[amsat-bb] Hack-a-Sat Call for Participation

[Michelle Thompson]

Thank you to the amateur satellite community for the response!

The Vaporsec CTF team, specifically open to amateur radio operators, has
seen the largest turnout for a Capture the Flag competition in team
history, for this satellite-themed event. We have over 20 signed up for the
qualifications event this coming weekend. We believe that based on the
diversity, quality, and positive can-do spirit, that we have a chance at
being competitive and moving on to the final round in late summer.

We had a successful team organizational meeting last night are are looking
forward to a Friday 5pm Pacific start time. I'm looking forward to being
able to share how amateur radio operators and practical experience carried
the day!

Rules and link to the Hack-a-Sat website are up-thread. The point of the
competition seems to be the Air Force wanting to see what the current level
of competence is out there with respect to satellite operations and
security. Hints have included backgrounders on ADAC, Satellite IoT platform
security, protocols, ground control, and more.

Something that we noticed is that an unsolved challenge in last weekend's
DEFCON CTF qualifier round was from the same team that is putting on
Hack-a-Sat CTF.

So! If you are wondering what kind of challenges are posed to participants
in a CTF, here is that satellite-themed challenge. We expect this sort of
thing to be the starting point for an entire weekend of satellite reverse
engineering, puzzle solving, and rogue-craft-wrangling.

There are two files related to the challenge. The challenge text and the
two files can be found at:

https://github.com/phase4space/research-papers/tree/master/interrupted_DEFCON_CTF_Challenge

See you on the other side of the CTF! We will have a write-up of the event
and share any and everything we learn along the way.

-Michelle W5NYV




On Tue, May 12, 2020 at 1:17 PM Michelle Thompson <
mountain.michelle at gmail.com> wrote:

> Thank you for the interest! We have 14 on the team and rising.
>
> The one question that has come up is whether federal contractors can
> participate. There is a FAQ at the Hack-a-Sat website that addresses this.
>
> Q: Can my business team include contractors (not "Federal entities", not
> "Federal employees", not "Federal Government Military or Civilian
> employee") who support federal contracts?
>
> A: Yes.
>
> If this happens to be holding you back from participating, then know that
> it should not. I understand that there are a complex variety of definitions
> involved, but the FAQ was written to address a common case that isn't
> disqualified from this particular event, organized through the Air Force.
>
> -Michelle W5NYV
>
>
>
>
> On Fri, May 8, 2020 at 12:26 PM Michelle Thompson <
> mountain.michelle at gmail.com> wrote:
>
>> Greetings all!
>>
>> I've put out the call for participation for the Hack-a-Sat competition in
>> the past, and would like to bring you all up to date on the developments
>> and opportunities that have developed since.
>>
>> The website is here: https://www.hackasat.com/
>>
>> Hack-a-Sat is an activity that was scheduled to happen at the in-person
>> DEFCON event.
>>
>> As of today, yes, it's true. DEFCON has been cancelled.
>>
>> Those of you that have volunteered at Ham Radio Village in the past are
>> familiar with the event. For those of you that are not, it's a long-running
>> hacking and cybersecurity event that has enthusiastically adopted
>> everything RF and amateur radio.
>>
>> The United States Air Force, in conjunction with the Defense Digital
>> Service, organized this year’s Space Security Challenge, called Hack-A-Sat.
>> This challenge asks hackers from around the world to focus their skills and
>> creativity on solving cybersecurity challenges on space systems. This
>> competition is going to be held! It's now a virtual event.
>>
>> Security in the amateur radio sense of the word is fundamentally
>> different from commercial and military applications. We have an advantage
>> here, mainly due to the enormous leverage we have due to our context being
>> completely different from what the Air Force and commercial interests
>> assume. This is, essentially, a diversity advantage.
>>
>> If you want to participate on an experienced Capture The Flag (CTF) team,
>> then I am here to extend an invitation. Anyone that reads through the rules
>> and can afford to spend some time during the event is invited to apply to
>> join Vaporsec. This is a team that has a majority of information security
>> professionals. There are some satellite industry people, some amateur
>> involvement, and I'd like to make sure that anyone interested in competing
>> from AMSAT-BB gets a chance to join a competitive team.
>>
>> The benefits to amateur radio are primarily technical, with policy and
>> security a close second. The Air Force has some agendas here in terms of
>> improving satellite security. Exposure to the challenges alone is a an
>> excellent opportunity to learn more about modern satellite technology...
>> and what a significant player in space wants to find out more about. Don't
>> assume that that the challenges in the competition are going to be "too
>> hard". What is trivial for one viewpoint is unsolvable for another.
>>
>> I'll be writing about the event and what we learned when it is over, so
>> this sort of knowledge will not be secret. However, there is no replacement
>> for participation, and you could very well have the practical knowledge,
>> gained from operating real satellites, that wins the competition. As you
>> can see from the website, there is some real money involved and
>> opportunities for technical writing.
>>
>> Let me know at w5nyv at arrl.net if you would like to talk more about
>> joining a CTF team for this really neat and unique event.
>>
>> Know someone that you think should participate? Please forward to them.
>>
>> -Michelle W5NYV
>>
>>
>>