The company that owns and manages most of the railway network in Great Britain, Network Rail, suffered a major service outage on their national Wi-Fi network this week, which began on Wednesday and impacted 19 stations. But it appears to have been caused by an “employee of Global Reach [who] corrupted the system“.
Commuters began noticing that something was amiss at around 5pm on Wednesday, after many of them reported seeing messages about terror attacks being displayed as they logged onto the public Wi-Fi service at Network Rail managed stations. In response, Telent, which provides the service, promptly suspended it to investigate a possible “cyber security incident” against their systems.
However, the messages, which appeared to be Islamophobic in nature and referenced the 2017 Manchester Arena bombings, had not been posted by hackers. Investigations by Telent quickly established that no other services or networks provided by Telent were directly impacted and the “incident was not a result of a network security breach or a technical failure and no personal data had been affected“, said Telent.
Instead, the defacement seems to have been introduced by an employee working within the chain of associated companies.
Telent worked together with Network Rail, Global Reach and the British Transport Police to investigate the incident.
The system that manages the connection of users to the Wi-Fi is provided by Global Reach. It was established that an employee of Global Reach corrupted the system so that messages about past terrorism attacks were displayed as users logged on to the Wi-Fi. On the evening of Thursday 26 September the employee of Global Reach was arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988.
Working closely with Network Rail, Telent are now finalising plans to begin restoring the Wi-Fi service across all Network Rail managed stations.
The British Transport Police have since posted a statement of their own to confirm that a man has been arrested as part of their investigation into the abuse of access to some Network Rail Wi-Fi services. “The man is an employee of Global Reach Technology who provide some Wi-Fi services to Network Rail. He has been arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988,” said the BTP.
The abuse of access is said to have been restricted to the defacement of the splash (Wi-Fi login) pages, and no personal data is known to have been affected. The event occurred in the same month as Transport for London (TfL) was hit by an actual cyber-attack, which may have breached customers’ private details. A teenager from Walsall in the West Midlands was later arrested in connection with that attack.