The Polish Railway’s radio system was hacked on Friday and Saturday, bringing 20 freight and passenger trains to an unprecedented standstill. The hack, believed to be carried out by Russia, took advantage of a critical flaw in the railway’s radio security system, with the issue reportedly restored within hours.
An investigation into the cyberattack is underway, and the Polish Press Agency (PAP) reported that the radio signals sent to stop the trains were interspersed with a recording of Russia’s national anthem and a speech by Russian President Vladimir Putin.
Poland is an important transportation hub that brings much-needed weapons supplied by Western countries and other aid to Ukraine amid the Russian invasion, and Senior Security Official Stanislaw Zaryn told PAP: “For the moment, we are ruling nothing out.” He continued: “We know that for some months there have been attempts to destabilize the Polish state. Such attempts have been undertaken by the Russian Federation in conjunction with Belarus.”
Train services were reportedly restored within hours and the Polish State Railways said in a statement that “there is no threat to rail passengers” and the cyberattack only caused “difficulties in the running of trains.”
Radio stop commands in Poland can be conducted by anyone with just $30 in equipment to create commands using the correct radio frequency, Lukasz Olejnik, a cybersecurity researcher and consultant, told Wired. Hackers could have allegedly used simple tones that can be found in a European Union document, he said. The document says it lays out the “interoperability relating to the control-command and signaling substem of the trans-European high-speed rail system.”
But hackers wouldn’t necessarily need access to the document, according to Olejnik, who said the information is widely available online, particularly on YouTube. “It is three tonal messages sent consecutively. Once the radio equipment receives it, the locomotive goes to a halt.” He added: “Everybody could do this. Even teenagers trolling. The frequencies are known. The tones are known. The equipment is cheap.”
Another unauthorized radio signal stop carried out on Saturday evening was reported the following morning, affecting the railway line between Bialogard and Runowo Pomorskie. According to PAP, Radio RMF FM reported that a freight train driver on the Swidwin-Worowo route and a traffic controller at the Runowo Pomorskie railway station received a signal to stop the train. Once train personnel confirmed there was no danger, the traffic controller gave the driver permission to continue on its route, the radio station reported.
The Polish State Railways said in its statement that the reported train disruptions from Friday and Saturday were carried out by “an unknown perpetrator” and any train that receives “a radio stop signal results in an immediate stop of all trains whose radios operate on a given frequency.”
Although the radio hacking is a simple process in nature, the operation could still prove effective in being detrimental to Poland’s support of Ukraine’s ongoing war efforts against Russia, Olejnik told Wired. “When you’re a hub of support to war-stricken Ukraine, you’re indeed a target,” Olejnik told the outlet. “Low-hanging fruits are always the best approach.”