Train stations targeted in apparent cyber-attack
Network Rail is investigating
Last updated 26th Sep 2024
Network Rail is investigating an apparent cyber-attack on a number of stations in the UK.
Passengers trying to log onto wi-fi networks on Wednesday night (September 25) were reportedly taken to a webpage, listing terror attacks in Europe.
Those affected included London Euston, Manchester Piccadilly, Liverpool Lime Street and Birmingham New Street.
Network Rail shut down the networks and confirmed it was still experiencing issues around 9pm.
A Network Rail spokesperson said: "We are currently dealing with a cyber security incident affecting the public wifi at Network Rail's managed stations.
"British Transport Police are investigating the incident.
"This service is provided via a third party and has been suspended while an investigation is under way."
British Transport Police said: "We received reports at around 5.03pm yesterday (September 25) of a cyber attack displaying Islamophobic messaging on some Network Rail wifi services.
"We are working alongside Network Rail to investigate the incident at pace."
Telent, the third-party firm which provides wifi for Network Rail, said it was also investigating the incident.
"We are aware of the cybersecurity incident affecting the public wifi at Network Rail's managed stations and are investigating with Network Rail and other stakeholders," a company spokesperson said.
"We have been informed there is an ongoing investigation by the British Transport Police into this incident, so it would not be appropriate to comment further at this stage."
According to its website, Telent helps design, build, support and manage some of the UK's "critical digital infrastructure", and its other customers include Openreach, Transport for London (TfL), National Highways, the Maritime and Coastguard Agency and the NHS Ambulance Radio Programme.
It has not yet been confirmed if any of Telent's other customers have been impacted by the incident.
Jake Moore, global cybersecurity adviser at Eset, said the incident appeared to be an attempt to draw attention to a lack of security, rather than a "genuine threat".
"Cyber attacks often occur in stealth mode and attempt to carry out activities without anyone noticing anything until the real damage is complete," he said.
"However, by defacing the wifi logon screen with a terror message suggests that the motive may simply be to test its general security rather than to pose a genuine threat - and in this case, via the weakest link in the supply chain and most likely via a phishing campaign.
"Financially motivated cyber criminals are out to find data they can either steal or sabotage with a ransom demand put in place.
"However, it seems nothing more has been demanded here other than more security in place following a separate attack on TfL earlier this month."
- The stations affected are:
Birmingham New Street;
Bristol Temple Meads;
Edinburgh Waverley;
Glasgow Central;
Guildford;
Leeds;
Liverpool Lime Street;
London Bridge;
London Cannon Street;
London Charing Cross;
London Clapham Junction;
London Euston;
London King's Cross;
London Liverpool Street;
London Paddington;
London Victoria;
London Waterloo;
Manchester Piccadilly;
Reading