More details emerge over Piccadilly station Wi-Fi 'cyber attack' after site 'hacked with terror message'

Further details have been confirmed about the hijacking of the public Wi-Fi at Manchester's Piccadilly station last night (September 25). Travellers attempting to log on to the service were instead met with a webpage headlined 'We love you, Europe.'

It contained information about terror incidents in the UK and abroad, which the British Transport Police described as “Islamophobic messaging". Piccadilly was one of 20 stations managed by Network Rail, including 11 in London, to have been affected by the "cyber-security incident".

Wi-Fi services were suspended as enquiries began. The communications firm Telent, which provides the services, confirmed an investigation was underway this morning (September 26).

READ MORE: Mum dies in train accident tragedy whilst out walking her dog

This afternoon, they issued an update explaining what is believed to have happened. They say an "unauthorised change" was made to the Wi-Fi landing page, which is provided by another company.

In a statement they said: "Following the incident affecting the public Wi-Fi at Network Rail’s managed stations, Telent have been working with Network Rail and other stakeholders. Through investigations with Global Reach, the provider of the Wi-Fi landing page, it has been identified that an unauthorised change was made to the Network Rail landing page from a legitimate Global Reach administrator account and the matter is now subject to criminal investigations by the British Transport Police.

"No personal data has been affected. As a precaution, Telent temporarily suspended all use of Global Reach services while verifying that no other Telent customers were impacted."

The M.E.N has contacted Global Reach for comment. According to its website, Telent helps "design, build, support and manage some of the UK’s “critical digital infrastructure”.

Jake Moore, global cybersecurity adviser at Eset, told the Press Association that the public nature of this incident suggested it was an attempt to gain attention rather than a “genuine threat” to security.

“Cyber attacks often occur in stealth mode and attempt to carry out activities without anyone noticing anything until the real damage is complete,” he said. “However, by defacing the WiFi logon screen with a terror message suggests that the motive may simply be to test its general security rather than to pose a genuine threat – and in this case, via the weakest link in the supply chain and most likely via a phishing campaign.

“Financially motivated cyber criminals are out to find data they can either steal or sabotage with a ransom demand put in place. However, it seems nothing more has been demanded here other than more security in place following a separate attack on TfL earlier this month.”

Fellow cybersecurity expert Dan Card, fellow of BCS, The Chartered Institute for IT, said: “This looks like an example of opportunistic hacktivism. Speculation that the hack is terrorism-related is inappropriate and plays into the threat actors’ hands.

“The rail organisations for the stations affected use a single provider – it doesn’t appear that all the necessary security controls would have been in place to prevent this according to info I’ve seen. It’s a reminder that a range of organisations simply aren’t doing what is required or don’t have the resources to do that.”

British Transport Police (BTP last night )confirmed they are investigating. A spokesperson said: "We are aware of a cyber-attack that affected some Network Rail Wi-Fi services, reported to us at around 5.03pm today (25 September). We are working with Network Rail to investigate the incident."

A Network Rail spokesperson said last night: “We are currently dealing with a cyber security incident affecting the public Wi-Fi at Network Rail’s managed stations. This service is provided via a third party and has been suspended while an investigation is underway.”