>>Participants who successfully complete a set of qualification challenges on cybersecurity and space this spring will be invited to the ultimate challenge: to (ethically) hack a satellite.
Lol. That is so military public affairs. You are allowed to hack a satellite after being vetted and approved by government. Are Canadians allowed to participate? How about Russians? What about crypto-anarchists who will never pass a military-type background check? I cannot think of a less hacker-friendly competition.
How about this: Just launch the damn satellite. Tell us which rocket it is on (I assume it is a ride share) and give 100k to the first team that manages to broadcast a rickroll.
Bonus round: An extra 100k for any team that leverages the sat to listen in to the spysat network, the one operating on 60 GHz so that it cannot be heard from the ground directly. (Fyi, if you want to meet some men in black, try putting some 60GHz capability on your cubesat. They no like anything that might jam that spectrum.)
Compare this to something like the “Voting machine village” at the last several defcons - none of which required extensive vetting before you were allowed to hack the hardware.
> Are Canadians allowed to participate? How about Russians? What about crypto-anarchists who will never pass a military-type background check?
Yes. As long as there's at least one US citizen or permanent resident on your team, and you're not a specially designated national, you're allowed to participate.
>> The Team Leader must be a U.S. citizen, must speak English and will serve as the official technical point of contact for communications with the HAS organizers.
So ya, Canadians are allowed but only if the boss is a US citizen. Don't see any resident language. I make the point because some of the best satellite spotters/finders/hackers are Canadians, such Scott Tilley who was recently in the news for finding a long-forgotten navigation sat. Or Ted Molczan who may have spotted the legendary Prowler sat.
(This is natural. Canadians are better positioned to spot satellites due to their darker sky and the longer dawn/dusk periods of higher latitudes.)
In the hackathon environments I've been in there isn't really an organizational hierarchy per team. Team Leader really means Team Representative; i.e. they only want one person coming up to give/receive items/documents/information, so they ask each team to pick a leader who can interact with the event staff.
> Are Canadians allowed to participate? How about Russians? What about crypto-anarchists who will never pass a military-type background check? I cannot think of a less hacker-friendly competition.
Yes. It is absorbed by moisture in the atmosphere. That limits its range, which is great if you want to setup lots of cellular towers without them interfering with each other. If 5g used a frequency that wasn't absorbed, individual towers would have to be much further apart, increasing "cell" size and limiting available bandwidth.
I read a paper about that. It said that 98% of the energy emitted at that frequency is absorbed by oxygen, and this was touted as a benefit, because it effectively “insulated” the towers, so they would not interfere with each other. But I am still surprised that any engineer would design a system that is only 2 percent efficient.
In the US, the current licensed 5G millimeter bands are 24, 28, 37, 39 and 47 GHz. 60 GHz is an unlicensed band (actually 57 to 71 GHz) used for 802.11ad. Typical use is uncompressed HDMI extenders inside of a single room.
If you don't meet the criteria, presumably they'd rather you trade any hacks you find with a different interested party happy to pay for the information?!
Depends on where you draw your ethical boundaries? I mean it's a lucrative career in itself and you get to work in cutting edge tech that hopefully never gets proliferated to other countries (esp. the oppressive ones).
The US society is great, but the US government is oppressive and responsible for murders and destruction. There is a clear line between society and a state/government.
It could have changed since I last looked at it, but all of the cyber jobs were transfer-only within the Air Force and you had to sign 6 years I believe.
Have you ever had to debug a "blackbox" before, Application code or hardware that you had really nothing to do with and had to figure out how in the hell it works? or worked with embedded devices or embedded radios? Would love to help you out likewise anyway, hit me on up twitter @JRWR
> Have you ever had to debug a "blackbox" before, Application code or hardware that you had really nothing to do with and had to figure out how in the hell it works?
I suppose so, yes, but probably not to the extent required in some of these challenges.
$14 billion 2020 budget for the USAF space portfolio[1], $50 thousand prize (split between entire team) to reveal detailed procedure to hack the USAF space portfolio. I feel like they should be a bit more generous here.
You could ask how the other ctf defcon winners are regarded? The top teams are all pretty hardcore, I always felt they'd be treated specially as well but seems not to be the case
Why on Earth would you help them militairise outerspace and draw a crosshair on your forehead while being at it ?
