The disruption of over 20 trains in Poland, seemingly in support of Russia, was executed using a basic “radio-stop” command that could be transmitted with just $30 worth of equipment. Unlike sophisticated cyberattacks that have targeted Ukrainian networks, this sabotage targeted Poland’s railway system by sending simple radio commands to trigger emergency stops. The attackers scattered Russian national anthem and President Putin’s speech in the commands. Despite being described as a “cyberattack,” this incident involved no actual cyber intrusion.
Poland’s railway system has played a vital role in facilitating Western aid to Ukraine, making it a target for disruption. The attackers exploited the lack of encryption and authentication in the train communication system, allowing them to broadcast the radio-stop commands on a well-known frequency. Polish authorities plan to upgrade the system to use more secure GSM cellular radios, but until then, the relatively unprotected VHF 150 MHz system remains vulnerable to such attacks.
The attack’s main limitation is its range, as the saboteurs must be relatively close to the target trains. The disruption affected multiple regions across Poland, indicating the challenge the attackers faced in getting close to all the targeted trains. Despite the automated emergency stops, there were no reported injuries or significant damage.
This incident demonstrates how even basic attacks, exploiting vulnerabilities in communication systems, can have significant disruptive effects. It highlights the need for increased security measures as nations face evolving threats in the realm of technical surveillance countermeasures (TSCM).