Ruhr-Uni-Bochum

Hackers From Bochum Qualify for Renowned Competitions

Sponsored by the Cluster of Excellence CASA, hackers from the Ruhr University Bochum travel to Las Vegas to try to bring a satellite under their control.

Copyright: Fluxfingers/Max

In Capture the Flag (CTF) hacking competitions, teams around the world measure their skills and solve tricky IT security challenges in a virtual environment under time pressure. These include cracking encryption or reverse engineering. The goal is to find, for example, a text file or character string, i.e. the "flag". FluxFingers, the official CTF team of the Ruhr University, regularly takes top places in internationally renowned hacking competitions and may also participate in one in Las Vegas in August 2023.

The Hack-A-Sat and DEFCON CTFs, which will be held in Las Vegas from August 11 to 13, 2023, as part of the DEFCON conference of the same name, are among the most well-known. For the Hack-A-Sat finals, the hackers qualified in first place as "Sauercloud," an alliance of German CTF teams, such as the FluxFingers or RedRocket from the University of Bonn.

In Capture the Flag (CTF) hacking competitions, teams around the world measure their skills and solve tricky IT security challenges in a virtual environment under time pressure. These include cracking encryption or reverse engineering. The goal is to find, for example, a text file or character string, i.e. the "flag". FluxFingers, the official CTF team of the Ruhr University, regularly takes top places in internationally renowned hacking competitions and may also participate in one in Las Vegas in August 2023.

The Hack-A-Sat and DEFCON CTFs, which will be held in Las Vegas from August 11 to 13, 2023, as part of the DEFCON conference of the same name, are among the most well-known. For the Hack-A-Sat finals, the hackers qualified in first place as "Sauercloud," an alliance of German CTF teams, such as the FluxFingers or RedRocket from the University of Bonn.

“Practice Is Over” - Now It’s Hacking in Space
The name gives it away: Hack-A-Sat is a US Air Force competition to hack a satellite. This year, it is called "Practice is over", because for the first time, this satellite is actually in space. "Moonlighter" was designed specifically for hacking and was launched into orbit by SpaceX's CRS-28 rocket on June 5, 2023. 780 teams had participated in the qualifying round of the Hack-A-Sat. The top five teams, from Australia, Germany, Italy, Poland and the U.S., now get to try to penetrate and take over Moonlighter's systems in the finals.

"A big challenge is the delay between the ground station and the satellite, since its position in orbit is constantly changing. Finding the right time for the exploit here is quite challenging," explains FluxFinger member Felix Buchmann. In addition to classic disciplines, such as solving crypto challenges, the participants will also have to solve physics problems. "After all, the satellite must not fall out of its orbit, which makes the whole thing more difficult, but of course also much more interesting," says Felix.

The CASA Cluster of Excellence "Cyber Security in the Age of Large-Scale Adversaries" of the Faculty of Computer Science is sponsoring the FluxFingers' trip to Las Vegas. "The event is considered the 'world championship' of security CTFs, where participants must demonstrate their skills in finding, exposing and fixing vulnerabilities of all kinds, at the highest level. The qualification alone shows the quality of the FluxFingers", emphasizes Kevin Borgolte, Professor of Software Security and Principal Investigator of the Cluster of Excellence. From his own experience, he knows that "the skills that participants refine and improve in CTFs and their preparation, such as in-depth analysis of highly complex systems and also 'thinking out of the box', are significant for students' academic and professional futures. For research, these skills are essential. Of course, we want to get more FluxFingers excited about scientific research, so we are happy to support them and their participation in the DEFCON CTF!"

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.