Moonlighter Satellite to Host First On-Orbit Cybersecurity Challenge

The foot-long toaster-sized Moonlighter CubeSat was designed to be hacked in contests such as Hack-A-Sat and is built with safety features such as no propulsion. (Image: Aerospace Corporation)

Moonlighter reached low earth orbit July 5 after a short visit at the International Space Station (ISS) and is on track for its inaugural mission: to host an on-orbit cybersecurity challenge during Hack-A-Sat 4 finals, making it the first on-orbit capture the flag (CTF) hacking competition.

It took four years, but "this year, we are in space for real," said Steve Colenzo, Technology Transfer Lead for the Air Force Research Laboratory's (AFRL) Information Directorate in Rome, New York, and one of the contest organizers.

Colenzo continued that Moonlighter is the only satellite designed to advance cybersecurity for space systems. The Aerospace Corporation, in partnership with the Air Force Research Laboratory, Space Systems Command and the International Space Station National Laboratory launched Moonlighter on June 6.

The 3U CubeSat left Earth’s atmosphere aboard SpaceX CRS-28 June 5 at 11:47 a.m. ET, arriving at the ISS on June 6 at 5:54 a.m. EST. After about a month on the ISS, Moonlighter was deployed into low earth orbit on July 5 at 6:05 a.m. EST. The Hack-A-Sat 4 final event runs Aug. 11-13 in the Aerospace Village at DEF CON 31 in Las Vegas, Nevada.

"Moonlighter's launch is a step toward our nation's advancement in space and space cybersecurity by giving researchers the tools to plan, implement and execute satellite security research in a real-time orbit," said Col. Fred Garcia II, Director of AFRL’s Information Directorate and commander of Detachment 4, Air Force Research Laboratory, Rome, New York.

Sponsored by AFRL and SSC, Hack-A-Sat is an opportunity for a global community of security researchers to hack and learn in an open and collaborative environment with the goal of improving the security and resilience of space systems. In its fourth year, Hack-A-Sat has successfully built a strong alliance of government, industry leaders, academic and security researchers to raise awareness of the importance of space cybersecurity and help ensure cybersecurity is baked into space systems early in their development process.

“Moonlighter takes Hack-A-Sat on-orbit and to the next level in terms of captivating the interest of exceptional global cyber talent because it embodies the most current ideas and operational concepts available and offers intentionally designed challenges based on actual operational satellite data,” said Brig. Gen. Timothy Sejba, SSC’s program executive officer for Space Domain Awareness and Combat Power, or SDACP, and Battle Management, Command, Control, and Communications, or BMC3.

Moonlighter’s launch was welcomed news to the five security researcher teams who placed at the top of the field during the Hack-A-Sat 4 qualification round, earning them a coveted spot in Hack-A-Sat 4 finals. These teams are well known within the CTF community and often place high on the CTF leaderboards. The top five are:

  1. Krautsat (Germany)
  1. Mhackeroni (Italy)
  1. SpaceBitsRUs (USA)
  1. Poland Can Into Space (Poland)
  1. jmp fs: [rcx] (USA)

The qualification round offered challenges that required both cyber and space skills. This year’s quals tested over 700 teams, with the top 20 highest scoring teams receiving non-cash prizes, while the top eight highest scoring teams each receiving a cash prize of $10,000. The top five teams get the chance to compete for the $100,000 final event prize pool.