Polish Railway Sabotage on the Cheap
Recent disruptions in Poland's train system—whether caused by technical glitches, hooligan thrills or “destabilizing a state”—highlight the vulnerability of the infrastructures on which we all rely
In late August 2023, multiple disruptions on Polish railroads fueled anxiety over Poland’s security and its ability to channel NATO support to Ukraine’s war effort. In the incidents, perpetrators used low-tech equipment to send “radio-stop” signals activating the trains’ emergency brakes. Were these part of a sophisticated sabotage operation, or merely malicious mischief?
Hot Summer for Poland
It has been a hot summer for Poland, a country at the front-line of NATO support for Ukraine’s war effort. After Russian mercenary leader Yevgeniy Prigozhin’s failed mutiny in Russia in June, his Wagner troops decamped to Russian-allied Belarus and began training local troops there, near the Polish border. Poland massed an additional 1000 troops on its border with Belarus. On July 23, Belarusian president Aleksandr Lukashenka told Russian President Vladimir Putin that Wagner troops were spoiling for a fight with the West; he paraphrased them as saying in effect, “Let us take a little excursion to Warsaw, to Rzeszow.” Rzeszow is a militarily significant Polish town near the Ukrainian border.
A decorated Russian general, Andrey Mordvichev, in a July 23 Russian state TV interview, implied that Russia might have to fight in Eastern Europe; he said “ideologists of war” saw Ukraine as just a steppingstone in a broader conflict between Russia and Western powers. Mordvichev left it unclear whether these ideologists of war were westerners eager to attack Russia, or Russians eager to attack countries beyond Ukraine; nevertheless, in the context of ongoing Poland-Belarus border tensions, it seemed an ominous declaration.
On August 1 Belarusian helicopters on a training run violated Polish airspace, heightening fears that Russian troops could be carrying out test runs for a potential incursion in the so-called Suwalki gap, a narrow corridor between Poland and Lithuania, that could cut off the Baltic territories from receiving support from NATO allies.
The Specter of Sabotage
Then, on August 18, the Washington Post reported on a Russian sabotage campaign that Polish officials had uncovered in March. Russia’s military intelligence service, the GRU, had allegedly sought to recruit saboteurs in Poland – including Belarusian migrants and Ukrainian refugees there -- to surveil seaports, put tracking devices in military cargoes, and conduct arson attacks and even an assassination. The reported GRU efforts also focused on railroads: tasks for the saboteurs included installing cameras along railroad lines and even derailing trains carrying weapons to Ukraine. (Update January 9 2024: On December 19 2023, a Polish court convicted 14 Russian, Belarusian and Ukrainian nationals and sentenced them to terms of up to six years for preparing sabotage acts on Moscow’s orders; these included “seeking to derail trains carrying aid to neighbouring Ukraine, and monitoring critical infrastructure and military facilities,” according to AFP News. Those convicted included a hockey player, a teacher, a software engineer, and two lawyers. They used the Telegram messaging app to receive orders and were paid between $300 and $10,000 in cryptocurrency).
A few days later in August 2023, an outbreak of Legionnaire’s disease occurred in Rzeszow, one of the towns Lukashenka had mentioned as a desired destination of the Wagner mercenaries. Rzeszow is a hub for NATO weapons deliveries to Ukraine . The outbreak claimed at least 18 lives by September 1 but did not affect US military personnel or operations, according to US military news source Stripes. Polish counterintelligence officials launched an investigation to rule out “external interference” as a cause of the outbreak.
A Week of Railroad Disruptions
In this context, when Polish railroads experienced disruptions over several days at the end of August, Polish security officials naturally considered the possibility of Russian sabotage. Unknown actors sent “radio-stop” commands that activated emergency brakes in over 20 trains near Szczecin on the night of August 25-26, plus several trains over the weekend and 25 trains in four Polish provinces on August 29th. In some of these incidents, the perpetrators interspersed the radio-stop tones with the Russian national anthem and an excerpt of a speech by Russian president Vladimir Putin. Initial reports described the incidents as cyberattacks. Polish officials temporarily suspended freight traffic but said the incidents caused only short delays and no danger for rail passengers. Stanislaw Zaryn said Polish officials were considering the possibility of sabotage, noting that Russia and Belarus had in recent months attempted to “destabilize the Polish state.” Polish railways are crucial for the transport of weapons to Ukraine. In addition, derailments and a collision on August 24 raised anxiety levels, though it is unclear whether they had any link to the radio-stop incidents.
