But ... why?
Apparently not ransomware or foreign spying. Workplace grudge? Or just 14 yr old minds stuck in the bodies of adults having a bit of adolescent fun? Thank god they didn't have a way to remotely pull the rods.
Spain's national police say they have arrested two former government workers suspected of breaking into the computer network of the country's radioactivity alert system (RAR) and disabling more than a third of its sensors. The intrusion happened between March and June 2021, and the two suspects worked for a company contracted …
QUOTE:Apparently not ransomware or foreign spying
Due to the non-stealth nature of the attack, the most plausible explanation is either 1) Grudge or 2) Profit. In (1) they got really mad at someone from work, and in (2) a certain company will receive huge money to fix the attack.
If it the attack was stealth, in preparation for a major action, I would bet separatists.
When safety sensors stop working, nuke plants often shut down as a precaution. It could be that the attackers were hoping that it would cause instability in energy supply / pricing?
With all of the Billions that can be had from fluctuating prices currently, I wouldn't be surprised if they had something to gain from it. My £5 is on 2) Profit.
> When safety sensors stop working, nuke plants often shut down as a precaution
I might have misunderstood the article, but those two seemed to work for the Spanish Civil Defense, not for the nuclear plants themselves. Meaning that their sabotage won't affect the plants, it would just allow any potential radiation leaks to go unnoticed by the civil defense (plants have their own detectors).
Now conspiracy theorists of the environmental kind would immediately assume those two are paid by the nuclear plants who won't have to worry about spilling their radioactive innards all over the countryside, but that seems way too far-fetched. I know if I was an evil nuclear power plant director and wanted to cover my dumping radioactive waste in the nearby lake, I definitely wouldn't go about it that way: This plan was bound to fail, one can even wonder why it took them so long.
They worked as "maintenance contractors", so presumably that means IT support/infrastructure on the CBRN side. 1-2 companies come to mind who likely provide those services
It takes a special kind of individual to disable nuclear safety sensors. I have to assume profit motive would entail loss of a contract, or perhaps highlighting an extremely old IT infrastructure that requires modernization, with commercial interests seeking to highlight it.
It does, if used properly. The default stance isn't to immediately assume that someone is lying just because they could personally gain from doing so, or even just because they can for no good reason.
Occam's Razor isn't a law, rather it's a philosophical tool. It suggests that the hypothesis with the least number of assumptions is most likely to be true. Gaining evidence reduces the number of assumptions needed for a hypothesis, thus affecting how likely it is to be true compared to other hypotheses.
You missed out the most important part i.e. "all things being equal".
People are not equal and can lie for no reason therefore they cannot be considered to be simple especially if they are aware Occums will be applied.
If things were otherwise then there would be no need to investigate crimes, since the most obvious suspect need only to be asked and they would confess.
Rather than Occam, a better razor to use here is Hanlon's:
"never attribute to malice that which is adequately explained by stupidity."
Maybe they were shit at their job, accidentally deleted the control app, and they were actually trying to log into the sensors to fix them before their boss noticed, but fucked it up even worse?
Why were these sensors accessible through the internet? A popular place of hospitality sounds suspiciously like Starbucks or a local equivalent. Why wouldn't these sensors be broadcast only with modifications only via physical access? Yeah, I get it. It's so much easier to push out changes to all of them at once, but this is the sort of thing where you'd think they would have worked it all out before the devices were deployed. It's also something that should be very simple to begin with.