Around 19 UK railway stations displayed a message about terror attacks after the wifi systems were accessed.

Network Rail confirmed that the wifi systems at stations including London Euston, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Edinburgh Waverley and Glasgow Central were affected, according to BBC News.

People apparently logged on to the wifi were met with a message about terror attacks in Europe.

Other organisations

Network Rail also believes other organisations, and not just railway stations, had been affected. All operating parties, including British Transport Police, are investigating.

A Network Rail spokesperson told Metro: “Last night the public wifi at 19 of Network Rail’s managed stations was subjected to a cybersecurity incident and was quickly taken offline.

“The incident is subject to a full investigation. The wifi is provided by a third party, is self-contained and is a simple ‘click & connect’ service that doesn’t collect any personal data. Once our final security checks have been completed we anticipate the service will be restored by the weekend.”

William Wright, CEO of Closed Door Security, said: “This incident demonstrates how cyber is being bridged into geopolitical tensions. We don’t know who carried out the attack, but it is clearly being used to ignite fear in the UK public and to voice a strong political message.

“It looks like the assault actually took place against the wifi provider of UK train stations, so this is yet another supply chain attack that has harmed UK critical national infrastructure.”

Test of general security

Jake Moore, global cybersecurity advisor, at ESET said: “Cyber-attacks often occur in stealth mode and attempt to carry out activities without anyone noticing anything until the real damage is complete. However, defacing the wifi log on screen with a terror message suggests that the motive may simply be to test its general security rather than to pose a genuine threat - and in this case, via the weakest link in the supply chain and most likely via a phishing campaign.

“Financially motivated cybercriminals are out to find data they can either steal or sabotage with a ransom demand put in place. However, it seems nothing more has been demanded here other than more security in place following a separate attack on TfL earlier this month.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.