— Hackers spent the weekend attempting to control a U.S. satellite during a military-sanctioned event. And while it was all fun and games, the competition is hanging in the backdrop of real concerns about an insidious satellite takeover by America’s foreign adversaries.
HAPPY MONDAY, and welcome to Morning Cybersecurity! And we’re back in the sweet confines of our muggy D.C.-area buildings. It was great to finally meet so many of our industry’s movers and shakers in person. And it was great to meet you again, dry heat.
Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email me at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.
HACKING INTO SPACE — A team of Italian hackers by the name of mHACKeroni won the $50,000 grand prize Sunday afternoon in a U.S. government-backed competition to seize control of a satellite in orbit at the DEF CON hackers’ conference in Las Vegas — a practice test of skills amid very down-to-earth fears about foreign threats.
— Refresher: This was the first time hackers tried to infiltrate a live-in-space satellite, which was built by the Aerospace Corporation and owned by the U.S. Space Force. Both the S.F. and Air Force sanctioned the event, which took place over the weekend.
— Reading between the lines: The interstellar showdown previously only dreamed of in a sci-fi thriller had been marketed as an educational experience meant to foster collaboration within the cyber community, event organizers told MC on the scene.
But while it may look like harmless fun, there are signs that the U.S. has long been concerned of a preemptive Chinese strategy to knock out American satellite systems that could impact its forces down here on earth.
— What the future holds: The CIA reportedly believes China is developing capabilities to “deny, exploit or hijack” enemy satellites, according to a classified intelligence report leaked by an Air Guardsman and reviewed by the Financial Times.
Satellites are widely utilized by the U.S. military, with research from Chatham House in 2019 finding that 68 percent of U.S. munitions in the 2003 invasion of Iraq were guided by space-based means — including laser, infrared and satellite imagery. The U.S. is also heavily reliant on GPS systems beaming in from space to move troops into position.
— And it’s been happening for a while: We caught wind of those hacking aspirations in 2018, when cybersecurity research firm Symantec unveiled a wide-ranging cyber espionage mission originating from computer hackers in China targeting satellite operators. Researchers found that the group’s malware against a satellite communications operator suggested it was after more than just data.
“The attack group seemed to be particularly interested in the operational side of the [operator], looking for and infecting computers running software that monitors and controls satellites,” the report read.
Get the full scoop from my piece reported live from DEF CON.
IN THE ROOM WHERE IT HAPPENED — In a rare experience for all who were present, Biden administration officials sat shoulder-to-shoulder with a mashup of cyber engineers and hackers in a closed-door session to discuss how the government can effectively enforce security policies with tech companies.
It started with participants at DEF CON on Saturday getting a sneak peek of an upcoming CISA document offering recommendations to shift responsibility for secure-by-design and secure-by-default methods onto the design and build of tech products. Then, attendees took a red pen to the packet and voiced their perspectives on how the government could reach those goals.
— Picture this: None of us were allowed to take the document out of the room, describe its contents or attribute quotes to speakers. The line to get in went down the hall, and only a few dozen were eventually let into the small, windowless space — with your MC host sitting on the ground to squeeze in. The mark-up period went for more than an hour.
— Major themes: Some were concerned with whether agency staff followed best practices when developing open-source code, and others thought a big part of the overall problem was a lack of educational programs (one suggested more coding classes). And when it came to the tech industry, some felt the fear of breaking a popular feature is leading companies to keep old, insecure features in use — putting users at risk.
— Who was there: On CISA’s side there was Director Jen Easterly, senior technical advisers Bob Lord and Jack Cable and senior policy adviser Lauren Zabierek. From the White House: ONCD Deputy Assistant National Cyber Director Cheri Caddy and senior adviser for tech and ecosystem security Oumou Ly.
WEED SMOKERS WELCOME — A past life puffing on the ganja may not exactly preclude you from a job at the White House’s cyber office, ONCD acting director Kemba Walden told a raucous crowd at an event at DEF CON.
“I would suggest that if you do smoke marijuana, or happened to have, you can still apply for a job and see what happens,” Walden said in a fireside chat with conference founder Jeff Moss Friday evening.
— Turning a new leaf: Walden further explained that the agency is exploring ways to evolve its policies, and to do that is looking to meet people “where they are.” One big component of that shift was revealed in the White House’s national cyber workforce and education strategy in July, which keyed in on expanding cyber jobs to rely less on academic degrees and job experience and more on skills.
— Put it out: But it’s no secret either that federal employees are barred from partaking in joint toking, considering that the U.S. Drug Enforcement Agency classifies weed as a controlled substance.
Despite a tidal wave of change in public opinion in legalizing marijuana over the last 30 years, past pot use has hurt the careers of White House staffers in the Biden administration.
— Employees burned: Dozens of staffers were either disciplined or dismissed over past cannabis use, which was first reported by The Daily Beast in 2021. Then-White House press secretary Jen Psaki downplayed the dismissals in a tweet on the press office’s official account, saying “only five people” lost their jobs over the marijuana policy.
OVERLORD REPELLENT — At the world’s largest hacker conference where you can’t tell friend from foe, or hacker from fed, you have to use any means necessary to protect your personal data. For some people, that means you don a tin foil hat.
“Obviously we don’t want the alien or government mind control rays to take over,” Laurie (commonly known by her nickname “Lunchbox”) with Psycholics — a group that hosts a tin foil hat-making contest at DEF CON — told MC jokingly. “We know we have our AI overlords coming to get us.”
The group has been a mainstay at DEF CON for the last six years, holding a tongue-in-cheek competition for event goers of all skill levels. To win, people build intricate hats made of foil meant to repel different frequencies being transmitted across the event floor (that Psychoholics set up) and place it onto a mannequin that has a receiver in its head to test its effectiveness.
“DEF CON can be very intimidating, especially your first time or if you’re new to the industry,” she said. “We wanted to bring something that was inclusive to everybody.”
— The best hat ever?: One time, a mother-daughter duo built a “full-on Alien and Predator head,” Lunchbox said.
TELEGRAM BACK IN IRAQ — Iraq’s Communications Ministry says it lifted a recent ban on encrypted messaging platform Telegram on Sunday now that the company has responded to government queries following concerns about mishandling personal user data.
“The company that owns the platform responded to the requirements of the security authorities that called on the company to disclose the entities that leaked citizens’ data,” a ministry statement read.
Telegram spokesperson Remi Vaughn confirmed to Morning Cyber that its moderators took down several channels sharing personal data.
“We can also confirm that no private user data was requested from Telegram and that none has been shared,” Vaughn added.
My friends will never believe me when I say this is what I experienced during my last weekend in Vegas.
ELECTION TUNE UP — Organizers of DEF CON’s “Voting Village” enlisted undercover security consultants and briefed their volunteers on what to do if any agitators showed up — offering a window into the precarious situation of America’s current election security landscape. Get the full story from POLITICO’s John Sakellariadis.
TRUMP TEAM VOTING BREACH?— Prosecutors in Georgia probing Donald Trump’s efforts to overturn the 2020 election have texts and emails linking his lawyers to a Coffee County voting system breach, according to CNN’s Zachary Cohen and Sara Murray.
FAST TRACKING AI — The White House is looking to expedite an executive order on risks posed by AI and how federal agencies could use it, reports Elias Groll for CyberScoop.
Stay in touch with the whole team: Joseph Gedeon ([email protected]); John Sakellariadis ([email protected]); Maggie Miller ([email protected]); and Heidi Vogt ([email protected]).