A hack which resulted in people accessing the wi-fi at 19 UK railway stations being shown a message about terror attacks has been linked to the account of an insider at the internet provider.
The message was displayed on people’s devices when they logged onto Network Rail’s wifi system.
It is run by a third party, Telent, with the actual internet service provided by another company, Global Reach.
In a statement, Telent said that, following investigations with Global Reach: “It has been identified that an unauthorised change was made to the Network Rail landing page from a legitimate Global Reach administrator account.”
“The matter is now subject to criminal investigations by the British Transport Police,” the statement continued.
Chris Dyson, 53, from Leeds, saw the message on Wednesday afternoon when he connected his device to the wi-fi at Birmingham New Street.
It gave details of Islamist-related terror attacks in the UK and Europe, alongside pictures taken from news reports about the incidents.
“The screen lit up with bizarre security alerts and dodgy pop-ups,” he told the BBC.
“I started to panic slightly—what if this was a sign of something more sinister?”
A Network Rail spokesperson said: “We are currently dealing with a cyber-security incident affecting the public wi-fi at Network Rail’s managed stations.”
The affected stations include:
- In London, London Cannon Street, London Bridge, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, Paddington, Victoria and Waterloo
- In the South East, Reading and Guildford
- In the North West, Manchester Piccadilly and Liverpool Lime Street
- In the West Midlands, Birmingham New Street
- In West Yorkshire, Leeds
- In the West and South West, Bristol Temple Meads
- In Scotland, Edinburgh Waverley and Glasgow Central
The rail provider said it believed other organisations, not just railway stations, had been affected.
“This service is provided via a third party and has been suspended while an investigation is under way,” the spokesperson said.