The guardians of the network

Feb 24, 2023 | News | 3 comments

Tags: ALMA

It has been almost four months since we suffered a cyber-attack on our computer system. An emergency that has undoubtedly had an impact on our operations. However, we have now recovered from that event.

After 48 days of hard work by our IT team, on December 19 we resumed our astronomical observations. And more recently, on January 26 it was made public that the FBI infiltrated the group that attacked us, dismantling their operations and obtaining the decryption keys.

It all started in the early morning of last October 29. “At 7:30 AM I received a call from my colleague José Lobos, who was reporting access problems in the observation control servers. When I started the investigation I received another problem call from Santiago and both problems turned out to have the same cause,” recalls Gastón Vélez, IT systems administrator.
The hackers attacked in the middle of a holiday, taking advantage of the fact that there were fewer people to respond, and asked ALMA to buy decryption software sold by them. Not only was their request not granted, but our IT team immediately reacted by isolating the systems from each other to prevent the attack from spreading.

The infiltration affected support systems such as Jira, Confluence and DNS, but the scientific data was not affected. The balance was about 400 virtual machines that had to be rebuilt from scratch. A reinstallation and infrastructure configuration process that usually takes five years, our IT team accomplished in less than three months.

“They were months of continuous hard work, late nights, uncertainty, stress and fatigue, to finally begin to achieve the goal of recovering the affected systems,” says Nicolás Ovando, IT systems administrator.
And that work is not over yet. Before the attack, we were not used to using security processes such as two-factor authentication or more complex passwords.
“Day-to-day life, both for us and for the users, has become a bit heavier,” says Victoria Reyes, part of the IT support team.
Even so, at JAO we continue to work to update and safeguard our IT system in response to the new times.

“This period after the cyber-attack has been exhausting for us. We are working day by day to return to normality and we hope that this goal will be achieved soon,” Victoria closes.

We thank Christian Saldías and Ítalo Lemus for the pictures.

3 Comments

  1. Martin Diaz

    Muchas gracias a todo el equipo de IT, OSF y SCO, por este gran esfuerzo y arduo trabajo!!
    Y gracias a todos quienes han apoyado esta recuperación, y a todos quienes trabajan dia a día por manetner este el observatorio en funcionamiento!!

    Reply
  2. Rafael Mena

    Se pasó el equipo de ADC! Creo que no me puedo imaginar lo difícil que fue este período para ustedes… Muchas gracias por las miles de horas y neuronas invertidas en recuperarnos de este ataque infame! Son efectivamente héroes!

    Reply
  3. Cristian puentes

    Felicitaciones ADC Team!

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Related Post