Following a recent cyber attack, public Wi-Fi services at 19 major railway stations in the UK, including several London terminals, are currently undergoing restoration. The attack, which occurred on Wednesday 25 September, displayed Islamophobic messages on the landing pages as users attempted to connect.
While the perpetrator of the attack is still unknown, there are speculations that far-right hacktivists may be behind it. As a result of the incident, the Wi-Fi services were immediately taken offline for investigation and remediation. As of now, the services remain disrupted and may take up to 48 hours to be fully restored.
In a statement, a Network Rail spokesperson stated, “Last night, the public Wi-Fi at 19 of Network Rail’s managed stations experienced a cyber security incident and was promptly taken offline for investigation. The incident is currently under thorough examination.”
“The Wi-Fi service, provided by a third party, is self-contained and does not collect any personal data. Once final security checks are completed, we anticipate the service to be restored by the weekend,” the spokesperson added.
Telent, the operator of the affected networks, mentioned, “Following the incident, Telent has been collaborating with Network Rail and other stakeholders. Through investigations, it was discovered that an unauthorized change was made to the Network Rail landing page, leading to criminal investigations by the British Transport Police.”
“No personal data has been compromised. As a precaution, Telent temporarily suspended all Global Reach services to ensure no other customers were impacted,” they further explained.
The affected stations include Birmingham New Street, Bristol Temple Meads, Clapham Junction, Edinburgh Waverley, Glasgow Central, Guildford, Leeds, Liverpool Lime Street, and more.
Lone attacker or nation-state threat?
While concerns about cyber attacks on critical infrastructure like the UK’s rail network are valid, the targeted nature of the attack on Network Rail suggests it may not be the work of typical cyber criminals. The possibility of a nation-state involvement remains uncertain. Nation-state actors have been known to operate through online hacktivists, especially after recent geopolitical events.
Jake Moore, a global cyber security adviser, noted, “Cyber attacks often aim to go unnoticed until significant damage is done. However, defacing a Wi-Fi login screen with a terror message indicates a different motive – possibly testing general security rather than posing a serious threat, likely through a phishing campaign.”
“Financially motivated cyber criminals seek data for theft or ransom demands. In this case, no specific demands have been made apart from enhancing security measures following a previous attack on TfL,” Moore added.
