Terrorism message that appeared on Wi-Fi page at UK train stations was 'act of cyber vandalism'

The hijacking of a Wi-Fi landing page at UK train stations, including Manchester Piccadilly, that was changed to an article about terrorist attacks, was an 'act of cyber vandalism', the communications firm involved has said.

A criminal investigation is underway after the log in pages for the Wi-Fi at Network Rail managed stations across the country had changed to a website headlined 'We love you, Europe' on Wednesday night (September 25).

It contained information about terror incidents in the UK and abroad, which the British Transport Police described as 'Islamophobic messaging'. A man, who is an employee of Global Reach, the provider of the Wi-Fi landing page, has since been arrested, British Transport Police have confirmed.

READ MORE Man arrested after terrorism message appears in Wi-Fi 'cyber incident' at UK train stations

Manchester Piccadilly was one of 20 stations managed by Network Rail, including 11 in London, to have been affected by the 'cyber-security incident' on Wednesday.

The communications firm Telent, which provides the services, confirmed an investigation was underway on Thursday morning (September 26). It was determined that an unauthorised change was made from a legitimate administrator account within Global Reach, the provider of the Wi-Fi landing page.

"Through investigations with Global Reach, the provider of the Wi-Fi landing page, it has been identified that an unauthorised change was made to the Network Rail landing page from a legitimate Global Reach administrator account and the matter is now subject to criminal investigations by the British Transport Police," a spokesperson previously said.

In a new update, Telent described the incident as an 'act of cyber vandalism', which originated 'from within the Global Reach network'. It was not thought to have been from a security breach on the network. The M.E.N has contacted Global Reach for comment.

A spokesperson said: "Telent can confirm that the incident was an act of cyber vandalism which originated from within the Global Reach network and was not a result of a network security breach or a technical failure. The aim is to restore public Wi-Fi services by the weekend. Telent are continuing to work with Network Rail, Global Reach and the British Transport Police."

On Thursday evening, British Transport Police confirmed a man, a Global Reach employee, was arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988.

"Officers received reports just after 5pm yesterday (25 September) of a breach of some Network Rail Wi-Fi services at railway stations which were displaying Islamophobic messaging. The abuse of access was restricted to the defacement of the splash pages, and no personal data is known to have been affected," a force spokesperson said.

"A man has been arrested following a British Transport Police investigation into the abuse of access to some Network Rail Wi-Fi services yesterday.

"The man is an employee of Global Reach Technology who provide some Wi-Fi services to Network Rail. He has been arrested on suspicion of offences under the Computer Misuse Act 1990 and offences under the Malicious Communications Act 1988."

A Global Reach spokesperson added: “We are aware of the cyber vandalism affecting a small number of our customers’ Wi-Fi captive portals. We’ve taken immediate measures to eliminate the risk and protect our customers. We are working with the authorities to support the ongoing investigation, thus cannot go into any further details at this point in time.”