Spanish police have arrested two former government contractors, accusing them of a stomach-churning assault on the nation’s system for monitoring for dangerous levels of nuclear radiation. The alleged cybercriminals were once the people charged with maintaining and repairing that very detection network.
In spring of 2021, hackers broke into the country’s radioactivity alert system, or RAR, which is a mesh network of 800 gamma radiation detection sensors stationed throughout the country. RAR, which is maintained by Spain’s Directorate-General for Civil Protection and Emergencies (DGPCE), allows the government to monitor for abnormally high radioactivity levels at distributed geographical locations throughout the country. It was designed to protect against the kind of meltdowns that happened at Chernobyl.
The cyberattacks, which took place between March and June 2021, disrupted roughly a third of the sensors—leading to widespread failure within the network. For two months, the hackers “attacked more than 300 sensors among the 800 existing ones, causing the failure of their connection with the control center and thus reducing the detection capacity of the network,” said the Policía Nacional in a press release published earlier this week.
It’s unclear how the attackers got away with the breach for so long, or if authorities were even aware that they were happening. Whoever the culprit was also managed to gain access to the DGPCE’s computer system and then attempted to delete a web application that helps to manage RAR, police said.
So, what jerkwads did this? According to the government, it was two former contractors who had previously worked for RAR that were behind the attacks. The two men have not been identified, other than that they were formerly employed with the government. They were arrested following a year-long investigation by federal authorities.
“During the investigation, it was determined that the two detainees had been responsible for the maintenance program of the RAR system, through a company contracted by the DGPCE, for which they had in-depth knowledge of it, which made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship,” police said. “The two detainees, former workers, attacked the computer system and caused the connection of the sensors to fail, reducing their detection capacity even in the environment of nuclear power plants.”
Why the hell would two lunatics hack their own nation’s radioactivity monitoring network? Good question! But we have no idea. The press release doesn’t address the alleged culprits’ motive, so we are only left with the terrifying reality that such things can happen but have no explanation as to why.