A hack which resulted in people accessing the wi-fi at 19 UK railway stations being shown a message about terror attacks has been linked to the account of an insider at the internet provider.
The message was displayed on people’s devices when they logged onto Network Rail’s wifi system.
It is run by a third party, Telent, with the actual internet service provided by another company, Global Reach.
In a statement, Telent said that, following investigations with Global Reach: “Telent can confirm that the incident was an act of cyber vandalism which originated from within the Global Reach network and was not a result of a network security breach or a technical failure.“
The company said it was continuing to work with Network Rail, Global Reach and the British Transport Police.
“The aim is to restore public Wi-Fi services by the weekend,” Telent said.
Chris Dyson, 53, from Leeds, saw the message on Wednesday afternoon when he connected his device to the wi-fi at Birmingham New Street.
It gave details of Islamist-related terror attacks in the UK and Europe, alongside pictures taken from news reports about the incidents.
“The screen lit up with bizarre security alerts and dodgy pop-ups,” he told the BBC.
“I started to panic slightly—what if this was a sign of something more sinister?”
A Network Rail spokesperson said: “We are currently dealing with a cyber-security incident affecting the public wi-fi at Network Rail’s managed stations.”
The affected stations include:
- In London, London Cannon Street, London Bridge, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, Paddington, Victoria and Waterloo
- In the South East, Reading and Guildford
- In the North West, Manchester Piccadilly and Liverpool Lime Street
- In the West Midlands, Birmingham New Street
- In West Yorkshire, Leeds
- In the West and South West, Bristol Temple Meads
- In Scotland, Edinburgh Waverley and Glasgow Central
The rail provider said it believed other organisations, not just railway stations, had been affected.
“This service is provided via a third party and has been suspended while an investigation is under way,” the spokesperson said.