The Spanish police have announced the arrest of two hackers believed to be responsible for cyberattacks on the country’s radioactivity alert network (RAR), which took place between March and June 2021.
The two arrested individuals are former workers of a company contracted by the General Directorate of Civil Protection and Emergencies (DGPGE) to maintain the RAR system, so they had a deep knowledge of its operation and how to deliver an effective cyberattack.
The two arrested individuals gained illegitimate access to DGPGE’s network and attempted to delete the RAR management web application in the control center.
In parallel, the duo launched individual attacks against sensors, taking down 300 out of 800 spread across Spain, essentially breaking their link to the control center and disrupting the data exchange.
The cybersabotage against RAR stopped in June 2021 after authorities discovered the breach and initiated an immediate investigation with the help of the cybercrime unit of the National Police.
Eventually, after a year of following the hackers’ traces, the police could locate those responsible for the cyberattack.
“A year of investigations and an exhaustive technical police analysis of all the communications of the sabotaged sensors, as well as the data related to the intrusion in the computer system whose origin could be located in the public use network of a well-known establishment of hospitality in the center of Madrid, allowed to identify the authors of the cyberattack.” – Policia National
“In the same operation, carried out in Madrid and San Agustín de Guadalix, two homes and one company were searched, under the protection of two orders of the Investigating Court No. 39 of Madrid; finding numerous computer and communications devices related to the facts investigated,” reads the police’s announcement.
Grave risk
Spain operates seven nuclear reactors in six power plants in Cáceres, Tarragona, Valencia, Guadalajara, Salamanca, and Córdoba, covering roughly 20% of its national power needs with the program.
The role of the RAR system is to detect sudden rises in radioactivity levels and raise the alarm to help the authorities take protection measures, detect, and remediate the problem.
RAR comprises 800 gamma radiation sensors deployed at specific points in the country, each connected via a telephone line to the control center at the DGPCE headquarters.
The cyberattack prevented 300 of these sensors from transmitting their readings back to the center, introducing a severe risk of the state not responding immediately to events of excessive radiation.
No further details have been provided in the police’s announcement, so the reason behind the sabotage is unclear.