Huge cyberattack disables telescopes in Hawaii and Chile

"The telescopes on Kitt Peak in Arizona are unaffected. The website Gemini.edu is also currently offline. Our staff are working with cybersecurity experts to get all the impacted telescopes and our website back online as soon as possible and are encouraged by the progress made thus far," they added.

Cyberattack causes chaos

Due to the ongoing shutdown, research teams are collaborating to find alternatives as crucial observation windows become unattainable. As remote control of many telescopes is no longer available, some groups may now have to send graduate students to places in Chile to relieve exhausted on-site staff who have spent the past two weeks directly operating instruments, explains Science.

On 1 August NOIRLab detected an attempted cyberattack on its computer systems, forcing the suspension of astronomical observations at @GeminiObs North in Hawai‘i. https://t.co/BfvAOHovvg and proposal tools are currently offline. More information here: https://t.co/BCZLAPlGd7. pic.twitter.com/Day9XLAQY2

— NOIRLab Science (@NOIRLabScience) August 2, 2023

“We’re all in this together,” explained Gautham Narayan, an astronomer at the University of Illinois Urbana-Champaign whose team is trying to save its chance to observe new supernovas using one of the affected Chilean telescopes. "[The astronomy community has a] grim determination to press on despite the trying circumstances,” he added. 

On the 1st of August, 2023, NOIRLab announced that its Gemini North telescope in Hilo, Hawaii, was hit by a cyberattack. In response to the incident, NOIRLab shut down operations at the International Gemini Observatory, home to the Hilo telescope and its twin, Gemini South, located on Cerro Pachón mountain in Chile. Thankfully, the latter was already offline for a planned outage.

NOIRLab has also disconnected its computer network from the Mid-Scale Observatories (MSO) network on Cerro Tololo and Cerro Pachón in Chile. This made remote observations impossible at various telescopes, including the Víctor M. Blanco 4-meter and SOAR telescopes. As a result, NOIRLab has stopped observations at eight other affiliated telescopes in Chile.

A #cyberattack on the National Optical-Infrared Astronomy Research Laboratory (#NOIRLab) research center for ground-based astronomy has left several large telescopes unable to operate for weeks.https://t.co/BdeeQPkrBt

— Gustavo Cols (@GustavoCols) August 22, 2023

Motive unknown

NOIRLab has not released any further information about the incident, even to its employees. Cybersecurity experts are puzzled as to why the attacker targeted Gemini North. Von Welch, retired lead of the NSF Cybersecurity Center of Excellence, suggests that the attacker may not even realize they are attacking an observatory.

Astronomers are motivated to enhance cybersecurity practices to secure their facilities despite the lack of information on how the Gemini North and NOIRLab systems were compromised. Narayan suggested the entire astronomical community rethink how it manages identity and access software and consider the damage that something as simple as a lost password can cause.

“It doesn’t help if you build the strongest, most impenetrable fortress in the world if you forget to lock even a single door or window,” says Patrick Lin, who leads an NSF-funded space cybersecurity grant at California Polytechnic State University. “The weakest link is often with us, the humans," he added.