Cybercriminals Hack UK Rail Network Wi-Fi

Written by

Several major UK train stations, including London Euston, Manchester Piccadilly and Liverpool Lime Street, have been targeted in a cyber-attack, in which Islamophobic messages have been displayed to passengers attempting to connect to public Wi-Fi.

In total, 19 railway stations managed by Network Rail have been impacted by the incident which began on September 25.

Details of the Attack

The hack redirected passengers to a webpage with offensive content referencing a past UK terror attack. The affected Wi-Fi system, operated by the telecommunications company Telent, was swiftly taken offline as investigations began.

Network Rail suspended the Wi-Fi service at all its stations nationwide while addressing the issue.

British Transport Police received reports of the attack around 5:00 pm on the day of the incident. They are now working closely with Network Rail and Telent to investigate the breach.

A spokesperson for the police assured the public that the investigation is moving forward “at pace.” Network Rail emphasized that the compromised Wi-Fi service is a third-party platform that does not collect users’ personal data.

Telent, on the other hand, clarified that the breach was carried out via an unauthorized change to the landing page through a legitimate administrator account.

As a precaution, they have halted all services provided by the landing page supplier, Global Reach, while verifying that no other customers were affected.

“The attack on the public Wi-Fi at UK railway stations shows how vulnerable our critical national infrastructure can be when third-party services aren’t properly secured. It’s worrying that a system like this, used daily by thousands of passengers, was compromised and used to display terroristic messages,” noted Jamie Moles, Senior Technical Manager at ExtraHop. 

Implications for National Security

This latest incident follows a cyber-attack targeting Transport for London (TfL), which resulted in some online services being limited and customer data being breached. 

Closed Door Security CEO William Wright commented that, given the latest incident involving Network Rail Wi-Fi follows so closely in the wake of the attack on TfL, it’s clear nation-state adversaries have set their sights on the UK and are determined to cause the country harm.

Read more on the TfL data breach: TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested

Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO at Delinea, added, “Yet again, malicious hackers have reminded us that significant infrastructure will remain vulnerable if organizations fail to assess cyber-risks and monitor access to critical systems. Identities and credentials are the most overlooked vulnerabilities that organizations have, but the knowledge is critical for detection and prevention. Today’s hack was a threat, we don’t know what tomorrow might bring and as a nation, we can’t afford to be unprepared.”

Wi-Fi services at the stations are expected to be restored by the weekend.

Image credit: Victor Moussa / Shutterstock.com

What’s hot on Infosecurity Magazine?