The heroes who hacked a satellite

RI&S cyber experts & colleagues take a top prize at DEF CON

Nothing is safe from cyberattacks – not even satellites.

So that would explain why a team composed of Raytheon Intelligence & Space cyber experts and their colleagues spent some 20 hours undoing a simulated attack on a satellite as part of a competition at DEF CON 28, one of the world’s premier cybersecurity conferences.

The team – named PFS, an acronym with several meanings and all inside jokes – won first place in the “Hack-A-Sat” competition, which was conducted virtually and sponsored primarily by the Air Force Research Library. It was the final of several qualifying challenges – and a rare opportunity for competitors to try their hand at hacking a satellite.

“We hope to learn from the community how to be better and more cyber resilient in systems we build in the future,” said Will Roper, U.S. Space Force and U.S. Air Force acquisition chief, during his keynote speech.

Here’s how the challenge, known as a CTF, for “capture the flag,” worked: Teams were charged with regaining access to a satellite that had been hacked by an adversary. The intruders also embedded malicious software that broke off communications with the ground station.

“This competition was unique in that a lot of CTFs don’t go the route of having to hack into a network,” said Hunter Gregal, an RI&S security engineer and a member of the team. “From there, they escalated actually having to interface with the satellite, which in itself is amazing. It’s a once-in-a-lifetime opportunity to try to attack a target like this.”

The team drew from weeks of regular CTF competitions, where they squared off against other security researchers and “white-hat” hackers, or those who use their skills to protect, rather than to compromise or exploit.

“We go hard at least once a month,” Gregal said. “That means the team collectively makes a decision to be online for the majority of the competition, which is usually about 48 hours. We stay on and focus on solving as many challenges as we can. These competitions are practice and gets us working as a team.”

Then they’re able to tackle challenging problems in the real world, employing lessons learned into the systems and products RI&S designs and develops for customers.

“I get exposure to new tools that are coming out of CTF competitions,” said Justin Wright, a vulnerability researcher at RI&S and a member of the team. “There are quite a few tools that I’ve taken to work after using them on CTF problems and then used them to do whatever I’m tasked to do.”

These exercises also provide an opportunity to learn unforeseen vulnerabilities in a system or network.

“The direction I think we’re going -- that we ought to go is fully embracing the hacker community at DEF CON and not waiting until systems are built to create opportunities to learn and help us learn,” Roper said. “We should bring the hacker community into systems as we design them – help us make them more secure before we’re producing them. And I think this can be win-win. We can learn a ton from this community.”

For more information, check out and how2heap, a repository for learning various exploitation techniques taken from live challenges.