Could Russia be behind TfL cyber attack amid rise in ransomware?
Did Russia hack Transport for London (TfL), or was the latest cyber attack just criminals looks to earn some cash by holding a network to ransom?
That’s ‘the $64,000 question’, according to Professor Alan Woodward, a cyber security expert at the University of Surrey who advises the EU’s law enforcement agency Europol.
London’s transport body, which operates the trains, buses and underground tube in the capital, said yesterday it was dealing with a ‘cyber security incident’ that has been ongoing since Tuesday.
It insists customer data and transport services are unaffected, but declined to answer questions about the target, source and nature of the attack.
Could it be the doing of a hostile actor like Russia? That question pops up anytime there’s a cyber attack.
if(window.adverts) { adverts.addToArray({"pos": "mpu_mobile_top"}) } if(window.adverts) { adverts.addToArray({"pos": "mpu_tablet"}) }It wouldn’t be the first time state-backed hackers have found their way into the digital networks of British institutions.
A Chinese state-affiliated group known as APT31 stole the data of 40million voters when they accessed Electoral Commission’s email and file-sharing systems between 2021 and 2022, the government revealed in March.
So is this another case of that?
‘It does look a bit that way when you look at the type of infrastructure and you think who would have a motive to attack it’, Professor Woodward said.
‘Well obviously criminals could monetise it, but if you’re targeting something like that, then it also is disruptive to the nation and potentially is a national security issue.
‘So it certainly makes you wonder whether there’s somebody else behind it.’
Transport infrastructure has increasingly become a target for cyber attacks as tensions between Russia and the rest of Europe rise.
Latest London newsUK braced for 'hottest day of the year'Rents are still skyrocketing in London — would a cap make a difference?Firefighters save ducklings who got stuck down a manholeTo get the latest news from the capital visit Metro.co.uk's London news hub.
Russia has allegedly used various forms of cyber attack to target the signalling and ticket systems in Czechia, its transport minister Martin Kupka said in May.
Dozens of trains came to a sudden halt in Poland last August when hackers transmitted radio triggered trains’ emergency stop in the country’s north west.
Police arrested two men from Białystok, a city of 300,000 people near the border with Belarus, one of Russia’s closest allies.
‘We know that for some months there have been attempts to destabilize the Polish state’, Stanislaw Zaryn, a senior security official, said at the time.
‘Such attempts have been undertaken by the Russian Federation in conjunction with Belarus. For the moment, we are ruling nothing out.’
The vitality of infrastructure, and the ability of hacking to turn tides, came to the fore during Russia’s invasion and subsequent war in Ukraine.
if(window.adverts) { adverts.addToArray({"pos": "mpu_mobile_mid"}) } if(window.adverts) { adverts.addToArray({"pos": "mpu_tablet_mid"}) }Professor Woodward said: ‘Right from the very, very beginning, cyber attacks were, both ways, really quite important in degrading the warfighting capability of the other side.
‘So I’m suspicious sometimes that [these cyber attacks] are unfriendly governments prodding, testing, to see if they can.
‘They’re not necessarily trying to cripple the London Underground or buses or anything like that, but they are probing.’
Meanwhile Andrew Peck, a cyber resilience researcher at Loughborough University, said cyber attacks are a ‘given in this world.’
He said the hackers were spot-on with their timing to target the start of the school week.
‘What would have happened if your child got to the bus stop or Tube and said there’s no bus? It would have been chaos. There’s an element of planning and timing, somebody’s done their homework,’ he told Metro.co.uk.
However, their impact ‘missed’ its target since the cyber-attack failed to affect transport.
He said TfL was likely protected because its systems are built with combining old and new which ‘might not always speak to each other as naturally as airline systems might do.’
But in a cyber attack, this gives the TfL system resilience which many airlines lacked during the CrowdStrike attack, he explained.
‘If NCA and NCSC involved, then I wouldn’t want to be one of the hackers.
Chances are they’ve made a silly mistake and forgotten to clean their tracks,’ he added.
If hacks are successful, they could have disruptive, destabilising or even deadly effects.
if(window.adverts) { adverts.addToArray({"pos": "mpu_mobile_lower"}) }Keir Giles, an expert on Russia’s influence and espionage campaigns, previously told Metro.co.uk: ‘If Russia were to step up all of this simultaneously, it would immobilise Europe.
