Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

She won' go Warp 7, Cap'n! The batteries are dead!

tech / sci.astro.amateur / Truly Depraved Hackers Attack Gemini Telescopes

SubjectAuthor
* Truly Depraved Hackers Attack Gemini TelescopesQuadibloc
+* Re: Truly Depraved Hackers Attack Gemini TelescopesMartin Brown
|`* Re: Truly Depraved Hackers Attack Gemini TelescopesChris L Peterson
| `- Re: Truly Depraved Hackers Attack Gemini TelescopesMartin Brown
`* Re: Truly Depraved Hackers Attack Gemini TelescopesMartin Brown
 `- Re: Truly Depraved Hackers Attack Gemini TelescopesChris L Peterson

1
Truly Depraved Hackers Attack Gemini Telescopes

<a46c31d2-c489-4a17-bb54-a43ba6d15a41n@googlegroups.com>

  copy mid

https://www.novabbs.com/tech/article-flat.php?id=10553&group=sci.astro.amateur#10553

  copy link   Newsgroups: sci.astro.amateur
X-Received: by 2002:a05:620a:8f88:b0:76f:52f:3f86 with SMTP id ri8-20020a05620a8f8800b0076f052f3f86mr51992qkn.9.1693486197703;
Thu, 31 Aug 2023 05:49:57 -0700 (PDT)
X-Received: by 2002:a17:902:e5d2:b0:1c0:760b:b5b2 with SMTP id
u18-20020a170902e5d200b001c0760bb5b2mr1119543plf.6.1693486197247; Thu, 31 Aug
2023 05:49:57 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: sci.astro.amateur
Date: Thu, 31 Aug 2023 05:49:56 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=2001:56a:fa34:c000:295b:a61f:1703:7638;
posting-account=1nOeKQkAAABD2jxp4Pzmx9Hx5g9miO8y
NNTP-Posting-Host: 2001:56a:fa34:c000:295b:a61f:1703:7638
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <a46c31d2-c489-4a17-bb54-a43ba6d15a41n@googlegroups.com>
Subject: Truly Depraved Hackers Attack Gemini Telescopes
From: jsav...@ecn.ab.ca (Quadibloc)
Injection-Date: Thu, 31 Aug 2023 12:49:57 +0000
Content-Type: text/plain; charset="UTF-8"
X-Received-Bytes: 1224
 by: Quadibloc - Thu, 31 Aug 2023 12:49 UTC

This sad news item:

https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown

came to my attention.

John Savard

Re: Truly Depraved Hackers Attack Gemini Telescopes

<ucqd5g$3bm30$1@dont-email.me>

  copy mid

https://www.novabbs.com/tech/article-flat.php?id=10556&group=sci.astro.amateur#10556

  copy link   Newsgroups: sci.astro.amateur
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: '''newsp...@nonad.co.uk (Martin Brown)
Newsgroups: sci.astro.amateur
Subject: Re: Truly Depraved Hackers Attack Gemini Telescopes
Date: Thu, 31 Aug 2023 16:55:27 +0100
Organization: A noiseless patient Spider
Lines: 17
Message-ID: <ucqd5g$3bm30$1@dont-email.me>
References: <a46c31d2-c489-4a17-bb54-a43ba6d15a41n@googlegroups.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 31 Aug 2023 15:55:28 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="4396ac8eee880c400e0d3678f379d415";
logging-data="3528800"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/77x2dp09Y8SHrjAeFGXj7Z+QEDLSDERUUbj9GBdPHIQ=="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.14.0
Cancel-Lock: sha1:9pdFFyDlyq2HWkJNw6RC/TiEAic=
Content-Language: en-GB
In-Reply-To: <a46c31d2-c489-4a17-bb54-a43ba6d15a41n@googlegroups.com>
 by: Martin Brown - Thu, 31 Aug 2023 15:55 UTC

On 31/08/2023 13:49, Quadibloc wrote:
> This sad news item:
>
> https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown
>
> came to my attention.

It was ever thus from the moment that some big telescopes had remote
dialup access for filing observing plans over 1200/75 modem links. Once
there is external remote access there will be penetration attempts.

The thing that is unusual in this instance is that the external hackers
got past the honeypots and hacker traps without being detected.

