Billions of people would have a terrible time if the satellite communications network circling our planet were to fail. Cell phones would stop beeping, navigation systems would crash, TV screens would go black, and financial transactions would fail. most likely three Ways this can happen are: an intense geomagnetic storm caused by a solar flare, like the one that happened in 1859, known as a Carrington event; a cascading collision of space debris, known as the Kessler effect; or deliberate cyber attacks.
On Sunday, a SpaceX rocket blasted off from Cape Canaveral with a special payload designed to reduce those last hazards. On board was a US government Moonlighter satellite, described as “the world’s first and only space hacking sandbox”. Once the satellite is deployed, at the Hack-A-Sat 4 competition in Las Vegas, five teams of so-called “white hat” (or ethical) hackers will attempt to hijack Moonlighter and win $50,000 for exposing its vulnerabilities. bonus. “With Moonlighter, we’re trying to solve problems before they become problems,” says a project lead Tell the register.
In fact, the problem has already landed. Last year, on the day Russia invaded Ukraine, hackers launched a malware attack on Viasat’s KA-SAT satellite. They temporarily disrupted communications for thousands of broadband customers in Ukraine, as well as in Poland, Italy and Germany, where 5,800 wind turbines were also affected.
“We all know that the first shot in the current conflict in Ukraine was a cyber attack on a US space company,” said Kemba Walden, acting US national cyber director.
Leaked CIA intelligence warned that China was also building advanced cyber weapons to “deny, exploit or hijack” enemy satellites, the Financial Times reported this year. The United States has not disclosed its own offensive capabilities in this area. But it’s not just Chinese spy balloons that worry Washington.
Space was once entirely the domain of nation-states, and as launch costs fall and satellites shrink in size, private companies increasingly dominate the game. Last year, the US launched 1,796 objects into space, 32 times more than in 2000. The lines between military and civilian use are also blurred due to dual-use applications such as GPS, with commercial satellites being targeted. And because of the difficulty of securing satellites in space, designers have added many spare parts, increasing the “attack surface” that hackers can exploit.
Viasat said it had learned from last year’s attack and had beefed up its defenses. Basic cyber hygiene is essential at every link in the communications chain (the hacker gained access to a misconfigured terrestrial VPN device). Constant vigilance is needed: The American company has been under attack since the war began. Rapid response teams must be ready to re-establish control if systems are compromised.
“Anyone who claims perfect security is either lying or they don’t know what they’re talking about,” Craig Miller, president of government systems at Viasat, told me. “You have to be able to react very quickly.”
James Pavur, a cybersecurity engineer at US startup Istari, said there are three main ways to hack satellites. The first target is terrestrial infrastructure, which is the easiest attack surface to enter, but is usually the best protected. Hackers can then aim to intercept wireless communications between ground stations and satellites — or spoof them. The third and most difficult method is to track “birds in orbit” by building or exploiting security backdoors into satellite components. Therefore, operators must ensure the security of their entire supply chain.
Most hacks are difficult to trace. Only four countries are known to be capable of destroying satellites with rockets — the United States, China, India and Russia — although such attacks risk triggering the Kessler effect. But anyone can crack software at any time.
Pavur sees white hat hackers as a particularly valuable community in helping to secure critical satellite infrastructure. “There is a mentality of security through obscurity. But a sufficiently motivated adversary will find a ‘loophole,'” he said. It is better to discover these vulnerabilities first and fix them than to try to hide in obscurity.
The idea of crowdsourcing security sounds like an oxymoron. But over the past decade, white-hat hackers have gained skepticism. As a software developer puts it: “Given enough eyeballs, all bugs are shallow.” That rule might even apply in space.
john.thornhill@ft.com