Crooks Now Have Eyes In the Skies 
The Hacking of Telescopes Worldwide
On August 1, 2023, in a
press release of that day, it was announced that
technicians
at the National Science Foundation's National Optical-Infrared
Astronomy Research Laboratory (NOIRLab)
facility in Hawaii had "detected a cyber incident in its
computer systems." The Gemini Observatory was shutdown,
as well as its corresponding website.
As does happen nowadays when networked systems are successfully compromised, the hackers moved through the network compromising more systems in their wake. Such was the case on the attack on NOIRLab. August 9, NOIRLab updated its Press Release by adding that its technicians had also "disconnected the Mid-Scale Observatories (MSO) network on Cerro Tololo and at SOAR. This means that remote observations at the Víctor M. Blanco 4-meter Telescope and SOAR Telescope are unavailable."
As reported by Science, August 18, 2023, remote operations at other related NOIRLab facilities in Chile were also offline, with no clear time table when the facilities will once again be fully operational. Also, as the Science report noted, "Ground-based astronomical research often depends on observations precisely timed for when extraterrestrial objects align with the field of view for specific telescopes." Some important research will inevitably be delayed or abandoned completely. Astronomers plan for just about any naturally occurring disturbance to their observation schedules, but astronomers had no plans for a cyberattack shutting down their work.
There is only speculation about the motivations for the attacks, and no
real suspects as of yet been named. Ransomware is always
suspected, however. On
October 29, 2022, the Atacama Large
Millimeter/Submillimeter Array (ALMA) facility in
Chile, was
also attacked. The observation facility was offline for 48 days,
according to a
National Radio Astronomy Observatory
Press Release of December 19, 2022. ALMA
director Sean Dougherty attributed the attack to a VPN account accessed
with compromised credentials. Furthermore, these culprits are
already on a CISA watch list. The
HIVE ransomware group have been active for quite
some time. No ransom was paid to the ALMA attackers, however — at
least there was no public announcement of any such payment.
Nevertheless, it is estimated by Dougherty that "every
day during the outage is costing just under $250,000.."
As The Record stated the matter succintly, November 6th, 2022:
While the methods of hacking space systems – credential theft, phishing attacks, malware infections – are similar to those on the ground, the damage from such attacks can be especially costly and harder to recover from.
Securing assets in "Space poses an acute cybersecurity challenge," Josh Lospinoso, the CEO of cybersecurity company Shift 5, told The Record. And it goes without saying that, as Lospinoso put it, “The stakes are high because there’s no reset button in space.”
There's a starman waiting in the sky
He'd like to come and meet
us
But he thinks he'd blow our minds
— Starman, David Bowie
¯\_(ツ)_/¯
Gerald Reiff