Wi-Fi at major UK train stations hacked to display terror messages


Passengers logging on to public Wi-Fi at some of the biggest train stations in the UK, including London King’s Cross and Manchester Piccadilly, were met with messages about terror attacks in Europe.

The cyberattack impacted 19 train stations across the UK, all managed by Network Rail, a governmental agency that maintains most of the railway structure in the country.

Network Rail suspended Wi-Fi services at stations across the country following the cyberattack and confirmed it remained offline.

ADVERTISEMENT

It said in a statement: “We are currently dealing with a cyber security incident affecting the public Wi-Fi at Network Rail’s managed stations.”

The cyberattack affected at least ten stations in London, including London Bridge, Euston, and Waterloo, as well as stations in Birmingham, Manchester, Glasgow, and Edinburgh among others.

British Transport Police are investigating the incident. Network Rail said that other organizations might have been affected by the attack.

“This service is provided via a third party and has been suspended while an investigation is under way," it said.

It has been confirmed that the Wi-Fi service across the affected stations was provided by Telent, a telecommunications company, which said it was aware of the “security incident” and was investigating.

"We have been informed there is an ongoing investigation by the British Transport Police into this incident, so it would not be appropriate to comment further at this stage," the company said.

It also said, “We do not believe any other Telent customers or services provided by Telent are impacted.”

The police said it received first reports of a cyberattack displaying “Islamophobic messaging” around 5.03pm on Wednesday (September 25th).

ADVERTISEMENT

Spate of cyberattacks targeting public services

It is not yet known who carried out the attack, but “it is clearly being used to ignite fear in the UK public and to voice a strong political message,” according to William Wright, chief executive at Closed Door Security, a cybersecurity firm.

The incident follows recent attacks against the Transport for London (TfL) and Synnovis, a National Health Services (NHS) provider. The latter was claimed by the Qilin ransomware group that is believed to be Russia-linked.

“It’s clear nation-state adversaries have set their sights on the UK and are determined to cause the country harm,” Wright said.

“Other organizations should once again use this incident as a reminder to improve their defenses against attacks and to ensure all suppliers practice good cyber security hygiene.”

Network Rail manages 20 of the biggest and busiest train stations in the UK. Only one of those, St Pancras, was not affected by the cyber incident. The full list of impacted stations:

  • Birmingham New Street
  • Bristol Temple Meads
  • Edinburgh Waverley
  • Glasgow Central
  • Guildford
  • Leeds
  • Liverpool Lime Street
  • London Bridge
  • London Cannon Street
  • London Charing Cross
  • London Clapham Junction
  • London Euston
  • London King’s Cross
  • London Liverpool Street
  • London Paddington
  • London Victoria
  • London Waterloo
  • Manchester Piccadilly
  • Reading