As if current spacejunk isn't enough of a threat to humanities future in space already. This sounds all awesome at first, but think about it for a second.
Because they would do it anyway. I've heard "stories" of attackers gaining control of a sat, "flipping it" to prevent it from listening to incoming commands, and then asking for a ransom from the original owners.
It may make it safer if you help stop bad actors getting access to what will be there anyway. Some terrorist would probably love to steer one satellite into another... or whatever options control gives.
Armies are organizations build around aggression per definition and therefore _are_ the terrorist in outerspace. The good guys in space are found at civil presence such as the ISS. People from all nations and cultures working together in peace. A symbol of hope for humanity. Much unlike military organizations with boots on the ground.
The part where the Starfleet cruises around space in giant militarized weapon platforms with phase cannons and torpedos, engaging in de facto military conflicts?
Starfleet isn't a military. Starfleet is a pacifist post-scarcity utopia dedicated to scientific and intellectual pursuit - militarism is an atavistic, primitive vice that humans have evolved beyond at that point.
That Starfleet just happens to use a military chain of command and fleet structure doesn't mean they've "militarized space" in any way. It's just a unique expression of Earth culture, and nothing more.
Starfleet is peaceful, it's everyone else in the galaxy who's warlike, because they fear Starfleet's freedom and way of life. If it weren't for those duplicitous Romulans and thuggish Klingons, Starfleet might not even need every ship to have enough firepower to boil the oceans off of a planet. But peace has to be defended.
Or would you rather have the Alpha Quadrant be run by aliens?
Is there a pointer on where to read more about challenges like this - technical information on how space com systems work, and what some example CTFs are?
Thanks, but I was referring to space comms ctfs specifically :) it’s one thing to find a buffer overflow exploit on http but I don’t even know what the carrier protocol for a ku band transponder is called..
Hello. My CS experience is quite elementary, and I'm a decent enough Web Dev and Scientific Programmer. If I wanted to be the type of hacker capable of taking down a Satellite, what would be everything that I would need to learn? I assume that this is super complex (Duh) but am curious as to the actual extent of knowledge required to pull this off.
"The FlatSat CTF Event occurs with FlatSat hardware and a virtual/simulated space environment."
For the uninitiated: when an operator builds a satellite they usually build at least 3 or 4 of the same bird for every one they launch. This includes the initial "FlatSat" which is a fully working prototype but built onto a flat proto-board rather than the launched form factor, this makes troubleshooting easier in the initial stages. Later on these development prototypes can also be used to troubleshoot problems that occur in space.
So somewhere there is an Air Force warehouse packed to the gills with all the development and flat-sats that were never intended to fly. Although obviously they would never use real hardware on an event like this for a number of reasons, if they did it would only be for old hardware that's been retired. But still an interesting idea.
Bruce Schneier already posit that hack-a-thing challenge is not a good test or proof of whether a thing is vulnerable. Back in the days when everyone was coming out with hash and cipher algo there were bounties offered as PR of how strong thingX was. Not everyone is going to take up a challenge, if I were a real criminal I would discover the vulnerability (if any) and keep it to myself because the exploit, especially a secret one, is worth more than the bounty, and has a longer pay period.
Agree 100%, if someone was to seriously think and ad-hoc team was a replacement for a formal security audit... well they get what they deserve. I'm not sure where these fall in the mix, but they definitely seem useful, more eyes on a problem the better.
Is it just me or is $50K is really low price to pay, almost like a slap in the face, for a satellite level vulnerability? If i remember correctly military satellites often carry civilian comm services: important business communications/financial networks etc.
What would be the black market price for something like this? It has to be at least 10x more at $500K as a low end. Realistically a million $+
92 comments
[ 24.9 ms ] story [ 4887 ms ] threadLol. That is so military public affairs. You are allowed to hack a satellite after being vetted and approved by government. Are Canadians allowed to participate? How about Russians? What about crypto-anarchists who will never pass a military-type background check? I cannot think of a less hacker-friendly competition.
