Damn, it'll stink if they lock down these more. A fair number of professional astronomical instruments have pretty much open FTP sites / git repositories / etc. and you can go download and rifle through the stuff people are working on, control code for the instruments, etc.
I presume by submission layer you mean remote control? The original noirlab press release noted that the "Mid-Scale Observatories (MSO) network" was disconnected as a precaution (which is likely some kind of site-to-site VPN), which is likely the only way to connect to the telescopes remotely (the mention of "service mode" means that people can still request observations, but they can't do them themselves without flying out to site). Service mode is becoming quite common on larger telescopes, with smaller ones heading towards automation (and being single purpose).
> “A best practice would be to firewall everything off,” Welch says. “But it’s like, well, no, you just broke all the scientific workflows.”
That's best-practice from the days of yore: where your security team is a group of non-technical, all-powerful dictators. Those don't still exist these days, right? Right?
Scientists (and oft most users..) don't want friction when doing work, so they find ways around security protocols to speed up their interactions leaving little security holes everywhere.
I have definitely used telescopes that were running on Windows but yeah I doubt it for something like Cerro Tololo which I assume is the impacted chilean telescope
Me too, but they were much closer to the hobby side than the research side (it's really weird how distinct culturally the hobby and research sites of astronomy are).
Cerro Tololo isn't a single telescope, it's a site with multiple ones (nearly every observatory is now), and it sounds like Gemini North (in Hawaii) was the actual one affected, but that they've basically disconnected all the different sites from each to avoid possible infection.
agreed re: hobby & research, and i was aware that cerro tololo is a timeshare of multiple telescopes (was speaking colloquially). looks like gemini south in chile was also impacted
My initial thought was that there are threat actors who just like kicking over the sand castles of “The West.”
However, this seems just a plausible:
> Cybersecurity experts are perplexed as to why Gemini North was the target. “Quite possibly, the attacker doesn’t even know they are attacking an observatory,” says Von Welch, retired lead of the NSF Cybersecurity Center of Excellence.
"had an exchange server" - fixed that for you. I mean, after the patch is before the patch, who still runs exchange servers just deserves it, there is occurrence after occurrence that repeatedly show they are not only incapable, but then also more blame others than taking responsibility for their swiss cheese software...
Suppose someone sells cyberattack services. A prospective customer asked for a demo before shelling out big bucks on attacking the real target(s).
They nerded something that would bring attention from media, but not a major outcry and security overhaul at the real target. A telescope fits the bill: it's not going to blow up or crash down, it has a small staff, and it's not an obscure thing that everyone would ignore in the news.
If it's a state actor - the Chinese and Russians do it for practice and to sow general chaos / destruction of US infrastructure, costing money and tying up resources. Sometimes it's just to slow down other country's academics.
If it's not, it's a group doing it for practice, the lulz...and under the encouragement (or at least ambivalence) of the Russian or Chinese.
Do we really need to bring in russo/sinophobia into this?
As the article explains: the attackers likely don't even know it's an observatory. Hackers will attack anything they find wide open, and anyone with a public server on the internet knows, they scan the whole internet all the time looking for victims - and they mostly don't care who the victim is as long as it can pay off.
3. Encrypting and ransoming the computer's contents
All of the above can be done to/with almost any computer on a network, so the intrinsic benefit from hacking extends to just about every computer with a network connection.
That wasn’t a value judgement on my part; I don’t think it’s fun. Only that “for the lulz” has been a common justification for some attackers in the past.
I mean, not really. If you go down that route too long you end up with something that has an attack surface so small/specific you'll never see it in the wild. There are almost always unknown variables that you can't know about or control for until you actually encounter them.
Plus, popping your first live box is an ancient rite of passage.
"for the lulz" was the tagline of many a hacker and script kiddie back in the day. Graffiti is also vandalism, and done for the lulz by toys and pros alike
