As China’s transportation system enters its second decade of rapid growth, some of the country’s biggest rail operators are experiencing a crisis of IT security, with a report saying that at least 1.7 million Chinese trains have been stolen over the last year.
The cybersecurity company SecureWorks said on Tuesday that the latest cyberattack on China’s rail industry is the most severe to hit it since it was introduced in the early 2000s.
The company said the theft took place in January 2017, when Chinese rail operator China Southern Railway had just completed a massive upgrade to its network.
“The recent cyberattack, which occurred on January 22, 2017, highlights the growing security threats posed by these companies, as well as their reliance on outdated technology,” the company wrote in its report.
“While the rail industry’s IT infrastructure remains the most secure in the world, security threats pose a grave threat to rail operators’ ability to meet the growing demands for service.”
The incident took place on a train in Henan province.
A security guard on board noticed that there were two passengers on board and alerted the train’s conductor, who immediately notified the police.
The attacker, later identified as Zhang Jianping, managed to gain access to a network camera.
The train operator said it had alerted authorities and that Zhang had been arrested.
Security researchers at SecureWorks and the China Railway Administration (CRA) said the attacker had gained control of at least one CCTV camera that had been mounted on a roof above the carriage where the train was taking place.
“This incident is a direct attack on the safety of the entire CNRC’s train network and is a major cause of the railway operator’s financial difficulties,” the report said.
“As the number of attacks grows, the safety and security of CNRCs trains and staff is a very high priority for all of us, and we expect CNRC to take immediate action to protect its networks.”
China has a notoriously weak cyber security infrastructure, and the latest attack shows that it has been unable to catch up with the cyberattacks of the past, the report says.
In September 2016, the Chinese Railways said that the attacker used the same technique to access the network camera that CCTV had used to identify Zhang, and to track the location of the CCTV cameras, the Beijing-based firm said.
It also reported that Chinese police had seized a total of $20 million worth of digital assets, including laptops and other hardware.
Security experts have said that cyber attacks against rail operators have become more frequent in recent years, and are now affecting as many as one in five train services.
The attack on China Southern’s network occurred while the railway was busy upgrading its technology.
China Southern has a track record of having been hit by cyberattacks before, and in the late 2000s, the railway company was hit by another hack that forced it to shut down its trains and shut its system down entirely for more than a year.