Was the blackout in Spain caused by a Flipper Zero device?
Renewable power grids in Europe use unencrypted radio signals to add and shed loads. Signals from the Radio Ripple Control can be hacked with a Flipper Zero device.
Authorities in Spain and Portugal are denying the blackout was caused by a cyberattack. Some initial authorities blamed a "rare atmospheric phenomenon" which has since been backtracked. Juan Manuel Moreno, the president of the regional government of Andalucia, stated: “Everything points to a blackout of this magnitude only being due to a cyberattack.”
The Initial Cause of the Blackouts
Spain rules out cyber attack - but what could have caused power cut? | BBC | April 29, 2025
Spain's Prime Minister Pedro Sánchez said investigators were trying to pinpoint the cause, and then would take all necessary measures "to ensure that this does not happen again."
Sánchez on Monday evening said 15GW of power - the equivalent to 60% of demand at that time - was "suddenly lost from the system... in just five seconds".
Mr. Prieto said during a news conference on Tuesday that there were two "disconnection events" barely a second apart in the south-west of Spain, where there is substantial solar power generation.
One issue that the Spanish grid operator may have been referring to was when power companies identify a mismatch of supply and demand for electricity that could lead to instability, and disconnect temporarily in order to protect their systems.
However, Sánchez later said the power cut was "not a problem of excessive renewables". He said there was not a failure of coverage - meaning supply - and there was a relatively low demand for electricity that was quite normal in the days running up to the crisis.
Was it linked to a ‘rare atmospheric event’?
Portugal's grid operator REN refuted initial reports, attributed to the agency on Monday, which said the blackout was caused by a rare atmospheric event.
The message in Portuguese said that "due to extreme temperature variations in the interior or Spain, there were anomalous oscillations in the very high voltage lines (400 KV), a phenomenon known as 'induced atmospheric vibration'".
"These oscillations caused synchronisation failures between the electrical systems, leading to successive disturbances across the interconnected European network."
However, REN spokesman Bruno Silva told AFP on Tuesday that the grid operator "did not put out this statement," without giving further details.
So, let’s recap:
15GW of power - the equivalent to 60% of demand at that time - was "suddenly lost from the system... in just five seconds".
There were two "disconnection events" barely a second apart in the south-west of Spain and a relatively low demand for electricity that was quite normal in the days running up to the crisis.
The power cut was "not a problem of excessive renewables."
Ok, got it.
How to Hijack 15 GW of Power in Spain
The renewable power grid in Europe uses unencrypted radio signals to add and shed loads. Signals from the Radio Ripple Control can be hacked with a Flipper Zero device which can instruct the facility to withhold electricity from the grid.
Researchers say new attack could take down the European power grid | Ars Technica | January 23, 2025
Late last month, researchers revealed a finding that’s likely to shock some people and confirm the low expectations of others: Renewable energy facilities throughout Central Europe use unencrypted radio signals to receive commands to feed or ditch power into or from the grid that serves some 450 million people throughout the continent.
Hijacking 60 GW of power
The researchers, who presented their work last month at the 38th Chaos Communication Congress in Hamburg, Germany, wondered if they could control streetlights in Berlin to create a city-wide version, though they acknowledged it would likely be viewable only from high altitudes. They didn't know then, but their project was about to undergo a major transformation.
After an extensive and painstaking reverse-engineering process that took about a year, Bräunlein and Melette learned that they could indeed control the streetlights simply by replaying legitimate messages they observed being sent over the air previously. They then learned something more surprising—the very same system for controlling Berlin’s lights was used throughout Central Europe to control other regional infrastructure, including switches that regulate the amount of power renewable electric generation facilities feed into the grid.
Collectively, the facilities could generate as much as 40 gigawatts in Germany alone, the researchers estimate. In addition, they estimate that in Germany, 20 GW of loads such as heat pumps and wall boxes are controlled via those receivers. That adds up to 60 GW that might be controllable through radio signals anyone can send.
Ripple effect
The Radio Ripple Control in use today sends signals not just for managing streetlights and grid allocations throughout Central Europe. It also controls various other functions, including those for delivering weather forecasts, synchronizing times, and controlling electricity pricing tariffs. Roughly 300 customers, most of them electric companies, use Radio Ripple Control for grid allocations from small- and medium-sized renewable facilities.
These customers—known as EVUs, short for Energieversorgungsunternehmen (power supply company)—use either a Web or VPN desktop app to send one of the three transmitters instructions to either feed power into or ditch power from the grid. The transmitter, in turn, sends the instructions as a telegram to a radio receiver located at the power facility the EVU wants to control. When grid supply exceeds the amount of power needed at a given moment, the telegram instructs the facility to withhold electricity from the grid. When supply runs low, the telegram will instruct the facility to feed in energy.
No confidentiality, no authentication
These signals aren't encrypted to provide either confidentiality or authentication. That means anyone can listen in, record them, and play them back over the same frequencies. People can go much further, as Bräunlein and Melette did, by learning to speak the same arcane language that Radio Ripple Control does.
