Cyber WARFARE – Target Is SET!

Photo by NASA on Unsplash

( – In August, the U.S. military is organizing a groundbreaking contest at the DEFCON hacker convention. This competition will involve teams of ethical hackers attempting to breach and take control of computer systems on an orbiting satellite. The event, called Hack-A-Sat 4, marks a significant milestone as it is the first time such a contest is being held on an actual satellite in space.

Steve Colenzo, the Technology Transfer Lead for the Air Force Research Laboratory’s Information Directorate and one of the contest organizers, expressed excitement about the progress made, stating that “this year, we are in space for real” after four years of preparation. The decision to stage the contest on an orbiting satellite follows a notable cyberattack on the Viasat KA-SAT European satellite network last year. Russian military hackers targeted the network to disrupt Ukrainian command and control, resulting in the shutdown of ground user terminals and collateral damage to facilities like wind farms in Germany. This incident highlighted the vulnerability of space-based global communication networks to hackers, emphasizing the need to address cyber threats faced by space-based capabilities.

Colenzo emphasized the widespread reliance on space-based technologies across various industries, including agriculture, mining, banking, insurance, and navigation systems like GPS. He mentioned that with the democratization of space, more countries and companies are venturing into satellite development and launch, making cybersecurity and cyber hygiene crucial for the entire space industry.

While Hack-A-Sat 4 will be the first hacking contest conducted on an orbiting satellite, it is not the first instance of successful satellite hacking. Earlier this year, a team of ethical hackers from Thales, a French defense, space, and technology company, managed to penetrate and gain control of the controls of OPS-SAT, a satellite operated by the European Space Agency. OPS-SAT’s vulnerability stemmed from its design as a platform for hosting experiments, allowing multiple users to upload their software payloads. The hackers exploited vulnerabilities in the European Space Agency’s code, demonstrating that satellites are not impervious to hacking attempts.

The democratization of space is leading to new business models that involve shared or leased satellite access. Mathieu Bailly, CYSAT conference director, noted the increasing prevalence of such models and the need for security measures to be implemented in these systems.

Hack-A-Sat 4, an attack/defend contest, will take place at DEFCON from August 10 to 13, organized by the Air Force Research Laboratory and the U.S. Space Force. The qualification round saw over 380 teams participate, with the top eight teams, including contestants from different countries, advancing to the finals.

To enable the contest to be conducted in space, the organizers had to launch their own satellite named Moonlighter, which was deployed into orbit on June 5. Moonlighter is designed to be hacked and includes safety measures such as disabling propulsion and the ability to reboot the system from ground control.

Hacking contests like Hack-A-Sat have gained popularity and have become a significant part of the hacker subculture. These competitions foster teamwork and skill development among security researchers, both in defensive and offensive techniques. Hack-A-Sat 4 will be a grueling 72-hour event where participating teams will continuously work, taking brief naps in shifts, fueled by energy drinks and snacks.

The significance of securing space capabilities is underscored by U.S. wargames that highlight the potential for pre-emptive strikes against U.S. space assets, which could severely impact U.S. forces operating far from home. The leaked classified CIA assessment suggests that China, whose economy is increasingly reliant on space, may resort to cyberattacks aimed at rendering satellites ineffective for communication, weapons systems, and intelligence purposes.

Copyright 2023,