Arthur T Knackerbracket has processed the following story:
The International Gemini Observatory, a key player in global astronomical research, has temporarily halted astronomical operations following a cyberattack. The culprits and their motives remain unknown.
The computer hack, which took place on the morning of August 1, led to the suspension of the Gemini North and South Telescopes, as detailed in an August 24 statement from the National Optical-Infrared Astronomy Research Laboratory (NOIRLab). While the North telescope is situated in Hawaii, its southern counterpart is located on Cerro Pachón, Chili, with a few other smaller telescopes located in Cerro Tololo, also in Chile. Observatories stationed on Arizona’s Kitt Peak, however, remain unaffected by the intrusion, according to NOIRLab.
[...] “Like the entire astronomy community, we are disappointed that some of our telescopes are not currently observing. Fortunately, we have been able to keep some telescopes online and collect data with in-person workarounds,” NOIRLab stated in its release. “We are grateful for the support of the astronomy community during this difficult time and we thank everyone for their patience as our teams continue to work towards restoring normal operations.”
[...] For the time being, Gemini North has been securely positioned in its zenith-pointing orientation. NOIRLab credits the prompt actions of its security team for preventing any damage to the observatory. As to who is responsible for the hacks, or their motivations, that remains either unknown or undisclosed. NOIRLab has been tight-lipped about the incident, claiming that it is “limited” in what it can share about its “cybersecurity controls and investigatory findings.”
The nature of the hacks is not known, but as Space.com points out, the U.S. National Counterintelligence and Security Center (NCSC) had previously alerted the public about such threats—and even the potential for espionage—in the space sector, emphasizing the critical importance of space assets to national security and economic strength.
(Score: 5, Insightful) by Opportunist on Saturday September 02 2023, @04:53AM (12 children)
Seriously, folks. Why? Why hack an observatory, of all the places? There really is zero reason for it. Extortion is out of the question, these things operate on a shoestring funding. You think there's big bucks in actual science? It's not like they provide any service that can be immediately monetized, so don't expect them to rake in the moolah you could siphon from them.
Bragging rights? You're beating up the nerd of the science community. That's not even worth a golfclap. If anything, anyone who has even a passing interest in the progress of mankind will be upset by your stunt. And the hacker community generally likes the idea that we progress. There is literally nobody in the community that would consider taking down an observatory something commendable. Anything else would have been better. Shut down, I don't know, a chemical research facility, a weapons research facility, hell, a biomed facility. But an observatory? Please, stop pummeling the poor nerd, find someone your own size.
(Score: 5, Interesting) by canopic jug on Saturday September 02 2023, @06:09AM (6 children)
The intruders are interested in CPU, bandwidth in particular, and maybe also persistent storage capacity depending on how they plan to exploit the captured resources. Where those computing resources happen to be is often irrelevant. Fat pipes are fat pipes regardless of who is paying for them. Same for CPUs.
Scans for weaknesses have been automatic for ages and, quite often, so is the exploitation of any Windows systems discovered in the process. You want to take science facilities off the radar for intrusion? Simple. Don't fscking run Windows there, especially on the server. Or if you do, keep it air gapped. Running GNU/Linux or FreeBSD is in and of itself not going to cure all "security" problems but it will raise the bar substantially. In this case it will raise the bar high enough that the automated find-and-breach scripts will pass it by. That is more than enough for most threat models. Yet they chose to not just make the mistake of deploying Windows but actually do so connected to the net. As a result, they have a very high bill in money and lost work and maybe lost data. Even if upgrading to GNU/Linux or FreeBSD gave only a few years of lead time, it would still pay for itself many times over. Time to be pragmatic instead of pushing an ideology.
In the mean time chalk another one up for Windows TCO
Money is not free speech. Elections should not be auctions.
(Score: 4, Insightful) by canopic jug on Saturday September 02 2023, @08:20AM
Good. I struck a nerve by pointing out the matter of the Total Cost of Ownership for M$ Windows in these kinds of events. As long as people are still connecting Windows to the net, these breaches will continue unabated. We've had decades for that fact to soak in, yet there is no movement to correct the situation. So far the only change is like to be a legal shift as m$ increases the strictness of the gag clauses in its institutional level maintenance contracts. Thus vague statements like, "Specific details concerning the cyberattack have yet to be released, with NOIRLab citing security [sic] concerns. ", when the cause is fully known in-house. Keeping mum does not protect the observatory, it only protects the reputation of the vendor which stuck the observatory with insecure systems.
