Hackers are Attacking Observatories

Why would anybody want to hack an observatory? That’s the question facing IT professionals at NOIRLab after somebody tried to crack the computer systems at Gemini North in Hawai’i. The cyber break-in and ongoing investigation by NOIRLab and National Science Foundation experts affected observations and operations in Hawai’i and Chile.

According to several releases from the NOIRLab, the parent organization of the International Gemini Observatory, on August 1, 2023, the lab “detected a cyber incident in its computer systems.” This shut down astronomical observations as the IT teams acted to prevent damage to the observatory. This comes only a couple of months after Gemini North returned to service after a lengthy repair and refurbishment project.

The observatory made the decision to isolate the Gemini computer systems, which also means that proposal access and the Gemini website remain down. Officials immediately safed the Gemini North telescope and stowed the massive instrument. Its twin in Chile was already down for maintenance. Now, teams from NOIRLab and NSF are analyzing the intrusion and working to bring full operations back. As of August 24th, several facilities, including Gemini North and South remained shut down.

Continuing Shutdown of the Observatories

The closure is also affecting some smaller telescopes at Cerro Tololo in Chile. These include the Mid-Scale Observatories network and the Southern Astrophysical Research Telescope. Onsite personnel immediately “safed” both facilities. In the meantime, the Gemini.edu site remains closed down although information about it remains available on the NOIRLab site.

SOAR Telescope with snow on mountain. It is one of several observatories closed by a hacking incident. Courtesy NOIRLab.
SOAR Telescope with snow on mountain. A hacking incident closed it and other observatories down. Courtesy NOIRLab.

The latest update from NOIRLab states, “Like the entire astronomy community, we are disappointed that some of our telescopes are not currently observing. Fortunately, we have been able to keep some telescopes online and collect data with in-person workarounds.”

Cybersecurity experts continue to work on restoring normal operations at all the facilities. Facility operations continue for many of NOIRLab’s observatories (such as those at Kitt Peak National Observatory). The teams hope to get things up and running again in Hawai’i and Chile soon.

The lab is not offering any specifics on what happened or what steps they are taking to mitigate the shutdowns. The latest statement said, “However because our investigation into this incident is ongoing, we are limited in what we can share about our cybersecurity controls and investigatory findings. We plan to provide the community with more information when we are able to, in alignment with our commitment to transparency as well as our dedication to the security of our infrastructure.”

CyberHackers Could Affect Observing Proposals

The shutdowns could possibly impinge on observing proposals for telescope time starting in February 2024. The lab is working on getting the Call for Proposals launched. However, everything could be delayed for up to a week as the investigations into the cyber break-in continue. More information should be available after the end of August.

For More Information

Cyber Incident at NSF’s NOIRLab