Two suspects arrested following Poland railway hack
Polish police have arrested two men suspected of hacking the national railway’s communications network. The attack halted 20 trains across the country and paralyzed traffic for hours over the weekend, according to Poland’s railway infrastructure operator.
The suspects, who are Polish citizens aged 24 and 29, were arrested in the eastern city of Bialystok near the border with Belarus. The older suspect is the owner of an apartment where both men were detained, and the younger man was allegedly inebriated at the time of the arrest, according to Poland’s RMF radio.
RMF radio also reported that one of the suspects is allegedly a police officer in Bialystok. On Tuesday, Polish police announced the suspension of one of its officers in the area, but gave few additional details.
The police confiscated radio equipment from the suspects’ places of residence, police spokesman Tomasz Krupa told local media.
The sabotage on the Polish railway was allegedly carried out in support of Russia, according to the deputy coordinator of the country’s special services Stanisław Zaryn.
Komunikat— PKP PLK SA (@PKP_PLK_SA) August 26, 2023
W nocy z piątku na sobotę w województwie zachodniopomorskim odnotowano nieuprawnione nadawanie sygnału radio-stop. Niezwłocznie działania podjęły odpowiednie służby. Nie ma zagrożenia dla pasażerów kolei. Efektem zdarzenia są wyłącznie zmiany w kursowaniu pociągów pic.twitter.com/tyrckvJS2n
The saboteurs were able to paralyze the trains — both freight and passenger — across the country by simply sending “stop” commands via radio frequency to the trains they targeted. The attackers also played the Russian national anthem and parts of a speech by Russian president Vladimir Putin on the railway’s radio.
Polish independent cybersecurity researcher Lukasz Olejnik told Wired that Polish trains use a radio system that lacks encryption or authentication, making them vulnerable to such hacks.
CERT Polska, the country’s computer emergency response team, told Recorded Future News the fully analog safety system was implemented so that any train or post can signal an emergency stop to all trains within a small radius. They confirmed dozens of trains were stopped by people abusing the system in recent days.
Poland promised to upgrade its railways by 2025. They plan to mostly use GSM cellular radios with encryption and authentication, according to the national transportation agency.
Poland's railway system is a lifeline for Ukraine as it transports key weapons from European allies to the Ukrainian frontline amid the ongoing war with Russia.
Ukrainian citizens and refugees are also using Poland as one of the few transit points on their way to Europe, with flights in the country suspended and most major airports destroyed.
Poland’s security agency, ABW, and national police have launched an investigation into a sabotage incident. Zaryn told the media that Russia and Belarus were trying to destabilize the Polish state “for some months.”
Poland has also become a major target for Russian spies. In July, Poland apprehended a group of 15 Russian spies. In June, a Russian ice hockey player was arrested for spying, and in March, Poland uncovered Russian spies planning to sabotage rail routes to Ukraine.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.