A man has been arrested after train passengers at some of the country’s biggest rail stations have been hit by a “cyber security incident” which saw them exposed to Islamophobic messages.
Manchester Piccadilly, Birmingham New Street and 11 stations in London were affected by the cyber attack on Wednesday.
The man is an employee of Global Reach Technology, which provides some WiFi services to Network Rail, British Transport Police said after an investigation. He has been arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1998.
Passengers trying to log on to public WiFi at the Network Railway-managed stations were targeted with the Islamophobic message.
The message sent out in place of the WiFi login page, which has been seen by Sky News, contained a passage referring to a UK terror attack.
“Insider threats pose a significant risk to critical national infrastructure because they come from people who have legitimate access to sensitive systems and data,” Rick Goud, chief information officer at cyber security firm Zivver, said.
“Unlike external hackers who have to bypass security measures, insiders are already on the ‘inside’ of the defences.
“This could be a disgruntled employee, a contractor with malicious intent, or someone unknowingly compromised by external forces through phishing or social engineering attacks,” he said.
The best way to manage the risk of insider jobs, according to Mr Goud, is “monitoring user behaviour, enforcing strict access controls and fostering a security-conscious culture”.
Read more from Sky News:
Musk denies ‘romantic relationship’ with Italian PM Meloni
‘We’re already at war’, Lebanese minister says
Network Rail suspended WiFi services at stations across the country following the incident.
The only Network Rail-managed station not affected was London’s St Pancras.
A Network Rail spokesperson said: “Last night the public WiFi at 19 of Network Rail’s managed stations was subjected to a cyber security incident and was quickly taken offline.
“The incident is subject to a full investigation. The WiFi is provided by a third party, is self-contained and is a simple ‘click & connect’ service that doesn’t collect any personal data.
“Once our final security checks have been completed, we anticipate the service will be restored by the weekend.”
British Transport Police said no personal data is known to have been affected.
A spokesperson said: “We received reports at around 5.03pm yesterday [Wednesday] of a cyber attack displaying Islamophobic messaging on some Network Rail WiFi services.
“We are working alongside Network Rail to investigate the incident at pace.”