--
Martin Brown

Re: Truly Depraved Hackers Attack Gemini Telescopes

<6de1fih890a98eveldms69hfbfo06j5cbg@4ax.com>

  copy mid

https://www.novabbs.com/tech/article-flat.php?id=10557&group=sci.astro.amateur#10557

  copy link   Newsgroups: sci.astro.amateur
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx09.iad.POSTED!not-for-mail
From: clp...@alumni.caltech.edu (Chris L Peterson)
Newsgroups: sci.astro.amateur
Subject: Re: Truly Depraved Hackers Attack Gemini Telescopes
Message-ID: <6de1fih890a98eveldms69hfbfo06j5cbg@4ax.com>
References: <a46c31d2-c489-4a17-bb54-a43ba6d15a41n@googlegroups.com> <ucqd5g$3bm30$1@dont-email.me>
X-Newsreader: Forte Agent 6.00/32.1186
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 25
X-Complaints-To: abuse@easynews.com
Organization: Forte - www.forteinc.com
X-Complaints-Info: Please be sure to forward a copy of ALL headers otherwise we will be unable to process your complaint properly.
Date: Thu, 31 Aug 2023 10:05:05 -0600
X-Received-Bytes: 1822
 by: Chris L Peterson - Thu, 31 Aug 2023 16:05 UTC

On Thu, 31 Aug 2023 16:55:27 +0100, Martin Brown
<'''newspam'''@nonad.co.uk> wrote:

>On 31/08/2023 13:49, Quadibloc wrote:
>> This sad news item:
>>
>> https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown
>>
>> came to my attention.
>
>It was ever thus from the moment that some big telescopes had remote
>dialup access for filing observing plans over 1200/75 modem links. Once
>there is external remote access there will be penetration attempts.
>
>The thing that is unusual in this instance is that the external hackers
>got past the honeypots and hacker traps without being detected.

I would think it should be perfectly possible to create an air gap
between the Internet and the telescope control systems, though.
Hackers could interfere with operations, but not put the hardware at
risk.

Indeed, a standalone command evaluation system (possibly AI-based)
might assess every potentially risky telescope operation before it is
actually passed to instrumentation hardware.

Re: Truly Depraved Hackers Attack Gemini Telescopes

<ucs6u9$3n18c$1@dont-email.me>

  copy mid

https://www.novabbs.com/tech/article-flat.php?id=10559&group=sci.astro.amateur#10559

  copy link   Newsgroups: sci.astro.amateur
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: '''newsp...@nonad.co.uk (Martin Brown)
Newsgroups: sci.astro.amateur
Subject: Re: Truly Depraved Hackers Attack Gemini Telescopes
Date: Fri, 1 Sep 2023 09:21:27 +0100
Organization: A noiseless patient Spider
Lines: 58
Message-ID: <ucs6u9$3n18c$1@dont-email.me>
References: <a46c31d2-c489-4a17-bb54-a43ba6d15a41n@googlegroups.com>
<ucqd5g$3bm30$1@dont-email.me> <6de1fih890a98eveldms69hfbfo06j5cbg@4ax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 1 Sep 2023 08:21:29 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="610dff404eb0ad9a194d076059c82325";
logging-data="3900684"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/xRJJY2WTWgliQdLR0LvD9InBdo6K9ETzFaJqlzb3lPw=="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.14.0
Cancel-Lock: sha1:MBpTZmfzhVE55zemgH34ITphlgs=
Content-Language: en-GB
In-Reply-To: <6de1fih890a98eveldms69hfbfo06j5cbg@4ax.com>
 by: Martin Brown - Fri, 1 Sep 2023 08:21 UTC

On 31/08/2023 17:05, Chris L Peterson wrote:
> On Thu, 31 Aug 2023 16:55:27 +0100, Martin Brown
> <'''newspam'''@nonad.co.uk> wrote:
>
>> On 31/08/2023 13:49, Quadibloc wrote:
>>> This sad news item:
>>>
>>> https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown
>>>
>>> came to my attention.
>>
>> It was ever thus from the moment that some big telescopes had remote
>> dialup access for filing observing plans over 1200/75 modem links. Once
>> there is external remote access there will be penetration attempts.
>>
>> The thing that is unusual in this instance is that the external hackers
>> got past the honeypots and hacker traps without being detected.
>
> I would think it should be perfectly possible to create an air gap
> between the Internet and the telescope control systems, though.
> Hackers could interfere with operations, but not put the hardware at
> risk.

That used to be the case in my day.

The control tapes were prepared on an entirely separate system Dec-10 in
the case of the VLA and then physically moved to the observing control
room to run. The realtime Modcomp telescope control was a very dedicated
computer system isolated completely from the rest of the world.

The AIPS offline data reduction software was another matter though - you
could in principle login remotely to use that on 1200/75 dialup or EPSS.

That is no longer the case today when remote internet observing on some
of these big instruments no longer requires a physical presence on site.

Further back in time (early 60's) there were telescopes that didn't have
a control computer and relied on paper tape based lookup tables to tell
them how to move! MRAO Half Mile Telescope was of that prehistoric sort.

