A group of Italian cyber research specialists have won this year’s edition of the Hack-a-Sat competition. The Italian team, codenamed “mHACKeroni“, consists of 5 members, and went home with the $50,000 prize after successful hacking into a satellite that was actively orbiting Earth.
The Italian team beat last year’s winners, Poland-based “Poland Can Into Space” to win the first position, while the Polish team came second and won $30,000. The UK-US joint team – jmp fs:[rcx] – came third, and won $20,000.
While previous editions of the competition used a satellite simulation, for the first time, the teams were asked to attack a real satellite in space, which was designed specifically for the event. The satellite, which is a small cubesat known as Moonlighter, was developed by the Aerospace Corporation and the U.S. Air Force Research Laboratory. It was launched on June 5, 2023 atop a SpaceX Falcon 9 rocket.
Reacting to their success, a member of the Italian team who won the finals, said: “Playing Hack-A-Sat, for me, is like challenging myself to understand better a problem space that is amazingly complex and extremely exciting. Doing that for security, which I am extremely excited about, is like a dream come true.”
About the competition
Hack-a-Sat competition had its maiden edition in 2020. The competition has the goal of enhancing satellite system security, by challenging ethical hackers to breach satellite defenses.
Inspired by the Hack the Pentagon initiative, this year’s edition had more than 700 teams of cyber researchers vied in the qualifying rounds held in April. Out of this fierce competition, only five teams earned a spot in the final round which held in August at the DEF CON cybersecurity conference in Las Vegas.
The final round comprised two ground-based challenges and seven on-orbit challenges. These trials put hackers’ skills in spacecraft operations, radio frequency communications, and reverse engineering to the test. The pinnacle of the competition was hacking into Moonlighter, a CubeSat developed by the Aerospace Corporation and the US Air Force Research Laboratory.
The hackers were tasked with establishing a data link with the satellite, capturing an image of a designated ground target, downloading it to a ground station, and circumventing the satellite’s image restrictions. This all had to be accomplished while Moonlighter was in orbit and moving at a speed of five miles per second (8km/s).
However, the challenge didn’t end there. Participants needed to defend their own systems from rival teams, using encryptions and firewall protections.
In its earlier editions, the Hack-A-Sat contest allowed competitors to practice on simulated ground-based satellites and a laboratory digital twin of Moonlighter. This simulated “capture the flag” approach involved identifying hidden text strings known as “flags” concealed within malware programs or websites.
The Hack-A-Sat contest showcases the convergence of advanced technology and the boundless universe, where ethical hackers tackle challenges that were once the stuff of science fiction. As these hackers rewrite the rules of cybersecurity, they’re not just defending data – they’re safeguarding the future of space exploration.
The US Air Force and Space Force believe that hosting competitions like Hack-A-Sat can help identify vulnerabilities and gaps in their satellite systems, especially ones that can be exploited by adversaries.
“We are so proud of the entire Hack-A-Sat effort and particularly the development of Moonlighter as the first and only hacking sandbox in space. Hack-A-Sat has raised public awareness on the importance of space cybersecurity and has helped to strengthen the industry, security, and government partnership that we need to build more resilient space systems that will keep our nation and our world secure,” Col. Neal Roach, director of Engineering and Integration for Space Domain Awareness and Combat Power, said in a press release.