Cyber attack halts Polish trains

[whole diary]

[Bmblbzzz]

Russian hackers are being blamed.

Polish intelligence services are investigating a hacking attack on the country's railways, Polish media say.

Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday.

The signals were interspersed with recording of Russia's national anthem and a speech by President Vladimir Putin, the report says.

https://www.bbc.co.uk/news/world-europe-66630260

[stuving]

Hacking? What a bizarre description. Surely it's jamming, or intentional radio interference.

[ellendune]

Hacking? What a bizarre description. Surely it's jamming, or intentional radio interference.

Depends what they are doing.  If they have broken the encryption of messages and broadcasting false encrypted messages then that is hacking, not just jamming. 

[stuving]

Hacking? What a bizarre description. Surely it's jamming, or intentional radio interference.

Depends what they are doing.  If they have broken the encryption of messages and broadcasting false encrypted messages then that is hacking, not just jamming. 

I don't think so. I take "hacking" in common usage to imply getting access to a computer system, but spoofing encrypted messages is a technique that predates computers. In any case, there isn't really anything in the report that implies that, other than its clumsy wording. And presenting it as hacking removes the clear implication in the details that whoever did this must have been nearby, with a transmitter, not somewhere far away such as Russia.

[Bmblbzzz]

We don't know exactly what was broadcast, or prevented from being broadcast, nor do we know it was done by Russian agents. But we do know that Russian agents don't have to be based in Russia, just as eg Ukrainian drones attacking Moscow aren't launched from Ukraine, so I don't the location is implied.

[stuving]

Just after those reports, Polish police arrested two guys and confirmed the nature of what they did. From Cybernews:

Century-old technology hack brought 20 trains to a halt in Poland
Updated on: 28 August 2023    Ernestas Naprys    Senior Journalist

Recent cyberattacks against Polish State Railways lacked an essential feature. Rather than modern, cyber-based methods, saboteurs used old-fashioned radio to send stop signals, wreaking havoc on the state's transportation system. Two suspects were detained.

On Saturday night, hackers spoofed an unauthorized radio-stop signal to trains in the north-western Zachodniopomorskie province, according to Polish State Railways (PKP) and state-run Polish Press Agency (PPA).

Multiple stop signals halted approximately 20 trains, causing delays and standstills. According to the BBC^» (British Broadcasting Corporation - home page), hackers also transmitted Russia’s national anthem and Russian President Vladimir Putin‘s speech.

Earlier in the week, a freight train and a regional passenger train were involved in a minor collision, and an inter-city train was de-railed in the northeast of Poland.

PKP stated that all passengers were safe, and services were resumed a few hours later.

Polish intelligence services have launched an investigation raising the possibility of sabotage.

Stanislaw Zaryn, the deputy coordinator of the intelligence services, told PPA that known attempts by Russia and Belarus to destabilize the Polish state have been going on for months.

After train drivers reacted to received radio-stop signals, it took 1-7 minutes to confirm with rail traffic controllers that the situation presented no danger and to resume the journey.

Two suspects, both Polish citizens aged 24 and 29, were taken into custody in the eastern city of Bialystok, according to AFP. They’re suspected of illegally hacking into the national railway’s communications network and destabilizing the traffic. Polish authorities also seized radio equipment from their residence.

Poland is a central hub for the transit of Western weapons sent to Ukraine. This year, Poland's internal security service ABW arrested members of an alleged Russian spy ring, allegedly tasked with sabotaging railways and disrupting supplies.

A cheap radio transmitter is all that’s needed

The hackers used railway frequencies to transmit a signal that triggered the emergency stoppage of trains.

A simple and cheap radio transmitter is all that’s needed to spoof a radio command. In Poland, the communication on the railway network is carried out by an analog VHF 150 MHz system. The country is set to migrate to a newer digital encrypted alternative, the GSM-R^▸ (Global System for Mobile communications - Railway.) system, by the end of 2024. An analog radio system lacks any encryption or authentication.

Lukasz Olejnik, a Polish-speaking independent cybersecurity researcher and consultant and author of the forthcoming book Philosophy of Cybersecurity, explained to Wired that hackers had to send a series of three acoustic tones at a 150.100 megahertz frequency that triggered the train’s emergency stop function.

