13.7 C
New York
Saturday, April 13, 2024

The Feds Want These Teams to Hack a Satellite—From Home

As a kid, Alvaro Prieto kept “astronaut” open as a career option. When his family moved from Mexico to Florida—the state where the actual astronauts lift off—his off-world fascination only grew. “After surviving one year in the US, my gift was Space Camp,” he says, referring to the famous kids’ program in Huntsville, Alabama. Later, he convinced his dad to drive up to Cape Canaveral to watch the shuttle Discovery’s final ride, soon bidding farewell to the era of spaceflight he’d grown up with.

So, yeah, Prieto likes space. But, no, he didn’t become an astronaut: Instead, he’s an electrical and firmware engineer who has worked in the telecommunications, consumer electronics, semiconductors, and medical industries. With his combo of cosmic interests and cyber skills, though, he is the target demographic for a contest called Hack-a-Sat, hosted by the Air Force and the Defense Digital Service. Hack-a-Sat is what it sounds like: From August 7 to 9, competitors will try to hack an actual satellite during a socially distanced, online-only Defcon, one of the world’s largest hacker conferences, as part of the Aerospace Village.

Prieto’s Hack-a-Sat team, called ADDVulcan, is one of eight—out of a total of around 1,300—that made it through the qualifiers back in May and are now vying for the $50,000 first prize. Teams could be of unlimited size and made up of people from different companies or universities, as long as they contained one US citizen and nobody on the Department of Treasury’s “Specially Designated Nationals” list, a database of people and companies the government has deemed to be acting on behalf of “targeted countries,” or non-state organizations like terrorist groups or drug trafficking networks. Once the hackers registered a group (or boldly filled in the forms solo), they were eligible for the 48-hour-long qualifying round.

Normally, many would have booked an Airbnb, bought a bunch of snacks and caffeine, and hacked it out in the house together. With everything going virtual, though, teams largely stayed home and chatted on the likes of Discord servers and Slack channels.

When they logged in for the qualifiers, competitors saw a Jeopardy!-style board, with 32 challenges arranged from easy to hard under six categories, like “Astronomy, Astrophysics, Astrometry, Astrodynamics,” or “Payload Modules.” “Most are areas of study I'm unfamiliar with,” says Prieto’s teammate Amie Dansby, who says her “day-walker job” is being a simulation software engineer. “Everyone starts knowing nothing, and I definitely felt like I was starting at the I-know-nothing phase.” Dansby first floated the challenge to a few friends during a video hangout, and then team leader Will Caruana helped gather a larger team totaling 51 people, some of whom did have space know-how.

At the start, only a few of the perplexing challenges were unlocked. The first team to solve a particular problem—to “capture a flag”—got to unlock another challenge for everyone. Each successful solve earned the teams points, with the specific scoring for each problem determined by the total number of correct answers.

Those qualifiers were kind of a gauntlet. For Prieto, one memorable challenge was called “Don’t Tweet That Picture.” Participants were given three illustrations of five buildings, meant to simulate photos taken on a certain date, each casting shadows, along with their latitude and longitude. Their mission, should they choose to accept it, was to figure out where the camera and light source were. Immediately, Prieto knew this fictional-game scenario was based on a past real-world problem: the time President Donald Trump tweeted a creepily high-res, from-above photo of an Iranian spaceport where a rocket had just blown up. In HD detail, you could see the writing on the launch pad, the damaged cars, the disturbed earth. “The United States of America was not involved in the catastrophic accident,” Trump wrote, attaching a satellite picture sharper than the public had ever seen and so broadcasting previously undisclosed surveillance capabilities.

Trump didn’t say where the photo had come from, or even that it was a satellite shot. But online analysts, energized by its unknown origin, started trying to figure out which shutter snapped it. And they succeeded, detailing the effort on the “SatTrackCam Leiden (b)log.” The blog’s host, Marco Langbroek, uses a network of cameras to gather information about classified sats and missile tests. His post about the rocket failure revealed how shadows, satellite orbits, and the viewing angle revealed which satellite had likely seen that Iranian launchpad so clearly.

Prieto looked at the fictional buildings on his own screen, recalling the SatTrack work and thinking perhaps he could replicate the analysis for these fake Hack-a-Sat photos. “I only tried it because I remembered, ‘Oh, the math has been solved,’” he says. “It’s in this blog post.”

That didn’t quite work out as planned. There was actually a bug in the problem itself, meaning that—as the competition organizers put it to participants—the problem was “unlikely to be solved in the anticipated way.” No one found an unanticipated way during the competition, but one team did after the fact.