But on to the question of why an observatory of all work places has been breached,
Seriously, folks. Why? Why hack an observatory, of all the places?
Why? It's online, it's got bandwidth, it has at least one public IPv4 address, it's got useful CPUs, and the site has Windows connected to the net. The fact that it is or isn't an observatory is irrelevant to those factors. Heck, it could have just as easily been a school or a hospital. Vulnerability scans are automated as are the breaches of Windows systems detected by the scans. That the network connection and its computers happen to be doing one thing or anther, don't necessarily show up on the radar of those running the scripts. The exception might be with cryptocurrency miners, as they would be more interested in high performance computing environments than fiddly hobby stuff like Raspberry Pis.
Money is not free speech. Elections should not be auctions.
(Score: 3, Informative) by Anonymous Coward on Saturday September 02 2023, @01:25PM (4 children)
Poking around on the International Gemini Observatory website I found this page on the data reduction software used to access the output of their telescopes,
https://www.gemini.edu/observing/phase-iii/reducing-data/dragons-data-reduction-software [gemini.edu]
I Googled their whole site with:
site:gemini.edu windows and site:gemini.edu window
and the results were things like "timing windows" -- no mention of the Microsoft OS.
From the looks of it, you can't blame Windows this time(?)
(Score: 2) by DadaDoofy on Saturday September 02 2023, @01:32PM
Well, that takes the wind out of their sails doesn't it? But, haters gotta hate...
(Score: 2) by canopic jug on Saturday September 02 2023, @01:40PM (2 children)
Nice misdirection but don't confuse their Amazon-hosted web site with what they are running inside their facilities. From the article, it is their in-house systems, not their web site, which have the problems.
Find their AS number and then check Shodan. ;)
Money is not free speech. Elections should not be auctions.
(Score: 0) by Anonymous Coward on Saturday September 02 2023, @02:24PM (1 child)
> it is their in-house systems,
While I don't know about Gemini, I do remember visiting our uni observatory, in the late 1970s. Back then (pre Linux) they ran early Unix (AT&T and BSD) on PDP-11s and VAXen. I think there is a good chance that astronomy (usually with close ties to academia) is still primarily a *nix environment.
Anyone here have more recent data?
(Score: 0) by Anonymous Coward on Saturday September 02 2023, @02:42PM
> Anyone here have more recent data?
Shodan does.
(Score: -1, Funny) by Anonymous Coward on Saturday September 02 2023, @06:29AM (1 child)
Because otherwise the JEWS will turn the lazers round onto us, you commie filth. That's why we need to STOP funding NASA immediately and use the money for... healthcare, the NHS, whatever.
(Score: 2) by Opportunist on Saturday September 02 2023, @08:10AM
What, no mentioning of the Bilderbergers, Reptiloids and the Illuminati? What are you trying to deflect from, shill?
(Score: 2) by VLM on Sunday September 03 2023, @05:04PM (2 children)
Everyone knows it was a "windows" problem but not like you think. It was an inside job. We all know who the culprits are. Its 2am, the guys up there at the observatory are feeling kinda lonely, the last hot girl went to sleep so no "windows" left to point the telescope at anymore to observe the heavenly bodies, on the bright side if there's no windows to peer thru this late at night, "the internet is for pr0n", and a couple questionable clicks later the whole telescope complex is infected with god knows what botnet.
(Score: 1, Informative) by Anonymous Coward on Sunday September 03 2023, @05:43PM (1 child)
Nice try, but the gals wouldn't put up with these shenanigans...unless they got proportional time peering into the windows at some male heavenly bodies?
https://www.zippia.com/astronomer-jobs/demographics/ [zippia.com]
More likely, imo, the guys look at pron on their phones, not using the observatory internal network.
Note: For all of you worried about all the new genders, according to this site 100% of astronomers are the historical two genders.
(Score: 2) by VLM on Sunday September 03 2023, @05:59PM
Well, the ones working at 2am on the mountain top are probably not the diversity hires; but I accept your terms, all the pronouns are horny when alone on a mountain top at 2am.
I'm just curious how the journalist "PR" is all about the targeted attack when it was probably a bad case of "click here for naked genitals of your choice living in your area, we totally promise it's not a virus this time"
(Score: 3, Insightful) by darkfeline on Saturday September 02 2023, @07:58AM (1 child)
Obviously the culprit is aliens.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Saturday September 02 2023, @04:04PM
> the culprit is aliens.
Right, people not from the USA, I get it.