According to him, anyone could do it, as the frequencies and tones are known, the equipment is cheap, and there are even YouTube videos and railway forums explaining the procedure.

The first use of radio to control trains dates back to the early 20th century.

Even this article, which identifies the non-cyber nature of the attack, still talks about then "hacking into the national railway’s communications network and destabilizing the traffic". This is a voice radio system, not unlike the precursors of GSM-R in other countries, with tones for this "radiostop" function which is similar to GSM-R's Emergency Call.

What surprises me their ages - this is more naughty teenager stuff!

[Electric train]

Just after those reports, Polish police arrested two guys and confirmed the nature of what they did. From Cybernews:

Century-old technology hack brought 20 trains to a halt in Poland
Updated on: 28 August 2023    Ernestas Naprys    Senior Journalist

Recent cyberattacks against Polish State Railways lacked an essential feature. Rather than modern, cyber-based methods, saboteurs used old-fashioned radio to send stop signals, wreaking havoc on the state's transportation system. Two suspects were detained.

On Saturday night, hackers spoofed an unauthorized radio-stop signal to trains in the north-western Zachodniopomorskie province, according to Polish State Railways (PKP) and state-run Polish Press Agency (PPA).

Multiple stop signals halted approximately 20 trains, causing delays and standstills. According to the BBC^» (British Broadcasting Corporation - home page), hackers also transmitted Russia’s national anthem and Russian President Vladimir Putin‘s speech.

Earlier in the week, a freight train and a regional passenger train were involved in a minor collision, and an inter-city train was de-railed in the northeast of Poland.

PKP stated that all passengers were safe, and services were resumed a few hours later.

Polish intelligence services have launched an investigation raising the possibility of sabotage.

Stanislaw Zaryn, the deputy coordinator of the intelligence services, told PPA that known attempts by Russia and Belarus to destabilize the Polish state have been going on for months.

After train drivers reacted to received radio-stop signals, it took 1-7 minutes to confirm with rail traffic controllers that the situation presented no danger and to resume the journey.

Two suspects, both Polish citizens aged 24 and 29, were taken into custody in the eastern city of Bialystok, according to AFP. They’re suspected of illegally hacking into the national railway’s communications network and destabilizing the traffic. Polish authorities also seized radio equipment from their residence.

Poland is a central hub for the transit of Western weapons sent to Ukraine. This year, Poland's internal security service ABW arrested members of an alleged Russian spy ring, allegedly tasked with sabotaging railways and disrupting supplies.

A cheap radio transmitter is all that’s needed

The hackers used railway frequencies to transmit a signal that triggered the emergency stoppage of trains.

A simple and cheap radio transmitter is all that’s needed to spoof a radio command. In Poland, the communication on the railway network is carried out by an analog VHF 150 MHz system. The country is set to migrate to a newer digital encrypted alternative, the GSM-R^▸ (Global System for Mobile communications - Railway.) system, by the end of 2024. An analog radio system lacks any encryption or authentication.

Lukasz Olejnik, a Polish-speaking independent cybersecurity researcher and consultant and author of the forthcoming book Philosophy of Cybersecurity, explained to Wired that hackers had to send a series of three acoustic tones at a 150.100 megahertz frequency that triggered the train’s emergency stop function.

According to him, anyone could do it, as the frequencies and tones are known, the equipment is cheap, and there are even YouTube videos and railway forums explaining the procedure.

The first use of radio to control trains dates back to the early 20th century.

Even this article, which identifies the non-cyber nature of the attack, still talks about then "hacking into the national railway’s communications network and destabilizing the traffic". This is a voice radio system, not unlike the precursors of GSM-R in other countries, with tones for this "radiostop" function which is similar to GSM-R's Emergency Call.

What surprises me their ages - this is more naughty teenager stuff!

I believe the term "hacking into a system" dates back to the days of telegraph and telephone cables where they were literally hacked into by nefarious people to access the circuits.

Systems and cyber security is always high on the agenda on the UK^▸ (United Kingdom) Railways network being classed as "Critical infrastructure systems of national significance"