Police are investigating a cyber attack at some of the biggest railway stations in the country after passengers saw an Islamophobic message flash up when they tried to use the free wifi.
Manchester Piccadilly, Birmingham New Street, Edinburgh Waverley, Glasgow Central and 10 stations in London were all affected by the attack on Wednesday evening.
Passengers logging on to the wifi at the stations reported seeing a webpage that was titled “We love you, Europe”. Underneath it was information that referred to terror attacks.
The wifi system was quickly taken offline and police were called in to investigate.
A spokesperson for British Transport Police said: “We received reports at around 5:03 p.m yesterday of a cyber attack displaying Islamophobic messaging on some Network Rail wifi services.”
Officers said they were working with Network Rail to investigate the Islamophobic cyber security incident “at pace”.
Network Rail, the group which manages tracks and train stations, said that given the nature of the wifi service provided, it did not believe any personal data had been impacted by the hack.
“Once our final security checks have been completed we anticipate the service will be restored by the weekend,” a spokesperson said.
Telent, the third-party firm which provides wifi for Network Rail, said it was also investigating the incident.
“We are aware of the cybersecurity incident affecting the public wifi at Network Rail’s managed stations and are investigating with Network Rail and other stakeholders,” a company spokesperson said.
According to its website, Telent helps design, build, support and manage some of the UK’s “critical digital infrastructure”, and its other customers include Openreach, Transport for London (TfL), National Highways, the Maritime and Coastguard Agency and the NHS Ambulance Radio Programme.
It has not yet been confirmed if any of Telent’s other customers have been impacted by the incident.
Jake Moore, global cybersecurity adviser at Eset, said the incident appeared to be an attempt to draw attention to a lack of security, rather than a “genuine threat”.
He said: “By defacing the wifi logon screen with a terror message suggests that the motive may simply be to test its general security rather than to pose a genuine threat – and in this case, via the weakest link in the supply chain and most likely via a phishing campaign.”
The stations impacted are Birmingham New Street, Bristol Temple Meads, Edinburgh Waverley, Glasgow Central, Guildford, Leeds, Liverpool Lime Street, London Bridge, London Cannon Street, London Charing Cross, London Clapham Junction, London Euston, London King’s Cross, London Liverpool Street, London Paddington, London Victoria, London Waterloo and Manchester Piccadilly.