Hackers shut down 2 of the world's most advanced telescopes

News
By Brett Tingley
published

It's unclear exactly what the nature of the cyberattacks were or from where they originated.

a telescope on a mountaintop under a very starry sky
Gemini North, located on Maunakea in Hawaii. Gemini North is one half of the International Gemini Observatory, a Program of National Science Foundation's NOIRLab. (Image credit: International Gemini Observatory/NOIRLab/NSF/AURA/P. Horálek (Institute of Physics in Opava))

Some of the world's leading astronomical observatories have reported cyberattacks that have resulted in temporary shutdowns.

The National Science Foundation's National Optical-Infrared Astronomy Research Laboratory, or NOIRLab, reported that a cybersecurity incident that occurred on Aug. 1 has prompted the lab to temporarily halt operations at its Gemini North Telescope in Hawaii and Gemini South Telescope in Chile. Other, smaller telescopes on Cerro Tololo in Chile were also affected. 

"Our staff are working with cybersecurity experts to get all the impacted telescopes and our website back online as soon as possible and are encouraged by the progress made thus far," NOIRLab wrote in a statement on its website on Aug. 24.

Related: Spies and hackers are targeting the US space industry: report

It's unclear exactly what the nature of the cyberattacks were or from where they originated. NOIRLab points out that because the investigation is still ongoing, the organization will be cautious about what information it shares about the intrusions. 

"We plan to provide the community with more information when we are able to, in alignment with our commitment to transparency as well as our dedication to the security of our infrastructure," the update added. 

The cyberattacks on NOIRLab's facilities occurred just days before the United States National Counterintelligence and Security Center (NCSC) issued a bulletin advising American space companies and research organizations about the threat of cyberattacks and espionage. 

RELATED STORIES:

—  These 3 teams just hacked a US Air Force satellite in space ... and won big cash prizes

 —  US Space Force creates 1st unit dedicated to targeting adversary satellites

 — Russia is jamming GPS satellite signals in Ukraine, US Space Force says

Foreign spies and hackers "recognize the importance of the commercial space industry to the U.S. economy and national security, including the growing dependence of critical infrastructure on space-based assets," the bulletin stated. "They see US space-related innovation and assets as potential threats as well as valuable opportunities to acquire vital technologies and expertise."

This isn't the first time that astronomical observatories have been the target of cyberattacks. In Oct. 2022, hackers disrupted operations at the Atacama Large Millimeter/submillimeter Array (ALMA) in Chile, and NASA has been the victim of cyberattacks for years. In 2021, the agency was affected by the worldwide SolarWinds breach that NASA leadership called a "big wakeup call" for cybersecurity. 

Join our Space Forums to keep talking space on the latest missions, night sky and more! And if you have a news tip, correction or comment, let us know at: community@space.com.

Brett Tingley
Brett Tingley
Managing Editor, Space.com

Brett is curious about emerging aerospace technologies, alternative launch concepts, military space developments and uncrewed aircraft systems. Brett's work has appeared on Scientific American, The War Zone, Popular Science, the History Channel, Science Discovery and more. Brett has English degrees from Clemson University and the University of North Carolina at Charlotte. In his free time, Brett enjoys skywatching throughout the dark skies of the Appalachian mountains.

12 Comments Comment from the forums
  • Unclear Engineer
    I sincerely hope that assets like Hubble and Webb telescopes are securely protected, both from the Internet-based hacking that all sorts of national, corporate and private entities engage in, and the potential for jealous nation states to get directly into their coms with "anti-satellite" techniques.
    Reply
  • Barkydoo
    Wouldn't you think that by now people would figure out a way to keep this from happening? Even my stuff is compartmentalized and locked. Would be hackers would be up against an entire army of b.s. to even get part way in let alone do any damage to me.

    I'm perplexed. Or....or.....it is an inside job which could be incredibly useful if you needed a scapegoat for some other reason....let's say a financial fraud that the telescope people pulled on their books to abscond with some donated money ...... remember simplest answer is usually the correct answer. "OH my!!! Lions and tigers and bears....we've been hacked!!! Oh my!!
    Reply
  • billslugg
    They went down a month ago, 38 telescopes out of commission, no visible progress, no projections.
    In any computer system it should always be possible to cut the power, wait for caps to discharge, air gap, reboot with physical media, reformat the drive, install backup from physical drive. You lose everything you did since the last backup. Rank speculation? It was all in the cloud and it all got encrypted. Probably way, way too much to fit onto a memory stick.
    Reply
  • Unclear Engineer
    It is not impossible to hack even air-gapped systems, as Iran found out when its nuclear enrichment centrifuges were damaged by a hack.

    But, I agree that too many people in places that should be considering the potential for hacking are not doing that, or at least not doing it well enough.

    Considering how costly something like the Webb telescope is, I hope that the people who are using it to acquire astronomy data understand that their data is a prime target for ransom encryption.

    Considering how much money was spent on the telescope itself, I would think that NASA would set up an air gapped repository for all of the data acquired in a physically secured location, with strict control of physical and electronic access. But, my experience with government computer systems is that they are repeatedly farming-out control to the lowest commercial bidder, so they are always just getting off the toe of the learning curve of "the new guys".
    Reply
  • billslugg
    Stuxnet was delivered via memory stick. When you recover a compromised system it is important to isolate it from any outside inputs before you boot it up. Once up, this system can't run air gapped. 34 of the telescopes are run remotely.
    Reply
  • Unclear Engineer
    Bill, My post was in response to Barkydoo, who seems to think that it is easy to keep hackers from penetrating a system, and thus thinks it is most likely an inside job with the hacking story being used as a cover excuse. (post # 3).
    Reply
  • billslugg
    Your response was immediately after I discussed the subject. When you do that, you will be assumed to be replying to that post, not some other post.
    Reply
  • Helio
    It wouldn't shock me if some cyber punks were showing-off their "great computer skills". What is the resale value of the information?
    It's likely that the cost for down time is in the tens of thousands of dollars, so if the hackers are caught, will they be required to pay for their costly damage? If so, and made public, "smart" hackers might act smarter.
    Reply
  • billslugg
    If they are caught and if there is an extradition treaty then they might be brought in for trial, as this is a felony in the US, at both state and federal levels. If identified they can be sued in civil court for damages, any US assets could then be used to pay off the claims. It is very rare to find hackers as they cover their tracks well. If a ransom is extracted via Bitcoin then, somewhere down the line, someone will try and convert one of the coins to cash and then they got 'em.
    Reply
  • Denny_Crane's_Interwev
    China, North Korea, Russia, Iran, one or more of them acting in concert, they should be considered the primary suspects.

    Common sense tells me I'm correct.
    Reply