‘This is something who know Russia wants to do if there is a full-scale confrontation with NATO, and they want to stop NATO reinforcements from moving west to east to where they’re needed.
‘It’s easy to see this as a practice run for when Russia wants to shut Europe down.’
But maybe that’s too simple an answer to the question of who hacked TfL and why.
While it remains uncommon for such critical infrastructure to be hacked, ransomware attacks are on the rise, according to Professor Woodward.
It’s not clear yet whether the TfL ‘cyber security incident’ is a ransomware attack.
But as with state-backed hacks, it wouldn’t be the first time criminals have targeted national infrastructure in search of a payload.
Cyber criminals Qilin published sensitive patient data – 400GB of it, including blood test results – when London hospitals refused to pay a Bitcoin ransom in June.
The hackers had used ransomware to infiltrate computer systems of a company used by two NHS trusts, disabling their IT systems.
Some 3,000 hospital and GP appointments and operations were disrupted as a result.
It was described as ‘one of the most significant and harmful cyber attacks ever in the UK’, by ex-head of the National Cyber Security Centre (NCSC), Ciaran Martin.
The thing with criminal hackers, though, is their attacks are far less targeted than they first appear.
‘Quite often they’re blunderbuss attacks, they’re not that targeted’, Professor Woodward said
if(window.adverts) { adverts.addToArray({"pos": "mpu_mobile_bottom"}) }‘They have these campaigns where they just send out phishing emails.’
Just their sheer size and number of employees makes public sector bodies like TfL and the NHS more vulnerable to the plight of ‘booby trap’ emails, links and the like.
Professor Woodward said: ‘Certainly it’s the largest organisations that will have somebody who opens a document or website, so I wouldn’t rush to blame another country.’
But there is another thing about criminal hackers – they’re a favourite contractor for states covering tracks by outsourcing acts of sabotage.
‘With some of these attacks, targets are being suggested or directed by [aggressive states]’, Professor Woodward said.
‘But they won’t lead back directly by to GRU [Russian intelligence] or something.
‘They’re trying to maintain a level of plausible deniability, and it’s kind of working.
‘We don’t know whether it’s a state being aggressive and attacking a piece of infrastructure.
‘However, when it comes to conspiracy or cock-up, I tend to go for cock-up, because it nearly always is that somebody’s opened a document they shouldn’t have.’
Cyber warfare may be murky, but the UK is at least somewhat prepared thanks to work by the National Protective Security Authority, an arm of MI5, and by the NCSC.
Plus the some of the TfL operational systems, frustrating as they may be for passengers, are old enough to require different, more complicated methods of hacking, even if they’re not immune entirely.
Given it’s still ongoing, there’s a chance the culprit is still lurking inside, Professor Woodward said.
More TrendingFirst picture of dog walker, 80, 'kicked to death' as children arrested
Mum of three boys killed in Staines says they were 'happy, active children'
Violent bully beaten unconscious by people who saw him attack his girlfriend
Harry Potter fans left furious after annual King's Cross announcement didn't happen
Read More Stories‘We are continually monitoring who is accessing our systems to ensure only those authorised can gain access’, a TfL spokesperson said.
‘As part of that monitoring, we identified some suspicious activity and took action to limit access.
‘A thorough investigation is current taking place and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.’
Shashi Verma, chief technology officer, said: ‘Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised. There is currently no impact to TfL services.’
Get in touch with our news team by emailing us at webnews@metro.co.uk.
if(window.adverts) { adverts.addToArray({"pos": "mpu_mobile"}) }For more stories like this, check our news page.
Sign Up for News UpdatesGet your need-to-know latest news, feel-good stories, analysis and moreSign upThis site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.Could Russia be behind TfL cyber attack amid rise in ransomware?
Could Russia be behind TfL cyber attack amid rise in ransomware?
Could Russia be behind TfL cyber attack amid rise in ransomware?
Could Russia be behind TfL cyber attack amid rise in ransomware?
Could Russia be behind TfL cyber attack amid rise in ransomware?
Play online games for free at games.easybranches.com
Guest Post Services www.easybranches.com/contribute