Thank you to the amateur satellite community for the response!
The Vaporsec CTF team, specifically open to amateur radio operators, has seen the largest turnout for a Capture the Flag competition in team history, for this satellite-themed event. We have over 20 signed up for the qualifications event this coming weekend. We believe that based on the diversity, quality, and positive can-do spirit, that we have a chance at being competitive and moving on to the final round in late summer.
We had a successful team organizational meeting last night are are looking forward to a Friday 5pm Pacific start time. I'm looking forward to being able to share how amateur radio operators and practical experience carried the day!
Rules and link to the Hack-a-Sat website are up-thread. The point of the competition seems to be the Air Force wanting to see what the current level of competence is out there with respect to satellite operations and security. Hints have included backgrounders on ADAC, Satellite IoT platform security, protocols, ground control, and more.
Something that we noticed is that an unsolved challenge in last weekend's DEFCON CTF qualifier round was from the same team that is putting on Hack-a-Sat CTF.
So! If you are wondering what kind of challenges are posed to participants in a CTF, here is that satellite-themed challenge. We expect this sort of thing to be the starting point for an entire weekend of satellite reverse engineering, puzzle solving, and rogue-craft-wrangling.
There are two files related to the challenge. The challenge text and the two files can be found at:
https://github.com/phase4space/research-papers/tree/master/interrupted_DEFCO...
See you on the other side of the CTF! We will have a write-up of the event and share any and everything we learn along the way.
-Michelle W5NYV
On Tue, May 12, 2020 at 1:17 PM Michelle Thompson < mountain.michelle@gmail.com> wrote:
Thank you for the interest! We have 14 on the team and rising.
The one question that has come up is whether federal contractors can participate. There is a FAQ at the Hack-a-Sat website that addresses this.
Q: Can my business team include contractors (not "Federal entities", not "Federal employees", not "Federal Government Military or Civilian employee") who support federal contracts?
A: Yes.
If this happens to be holding you back from participating, then know that it should not. I understand that there are a complex variety of definitions involved, but the FAQ was written to address a common case that isn't disqualified from this particular event, organized through the Air Force.
-Michelle W5NYV
On Fri, May 8, 2020 at 12:26 PM Michelle Thompson < mountain.michelle@gmail.com> wrote:
Greetings all!
I've put out the call for participation for the Hack-a-Sat competition in the past, and would like to bring you all up to date on the developments and opportunities that have developed since.
The website is here: https://www.hackasat.com/
Hack-a-Sat is an activity that was scheduled to happen at the in-person DEFCON event.
As of today, yes, it's true. DEFCON has been cancelled.
Those of you that have volunteered at Ham Radio Village in the past are familiar with the event. For those of you that are not, it's a long-running hacking and cybersecurity event that has enthusiastically adopted everything RF and amateur radio.
The United States Air Force, in conjunction with the Defense Digital Service, organized this year’s Space Security Challenge, called Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems. This competition is going to be held! It's now a virtual event.
Security in the amateur radio sense of the word is fundamentally different from commercial and military applications. We have an advantage here, mainly due to the enormous leverage we have due to our context being completely different from what the Air Force and commercial interests assume. This is, essentially, a diversity advantage.
If you want to participate on an experienced Capture The Flag (CTF) team, then I am here to extend an invitation. Anyone that reads through the rules and can afford to spend some time during the event is invited to apply to join Vaporsec. This is a team that has a majority of information security professionals. There are some satellite industry people, some amateur involvement, and I'd like to make sure that anyone interested in competing from AMSAT-BB gets a chance to join a competitive team.
The benefits to amateur radio are primarily technical, with policy and security a close second. The Air Force has some agendas here in terms of improving satellite security. Exposure to the challenges alone is a an excellent opportunity to learn more about modern satellite technology... and what a significant player in space wants to find out more about. Don't assume that that the challenges in the competition are going to be "too hard". What is trivial for one viewpoint is unsolvable for another.
I'll be writing about the event and what we learned when it is over, so this sort of knowledge will not be secret. However, there is no replacement for participation, and you could very well have the practical knowledge, gained from operating real satellites, that wins the competition. As you can see from the website, there is some real money involved and opportunities for technical writing.
Let me know at w5nyv@arrl.net if you would like to talk more about joining a CTF team for this really neat and unique event.
Know someone that you think should participate? Please forward to them.
-Michelle W5NYV