Share this article on:
The threat actor behind the UK railway “cyber attack” that saw Wi-Fi users greeted with an anti-Islamic terrorist message has been linked to an admin account and has now been arrested.
Earlier this week, commuters reported that the Wi-Fi networks at a number of Network Rail train stations had been hijacked by threat actors to display a message that said “We love you Europe”, before detailing a number of previous terrorist attacks on Europe in what reports suggest was an anti-Islamic message.
Network Rail’s Wi-Fi networks are run by a third-party organisation called Telent, while the internet service provider is provided by Global Reach.
Telent has said that as a result of its investigation with Global Reach, it has determined that the incident was not a cyber breach, but a case in which an individual used a Global Reach admin account to show the message.
“Telent can confirm that the incident was an act of cyber vandalism which originated from within the Global Reach network and was not a result of a network security breach or a technical failure,” Telent said in a statement.
The company added that it was continuing to work with Global Reach as well as Network Rail and the British Transport Police (BTP) in its investigation and aims to have Wi-Fi restored by the weekend.
Following the investigation, the BTP announced it had arrested a man in relation to the incident.
The man, who is a Global Reach employee, was arrested under suspicion of misusing his privileges.
The latest cyber attack comes just weeks after threat actors launched an attack on London’s public transport agency, Transport for London (TfL).
The agency announced earlier this month that it was investigating a cyber attack that, at the time, had not yet affected any transport services.
However, the attack began to impact its Dial-a-Ride service for disabled passengers, before then resulting in limited staff access and exposing the commuter data of roughly 5,000 passengers as well as those who were subscribed to TfL’s email alerts.
The National Crime Agency (NCA) has since announced that it has arrested a 17-year-old-man in Walsall, England, in relation to the incident.
The teenager was suspected to have breached the Computer Misuse Act but has since been questioned by the NCA.
Despite the arrest, sources speaking with media said the incident is still ongoing and that threat actors are still at large.