Still, ADDVulcan solved 23 other challenges, including one Prieto netted called “Where’s the Sat?” The instructions were short: "I tell you where I'm looking at a satellite, you tell me where to look for it later." Another one he figured out was called “Digital Filters, Meh.” It asked competitors to parse the code controlling a satellite’s orientation, looking for a bug. In the end, ADDVulcan came in fourth by nabbing enough flags worth lots of points.

On August 7, when the next stage of the competition starts, they’ll work problems on a tabletop satellite called a FlatSat, which is basically a terrestrial replica of the hardware and software you’d find on a real orbiter. Then, if they succeed, they’ll get to try to type their way into an actual space satellite.

Satellites have become more and more important to US defense and intelligence operations. From above, they image the whole world, making secrets harder to keep. They allow for communications, and for intercepting communications. They help track ships and planes. They gather weather data. They provide location, timing, and navigation information.

Most of that is important to you too. The modern American world can’t run without satellites. And yet sats are not nearly as safe and secure as our still-functioning world seems to indicate. Their cybersecurity has been weighed in the balance, and has, in general, been found wanting. As cyber-conflict scholar Will Akoto of the University of Denver pointed out in a February op-ed for Undark, “there are currently no cybersecurity standards for satellites and no governing body to regulate and ensure their cybersecurity,” and no organization to enforce standards anyway. (Two of the more egregious instances he points out: In 1998, hackers got to an astronomical satellite called ROSAT and pointed its solar panels directly at the sun, ruining it. And in 2007 and 2008, hackers gained access to NASA and US Geological Survey sats.)

The US military and intelligence communities are also increasingly worried about conflict in space, often citing—as this Defense Intelligence Agency document does—China’s and Russia’s alleged development of directed-energy weapons, signal jammers, anti-satellite missiles, satellites that can scoot up close to other satellites and robotically mess with them, and, yes, cyber skills.

That vulnerability, plus a fear of impending attack, explain why the Air Force and the Defense Digital Service dreamed up Hack-a-Sat: so they can learn about holes and bugs before someone exploits them, and so they can foster the talent that could patch things up if someone does maliciously access a satellite. “That’s where we started,” says Clair Koroma of the Defense Digital Service, who helped organize Hack-a-Sat. “We give this community access to a satellite in a way that they never would have had before, and we get to learn all of the nuances, and all of the vulnerabilities, that we weren’t anticipating. And we get to mitigate those.”

DDS director Brett Goldstein put the motivation for the competition more bluntly: “I have no tolerance for shitty cybersecurity, and as the DOD, we need to worry about this all day long.” Hosting a few long days of Hack-a-Sat is one way to worry productively.

In the past, the Department of Defense might not have been so keen on bringing their goods to a conference where participants famously play a game called Spot the Fed. (If you win, congratulations: You get a T-shirt). But starting last year, when the Air Force let hackers have at the data-transfer system of an F-15—that wariness has has been flux, says Goldstein. At least the DDS, an admittedly start-uppy part of the military, is pivoting toward the idea that there’s security in openness and transparency, not just in secrecy. “I think people have been afraid of Defcon and the hacker community, where honestly I think we need to be embracing it,” he says.

And embrace it they are: In 2020, they wanted to go bigger, higher than inviting attendees to hack a mere fighter-jet system. What if hacking, they thought, … but in space?

Thus, Hack-a-Sat was born. “To be frank, I didn’t know if we could do it,” says Will Roper, a former string theorist who’s now assistant secretary of the Air Force for acquisition, technology, and logistics, and who helped organize both last year’s and this year’s military-hosted challenges. The first obstacle was finding a candidate satellite: an orbiter whose owners and operators gave permission for their satellite to be pwned—in this case, commandeered by Defcon registrants and reoriented away from Earth to take a space picture. The Hack-a-Sat organizers did find one, although its identity isn’t public.

While competitors don’t yet know which satellite they’ll be breaking into, they're prepping anyway. Hacking space objects, though, is different from hacking web systems. Besting a cybersystem in space requires understanding things like orbital mechanics, how ground stations work, what the weird radio-frequency protocols are, and how the circuit board side of a satellite actually looks—not the usual fodder.

Members of a team called PFS, who also made it to the final round, didn’t have much on-orbit experience when they signed up. “The space part threw a wrench in stuff,” says PFS member Demarcus Williams. “I wasn’t familiar with the terminology, the math required.”

“Normally, the only math we have is about cryptography,” chimes in his teammate Cyrus Malekpour. The two used to be coworkers and started doing capture-the-flag hacking events, or CTFs, online, amassing a small group of friends who enjoyed this arcane hobby. During the initial Hack-a-Sat challenges, Malekpour was surprised by how much infrastructure is unique to satellites, and how much of their tech has old roots. For instance, he parsed archival NASA white papers to figure out WTF a “star tracker” was before he could build one from the ground up. (It’s a device that measures stars’ positions and uses them to tell the satellite how it’s oriented).