How about this: Just launch the damn satellite. Tell us which rocket it is on (I assume it is a ride share) and give 100k to the first team that manages to broadcast a rickroll.
Bonus round: An extra 100k for any team that leverages the sat to listen in to the spysat network, the one operating on 60 GHz so that it cannot be heard from the ground directly. (Fyi, if you want to meet some men in black, try putting some 60GHz capability on your cubesat. They no like anything that might jam that spectrum.)
https://en.wikipedia.org/wiki/Satellite_Data_System
Yes. As long as there's at least one US citizen or permanent resident on your team, and you're not a specially designated national, you're allowed to participate.
So ya, Canadians are allowed but only if the boss is a US citizen. Don't see any resident language. I make the point because some of the best satellite spotters/finders/hackers are Canadians, such Scott Tilley who was recently in the news for finding a long-forgotten navigation sat. Or Ted Molczan who may have spotted the legendary Prowler sat.
(This is natural. Canadians are better positioned to spot satellites due to their darker sky and the longer dawn/dusk periods of higher latitudes.)
official technical point of contact for communications != boss
The answers to your questions are in the rules.
https://www.hackasat.com/rules-here
Isn't that the same frequency for ground-based 5G mmWave?
https://en.wikipedia.org/wiki/Extremely_high_frequency
It’s kinda dangerous as you might know rockets and missiles operate on the same principles ?
They both have a guidance system that decide where to land or not land.
It just that rockets don’t have a warhead.
.. which will be used to coordinate drone attacks on foreign targets. So much for ethics ..
Depends on where you draw your ethical boundaries? I mean it's a lucrative career in itself and you get to work in cutting edge tech that hopefully never gets proliferated to other countries (esp. the oppressive ones).
ITAR = International Traffic in Arms Regulations
https://www.pmddtc.state.gov/ddtc_public?id=ddtc_kb_article_...
Makes sense that they only want potential recruits to participate.
What specific technical skills are required to successfully complete challenges like this?
I suppose so, yes, but probably not to the extent required in some of these challenges.
I just read through https://cybersecurity.att.com/blogs/security-essentials/capt... and some of the accompanying write ups[0] on Github which was very insightful.
[0]: https://github.com/1337pwnie/ctf-writeups/tree/master/2017/U...
[1] https://www.af.mil/News/Article-Display/Article/1783601/air-...
/s
That's $250k.
We have the skills, but we are all either Canadian or British, sadly. Email me at contact@exodusorbitals.com
P.S. Any cybersecurity experience is an asset, but not a requirement.
It may make it safer if you help stop bad actors getting access to what will be there anyway. Some terrorist would probably love to steer one satellite into another... or whatever options control gives.
Why on Earth is an interesting question. Why in space might have some reasons though ;)
That Starfleet just happens to use a military chain of command and fleet structure doesn't mean they've "militarized space" in any way. It's just a unique expression of Earth culture, and nothing more.
Starfleet is peaceful, it's everyone else in the galaxy who's warlike, because they fear Starfleet's freedom and way of life. If it weren't for those duplicitous Romulans and thuggish Klingons, Starfleet might not even need every ship to have enough firepower to boil the oceans off of a planet. But peace has to be defended.
Or would you rather have the Alpha Quadrant be run by aliens?
I can always make up a hypothetical scenario where I become the victim of some aggression... to justify being a bully.
https://trailofbits.github.io/ctf/intro/find.html
for space comms, search "site:nasa.gov satellite"
I guess "legally" would be the right word here. Ethics are subjective. But who are we kidding, they know exactly why they chose this word.
For the uninitiated: when an operator builds a satellite they usually build at least 3 or 4 of the same bird for every one they launch. This includes the initial "FlatSat" which is a fully working prototype but built onto a flat proto-board rather than the launched form factor, this makes troubleshooting easier in the initial stages. Later on these development prototypes can also be used to troubleshoot problems that occur in space.
So somewhere there is an Air Force warehouse packed to the gills with all the development and flat-sats that were never intended to fly. Although obviously they would never use real hardware on an event like this for a number of reasons, if they did it would only be for old hardware that's been retired. But still an interesting idea.
What would be the black market price for something like this? It has to be at least 10x more at $500K as a low end. Realistically a million $+