An Israeli businessman who works for intelligence services and international government security organizations has attributed the cyberattack to the Generalitat during the independence referendum of 9-N of 2014, which the then president of the Generalitat, Artur Mas, denounced as the most important suffered by the Catalan administration throughout its history and which essentially consisted of allowing traffic up to 60,000 times higher than usual, coinciding with the participatory process.
An investigation by the journalistic organization Forbidden Stories, in which El País participates along with twenty other media such as The Washington Post, The Guardian, Le Monde, Der Spiegel, among others, has revealed that behind that attack was Tal Hanan, a 50-year-old businessman, who assures that his companies work for intelligence services, have participated in 33 campaigns and offer "disinformation" to governments, candidates and companies.
Tal Hanan, according to this investigation, is a technology expert, deputy commander of the Israeli army and linked to the British consultancy Cambridge Analytica, a company that was accused of using millions of Facebook users to influence Donald Trump's victory in 2016.
According to the investigation, under the pseudonym Jorge, Tal Hanan, exhibited last July as a success story in meetings with potential clients the biggest offensive in the network that Catalonia has registered. The video that Hanan's potential clients watch in restricted meetings at his offices on the outskirts of Tel Aviv highlights "among the services he did or can do," the ability to "kill the Internet in a European country during a historic referendum ”.
According to official sources consulted by La Vanguardia at the time, it was a type of attack technically known as "distributed origin service denial". In essence, it consisted of bringing traffic 20,000 times higher than usual to the Generalitat's websites on the 8th and 60,000 times higher on the 9th, coinciding with the participatory process.
During the 8th, the Generalitat websites such as Participa2014.cat fell. Despite the attack, the service provider was not affected and the availability of the web was guaranteed. The electronic prescription service, the Medical Emergency Service's access to clinical records, the police request manager, corporate mail, the weather service, the Generalitat's press room, and the www.gencat portal were also affected. cat, the websites www.president.cat, informative www.govern.cat, the DOGC portal, the DEMO information procedures map, the public procurement platform of the Department of Economy and the e-justice portal, among others. On the contrary, the police, emergency and civil protection services were not affected.
According to sources from the Generalitat, Cescicat immediately took measures to neutralize the attack and restore services, starting with those that had a more direct impact on the normal functioning of public administrations (health and safety). Thus, extraordinary containment measures were taken (blocking of suspicious incoming traffic, investigation of the accident, change in communication routes and intrusion detection and protection equipment) and perimeter security was reinforced by incorporating sensors.
Most of these problems were resolved throughout the same Saturday the 8th.
The robustness of the actions taken was verified on Sunday the 9th, when the attack intensified: traffic was 60,000 times higher than usual (it tripled compared to the 8th). It was possible to resist without remarkable incidents in the services of the Generalitat. On the 10th, the attack still persisted, although its intensity dropped significantly. The sources consulted consider that the attacks on the 8th were tests of the resilience of the Generalitat's perimeter for the design of new attacks on 9N.
During these days there were only three more intense cyberattacks in the rest of the world and 90% of all the attacking traffic detected in Spain was concentrated on the websites of the Generalitat.
According to the same sources, the nature of the attack absolutely ruled out that it was a spontaneous or coordinated "hacktivism" action, and they assured that it was "without a doubt" an attack "entrusted to specialists, with prior planning and studied objectives." Thus, the "motivation and directionality" of the attack had the objective of affecting, "in a specific temporary context, the normal development of the participatory process of 9N, the institutional image of the Generalitat and its ability to communicate and disseminate with the citizenry."
Thus, for the Generalitat there was no doubt that the attack had "a clear political intent" and its author had "contacts in the world of international cybercrime" and had a "considerable budget to finance it."
The origin of the attacking traffic originated mainly from the United States, and to a lesser extent from Ukraine, Russia and China. The attacks had the same pattern as the receipts of September 11 of that year against the FGC and TMB mobility information websites and in mid-October
This type of attack has been classified as a crime of damage included in article 264.2 of the Penal Code, which establishes for its perpetrators a sentence of deprivation of liberty from six months to three years. Also taking into account that the aggravating factors established in section 3 of the same article would be concurrent, it would be possible to determine the application of these penalties in their upper half.
The former president of the Generalitat, Carles Puigdemont, and has taken advantage of the publication of the investigation to ask the European Parliament on his Twitter account to include these revelations "to clarify foreign interference in political processes in Europe, and specifically disinformation about Catalan independence".
For his part, the former Secretary General of the Diplocat Albert Royo, who has seen how the Barcelona Court ordered yesterday to reopen the investigation against him for the expenses of the trip to Catalonia of eight European parliamentarians as observers of 9-N and for the production of twenty videos to promote the consultation, he regretted that no one is going to "investigate the fakenews and hacking campaign against 9-N that cost millions of euros", but that "certain judges" are willing to reopen a case with a final sentence (the of the 9N against the Generalitat) "to continue persecuting independentistas".
