Cybersecurity incident affects Wi-Fi at some British train stations

LONDON: A cyberattack has hit public Wi-Fi in some of Britain's largest train stations, including Manchester Piccadilly, Birmingham New Street, Edinburgh Waverley, Glasgow Central and ten stations in London, the German news agency (dpa) reported, citing local news.

In Wednesday's cyberattack, passengers who tried to log into the WiFi website reportedly saw news about terrorist attacks in Europe.

The Manchester Evening News reported that after the hack, the Wi-Fi website displayed the message “We love you Europe” and also included information about terrorist attacks.

Network Rail, which manages the train stations, has suspended Wi-Fi services at stations across the country following what it called a “cybersecurity incident”.

A Network Rail spokesperson said: “We are currently dealing with a cybersecurity incident affecting public Wi-Fi at stations managed by Network Rail.

“The British Transport Police are investigating the incident.

“This service is provided through a third party and has been suspended while the investigation is ongoing.”

The British Transport Police said: “We received reports yesterday at around 5.03pm [1603 GMT on September 25] a cyberattack in which anti-Islamic messages were displayed on some of Network Rail's Wi-Fi services.

“We are working with Network Rail to investigate the incident expeditiously.”

Telent, the third-party company that provides Wi-Fi for Network Rail, said it was also investigating the incident.

“We are aware of the cybersecurity incident affecting public Wi-Fi at stations managed by Network Rail and are investigating the incident with Network Rail and other stakeholders,” a company spokesperson said.

“We have been informed that British Transport Police are currently investigating this incident, so it would not be appropriate to comment further at this time.”

According to the company's website, Telent helps design, build, support and manage some of the UK's “critical digital infrastructure”. Its other clients include Openreach, Transport for London (TfL), National Highways, the Maritime and Coastguard Agency and the NHS Ambulance Radio Programme.

It has not yet been confirmed whether other Telent customers are affected by the incident.

Jake Moore, global cybersecurity advisor at Eset, said the incident appeared to be an attempt to highlight a lack of security rather than a “real threat.”

“Cyberattacks often operate in stealth mode, attempting to carry out activities without anyone noticing until the actual damage is complete,” he said.

“However, the defacement of the Wi-Fi login screen with a terror message suggests that the motive may be to test general security rather than pose a real threat – and in this case, via the weakest link in the supply chain and most likely via a phishing campaign.

“Financially motivated cybercriminals are looking for data that they can either steal or sabotage, demanding a ransom.”

– Bernama, dpa