Cyberattack on observatory in Chile raises concerns about security of space tech
One of the world’s largest astronomical observatories suffered a cyberattack in late October and was forced to suspend work, it announced last week.
The Atacama Large Millimeter Array (ALMA) observatory in Chile said last Wednesday that a cyberattack on October 29 had affected its computer systems and taken down its public website. ALMA’s antennas and scientific data were not compromised, but ALMA suspended space observations and restricted the use of its email services.
Although the threat has been contained, it is not yet possible to estimate when the observatory will return to normal operations, according to its statement.
An investigation into the incident is ongoing, and the damage caused by the cyberattack is not yet clear. ALMA did not respond to an inquiry from The Record.
ALMA is a constellation of 66 radio telescopes worth about $1.4 billion. They can capture high-quality images of the very weak radio waves emitted by distant astronomical objects as far as 13 billion light years away.
Josh Lospinoso, the CEO of cybersecurity company Shift 5, said that even though the attack doesn’t appear to have done major damage, that does not mean the intrusion wasn’t serious.
“Knocking one of the world’s most powerful observatories offline demonstrates that threat actors are dogged in their pursuit to disrupt, run reconnaissance efforts, or lift valuable data or IP,” he told The Record.
It’s not yet known how the hackers got into ALMA’s computer system, but Lospinoso said such breaches are usually caused by human error, possibly through targeted social engineering attacks.
The observatory attack is one of many that have targeted space technology.
Prior to the invasion of Ukraine in late February, Russian hackers attacked the satellite internet provider Viasat, shutting down communications in Europe and Ukraine. Hackers are also stepping up cyberattacks on Elon Musk's Starlink satellite internet systems, which provide internet to 40 countries.
Lawmakers and cybersecurity experts see space as another frontier for cyberattacks, with hackers targeting the space industry for geopolitical and militaristic purposes, Lospinoso said.
While the methods of hacking space systems – credential theft, phishing attacks, malware infections – are similar to those on the ground, the damage from such attacks can be especially costly and harder to recover from.
“Space poses an acute cybersecurity challenge, particularly as nations launch connected assets that hold sensitive data or even key intelligence into orbit,” Lospinoso said. “The stakes are high because there’s no reset button in space.”
Physical & cyber threats
Cyberattacks on space tech like telescopes and satellites can be very costly if hackers manage to disable them. For example, it costs about $300,000 to launch one of Starlink’s nearly 3,000 satellites into orbit.
It’s not only space companies that suffer losses. Satellites have already become part of the critical infrastructure that many countries depend on.
The Viasat hack, for instance, disabled the modems of tens of thousands of European customers and disconnected remote access to around 5,800 wind turbines in Germany that relied on Viasat routers.
Some of the navigation protocols that space systems depend on leave them vulnerable to cyberattacks, as they were never designed with cryptographic security in mind, according to Lospinoso.
If attackers compromise one of these systems, they can effectively become their “owners” and reconfigure some settings, he added.
In ALMA's case, the cyberattack was contained before it damaged the telescopes' antennas, but sometimes companies become aware of an incident after the damage is already done.
One of the reasons, according to Lospinoso, is the lack of full visibility into the operational technology — hardware used to control industrial equipment.
“Without the ability to see what's happening at the outermost edge of a platform — whether aboard a satellite, plane, or train — defenders lack the ability to detect or prevent an intrusion,” Lospinoso said.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.