A cyber-attack on the London transport system earlier this month was far more serious than initially reported and is rapidly spreading across the UK. It is also now ringing loud alarm bells on both sides of the Atlantic, particularly in light of the upcoming US elections in November.
Transport for London (TfL) has now admitted that over 5,000 customers’ personal details and, in many cases, their financial details have been stolen. TfL added that the breach is also rapidly starting to affect services outside London.
The London Underground, the UK capital’s vast underground rail network, like most European metros, has a touchpad automatic electronic payment system using prepaid plastic cards. London also allows travelers simply to use their visa or MasterCard on the touchpads at the London underground barriers. This means that organizations such as TfL have become repositories of millions of commuters’ financial details, making them a tempting target for small-time cyber crooks.
The TfL customers’ details may end up being sold to the highest bidders in job lots on a Dark Web criminal marketplace, to be monetized by the buyer(s). Serious cybercriminals would be more likely to maximize their profits from a wealthy high cash-turnover organization like TfL by deploying ransomware in order to encrypt all its critical data and then charge an extremely high premium to release the encryption key. Predictably, therefore, the suspect the police have arrested in connection with the cyber-attack is a 17-year-old hacker.
Russia increasingly proficient at attacking rail networks
However, if it was so easy for a highly inexperienced hacker working on his own to break into TfL’s IT system, then it would be child’s play for a more dangerous adversary to accomplish far more damage. In addition to being tempting targets for highly organized international cybercriminal gangs, the transport systems of major capital cities, together with their power supplies and communications networks, are also key targets for hostile nation states using a series of coordinated cyber-attacks to attack a Western country without any physical intrusion, allowing plausible deniability on the part of the attacker. Russia, China, and Iran effectively have regiments of highly skilled hackers with their sights firmly trained on the Western powers.
Russia’s hackers, in particular, have become increasingly proficient at breaching rail networks’ systems. Since the start of the conflict in Ukraine, rail networks have been a prime target in trying to disrupt military supply chains.
In April, the Czech Republic’s transport minister, Martin Kupka, accused Russia of having made “thousands of attempts to weaken our systems” in order to destabilize the European Union (EU). The hacking campaign included attacks on signaling systems and networks of Czech national railway operator České dráhy. Some industry sources also believe that Russia may attack US transport networks in November in an effort to affect the US elections by limiting some voters’ access to polling stations.
