Computer Security Breach Idles Ten Telescopes in Chile and Hawaii

According to an article published in Science on 2023-08-18, “Cyberattack shutters major NSF-funded telescopes for more than 2 weeks”.

A mysterious “cyber incident” at a National Science Foundation (NSF) center coordinating international astronomy efforts has knocked out of commission major telescopes in Hawaii and Chile since the beginning of August. Officials have halted all operations at 10 telescopes, and at a few others only in-person observations can be conducted.

With no clear resolution to the shutdown in sight, research teams are uniting to figure out alternatives as critical observation windows spin out of reach. Given remote control of many telescopes is no longer available, some groups may rush graduate students to Chile to relieve exhausted on-site staff who have spent the past 2 weeks directly operating instruments there.

NOIRLab, the NSF-run coordinating center for ground-based astronomy, first announced the detection of an apparent cyberattack on its Gemini North telescope in Hilo, Hawaii, in a 1 August press release. Whatever happened may have placed the instrument in physical jeopardy. “Quick reactions by the NOIRLab cyber security team and observing teams prevented damage to the observatory,” the center’s release said.

In response to the incident, NOIRLab powered down all operations at the International Gemini Observatory, which runs the Hilo telescope and its twin, Gemini South, on Cerro Tololo mountain in Chile. (The latter was already offline for a planned outage.) Together, the two 8.1-meter telescopes have revealed vast swaths of celestial wonders—from the birth of supernovae to the closest known black hole to Earth.

Normally, NOIRLab’s computer systems let astronomers remotely operate a variety of other optical ground-based telescopes. But on 9 August the center announced it had also disconnected its computer network from the Mid-Scale Observatories (MSO) network on Cerro Tololo and Cerro Pachon in Chile. This action additionally made remote observations impossible at the Víctor M. Blanco 4-meter and SOAR telescopes. NOIRLab has stopped observations at eight other affiliated telescopes in Chile as well.

NOIRLab has provided few further details about the matter, even to employees. The center declined to answer Science’s query on whether the incident was a ransomware attack, in which hackers demand money for the return of information or control of a facility. A NOIRLab spokesperson tells Science that the center’s information technology staff is “working around the clock to get the telescopes back into the sky.”

Cybersecurity experts are perplexed as to why Gemini North was the target. “Quite possibly, the attacker doesn’t even know they are attacking an observatory,” says Von Welch, retired lead of the NSF Cybersecurity Center of Excellence.

He and others say the episode is another wake-up call for the astronomy community. In November 2022, the Atacama Large Millimeter Array radio telescope in Chile also went dark for nearly 2 months as its staff scrambled to respond to a cyberattack.

Given that this attack started on August 1:

and the loquacious nature of the astronomical community, it is surprising that essentially nothing has come out in almost three weeks regarding the nature of the attack, what system or systems were compromised, how the attack was detected, or the potential consequences to the observatories’ equipment and data. The NSF centre declined to answer whether the attack involved ransomware in reply to a direct query from Science.

Now, as I have observed before, whenever you hear the word “cyber” spoken by a figure of authority, it’s a tip-off that what follows is bullshit, stupid, or, most likely, both. My mental heuristic is, upon encountering “cyber”, to replace it and all subsequent occurrences with “goober” so, for example, the Science article is read as:

Goobersecurity experts are perplexed as to why Gemini North was the target. “Quite possibly, the attacker doesn’t even know they are attacking an observatory,” says Von Welch, retired lead of the NSF Goobersecurity Center of Excellence.


As Rudy Rucker wrote in his 1994 novel, The Hacker and the Ants:

The funny thing about the “cyber” prefix was that it had always meant bullshit.

Back in the 1940s, the story went, MIT doubledome Norbert Weiner had wanted a title for a book he’d written about the electronic control of machines. Claude Shannon, also known as The Father of Information Theory, told Weiner to call his book Cybernetics. The academic justification for the word was that the “cyber” root came from the Greek word for “rudder”. A “kybernetes” was a steersman, or, by extension, a mechanical governor such as a weight-and-pulley feedback device you might hook to your tiller to keep your sailboat aimed at some fixed angle into the wind. The practical justification for the word was contained in Shannon’s advice to Weiner: “Use the word ‘cybernetics ’, Norbert, because nobody knows what it means. This will always put you at an advantage in arguments.”

It looks like time the astronomical community stepped up their game in the challenging field of goobersecurity. I just clicked a link to a page titled “Cybersecurity Innovation for Cyberinfrastructure” on, and what should I see but:


Perhaps they’re working on the goobersecurity of their own gooberinfrastructure.