Telent said it was working with Global Reach, the firm that provides the Wi-Fi landing page, on investigating the incident and that none of its other customers – which include Openreach, Transport for London (TfL), National Highways, the Maritime and Coastguard Agency and the NHS Ambulance Radio Programme – had been affected.
“Following the incident affecting the public Wi-Fi at Network Rail’s managed stations, Telent have been working with Network Rail and other stakeholders,” Telent said in a statement published on its website.
“Through investigations with Global Reach, the provider of the Wi-Fi landing page, it has been identified that an unauthorised change was made to the Network Rail landing page from a legitimate Global Reach administrator account and the matter is now subject to criminal investigations by the British Transport Police.
“No personal data has been affected. As a precaution, Telent temporarily suspended all use of Global Reach services while verifying that no other Telent customers were impacted.”
According to its website, Telent helps design, build, support and manage some of the UK’s “critical digital infrastructure”.
Jake Moore, global cybersecurity adviser at Eset, said the public nature of the incident suggested it was an attempt to gain attention rather than a “genuine threat” to security.
“Cyber attacks often occur in stealth mode and attempt to carry out activities without anyone noticing anything until the real damage is complete,” he said.
“However, by defacing the Wi-Fi login screen with a terror message suggests that the motive may simply be to test its general security rather than to pose a genuine threat and in this case, via the weakest link in the supply chain and most likely via a phishing campaign.
“Financially motivated cyber criminals are out to find data they can either steal or sabotage with a ransom demand put in place.
“However, it seems nothing more has been demanded here other than more security in place following a separate attack on TfL earlier this month.”
Cybersecurity expert Dan Card, a fellow of BCS, The Chartered Institute for IT, said: “This looks like an example of opportunistic hacktivism. Speculation that the hack is terrorism-related is inappropriate and plays into the threat actors’ hands.
“The rail organisations for the stations affected use a single provider – it doesn’t appear that all the necessary security controls would have been in place to prevent this according to info I’ve seen.”