Century-old technology hack brought 20 trains to a halt in Poland

Recent cyberattacks against Polish State Railways lacked an essential feature. Rather than modern, cyber-based methods, saboteurs used old-fashioned radio to send stop signals, wreaking havoc on the state's transportation system. Two suspects were detained.

On Saturday night, hackers spoofed an unauthorized radio-stop signal to trains in the north-western Zachodniopomorskie province, according to Polish State Railways (PKP) and state-run Polish Press Agency (PPA).

Multiple stop signals halted approximately 20 trains, causing delays and standstills. According to the BBC, hackers also transmitted Russia’s national anthem and Russian President Vladimir Putin‘s speech.

Earlier in the week, a freight train and a regional passenger train were involved in a minor collision, and an inter-city train was de-railed in the northeast of Poland.

PKP stated that all passengers were safe, and services were resumed a few hours later.

Polish intelligence services have launched an investigation raising the possibility of sabotage.

Stanislaw Zaryn, the deputy coordinator of the intelligence services, told PPA that known attempts by Russia and Belarus to destabilize the Polish state have been going on for months.

After train drivers reacted to received radio-stop signals, it took 1-7 minutes to confirm with rail traffic controllers that the situation presented no danger and to resume the journey.

Two suspects, both Polish citizens aged 24 and 29, were taken into custody in the eastern city of Bialystok, according to AFP. They’re suspected of illegally hacking into the national railway’s communications network and destabilizing the traffic. Polish authorities also seized radio equipment from their residence.

Poland is a central hub for the transit of Western weapons sent to Ukraine. This year, Poland's internal security service ABW arrested members of an alleged Russian spy ring, allegedly tasked with sabotaging railways and disrupting supplies.

A cheap radio transmitter is all that’s needed

The hackers used railway frequencies to transmit a signal that triggered the emergency stoppage of trains.

A simple and cheap radio transmitter is all that’s needed to spoof a radio command. In Poland, the communication on the railway network is carried out by an analog VHF 150 MHz system. The country is set to migrate to a newer digital encrypted alternative, the GSM-R system, by the end of 2024. An analog radio system lacks any encryption or authentication.

Lukasz Olejnik, a Polish-speaking independent cybersecurity researcher and consultant and author of the forthcoming book Philosophy of Cybersecurity, explained to Wired that hackers had to send a series of three acoustic tones at a 150.100 megahertz frequency that triggered the train’s emergency stop function.

According to him, anyone could do it, as the frequencies and tones are known, the equipment is cheap, and there are even YouTube videos and railway forums explaining the procedure.

The first use of radio to control trains dates back to the early 20th century.