Two of the world’s most advanced telescopes, the Gemini North Telescope in Hawaii and the Gemini South Telescope in Chile, were forced to shut down temporarily due to a cybersecurity incident that occurred on August 1, 2023. The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory (NOIRLab), which operates the telescopes, announced the news on its website on August 24, 2023. The statement said that the staff are working with cybersecurity experts to get all the impacted telescopes and the website back online as soon as possible. The nature and origin of the cyberattacks are still unclear and under investigation.
Why does it matter?
The Gemini Observatory is one of the world’s leading astronomical facilities that provides access to both hemispheres of the sky. It consists of two identical 8.1-meter telescopes that can observe a wide range of wavelengths from optical to infrared. The observatory is used by astronomers from seven partner countries: the United States, Canada, Brazil, Argentina, Chile, Australia, and South Korea. The observatory supports cutting-edge research on topics such as exoplanets, black holes, dark matter, galaxy formation, and cosmic origins.
The cyberattacks on the Gemini Observatory have disrupted the scientific operations and data collection of the telescopes. According to NOIRLab, the observatory lost about three weeks of observing time due to the incident. This means that many planned observations and projects have been delayed or canceled, affecting the scientific productivity and progress of hundreds of astronomers around the world. Moreover, the cyberattacks have raised concerns about the security and integrity of the observatory’s data and systems, which could have serious implications for the future of astronomical research.
How did it happen?
The details of how the cyberattacks happened are still unknown and confidential. However, some clues suggest that the hackers may have exploited a vulnerability in a software update that was installed on the observatory’s computers on July 31, 2023. According to a report by Space.com, a source familiar with the incident said that the software update was compromised by a malicious code that allowed the hackers to gain access to the observatory’s network and systems. The source also said that the hackers may have been motivated by ransomware, which is a type of malware that encrypts or blocks access to data or systems until a ransom is paid.
What is being done?
NOIRLab has been working with cybersecurity experts and law enforcement agencies to investigate and resolve the incident. The observatory has also been in contact with its partner countries and other stakeholders to inform them about the situation and coordinate actions. NOIRLab said that it plans to provide more information to the public when it is able to, in alignment with its commitment to transparency and security. The observatory also thanked its staff, users, and supporters for their patience and understanding during this difficult time.
NOIRLab is not the only astronomical organization that has been targeted by cyberattacks in recent years. In October 2022, hackers disrupted operations at the Atacama Large Millimeter/submillimeter Array (ALMA) in Chile, which is another major telescope facility that studies the universe in radio waves. In 2021, NASA was affected by the worldwide SolarWinds breach that compromised thousands of organizations and government agencies. These incidents have highlighted the need for more robust cybersecurity measures to protect the valuable data and assets of the space sector.
