Since struggle first broke out between Ukraine and Russia in 2014, Russian hackers have at instances used a number of the most refined hacking methods ever seen within the wild to destroy Ukrainian networks, disrupt the country’s satellite communications, and even trigger blackouts for hundreds of thousands of Ukrainian citizens. But the mysterious saboteurs who’ve, during the last two days, disrupted Poland’s railway system—a significant piece of transit infrastructure for NATO’s assist of Ukraine—seem to have used a far much less spectacular type of technical mischief: Spoof a easy radio command to the trains that triggers their emergency cease perform.

On Friday and Saturday, greater than 20 of Poland’s trains carrying each freight and passengers have been dropped at a halt throughout the nation by means of what Polish media and the BBC have described as a “cyberattack.” Polish intelligence providers are investigating the sabotage incidents, which seem to have been carried out in assist of Russia. The saboteurs reportedly interspersed the instructions they used to cease the trains with the Russian nationwide anthem and elements of a speech by Russian president Vladimir Putin.

Poland’s railway system, in spite of everything, has served as a key supply of Western weapons and different support flowing into Ukraine as NATO makes an attempt to bolster the nation’s protection towards Russia’s invasion. “We know that for some months there have been attempts to destabilize the Polish state,” Stanislaw Zaryn, a senior safety official, advised the Polish Press Agency. “For the moment, we are ruling nothing out.”

But as disruptive because the railway sabotage has been, on nearer inspection, the “cyberattack” does not appear to have concerned any “cyber” in any respect, in keeping with Lukasz Olejnik, a Polish-speaking unbiased cybersecurity researcher and marketing consultant and creator of the forthcoming guide Philosophy of Cybersecurity. In truth, the saboteurs seem to have despatched easy so-called “radio-stop” instructions through radio frequency to the trains they focused. Because the trains use a radio system that lacks encryption or authentication for these instructions, Olejnik says, anybody with as little as $30 of off-the-shelf radio tools can broadcast the command to a Polish practice—sending a collection of three acoustic tones at a 150.100 megahertz frequency—and set off their emergency cease perform.

“It is three tonal messages sent consecutively. Once the radio equipment receives it, the locomotive goes to a halt,” Olejnik says, pointing to a doc outlining trains’ completely different technical requirements within the European Union that describes the “radio-stop” command used within the Polish system. In truth, Olejnik says that the power to ship the command has been described in Polish radio and practice boards and on YouTube for years. “Everybody could do this. Even teenagers trolling. The frequencies are known. The tones are known. The equipment is cheap.”

Poland’s nationwide transportation company has acknowledged its intention to improve Poland’s railway techniques by 2025 to use almost exclusively GSM cellular radios, which do have encryption and authentication. But till then, it’s going to proceed to make use of the comparatively unprotected VHF 150 MHz system that permits the “radio-stop” instructions to be spoofed.