SNS GroupScotland’s busiest railway stations were among those hit by a cyber attack on Wednesay evening.
Network Rail said all of the Wi-Fi systems across its 20 stations, including those at Glasgow Central and Edinburgh Waverley, were among those impacted.
People logging onto the Wi-Fi were met with a screen about terror attacks in Europe.
Manchester Piccadilly, Birmingham New Street and 11 stations in London have also been affected by Wednesday’s cyber incident, among others.
Cybersecurity experts have said the incident appeared to be an act of “opportunistic hacktivism”, rather than a cyber attack designed to take down infrastructure or attempt to steal people’s personal data, given that such a public show was made of the breach by the bad actor.
A Network Rail spokesperson said: “We are currently dealing with a cyber security incident affecting the public Wi-Fi at Network Rail’s managed stations.
“This service is provided via a third party and has been suspended while an investigation is underway.”
British Transport Police is investigating the incident which Network Rail said is impacting other organisations using the same third-party Wi-Fi provider, Telent.
A spokesperson from the company said: “We are aware of the cyber security incident affecting the public Wi-Fi at Network Rail’s managed stations and are investigating with Network Rail and other stakeholders.
“We have been informed there is an ongoing investigation by the British Transport Police into this incident, so it would not be appropriate to comment further at this stage.”
According to its website, Telent helps design, build, support and manage some of the UK’s “critical digital infrastructure”.
Jake Moore, global cybersecurity adviser at Eset, said the public nature of this incident suggested it was an attempt to gain attention rather than a “genuine threat” to security.
“Cyber attacks often occur in stealth mode and attempt to carry out activities without anyone noticing anything until the real damage is complete,” he said.
“However, by defacing the wifi logon screen with a terror message suggests that the motive may simply be to test its general security rather than to pose a genuine threat – and in this case, via the weakest link in the supply chain and most likely via a phishing campaign.
“Financially motivated cyber criminals are out to find data they can either steal or sabotage with a ransom demand put in place.
“However, it seems nothing more has been demanded here other than more security in place following a separate attack on TfL earlier this month.”
Fellow cybersecurity expert Dan Card, fellow of BCS, The Chartered Institute for IT, said: “This looks like an example of opportunistic hacktivism.
“Speculation that the hack is terrorism-related is inappropriate and plays into the threat actors’ hands.
“The rail organisations for the stations affected use a single provider – it doesn’t appear that all the necessary security controls would have been in place to prevent this according to info I’ve seen.
“It’s a reminder that a range of organisations simply aren’t doing what is required or don’t have the resources to do that.”
Which stations are affected?
Birmingham New Street
Bristol Temple Meads
Edinburgh Waverley
Glasgow Central
Guildford
Leeds
Liverpool Lime Street
London Bridge
London Cannon Street
London Charing Cross
London Clapham Junction
London Euston
London King’s Cross
London Liverpool Street
London Paddington
London Victoria
London Waterloo
Manchester Piccadilly
Reading
Follow STV News on WhatsApp
Scan the QR code on your mobile device for all the latest news from around the country
