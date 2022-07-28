Between March and June of last year, the Spanish Radioactivity Alert Network (RAR), dependent on the General Directorate of Civil Protection and Emergencies, was exposed to a cyber attack that temporarily disabled more than a third (300) of the 800 sensors responsible for monitoring the possible appearance of excessive radiation levels in the national territory.

The network in question consists of a mesh of gamma radiation detection sensors, deployed in certain points of the Spanish geography in order to be able to take measures against the possible increase in said radiation. To do this, each sensor is connected by telephone to the control center, at the DGPCE headquarters. The cyber attack, in short, “substantially reduced our ability to react to a possible nuclear incident”.

Fortunately, Spain also has the sensors of the Network of Automatic Stations (REA), dependent on the Nuclear Safety Council

GAMMA operation

Once Civil Protection reported what had happened to the National Police, the matter was left in the hands of its Cyberattacks Group, which began ‘Operation GAMMA’ at that time. The first thing the researchers discovered is that the attack was directed against the two main elements of the RAR system: the RAR management web application in the control center, and the connection of the sensors with the aforementioned control center.

Yesterday, the National Police announced, more than a year later, the arrest of the two alleged perpetrators of the attack. The search of their homes —in Madrid and in San Martín de Gaudalix—, as well as the premises of a company, led to the location of “numerous computer and communications devices related to the facts investigated”.

The identification of both detainees was possible because the National Police was able to locate the origin of the intrusion in the computer system of the RAR in “the network for public use of a well-known hotel establishment in the center of Madrid”. Their names have not transpired, but their former occupation has: both had been workers of the RAR maintenance system (not employed by the DGPCE itself, but through a subcontractor).

“The two detainees had had responsibilities in the RAR system maintenance program, so they had a deep knowledge of it that made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship, significantly increasing the difficulty of the investigation. research”.

Police He did not clarify, however, the mobile of both ex-employees to carry out the cyber attack.

Via | Ministry of Interior

Image | uıɐɾ ʞ ʇɐɯɐs on Flickr