Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

UK train network cyber vandalism results in Wi-Fi provider employee arrest

The threat actor behind the UK railway “cyber attack” that saw Wi-Fi users greeted with an anti-Islamic terrorist message has been linked to an admin account and has now been arrested.

user icon Daniel Croft
Fri, 27 Sep 2024
UK train network cyber vandalism results in Wi-Fi provider employee arrest
expand image

Earlier this week, commuters reported that the Wi-Fi networks at a number of Network Rail train stations had been hijacked by threat actors to display a message that said “We love you Europe”, before detailing a number of previous terrorist attacks on Europe in what reports suggest was an anti-Islamic message.

Network Rail’s Wi-Fi networks are run by a third-party organisation called Telent, while the internet service provider is provided by Global Reach.

Telent has said that as a result of its investigation with Global Reach, it has determined that the incident was not a cyber breach, but a case in which an individual used a Global Reach admin account to show the message.

============
============

“Telent can confirm that the incident was an act of cyber vandalism which originated from within the Global Reach network and was not a result of a network security breach or a technical failure,” Telent said in a statement.

The company added that it was continuing to work with Global Reach as well as Network Rail and the British Transport Police (BTP) in its investigation and aims to have Wi-Fi restored by the weekend.

Following the investigation, the BTP announced it had arrested a man in relation to the incident.

The man, who is a Global Reach employee, was arrested under suspicion of misusing his privileges.

The latest cyber attack comes just weeks after threat actors launched an attack on London’s public transport agency, Transport for London (TfL).

The agency announced earlier this month that it was investigating a cyber attack that, at the time, had not yet affected any transport services.

However, the attack began to impact its Dial-a-Ride service for disabled passengers, before then resulting in limited staff access and exposing the commuter data of roughly 5,000 passengers as well as those who were subscribed to TfL’s email alerts.

The National Crime Agency (NCA) has since announced that it has arrested a 17-year-old-man in Walsall, England, in relation to the incident.

The teenager was suspected to have breached the Computer Misuse Act but has since been questioned by the NCA.

Despite the arrest, sources speaking with media said the incident is still ongoing and that threat actors are still at large.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.