Pictures

Members of the U.S. Navy Blue Angels fly over the World Trade Center in lower Manhattan as part of the 25th annual Fleet Week celebration in New York, May 23, 2012. REUTERS/Eduardo Munoz

Reuters Photojournalism

Our day's top images, in-depth photo essays and offbeat slices of life. See the best of Reuters photography.  See more | Photo caption 

Photo

Maxim Hot 100

The world's most beautiful women as chosen by Maxim readers.  Slideshow 

Shreen Mohammad sits with other recruits during a military exercise at the Kabul Military Training Center (KMTC) in Kabul March 28, 2012. A landmark NATO summit in Chicago endorsed an exit strategy that calls for handing control of Afghanistan to its own security forces by the middle of next year but left questions unanswered about how to prevent a slide into chaos and a Taliban resurgence after allied troops are gone. Picture taken March 28, 2012. REUTERS/Omar Sobhani (AFGHANISTAN - Tags: POLITICS MILITARY SOCIETY) ATTENTION EDITORS: PICTURE 18 OF 27 FOR PACKAGE 'AFGHAN ARMY RECRUIT'

Afghan army recruit

A look at an Afghan recruit as he goes through the process of joining the Afghan National Army.  Slideshow 

Hackers could shut down train lines: expert

Related Topics

A S-Bahn city train is seen on a platform at the main railway station Hauptbahnhof in Berlin, October 13, 2011. REUTERS/Fabrizio Bensch

A S-Bahn city train is seen on a platform at the main railway station Hauptbahnhof in Berlin, October 13, 2011.

Credit: Reuters/Fabrizio Bensch

BERLIN | Wed Dec 28, 2011 5:50am EST

BERLIN (Reuters) - Hackers who have shut down websites by overwhelming them with Web traffic could use the same approach to shut down the computers that control train switching systems, a security expert said at a hacking conference in Berlin.

Stefan Katzenbeisser, professor at Technische Universität Darmstadt in Germany, said switching systems were at risk of "denial of service" attacks, which could cause long disruptions to rail services.

"Trains could not crash, but service could be disrupted for quite some time," Katzenbeisser told Reuters on the sidelines of the convention.

"Denial of service" campaigns are one of the simplest forms of cyber attack: hackers recruit large numbers of computers to overwhelm the targeted system with Internet traffic.

Hackers have used the approach to attack sites of government agencies around the world and sites of businesses.

Train switching systems, which enable trains to be guided from one track to another at a railway junction, have historically been separate from the online world, but communication between trains and switches is handled increasingly using wireless technology.

Katzenbeisser said GSM-R, a mobile technology used for trains, is more secure than the usual GSM, used in phones, against which security experts showed a new attack at the convention.

"Probably we will be safe on that side in coming years. The main problem I see is a process of changing ... keys. This will be a big issue in the future, how to manage these keys safely," Katzenbeisser said.

The software encryption 'keys', which are needed for securing the communication between trains and switching systems, are downloaded to physical media like USB sticks and then sent around for installing -- raising the risk of them ending up in the wrong hands.

(Reporting by Tarmo Virki; Editing by David Holmes)
Tech
Cyber Crime
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (3)
rikfre wrote:
in the US..no one would know the difference….!

Dec 28, 2011 6:20pm EST  --  Report as abuse
Nullcorp wrote:
Why not reject all traffic other than traffic from known “friendly” IP addresses? Taking down a public website with a DoS attack is one thing, but these kinds of critical systems should be completely dark, completely inaccessible from computers not on the whitelist.

Dec 29, 2011 12:33am EST  --  Report as abuse
EllieK wrote:
Agreed, Nullcorp. Why would rail transit operations have any access at all to the internet? In the U.S., hydroelectric facilities are completely inaccessible, to incoming internet traffic and outgoing traffic. There are public facing systems with internet access, but they have no connectivity to operations.

I have no idea whether or not passenger rail transit in the U.S., specifically, Amtrak, follows the same protocols though…. If not, they’d be equally vulnerable to DDoS (or DoS?) attack.

Dec 29, 2011 2:19am EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.
See All Comments »