Finally, the secret of… publicly available information will be for sale on the dark web!
To be fair, they may be going after login/credential info. Or they could just be fucking with our observatories for kicks ¯\(ツ)/¯
Ngl… the press release and article reeks like their IT department was a shitshow to begin with and the only method they could think of defending was to rip out ALL the cables.
I bet it wasn’t even a targeted attack, but they have to frame it that way to save face.
edit: Also… sympathies for everyone being stalled in their research for … 25(!) days now. This for sure could have been prevented with better risk management and damage control.
I would bet IT Department is just one of the lead scientists that happens to be decent with computers. A LOT of these folks already have to know python etc. And yes, I understand that its a totally different field from infra/ops/ and even security, but to these folks, its good enough sometimes. Having worked IT for a research institution, they can be fun to deal with, and take great personal ownership over their projects, data etc.
Not that I blame them to some degree, many of them are funded on grants that are highly scrutinized. They want to put every grant dollar to work on advancing research. Some even will personally handle/transport the datasets. For example you can see Shep Doeleman, the Director of the Event Horizon Telescope (EHT), do exactly this in the documentary “The Edge of All We Know” about black holes on netflix.
Yes! Agreed! Earthbound observatories in second line are in a constant struggle of acquiring proper funding. Which means, that they are operated by people with passion - for the science. The unfortunate side effect is, that everything that isn’t operations and academia takes second place again. Employing someone dedicated to just cybersecurity isn’t perceived as a priority - after all, ‘why would anyone hack an observatory?’
That is the kind of fallacy that can only be avoided if you already had an expert in house, unfortunately. I have been working with researchers, too, and I got the general impression that the appreciation for and crossover of ideas between departments has a lot of room for improvement. So that could also be a factor.
I mean. My dream job would be to run infra/ops for a place like this, or really anything at nasa.
My skill set is generally running infrastructure with the basics of security (I did netsec for a bank for a while).
But I wouldn’t be able to be paid my salary and benefits, even though I take a much smaller stake than I could working at non profits. It would be even less in these fields.
Even for a place like nasa the jobs are really hard to come by and the hiring is no where near straightforward. And there’s a lot of regulatory capture that has contractors handling a lot of it with grift and generally poorer benefits as a result.
That is identical to my observations from a data science perspective.