On August 27 Polish authorities arrested two Polish men in their twenties in connection with that day’s disruptions. One of the suspects was a police officer working in the “operational techniques department (wydzial technik operacyjnych),” responsible for “secret observation of people, places and means of transport and conducting the so-called operational control,” according to a Polish TV report (via Google Translate). The two were charged with sending a false emergency signal that has the effect of panic-mongering and unnecessarily taxes public safety resources, as well as with risking “a disaster in land traffic.”
Investigators found amateur radio equipment in one of the suspects’ apartments. As it turned out, the radio-stop command that activates the emergency brakes on many trains in Poland consists of a three-tone signal that one can send using unsophisticated radio equipment, available online for as little as $30.
Russian-Directed Sabotage or Hooliganism?
Some circumstances suggest the possibility that the August railway incidents are part of a likely Russian coordinated campaign.
The Russian national anthem suggests pro-Russian sympathies
The unsophisticated radio equipment that appears to have been used in the incidents has a broadcast range of only a few miles at the most. So the 13 signals that halted 25 trains in four different Polish regions on August 29 likely represented a coordinated operation by multiple people.
The suspect who worked for a police department may have had non-public access to data about Poland’s transportation system. Such a person would seem like an ideal recruit for the Russian sabotage campaign described above.
Throughout the Russia/Ukraine war, saboteurs have targeted railroads as critical infrastructure systems related to the war effort on both sides. For example, in January 2022 hacktivists calling themselves the Belarusian Cyber Partisans crippled computer systems at Belarus Railways to protest its role in the buildup of Russian troops on Ukraine’s borders. Disruptions also occurred in 2022 in Polish, Spanish and Ukrainian railroads that carry Ukrainian refugees to safety or otherwise support the war effort, although it is unclear whether these resulted from malicious activity or technical glitches.
On the other hand, the incidents could simply be what one Polish media source called “hooligan attacks,” with the Russian national anthem added to exploit fear of Russia. False radio-stop incidents are not unprecedented: Polish media have cited official statistics that over 700 such cases occurred in 2019, 500 in 2020 and 2021, and about 480 in 2022.
Political Hyperbole and Real Problems
The incidents also have political relevance ahead of Poland’s hotly contested October 15 parliamentary elections. Poland’s populist ruling party, Law and Justice (PiS), has strongly supported Ukraine against Russia but also has a prickly relationship with the EU over social issues and signs of “creeping authoritarianism.” Critics have accused the PiS government of “ramping up a fear campaign ahead of crucial elections this fall,” the Washington Post noted. A politician from the main opposition party, the pro-EU Civic Platform of former Prime Minister Donald Tusk, used the incident conversely to criticize the PiS government’s performance. Indeed, politicians on both sides “want to show they are tough on security issues,” as the BBC put it.
Whether “hooliganism” or a Russian attempt to undermine Poland, the August railroad disruptions have increased calls for Poland to hasten its planned transition to a GSM-R digital system that will send emergency stop signals over encrypted cellular communications instead of open radio frequencies.
And For Those of You at Home
For ordinary people far from Poland, troublemakers using cheap devices and radio waves can also cause mischief.
Thieves can steal cars by intercepting and relaying the radio signal that wireless key fobs transmit or by jamming the signal to prevent the fob from locking the car. With an inexpensive Global Positioning System (GPS) jammer or signal-spoofing device, someone can block or falsify communications with GPS satellites and thus “hijack vehicle navigation systems, cheat at Pokémon GO, and even ‘turn back time’,” as Accenture Cyber Threat Intelligence reported in 2022. On a larger scale, unexplained GPS signal problems caused almost two days of disruption in and around Denver airport in January 2022 and again around Dallas Fort Worth airport in October 2022. Whatever the causes and motives, these incidents point to vulnerabilities in systems we take for granted.
*Update November 25, 2023: GPS spoofing and jamming has skyrocketed during the conflicts in Ukraine and the Middle East, affecting aircraft throughout the Mediterranean, Black Sea, Baltic and Arctic regions, according to a November 21 New York Times (NYT) report. “Today, an enthusiastic amateur with a few hundred dollars and instructions from the internet can spoof satellite signals. Governments, too, have been more willing to overtly interfere with signals as part of their electronic warfare.” These can affect commercial aircraft: Airbus reports detecting “nearly 50,000 interference events on its aircraft last year,” a fourfold jump from the previous year. While most commercial aircraft have alternative navigation systems so they are not dependent on vulnerable satellite signals, “Business jets such as Dassault Falcons, Gulfstreams and Bombardiers appear to be more susceptible to signal spoofing, the European Union Aviation Safety Agency said.”
This article points out that infrastructure in the US is vulnerable, not just in Poland, and that we as owners of automobiles are susceptible as well.
GPS jamming continues: https://www.lloydslist.com/LL1148493/Black-Sea-shipping-hit-by-rising-Russian-GPS-jamming