Among the first steps in the research duo's reverse engineering process was purchasing nine receivers—known as FREs in Radio Ripple Control parlance—from different manufacturers of the devices. The researchers then implemented an emulator of the real transmitter. To do that, they used an ESP microcontroller outfitted with a waveform generator and, for an antenna, a coil from a wireless phone charger. They used capacitors to tune their emulator to the correct frequencies. With that, the researchers could now send and receive telegrams in their lab.
Strange Deaths Linked to Siemens Who Provides Industrial Control Systems for Renewable Energy Grids.
In a matter of weeks, Agustin Escobar, Siemens Spain's top executive, died in a helicopter crash in New York City on April 10, while Jessica Aber, a former US Attorney who oversaw an espionage case involving Siemens Energy, was found dead in her home on March 22. Escobar’s wife, who also died in the crash, also worked at Siemens Energy.
In 2023, Siemens data was stolen during the recent Clop ransomware using a zero-day vulnerability in the MOVEit Transfer platform. Siemens designs, develops a wide range of industrial control systems such as state-of-the-art power, heat generation units, renewable energy systems, on and off-site energy delivery systems, and flexible power transmission solutions.
In 2022, a flaw for securing passwords in Siemens building automation controllers was identified. The vulnerability could be exploited to disrupt a device that could make it “unavailable for days.”
In 2014, a flaw code was found in in reprogrammable memory chips that could allowed smart meters in Spain to be hacked. While to story doesn’t mention the company, Siemens also makes smart meters.
With Siemens deep ties to China, we have to ask ourselves were these “flaws” or backdoors?
Siemens AMIS System Architecture with the Ripple Control Center outlined in orange.
In 2017, the US charged three Chinese hackers for accessing a Siemens computer network and stealing data pertaining to energy, technology and transportation.
U.S. Charges Three Chinese Hackers Who Work at Internet Security Firm for Hacking Three Corporations for Commercial Advantage | United States Department of Justice | November 27, 2017
In 2014, Dong accessed Siemens’s computer networks for the purpose of obtaining and using employees’ usernames and passwords in order to access Siemens’ network. In 2015, the co-conspirators stole approximately 407 gigabytes of proprietary commercial data pertaining to Siemens’s energy, technology and transportation businesses.
Trump vs. Spain
Donald Trump erroneously called Spain a BRICS member when a journalist asked him about countries who don’t meet the NATO minimum for defense spending. Spain ranked dead last out of the 32-nation military alliance and only spent 1.28% of their GDP on defense in 2024.
Trump mistakes Spain for a member of the BRICS bloc and repeats the threat of massive tariffs | AP News | January 21, 2025
Trump started his answer by saying “Spain is very low,” referring to its defense expenditures, but quickly veered into speaking about the BRICS.
“They’re a BRICS nation, Spain. Do you know what a BRICS nation is? You’ll figure it out,” he told the reporter from the presidential desk in the Oval Office.
On April 11th, U.S. Treasury Secretary Scott Bessent singled out Spain for its move toward China. Telling them any country that tries to get closer to China would be “cutting their own throat.”
Possible Motives for Cyberattack
April 22nd, Spanish Prime Minister Pedro Sánchez laid out a plan to meet NATO's target of spending 2 percent of GDP on defense by the end of the year by citing the "rapidly evolving geopolitical and economic context."
Spain unveils plan to meet NATO’s defense spending target this year | POLITICO | April 22, 2025
Previously, the country only aspired to meet the NATO goal by 2029, but in recent months Washington and Brussels have been pressuring Madrid to speed up that timeline. During a meeting with Spanish Economy Minister Carlos Cuerpo last week, U.S. Treasury Secretary Scott Bessent insisted that Spain needed to boost defense spending.
Around a third of the new funds are set to be used to improve conditions for members of Spain's armed forces, who will receive significant raises. Another €3.26 billion will be allocated for telecommunication and cybersecurity expenditures, which Sánchez said would reinforce the country's "digital shield," and €1.9 billion will be earmarked for new defense and deterrence equipment.
On April 24th, Spain halted a controversial $7.5m deal to buy ammunition from Israel following criticism from far-left allies within the governing coalition.
It’s too early to know anything for certain, but I’ll keep an eye on it as things develop. Fair warning, I am not techie in any way. I just collect the information and try to make sense of it. If anyone has more information on what happened in Spain, please let me know.
I’ve previously written about the California fires and how they seemed to be caused by load oscillating attacks by hacked smart meters.
You can follow me on X.com @DCinTejas—my DMs are always open—or email me at DCinTejas@proton.me for tips. If you email me, just DM me on Twitter/X, so I know to check it. Thanks!
-DeAnna Calderón
ACTUALLY, SOME SAY THIS WAS A REAL BLACK OUT FROM A SOLAR ERUPTION ON THE SUN… AND BECAUSE SPAIN WAS INLINE WITH IT AT THE TIME, IT DID GET IT.
Retarded nonsense. Lack of grid inertia due to too much reliance on solar was the problem.