Network Rail 'cyber vandal' attack sparks debate on safety of public WiFi

Last week saw London Euston, Manchester Piccadilly and a number of UK train stations targeted in a major 'cyber vandalism' incident. The attack specifically singled out the Wi-Fi managed by Network Rail, with its typical webpage replaced by one containing Islamophobic messages and information on several terror incidents.

Crucially, a spokesperson at Network Rail told The Express there was no risk to personal data during this time and the British Transport Police has now arrested 'a Global Reach Technology employee as a result of an abuse of access to the Wi-Fi system'.

On Friday, they added: "There was no hack, and no personal data was ever at risk as the system is a simple 'click & connect' service that doesn't collect data." Yet, the attack has still driven cybersecurity experts to consider what the public can do to stay safe while using public Wi-Fi, regardless of who is operating it.

Among these experts is Jake Moore, a Global Cybersecurity Advisor, who told The Express that virtual private networks - or VPNs - are among the best ways to keep your information secure while browsing the internet in public. These services essentially encrypt your internet traffic by connecting your computer to a remote server.

This makes it exceptionally difficult, but not impossible, for onlookers to track your online activity. "Luckily, this [incident] just took people to a webpage with no further links or fields to enter details," Jake explained.

"However, it could have been worse and users could have been required to enter financial details, so it is vital that people remain on guard when asked for personal or sensitive information... . Free VPN services often store a lot of people's data so can in fact have the opposite effect in terms of privacy so it is worth considering paying for a trusted service."

Kian Rogers, a penetration tester at SecQuest Information Security Consultancy, suggested that sending data across public Wi-Fi is typically 'low risk' as more websites are using 'encrypted communications'. But he did warn that cybercriminals may attack encryption or create fake Wi-Fi hotspots in high footfall locations in an effort to trick the public.

These may encompass fake login screens designed to harvest your details, so it's crucial to stay alert when entering your details online. "In a worst-case scenario, an attacker can gain access to information that you are sending over the network, such as passwords and banking data," Kian explained.

"One of the most important things you can do before connecting to public WiFi is try and verify that the hotspot you are connecting to is legitimate - you can confirm the hotspot name and login procedure is correct with the [venue's] staff. Also, make sure that the network you are joining requires a password before you can connect, as open hotspots can carry more risk."

Aside from this, Kian urged the public to look out for a few key signs that a website is fake or suspicious. On-site spam and pop-ups, like flashing warnings, are among these in addition to malicious redirects.

The latter refers to the process of being immediately redirected to a different website after clicking on the first link. "Using a VPN on public networks is also a good idea, although be wary of free VPN services as they often store large amount of your data themselves, which defeats the point of using it in the first place," Kian summarised.

Join the Money Saving Club WhatsApp channel aimed at saving you money and powered by the best content from Reach's national and regional titles

After the Network Rail incident, a spokesperson issued the following statement on Friday. It reads: "Following an act of cyber vandalism that forced the termination of wifi services at 19 of Network Rail's managed stations, and after comprehensive investigations and testing, we are pleased to be able to start restoring wifi service in a phased approach from around lunchtime today. We anticipate all services at our stations will be up and running by tea-time.

"The British Transport Police made an arrest last night of a Global Reach Technology employee as a result of an abuse of access to the wi-fi system. There was no hack, and no personal data was ever at risk as the system is a simple 'click & connect' service that doesn't collect data."