Two world’s biggest telescopes hacked by Ransomware attack

Several telescopes are still down weeks after a cybersecurity attack was discovered by US National Science Foundation (NSF) researchers. There is presently no information available on when the Gemini North telescope in Hawaii and the Gemini South telescope in Chile will resume operations. A number of smaller telescopes on the slopes of Cerro Tololo in Chile were also shut down “out of an abundance of caution”.

The IT team at the National Science Foundation’s NOIRLab discovered suspicious behavior in the laboratory’s computer systems early on the morning of August 1. This led to the decision to temporarily halt activities at the huge optical infrared telescopes located on Hawaii’s Maunakea for the sake of safety.

The ‘double’ telescope located in the southern Andes of Chile was already in the process of being prepped for maintenance and required very little more work.

Even while it is unclear what kind of threat, if any, the telescopes themselves would have been exposed to, this threat serves as a reminder that doing scientific research is an expensive endeavor, with astronomical research facilities needing yearly budgets that can easily reach into the millions of dollars.

There is a cost incurred by the scientific community for each day that passes with the facilities being unavailable to researchers. Not just monetarily, but also in terms of the data that was lost.

Because astronomical studies sometimes need activities to be precisely scheduled, disturbances like this have the ability to completely derail whole research efforts if a sufficient number of important observation windows are missed.

Even though this is one of the first ransomware intrusions on a scientific research institution, hacks against astronomical facilities aren’t exactly unheard of.

Hackers gained access to the Atacama Large Millimeter Array Observatory in Chile through a virtual private network in October 2022, which resulted in the facility being forced to shut down for many months at a cost of around US$250,000 per day.

It is assumed that the purpose of the “particularly sophisticated” hack had been to extract money from the observatory’s consortium of operators. This is consistent with the suspicion that the intrusion was a ransomware attempt.

In its most recent statement, the lab said that it was “continuing its efforts to diligently investigate and resolve the cybersecurity incident that occurred on its computer systems on August 1st.”

Many helpful resources, like the website Gemini.edu, were unavailable to scientists and amateurs as a result of the tragedy.

“Our team is collaborating with cybersecurity specialists to quickly restore internet access to all affected telescopes and our website, and we are pleased with the results thus far. We are unhappy that several of our telescopes are not now watching, as is the whole astronomical community, according to NOIRLab.

Since the notional launch date was set for August 31, the Lab was compelled to postpone a Gemini Call for Proposals for the Semester beginning on February 1 of the following year.

“We continue to make data available via our website because we think that open access and information sharing are essential for good scientific cooperation. The Lab states that “we are constrained in what we can reveal about our cybersecurity measures and investigative results since our investigation into this issue is continuing.

Several years prior to that, an unlicensed Raspberry Pi that was linked to computers at NASA’s Jet Propulsion Laboratory enabled unlawful access to the Deep Space Network. As a result of this, the Johnson Space Center was forced to withdraw their own mission systems from the gateway entirely.

More money will be required to safeguard the information technology at the center of the scientific infrastructure for researching the universe as projects increase in scope and complexity and in size, as well as as attacks become more sophisticated.