To combat their own lack of sat knowledge, a team called Samurai—another of the eight finalists—invited aboard new members from university physics programs who did know about space, even if those recruits didn’t have much experience with hacking or capture-the-flag challenges. “They got to see our world, and we got to see theirs,” says Samurai’s Steven Vittitoe, who comes from the hacker, not the space, hemisphere.

Vittitoe started doing CTFs more than a decade ago, while he was in the hospital after his son’s birth. He was a member, back then, of a team called sk3wl 0f r00t (a group once name-checked on HBO’s Silicon Valley), and a Defcon qualifying event was going on. The hospital had Wi-Fi; Vittitoe had his laptop; he didn’t need as much sleep as a newborn or a recovering mother. Why not? “I guess I've always been a hands-on dad with a hacker twist,” he says. A more modern example: He recently put a cipher lock on his office door, gave his son the code in binary, and told him, “If you can figure it out, you can come into Daddy’s office whenever you want.” (The son currently comes in whenever he wants.)

Vittitoe, too, recalls old NASA stuff coming in handy during the qualifying rounds. In one challenge, the team had to infiltrate a simulated Apollo 11 guidance computer and read out a numerical value locked inside. Other challenges—all taking place within a simulated environment, not in the innards of actual orbital systems—dealt with satellite operations, which taught some space basics in the course of competition: Task the satellite to take a picture, upload it, charge the spacecraft batteries without sending it into the sun, etc. “We crashed many simulated satellites in our attempts to find the correct solution to these challenges,” says Vittitoe.

Sure, space is hard and different, he concedes. You have obscure—sometimes antiquated and kludgy—systems whizzing around Earth at thousands of miles per hour, connecting to ground stations and possessing solar panels and thrusters and one-of-a-kind instruments. But one thing always plays out in heaven as it does on Earth: “At the end of the day, this is all code running on a computer,” he says. “It has inputs, it processes those inputs, and it produces outputs.”

Samurai and the other seven teams that will hack a sat recently received their own FlatSat base station in the mail. “They’re going to be able to rip it apart,” says Roper. Normally, they might have done that from the same physical location, but teams (being hackers, after all) have had no trouble remotely accessing the base station and acquainting themselves with it, while it remains in one person’s possession.

When the final competition begins on August 7, they’ll first have to work problems on another FlatSat. At some point in that heads-down work, the organizers will task the teams with writing code that can take control of the actual on-orbit satellite, which will be carving an ellipse around Earth. The code must command it to change its orientation, point its camera at the moon, and snap a pic.

After testing and perfecting that code on their FlatSat, the team with the most accurate, efficient, and timely solution will get to issue commands to the real satellite, sometime in a 24-hour window, and take a lunar portrait. “A literal moon shot,” says Roper. A shot that, Roper believes, the organizers would tweet out that day.

That kind of openness runs through the whole competition, with participants, for example, required to publish all their solutions to challenges. The transparency cut down on ethical questions some competitors might’ve had about hacking for the Feds. “It’s not, ‘Oh, OK, learn to hack this thing. And tell us, and don’t tell anyone else. And we’ll use it offensively,’” says Prieto. “For me, personally, it removes some of the concerns about it. If it was one of those ‘Sign an NDA and do this thing,’ I don’t think most people would be comfortable with that.”

But it’s not like there are a lot of other options if you want someone’s blessing to go hack an operating satellite. “I don’t know people who have satellites lying around,” says Williams, of team PFS.

Co-conspirator Malekpour agrees. “I don’t know how I would normally get to do this, or get a FlatSat,” he says. “I don’t think you could just get this on Amazon.”

Still, there’s a bit of cultural side-eye cutting the other direction, too. Despite a thawing in relations, as evidenced by efforts like Hack the Pentagon and the hack-an-F-15 invitation, tensions between the two communities have a long history. And so, says Goldstein, “on the DOD side, there’s baggage.”

But suggesting that hackers and feds are dichotomous and dissimilar doesn’t reflect reality. “We force people into that word,” says Goldstein, of the term hacker, “when often we are talking about security researchers.” Many, even most, hackers are not rogue agents in basements but professionals with jobs—sometimes inside or on behalf of the government—whose 9-to-5 duties include discovering vulnerabilities like this. “We have people who carry the highest security clearances who are security researchers, hackers,” says Goldstein. “That is part of our community.”

Related Articles

Latest Articles