Polish railway cyberattack explained

The Polish railway cyberattack is a series of suspected sabotage attempts in August 2023 aimed at the Polish State Railways.

Method

The "radio stop" command system has a vulnerability - when a certain three tonal signal is transmitted through the railway radio network, trains stop automatically.[1]

Events

Friday 25 August

At 9:23 pm on two sections of line near Szczecin a stop signal was broadcast by an unknown person.[1] It affected more than 20 trains and freight traffic was stopped as a precaution.[1] Services were restored within hours.[2]

Saturday 26 August

Around 6pm near Gdynia a second incident took place - a freight train was also affected later that evening.[1]

Sunday 27 August

Trains near Białystok were affected by fake stop signals.[1] Five passenger trains and one freight train were stopped.[3] Two men were arrested in connection with the disruption near Białystok.[3] One suspect is a police officer.[3] Prosecutors opened an investigation.[3]

Monday 28 August

Police in Białystok announced they had begun a dismissal procedure against the officer arrested on Sunday.[3] Sixteen people have been arrested as suspects in spying for Russia.[3]

Investigation

The disruptions are being investigated both by police and intelligence organisations, including the Internal Security Agency.[3]

Some of the disruptive signals included the Russian anthem and part of a speech by Vladimir Putin.[2]

Notes and References

  1. News: Poland investigates train mishaps for possible Russian connection . Morris . Loveday . 2023-08-28 . 2023-08-30 . The Washington Post.
  2. News: Poland investigates cyber-attack on rail network . 2023-08-27 . 2023-08-30 . BBC News.
  3. News: Poland is investigating disruptions to train traffic from unauthorized radio signals . 2023-08-28 . Associated Press.