According to Polish RMF radio, one of the suspects is a police officer; however, this information has not been confirmed by authorities.
Polish authorities have arrested two suspected hackers aged 24 and 29, who are accused of disrupting train traffic in the country. The two men, who are both Polish citizens, were arrested in the eastern city of Bialystok on Saturday.
According to Poland’s RMF radio, one of the suspects is a serving police officer. The suspects are accused of hacking into the radio communication network of the Polish PKP railway on Friday. This caused the activation of multiple stop signals, which led to delays and standstills for approximately 20 trains.
The attack was carried out using a simple radio-stop command that anyone could broadcast with $30 worth of equipment. The hackers used this command to trigger an emergency stop of trains near the city of Szczecin, causing delays and cancellations.
Reportedly, the hackers also interspersed the hacked signals with renditions of the Russian national anthem and a recording of Russian President Vladimir Putin’s speech. Poland is a staunch supporter of Ukraine and has been a major transit route for Western arms shipments to the country.
The Polish authorities believe that the attack was carried out by sympathisers of Russia. They are currently investigating the suspects and have not yet released their names.
Though the motives of the accused remain unclear, these incidents underscore an enduring security issue with railway communication systems. Poland presently relies on unsecured radio frequencies for these signals, with intentions to transition to encrypted systems by 2025.
According to the Polish language cybersecurity blog Niebezpiecznik, the technical specifications for the emergency stop signal, along with instructions for constructing a sequence that initiates automatic halts, are openly accessible and lacking encryption or authentication.
The cyberattack against the Polish train system is a reminder of the growing threat of cyberattacks against critical infrastructure. Governments and businesses need to take steps to improve their cybersecurity posture to protect themselves from these attacks.