Scottish train stations in Edinburgh and Glasgow hit by WiFi cyber attack showing 'terror' messages

Glasgow Central and Edinburgh Waverley were both targeted in the cyber security incident on Wednesday night. Those who logged into the wifi at both stations were met with a screen about European terror attacks.

The wifi landing page after the hack said “we love you, Europe” and contained information about terror attacks, which the British Transport Police described as “Islamophobic messaging”.

The act of apparent cyber vandalism also hit some of the other biggest railway stations in the UK. Manchester Piccadilly, Birmingham New Street and ten stations in London were also affected.

The Steamie newsletter will bring you the best analysis of Scottish politics - join those in the know and sign up now

Cybersecurity experts have said the incident appeared to be an act of “opportunistic hacktivism”, rather than a cyber attack designed to take down infrastructure or attempt to steal people’s personal data, given that such a public show was made of the breach by the bad actor.

And in a statement on the incident, Telent, the third-party firm that provides wifi for Network Rail, said the “unauthorised change” to the wifi landing page had been done from a “legitimate administrator account” and the matter was now subject to criminal investigation.

Network Rail, which manages the stations, suspended wifi services at stations across the country following what it described as a “cyber security incident”. The only Network Rail-managed station not affected was St Pancras.

A Network Rail spokesperson said: “Last night, the public wifi at 19 of Network Rail’s managed stations was subjected to acybersecurity incident and was quickly taken off-line. The incident is subject to a full investigation.

“The wifi is provided by a third party, is self-contained and is a simple ‘click and connect’ service that doesn’t collect any personal data. Once our final security checks have been completed we anticipate the service will be restored by the weekend.”

British Transport Police said: “We received reports at around 5.03pm yesterday [Wednesday] of a cyber attack displaying Islamophobic messaging on some Network Rail wifi services.

“We are working alongside Network Rail to investigate the incident at pace.”

Telent said it was working with Global Reach, the firm which provides the wifi landing page, on investigating the incident and that none of its other customers – which includes Openreach, Transport for London (TfL), National Highways, the Maritime and Coastguard Agency and the NHS Ambulance Radio Programme – had been affected.

“Following the incident affecting the public wifi at Network Rail’s managed stations, Telent have been working with Network Rail and other stakeholders,” Telent said in a statement published on its website.

“Through investigations with Global Reach, the provider of the wifi landing page, it has been identified that an unauthorised change was made to the Network Rail landing page from a legitimate Global Reach administrator account and the matter is now subject to criminal investigations by the British Transport Police.

“No personal data has been affected. As a precaution, Telent temporarily suspended all use of Global Reach services while verifying that no other Telent customers were impacted.”

Jake Moore, global cybersecurity adviser at Eset, said the public nature of the incident suggested it was an attempt to gain attention rather than a “genuine threat” to security.

“Cyberattacks often occur in stealth mode and attempt to carry out activities without anyone noticing anything until the real damage is complete,” he said.