The National Police has arrested the two alleged perpetrators of the cybersabotage that, between March and June last year, suffered the Radioactivity Alert Network (RAR) and affected more than 300 of the 803 sensors distributed throughout Spain to detect a possible nuclear or radiological risk in the atmosphere. Those arrested were former workers of a company subcontracted by the General Directorate of Civil Protection and Emergencies for the maintenance of the system, “so they had a deep knowledge of it that made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship, significantly increasing the difficulty of the investigation,” the Police said in a statement.
After the arrests -carried out on June 28, although they have not been reported until this Wednesday-, the police searched the homes and the headquarters of a company of the two detainees, located in San Agustín de Guadalix (Madrid) and the capital, where numerous computer devices intervened. On the mobile phones of the alleged saboteurs, the agents found communications between the two through an instant messaging application in which they discussed details of the cyberattacks they were perpetrating. The main hypothesis about the mobile is revenge against his company, with which they had abruptly broken off the employment relationship.
The one baptized as Operation Gamma began in June of last year due to a complaint filed by Civil Protection after detecting that it had suffered several cyberattacks that had affected the detection capacity of the alert network, launched in the 1990s after the catastrophe. of the Chernobyl nuclear power plant. This network is responsible for measuring the levels of gamma radiation throughout the national territory through the measurement stations, which constantly send the information collected to the management center to detect possible abnormal levels that require the implementation of emergency plans. nuclear. The system ―which has more than 150 of these sensor units installed in Civil Guard barracks― has a higher density of these devices in the surroundings of the seven existing nuclear centers in Spain and on the border with other countries, the latter for detect cross-border incidents.
The investigation of the Central Unit of Cybercrime of the National Police revealed that the authors of the sabotage had committed, in the first place, an intrusion in the computer system in the control center of the RAR, located in the Civil Protection headquarters in Madrid. They had worked before their dismissal in this building. For this interference, the alleged saboteurs used the credential allegedly stolen from another operator, with which they were promoted in the system until they could proceed to delete the RAR management application, where the data sent by all the sensor units. The attack left the service inoperative for several hours, until the Civil Protection computer services were able to start it up again.
Shortly after that attack, and in two successive waves, the authors attacked more than 300 of the 803 existing sensors, which caused connection failures between these and the control center, to which the information they collected did not reach. The Civil Protection report referred to 2021 points out that in that year “no station in an operational state of the network” had exceeded the maximum threshold of 0.575 sievert (unit of measurement of the health effect of low levels of ionizing radiation) That would have triggered the alarms. Between March and June, when the cyberattack took place, the levels did not reach 0.3. The document details that in that period Civil Protection had to carry out 378 corrective measures on the equipment that forced the replacement of five sensors and about 400 computer equipment, although it does not detail whether the cause was sabotage. The previous year they had been almost a hundred less, 281.
The police investigations focused on analyzing both the origin of the illegal interference that the central computer system had suffered and the communications received by the sabotaged sensors. The first line of investigation led to a cafeteria on Fuencarral street, in the Madrid neighborhood of Chamberí, whose public internet network had been used to carry out the attack without leaving a trace of the perpetrator. The second allowed knowing the telephones from which the more than 300 sensor units had been sabotaged and, with this, identifying the possible perpetrators and proceeding with their arrest. Both are accused of a crime of computer damage and another related to nuclear energy, which punishes with up to 12 years in prison whoever “exposes one or more people to ionizing radiation that endangers their life, integrity, health or property ” .