To the moon and back – online at the Hack-A-Sat

Wednesday 12 August 2020
A photo of the moon secured the FluxRepeatRocket team – made up of the best hackers from H-BRS and Ruhr University Bochum plus an expert from Stuttgart – the tidy sum of 20,000 dollars in prize money. The team had come third in the final of the US Air Force's Hack-A-Sat contest, leaving five other groups of hackers trailing in their wake. Ruben Gonzalez, a doctoral student at H-BRS and founder of the RedRocket team from the Sankt Augustin campus, had this to say about their success: "We were the only German team to make it to the final. We could have done even better than third but we were only given the test satellite two hours before the competition."
Hack-A-Sat 2020: Siegerehrung mit projizierten Logos der drei Erstplazierten. FluxRepeatReport sind auf Platz 3.
Hack-A-Sat 2020: Award ceremony with projected logos of the first three winners. FluxRepeatReport came in 3rd place
Hack-A-Sat 2020: Teamlogo von FluxRepeatRocket
Hack-A-Sat 2020: FluxRepeatRocket team logo

So what was this all about? The Hack-A-Sat contest was the brainchild of the US Air Force. Some 2,200 teams entered the qualifying stage, which FluxRepeatRocket came through with consummate ease, winning a CubeSat satellite and USD 15,000 just for making it to the last eight. In the final, the teams were handed a scenario in which a satellite had been taken over by a hacker and now had to be recaptured by finding and exploiting the security vulnerability that the hacker had left. To prove their successful recapture of the satellite, the teams in the final had to rotate it and fly it in a mini-orbit so that it could take a picture of the Moon. One of the toughest parts of this "on-orbit challenge" was to calculate the exact rotational movements and alignment of the satellite and actually get into position to take the photo.

The best solution to the problem came from the team from Poland, who ultimately finished second. Their solution was sent to a genuine Air Force satellite in order to capture the Moon in a photo.

Hack-A-Sat 2020: Hacker vom Team FluxRepeatRockets in Aktion. Foto: FluxRepeatRockets
Hack-A-Sat 2020: Hacker from the FluxRepeatRockets team in action. Photo: FluxRepeatRockets

Instead of assembling at the Defcon hackers' conference in Las Vegas, FluxRepeatRocket's ten hackers contested the final in the TechnoPark in Sankt Augustin under coronavirus restrictions – which meant wide-open windows despite the heat outside. The entire competition ran online. To help them prepare, the finalists had been given a model satellite on which they could practise and try out the controls and propulsion. However, they did not find out what exactly they would be required to do until the contest got under way. FluxRepeatRocket featured six H-BRS students (in alphabetical order): Ruben Gonzalez, Aaron Kaiser, Lukas Kempf, Gina Muus, Manfred Paul and Jan-Niklas Sohn.

The RedRockets were only formed at H-BRS in spring 2018 and have already become leading contenders in international competitions. They have already qualified for two upcoming events, the RuCTF final in Russia and MidnightSun in Stockholm, both of which are being held online... undoubtedly an attractive proposition for the next generation of talent, for which they are very much on the lookout. And anyone interested need not have any previous experience of hacking.

"Hackers have the same core skills as computer scientists," explains team captain Gonzalez. "They have to be able to get their head around unfamiliar systems quickly." From his own experience, he also knows that the security industry likes to hire seasoned CTF players. In CTF (or "capture the flag") competitions, teams are given a computer or network that they have to defend against the other teams. You get points for protecting your own network against your opponents’ attacks or for mounting successful attacks on other teams’ networks.