Police have revealed that this week’s racist cyber attack on public Wi-Fi networks at stations across the UK appears to have been the work of a malicious insider, after arresting an employee of one of the service providers
By
-
Alex Scroxton,
Security Editor
Published: 26 Sep 2024 21:26
The British Transport Police (BTP) have made an arrest in an ongoing investigation into a cyber attack on public Wi-Fi services provided at mainline UK railway stations on the evening of Wednesday 25 September.
The incident saw passengers at 19 rail stations across the country unable to access Network Rail’s Wi-Fi network, which are provided by communications services provider Telent, receiving instead racist and Islamophobic messages on their devices.
Earlier on Thursday 26 September, Telent said it had worked out that the incident was the result of an unauthorised change made to its landing page, and was working with Global Reach, the provider of this service, to investigate.
As a result of the investigation, the BTP have now taken an unnamed man into custody on suspicion of conducting the attack. A spokesperson for the force said the cyber attack appeared to have been the work of a malicious insider.
“The man is an employee of Global Reach Technology, who provide some Wi-Fi services to Network Rail,” they said. “He has been arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988.
“Officers received reports just after 5pm yesterday (25 September) of a breach of some Network Rail Wi-Fi services at railway stations which were displaying Islamophobic messaging. The abuse of access was restricted to the defacement of the splash pages, and no personal data is known to have been affected.”
In an update to its earlier statement, Telent said: “Telent can confirm that the incident was an act of cyber vandalism which originated from within the Global Reach network and was not a result of a network security breach or a technical failure. The aim is to restore public Wi-Fi services by the weekend. Telent are continuing to work with Network Rail, Global Reach and the British Transport Police.”
Insider threat
The cyber attack had earlier prompted hasty speculation among armchair security experts that Network Rail was the victim of a supply chain attack, possibly by a nation state, against the UK’s critical rail infrastructure.
Although this appears not to have been the case, the fact that an insider may have been responsible will be of grave concern to Global Reach, Telent and their downstream customers, such as Network Rail.
A great many insider threat actors turn out to be current or former employees bearing a grudge, although they can on occasion also be moles conducting industrial or state-backed espionage. Many are also accidental threat actors who make a simple mistake, or are negligent and fail to comply with internal security measures, opening the door to external cyber criminals.
The threats such people present are difficult to detect and wide in their scope. The consequences of their attacks can be serious, including data breaches, fraud, theft of intellectual property, and sabotage or destruction of IT systems. They can also, as is the case with the Network Rail incident, lead to great embarrassment and offence.
Read more on Data breach incident management and recovery
-
Islamophobic cyber attack downs Wi-Fi at UK transport hubs
By: Alex Scroxton
-
On-train internet connectivity pivotal for rail industry growth
By: Joe O’Halloran
-
Beyond the office walls: Safeguarding remote workers from attack
By: Paul Lewis
-
CGI, Eutelsat OneWeb, Icomera pilot satellite broadband for UK trains
By: Joe O’Halloran
