03-04-2025, 10:45 PM
The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.
Poland's railway system has served as a key resource in the facilitating of Western weapons and other aid into Ukraine as NATO attempts to bolster the country's defense against Russia's invasion. “We know that for some months there have been attempts to destabilize the Polish state,” Stanislaw Zaryn, a senior security official, told the Polish Press Agency. “For the moment, we are ruling nothing out.”
But as disruptive as the railway sabotage has been, on closer inspection, the “cyberattack” doesn't seem to have involved any cyber at all, according to Lukasz Olejnik, a Polish-speaking independent cybersecurity researcher and consultant, and the author of the forthcoming book Philosophy of Cybersecurity. In fact, the saboteurs appear to have sent simple “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as $30 of off-the-shelf radio equipment can broadcast the command to a Polish train—sending a series of three acoustic tones at a 150.100 megahertz frequency—and trigger their emergency stop function.
“It is three tonal messages sent consecutively. Once the radio equipment receives it, the locomotive goes to a halt,” Olejnik says, pointing to a document outlining trains' different technical standards in the European Union that describes the radio-stop command used in the Polish system. In fact, Olejnik says the ability to send the command has been described in Polish radio and train forums and on YouTube for years. “Everybody could do this. Even teenagers trolling. The frequencies are known. The tones are known. The equipment is cheap.”
Poland's national transportation agency has stated its intention to upgrade Poland's railway systems by 2025 to use almost exclusively GSM cellular radios, which do have encryption and authentication. But until then, it will continue to use the relatively unprotected VHF 150 MHz system that allows the radio-stop commands to be spoofed.
Polish State Railways didn't immediately respond to WIRED's request for comment. But a statement from the railways agency notes that the train disruptions were due to “unauthorized broadcasting of the radio-stop signal” sent “by means of a radiotelephone by an unknown perpetrator.” The statement adds that “receiving a radio-stop signal results in an immediate stop of all trains whose radios operate on a given frequency.”
Despite those automated emergency stops, the railway agency wrote that “there is no threat to rail passengers. The result of this event is only difficulties in the running of trains.” The Polish Press Agency reported no injuries or damage as a result of the radio sabotage operation.
If Russia or its supporters have in fact sabotaged the railway system of Ukraine's ally, the operation wouldn't be without precedent. In fact, Belarusian dissident hackers known as the Cyber Partisans protested Belarus' support of the Russian military by launching their own rare political ransomware attack against Belarus Railways' IT network in January 2022, in an attempt to prevent Belarus' participation in the invasion that came just a month later.
This disruption of Poland's rail system doesn't appear to have required any such ransomware or even a penetration of a digital network. But Olejnik cautions that the simplicity of the attack shouldn't lead anyone to underestimate its effects, which may continue to play out given the difficulty of preventing the radio attack on Polish trains' unauthenticated communication systems.
“When you’re a hub of support to war-stricken Ukraine, you’re indeed a target,” says Olejnik. “Low-hanging fruits are always the best approach.”