Terrifying cyber attack hits rail stations as departure boards display alarming messages

Train stations across Britain have been targeted in a suspected cyber attack bearing a chilling terror message in a major security breach.

Brits trying to access wi-fi services at several rail hubs on Wednesday night were met with a webpage headlined, "We love you, Europe", and carrying information about terror incidents in the UK and abroad in an apparent anti-Islamic message.

It is believed as many as 20 stations have been targeted, including Manchester Piccadilly, Birmingham New Street, London Victoria and London Euston.

Glasgow Central, Leeds City, Liverpool Lime Street, Bristol Temple Meads, Edinburgh Waverley, Reading and Guildford have also been impacted, according to reports.

The attack has been compared to new BBC thriller Nightsleeper that features a sleeper train travelling from Glasgow to London which is then hacked and hijacked.

A Network Rail spokesperson said: "We are currently dealing with a cyber security incident affecting the public wi-fi at Network Rail’s managed stations.

"This service is provided via a third party and has been suspended while an investigation is underway."

British Transport Police's spokesperson said: "We are aware of a cyber-attack that affected some Network Rail Wi-Fi services, reported to us at around 5.03pm today (September 25). We are working with Network Rail to investigate the incident."

A spokesperson from Telent, which provides the wi-fi service for Network Rail, said it is aware of the cyber security incident and is investigating with Network Rail and others.

They added: "We have been informed there is an ongoing investigation by the British Transport Police into this incident, so it would not be appropriate to comment further at this stage."

In a further statement issued by Telent at midday on Thursday, the company said investigations with Global Reach, the provider of the wi-fi landing page, identified that an unauthorised change was made to the Network Rail landing page and the matter is now subject to criminal investigations by the British Transport Police.

Telent said no personal data has been affected. As a precaution, Telent said it temporarily suspended all use of Global Reach services while verifying no other Telent customers were affected.

It later confirmed the incident was an act of "cyber vandalism" which originated from within the Global Reach network and was not a result of a network security breach or a technical failure. The company said it is aiming to restore public wi-fi services by the weekend.

Reports of the apparent cyber attack came on the day an executive at cybersecurity company CrowdStrike apologised to the US Congress for sparking a global technology outage in July.

That incident led some UK train operators to cancel services and affected station display screens, sparking travel chaos.

According to the Office of Rail and Road, Britain's railways are becoming more and more digitised, with cyber security and rail safety now increasingly significant.

Transport for London (TfL), the National Crime Agency and the National Cyber Security Centre launched an investigation earlier this month after customers' data was hacked.

TfL said sort codes and bank account details for around 5,000 customers could have been accessed by hackers amid an "ongoing cyber security incident".

On September 5, a boy of 17 was arrested in Walsall, West Midlands, after the TfL cyber attack started four days earlier.

A separate cyber-attack targeted Northern train’s ticket machines in July 2021. The machines, which cost £17 million to install, were targeted in a ransomware attack that left them offline for a week.

Guidance published by the Government in 2016 said research showed there was some "good" cyber security provision in the rail industry, but its variability resulted in "vulnerabilities".

The guidance noted a lack of cohesiveness in the industry, with cyber security plans developed in isolation. This prompted a call for the rail industry to adopt common security standards.

According to Rail Engineer, protecting data and the safety of systems has yet to be universally recognised as a must, though railways are generally well aware of cyber security risks.

It reports cyber attacks often happen because "the circumstances are not perceived as possible", leading to a resulting loss of service which can be "very embarrassing".

The same publication pointed to attacks in Denmark and Poland that affected trains but noted that hacking services which sell tickets, promote train travel and interact with the public are more common.