UK passenger wifi network hacked

The free public wifi was switched off after the cyberattack.

Patrick Rhys Atack September 26 2024

Just a few weeks after a BBC drama depicted the very extreme end of the possibilities of a cyberattack on the UK rail network, an actual cyberattack has forced major terminals in the country to turn off their free passenger wifi services. 

While Nightsleeper showed the hacking of a whole bi-modal intercity locomotive and train, its wider point was the potential weakness of the UK railways’ cyber security. 

The apparent attack on the customer internet services at London Euston, Manchester Piccadilly and Birmingham New Street seems less significant, but the response of infrastructure (including stations) manager Network Rail was swift. 

“We are currently dealing with a cybersecurity incident affecting the public wifi at Network Rail’s managed stations. This service is provided via a third party and has been suspended while an investigation is underway,” a spokesperson said.

Reports suggested passengers who logged on at Manchester Piccadilly were taken to a webpage titled “we love you, Europe”, which contained Islamophobic messages and details of several terrorist attacks. 

Alex Akinbi, senior lecturer in cyber security at Manchester Metropolitan University, said the attack appeared to be an inside job, but that it indicated further threats to the public and their data remained when connecting to public networks.

"Although the incident with Network Rail appears to be an alleged insider threat linked to someone with internal access to the network infrastructure displaying terror-related messages... A more sinister scenario could have severely impacted rail passengers through man-in-the-middle attacks, compromising customer personal data or malware infection/distribution."

"It is much better to use their personal mobile hotspots as an alternative if they can avoid using public Wi-Fi networks," he added.

However, the response to simply turn off the vital tool could be worrying. 
While some experts suggested the important part of unpredictable cyberattacks is the network’s recovery, the shutdown could indicate a lack of up-to-date planning.

But Akinbi said Network Rail did "the right thing."

"I think Network Rail did the right thing by temporarily disabling the affected Wi-Fi networks to prevent further exposure or harm to users while they conduct an internal investigation and then restore the service. This is a typical incident response to such attacks."

Despite this, there are ways to avoid such attacks.

"Ideally, they should have technical countermeasures in place to prevent such attacks in the first place. The account of the internal administrator that was used in the attack should have Two-Factor Authentication (2FA) set up to prevent the account from being compromised by hackers and used in this type of attack. Moreover, they should have a robust monitoring and auditing procedure for monitoring and logging employee actions for any suspicious activities to detect such threats early," Akinbi told Railway Technology.

Network Rail does not manage the public wifi at its station, but contracts Telent for its services. 

The third-party supplier said an investigation had begun and the police had been informed. 

“We are aware of the cybersecurity incident affecting the public wifi at Network Rail’s managed stations and are investigating with Network Rail and other stakeholders,” a company spokesperson said.

“We have been informed there is an ongoing investigation by the British Transport Police into this incident, so it would not be appropriate to comment further at this stage,” they claimed. 

In London, ten mainline rail stations have been affected: King’s Cross, London Bridge, Euston, Victoria, Cannon Street, Charing Cross, Liverpool Street, Clapham Junction, Waterloo and Paddington.

Across the country, others including Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Glasgow Central, Leeds City, Bristol Temple Meads, Edinburgh Waverley, Reading and Guildford have been hit. 

Uncover your next opportunity with expert reports

Steer your business strategy with key data and insights from our latest market research reports and company profiles. Not ready to buy? Start small by downloading a sample report first.

Newsletters by sectors

close

Sign up to the newsletter: In Brief

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Thank you for subscribing

View all newsletters from across the GlobalData Media network.

close