows the cyber experiment to be repeatable, realistic and secure while ensuring the health and safety of the satellite. 

Our ‘brave little toaster’ hitched a ride aboard SpaceX CRS-28 to the International Space Station as part of a mission contracted by NASA and flown by SpaceX. After about a month, Moonlighter was deployed into low earth orbit on July 6 and was commissioned just in time for its first mission to host the Hack-A-Sat 4 final event.

The five finalist teams consist of some of the world’s best security researchers and experts in both cyber and space domains, including vulnerability research, astrophysics, satellite operations and reverse engineering.

Access to the satellite is limited to predetermined contact windows, so flags are more rare and precious than in ground-based capture the flags. Players need to prepare commands and scripts to run on the satellite, upload them to the satellite during a contact window, and then wait for the next contact to see if their commands had the intended effect and if any points were scored.

DEF CON attendees can visit the contest area to watch the teams playing in real-time and explore the technology museum to see how Hack-A-Sat has advanced during the four years of the contest. Learn more about space cybersecurity, contest updates and analysis during the Hack-A-Sat talks on the Aerospace Village stage. If you’re following along at home, you’ll be able to watch videos from the event on the AFResearchLab YouTube channel. 

• Hack-A-Sat 4 Kick-Off | Friday, Aug. 11, 11am-11:50am PT 
• Hack-A-Sat 4 Game Update | Saturday, Aug. 12, 11am-11:50am PT 
• Hack-A-Sat 4 Awards Ceremony | Sunday, Aug. 13, 12pm-1pm PT