Just a few weeks after a BBC drama depicted the very extreme end of the possibilities of a cyberattack on the UK rail network, an actual cyberattack has forced major terminals in the country to turn off their free passenger wifi services.
While Nightsleeper showed the hacking of a whole bi-modal intercity locomotive and train, its wider point was the potential weakness of the UK railways’ cyber security.
The apparent attack on the customer internet services at London Euston, Manchester Piccadilly and Birmingham New Street seems less significant, but the response of infrastructure (including stations) manager Network Rail was swift.
“We are currently dealing with a cybersecurity incident affecting the public wifi at Network Rail’s managed stations. This service is provided via a third party and has been suspended while an investigation is underway,” a spokesperson said.
Reports suggested passengers who logged on at Manchester Piccadilly were taken to a webpage titled “we love you, Europe”, which contained Islamophobic messages and details of several terrorist attacks.
Alex Akinbi, senior lecturer in cyber security at Manchester Metropolitan University, said the attack appeared to be an inside job, but that it indicated further threats to the public and their data remained when connecting to public networks.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“Although the incident with Network Rail appears to be an alleged insider threat linked to someone with internal access to the network infrastructure displaying terror-related messages… A more sinister scenario could have severely impacted rail passengers through man-in-the-middle attacks, compromising customer personal data or malware infection/distribution.”
“It is much better to use their personal mobile hotspots as an alternative if they can avoid using public Wi-Fi networks,” he added.
However, the response to simply turn off the vital tool could be worrying.
While some experts suggested the important part of unpredictable cyberattacks is the network’s recovery, the shutdown could indicate a lack of up-to-date planning.
But Akinbi said Network Rail did “the right thing.”
“I think Network Rail did the right thing by temporarily disabling the affected Wi-Fi networks to prevent further exposure or harm to users while they conduct an internal investigation and then restore the service. This is a typical incident response to such attacks.”
Despite this, there are ways to avoid such attacks.
“Ideally, they should have technical countermeasures in place to prevent such attacks in the first place. The account of the internal administrator that was used in the attack should have Two-Factor Authentication (2FA) set up to prevent the account from being compromised by hackers and used in this type of attack. Moreover, they should have a robust monitoring and auditing procedure for monitoring and logging employee actions for any suspicious activities to detect such threats early,” Akinbi told Railway Technology.
Network Rail does not manage the public wifi at its station, but contracts Telent for its services.
The third-party supplier said an investigation had begun and the police had been informed.
“We are aware of the cybersecurity incident affecting the public wifi at Network Rail’s managed stations and are investigating with Network Rail and other stakeholders,” a company spokesperson said.
“We have been informed there is an ongoing investigation by the British Transport Police into this incident, so it would not be appropriate to comment further at this stage,” they claimed.
In London, ten mainline rail stations have been affected: King’s Cross, London Bridge, Euston, Victoria, Cannon Street, Charing Cross, Liverpool Street, Clapham Junction, Waterloo and Paddington.
Across the country, others including Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Glasgow Central, Leeds City, Bristol Temple Meads, Edinburgh Waverley, Reading and Guildford have been hit.