Police in Spain have arrested two people on suspicion of hacking the country’s Radioactivity Alert Network (RAR).
The RAR, operated by Spain’s General Directorate of Civil Protection and Emergencies, is a network of gamma radiation sensors. It monitors parts of Spain – which operates nuclear power plants - for excessive radiation.
The two individuals are former workers for a third-party contractor responsible for maintaining the system, said Spanish police. It accused them of disabling over a third of the sensors in an attack between March and June 2021.
The Directorate warned police of the attack in June 2021, and the National Police Cyberattacks group analyzed the operation. The hackers compromised the RAR management’s computer system, allegedly operating from a public hospitality network in Madrid. They attempted to delete the RAR management web application and also attacked over 300 of the network’s 800 sensors, the police said.
“They had a deep knowledge [of the system] that made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship, significantly increasing the difficulty of the investigation,” said police in a statement (translated).
The police did not elaborate on the motive for the attack. However, the attack caused the sensor connections to fail, reducing the ability to detect radiation around some of the country’s nuclear power plants.
“While it’s great to see that the Spanish police took the cyber-attack against the country’s radioactivity alert network (RAR) extremely seriously, it should also serve as a stark reminder of the need to secure cyber-physical devices within the critical infrastructure industry,” said Simon Chassar, CRO at industrial cybersecurity company Claroty.
“Cyber-physical devices such as Internet of Things (IoT) devices and Industrial IoT (IIoT), are not always designed with security in mind, meaning they can have a number of vulnerabilities for threat actors to exploit.”