In a peculiar turn of events, more than 20 trains across Poland were suddenly stopped over two days, August 25 and 26, in a situation initially deemed a “cyberattack” by Polish media and the BBC. The disruption, reportedly in support of Russia, impacted Poland’s railway system, a crucial conduit for NATO’s logistical support to Ukraine.
The saboteurs seemingly employed what was first thought to be a cyberattack, interspersing their actions with the Russian national anthem and portions of a speech by President Vladimir Putin. However, upon investigation, cybersecurity researchers revealed that the attack did not involve traditional cyber techniques. Instead, it appears the perpetrators employed simple “radio-stop” commands via radio frequency to immobilize the targeted trains. Lukasz Olejnik, an independent cybersecurity researcher, highlighted that the affected trains’ communication systems lack encryption or authentication for incoming commands. As a result, anyone equipped with basic off-the-shelf radio equipment—costing as little as $30—can transmit the necessary signal, consisting of a sequence of three acoustic tones at a frequency of 150.100 megahertz. It triggers the trains’ emergency stop function, causing them to halt abruptly.
Olejnik emphasized that this approach has been discussed within Polish radio and train communities for years and is not a novel discovery. The vulnerabilities stem from the reliance on a relatively unprotected VHF 150 MHz radio system, which the saboteurs exploited. The main limitation of this tactic is the need for proximity; the attackers must be within a few hundred feet to miles of the targeted trains, depending on the radio equipment’s strength. The disruption prompted Poland’s national transportation agency to announce plans to transition to GSM cellular radios with encryption and authentication by 2025. However, until then, the current VHF system will continue to pose a risk to railway operations.
While the radio attack did not result in injuries or significant damage, it underscored the ease with which such disruptions can occur. Olejnik emphasized that these low-cost, straightforward tactics are particularly appealing to those seeking to target infrastructure and exploit its vulnerabilities. If indeed linked to Russia’s supporters, this operation would echo prior cyber and physical disruption, amplifying concerns over geopolitical tensions and the potential exploitation of unsecured systems.
