The Government studies legal actions for the cyber attack on the 9-N consultation of 2014

The Government is studying what legal and legal actions it can take after finding out who was responsible for the cyberattack suffered by various websites of the Generalitat on the occasion of the consultation on November 9, 2014, which affected various services of the Catalan administration.

Thomas Osborne
Thomas Osborne
15 February 2023 Wednesday 10:24
18 Reads
The Government studies legal actions for the cyber attack on the 9-N consultation of 2014

The Government is studying what legal and legal actions it can take after finding out who was responsible for the cyberattack suffered by various websites of the Generalitat on the occasion of the consultation on November 9, 2014, which affected various services of the Catalan administration.

Behind this action is a 50-year-old Israeli businessman, Tal Hanan, who operates under the pseudonym 'Jorge' and works for intelligence services and government security agencies in various countries. He is director general of the security and defense firm DemoManInternational Ltd and a former deputy commander of the Israeli army, and is also linked to Cambridge Analytica – the British consultancy that has participated in disinformation campaigns in the elections in the United States and in the United Kingdom – according to reports published this Wednesday by the Forbidden Stories consortium of journalistic headlines, in which El País participates along with other international media.

In addition, according to The Guardian, his team has participated in the manipulation of more than 30 electoral processes through hacking, sabotage and disinformation on social networks.

This businessman, when he sells his services to potential clients, as verified by a team from the aforementioned media consortium, attributes that cyberattack to the Generalitat, among many others, and in the promotional video he includes the newspaper library of La Vanguardia with information on A few days after the November 9 referendum in which the Catalan executive denounced "world-class computer attacks."

The attack in question, as the Catalan executive explained at the time, consisted of a DDoS attack or distributed denial of service attack: directing traffic to the pages of the Generalitat 20,000 times higher than usual on November 8, 2014 and 60,000 times higher , on November 9, coinciding with the consultation. An action that caused an overload. The referendum portal –www.participa2014.cat– was attacked, but it had additional protection on its servers and it did not go down, according to sources who had responsibilities at that time in the administration. On the other hand, other issues were affected, such as the electronic prescription service, the access of the medical emergency service to medical records, the manager of police requests, corporate mail, the meteorological service, various pages of the Generalitat or the e-justice portal, among others.

The origin of the attacking traffic was mainly the United States, and to a lesser extent Ukraine, Russia and China, and the Generalitat pointed out that it was a cyberattack "entrusted to specialists, with prior planning and studied objectives".

President Pere Aragonès has demanded "transparency" and to clarify the facts. In addition, he has denounced "dirty play, outside the democratic norms that they proclaim so much and that they skip at the first against the independence movement", in a veiled allusion to the State. For her part, the Minister of the Presidency, Laura Vilagrà, whose portfolio includes cybersecurity powers since the restructuring of the Catalan Executive due to the departure of Junts, assures that they will investigate "what or who may be behind the attack", although she points out that it is "premature" to advance scenarios and possibilities. In any case, the Government has not yet contacted the central Executive.

The then president of the Generalitat, Artur Mas, has called in a statement for an investigation to find out who commissioned the attack on the Israeli company and recalled that "basic and essential" services of the administration were affected. Likewise, the former president regrets that "although an action of these characteristics is of a criminal nature, no State body promoted an investigation in this regard."

In a similar vein, the former Minister of Digital Policies Jordi Puigneró, politically responsible for the computer systems of the Generalitat in 2014 –of the Center for Information Security of Catalonia (Cesicat)–, calls for an investigation both in the central government and in the Catalan Executive as well as in the European institutions, and affirms that the suspicions point to the State. “Who cared?” he asks. “They also said that they had never bought Pegasus before and later admitted that they had,” he says.

Puigneró points out that that attack was one of the ten most powerful that took place that year in the world and the largest that had occurred in Spain to that date. As a result, the Government decided to create the Agència de Ciberseguretat de Catalunya, whose function is to ensure computer security and also the ability to investigate the origin of computer attacks.

After the consultation, it was decided to create said agency and thought about the strategy, with Mas even as president. In the mandate of Carles Puigdemont, the law that allowed its creation was approved, which was appealed to the Constitutional Court although the Generalitat was later agreed with, and it was launched with Quim Torra at the head of the institution. The entity was attached to the Department of Digital Policies, but when that portfolio was eliminated it is now under the baton of the Ministry of the Presidency.

“Now we are more prepared and it is more difficult to carry out a cyber attack like this, although there is never 100% protection,” says Puigneró, who stresses that if the State contracted the services as they suspect – “nothing suggests that it was not them, white and in a bottle”, he stresses – it is “serious” because it is about “a State attacking State institutions” [the Generalitat] and because it left that chapter “without investigating”. "Nothing was done then, although we already knew that it was not a matter of four fans," he complains.

In addition, the former minister points out that other regional governments and even regional executives from other countries have approached the Generalitat in recent years to create a similar entity in their respective administrations.