> Indeed, a standalone command evaluation system (possibly AI-based)
> might assess every potentially risky telescope operation before it is
> actually passed to instrumentation hardware.

Most altaz mounted scopes have a sanity check to make sure the observing
programme doesn't go too close to the zenith. Few astrophysicists know
where on the sky their observing targets are actually located. Slew rate
and limits on the anti-twister mechanisms for umbilical cords are also
standard checks in the pre flight simulation of an observing run.

The base planning program makes some effort to minimise slew time and
maximise altitude of the object without going into the danger zone.
However, it was always policy to double check in the run simulation to
avoid breaking expensive hardware with a rogue control programme.

--
Martin Brown

Re: Truly Depraved Hackers Attack Gemini Telescopes

<ucs6vp$3n18c$2@dont-email.me>

  copy mid

https://www.novabbs.com/tech/article-flat.php?id=10560&group=sci.astro.amateur#10560

  copy link   Newsgroups: sci.astro.amateur
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: '''newsp...@nonad.co.uk (Martin Brown)
Newsgroups: sci.astro.amateur
Subject: Re: Truly Depraved Hackers Attack Gemini Telescopes
Date: Fri, 1 Sep 2023 09:22:16 +0100
Organization: A noiseless patient Spider
Lines: 17
Message-ID: <ucs6vp$3n18c$2@dont-email.me>
References: <a46c31d2-c489-4a17-bb54-a43ba6d15a41n@googlegroups.com>
<0258ed8d-b272-484a-bd6d-c0103b1c4914n@googlegroups.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 1 Sep 2023 08:22:17 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="610dff404eb0ad9a194d076059c82325";
logging-data="3900684"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+WL4Wm8WdIUTbfJ5tvPxD+KHPgTjdGM6SeqmwxabGRlg=="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.14.0
Cancel-Lock: sha1:XSadb3soRYjiS5jh7ln1ysM8bSE=
In-Reply-To: <0258ed8d-b272-484a-bd6d-c0103b1c4914n@googlegroups.com>
Content-Language: en-GB
 by: Martin Brown - Fri, 1 Sep 2023 08:22 UTC

On 01/09/2023 04:31, RichA wrote:
> On Thursday, 31 August 2023 at 08:49:59 UTC-4, Quadibloc wrote:
>> This sad news item:
>>
>> https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown
>>
>> came to my attention.
>>
>> John Savard
>
> Notice how hard it is the glean location information (hacker's location) from these stories? I wonder why?

Any half decent hacker will have covered their tracks.

--
Martin Brown

Re: Truly Depraved Hackers Attack Gemini Telescopes

<duq3fil4e1mnsebe0alrsg11e9h1ok38g2@4ax.com>

  copy mid

https://www.novabbs.com/tech/article-flat.php?id=10563&group=sci.astro.amateur#10563

  copy link   Newsgroups: sci.astro.amateur
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx34.iad.POSTED!not-for-mail
From: clp...@alumni.caltech.edu (Chris L Peterson)
Newsgroups: sci.astro.amateur
Subject: Re: Truly Depraved Hackers Attack Gemini Telescopes
Message-ID: <duq3fil4e1mnsebe0alrsg11e9h1ok38g2@4ax.com>
References: <a46c31d2-c489-4a17-bb54-a43ba6d15a41n@googlegroups.com> <0258ed8d-b272-484a-bd6d-c0103b1c4914n@googlegroups.com> <ucs6vp$3n18c$2@dont-email.me>
X-Newsreader: Forte Agent 6.00/32.1186
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 19
X-Complaints-To: abuse@easynews.com
Organization: Forte - www.forteinc.com
X-Complaints-Info: Please be sure to forward a copy of ALL headers otherwise we will be unable to process your complaint properly.
Date: Fri, 01 Sep 2023 07:49:40 -0600
X-Received-Bytes: 1506
 by: Chris L Peterson - Fri, 1 Sep 2023 13:49 UTC

On Fri, 1 Sep 2023 09:22:16 +0100, Martin Brown
<'''newspam'''@nonad.co.uk> wrote:

>On 01/09/2023 04:31, RichA wrote:
>> On Thursday, 31 August 2023 at 08:49:59 UTC-4, Quadibloc wrote:
>>> This sad news item:
>>>
>>> https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown
>>>
>>> came to my attention.
>>>
>>> John Savard
>>
>> Notice how hard it is the glean location information (hacker's location) from these stories? I wonder why?
>
>Any half decent hacker will have covered their tracks.

And any half decent investigator will not release that kind of
information while the matter remains under investigation.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor