Security experts and viewers have been picking apart plot holes and inaccuracies in the BBC‘s new drama series Nightsleeper.
The six-part thriller starring Peaky Blinders actor Joe Cole features a sleeper train travelling from Glasgow to London which has been hacked and hijacked, or ‘hack-jacked’.
The driverless train is seen being operated remotely after a suspect device is attached to wiring within one of the carriages.
But analysts have cast doubt on whether this would be feasible in real life, as they pointed out flaws in the drama created by BAFTA-winning writer Nick Leather.Â
Like the hit US drama show 24, Nightsleeper unfolds in real time across its six one-hour episodes which are being broadcast on Sunday evenings while they are also already all available on the BBC iPlayer – and it has also been compared to Jed Mercurio‘s hit thriller Bodyguard, from 2018.
Here, MailOnline examines some of the aspects which have raised eyebrows among cybersecurity specialists…
New BBC drama series Nightsleeper, starring Peaky Blinders actor Joe Cole (pictured) has received mixed reviews – including criticisms over its plausibility
The six-episode series also features actress Alexandra Roach (pictured) as a security expert
The series created by Nick Leather has divided opinion on X, formerly Twitter
Operating a train remotely
Reviews of Nightsleeper on X, formerly Twitter, have been mixed – ranging from ‘a good old-fashioned romp and a lot of fun’ to ‘so unrealistic and unbelievable’.
Among those enjoying it is Jake Moore, global cybersecurity advisor for tech firm ESET, although he suggested the plot strained credibility.
He told MailOnline: ‘The train is remotely accessed and then sets off by itself – it’s not likely that trains could be operated completely remotely due to the threat level this would entail.
‘Motives of hackers targeting trains are more likely to cause disruption rail services such as by playing with the signals and operations which are operated remotely rather than making it a danger to life.’
Even the BBC has suggested that hackers would need physical access to the driver cabin to carry out such a feat.Â
But Mr Moore did describe the premise as ‘very captivating’ and ‘interesting’, adding: ‘They’re clearly aware of keeping people in suspense.
‘There is always a threat to national infrastructure and this is a very visual representative of that, using the train network.
‘The positive comes from really making people more aware of the cyber threats which could potentially pose a risk – it’s a good educational piece.’
Meanwhile, another cybersecurity analyst has written two reviews setting out what he describes as ‘the good, the bad and the ugly’ of the drama.
Alex Cowan, chief executive of RazorSecure which provides security products and services for the rail industry, set out five discrepancies he had noticed.
The six-part thriller starring Joe Cole (pictured) features a sleeper train travelling from Motherwell to London which has been hacked and hijacked, or ‘hack-jacked’ – though cybersecurity experts are dubious about whether it could really be operated remotely
Also among the cast is Alex Ferns, who previously played evil character Trevor in EastEnders
These included apparent misunderstanding of how emergency brakes work, the shutting down of mobile phone signals, the response of the train crew and how detection software should have been able to notice the suspect device earlier.
He said: ‘This caught everyone in the industry by surprise a couple of weeks ago, with the key questions being “Who consulted on this?” and “How unrealistic will it be?”
‘I think we all knew the answer to how realistic it would be – spoiler: not very – but no one seemed to know who consulted on it.’
He did praise the starting point of the attack, a suspicious device fitted inside a panel in the fictional Heart Of Britain sleeper train.
He said: ‘This hidden Raspberry Pi scenario is realistic – however, the consequences are certainly not. There are significant risks with a rogue device on a train network.’
Emergency braking system
But he quibbled with the ‘unrealistic consequences’ shown in the drama, including how emergency brakes are not applied when people became aware of the risk.
Mr Cowan said: ‘There’s a fundamental misunderstanding of the emergency brakes in this show. These brakes are managed differently from normal brakes, and very differently from a car.
‘Firstly, they default to “ON” and must be released to allow the train to move.
‘For the brakes to be released, the systems must be in a certain state and they must maintain that state. If for example, the train loses power then the brakes will default back to on.’
Joe Cole plays an off-duty police officer who is among the passengers on the hack-jacked sleeper train – the approach taken to the train’s braking system has come under scrutiny
Joe Cole and Alexandra Roach are pictured at a photocall for Nightsleeper on September 9
Mobile phone signals
He also queried how mobile phone signals on the train were blocked by engineers in response to the hijacking, adding: ‘If no one had phone signal, then how did the device communicate remotely?’
He described the decision as ‘a bit crazy’ , saying: ‘So many problems with this, but don’t worry, one guy had a phone that wasn’t blocked. That may end up being important – it’s a bit too convenient.
‘If they’d put the panel back on the floor that probably would have blocked the signal anyway.’
Alexandra Roach’s character Abby is among those tasked with trying to prevent the train from crashing into a railway station when reaching London – but mobile phone signals are blocked
Cybersecurity expert Alex Cowan said in response to the mobile phone plotline:Â ‘If no one had phone signal, then how did the device communicate remotely?’
Train crew’s response
Mr Cowan said: ‘Overall the attacks were the most realistic bit of this episode. The consequences and railway elements were not realistic at all, but there are risks attached to these types of attacks.
‘Fundamentally the way the train crew reacted wasn’t so realistic – the train manager would have worked harder to contact the driver if this really happened.Â
‘In this scenario, the driver was the most important person on the train. They are ultimately the one in control, they have access to the MCB (mini circuit breakers) for the train, and could have powered down the train fully to force the emergency brakes to engage.’
Also featured in the series are (left to right) Alex Ferns, Daniel Cahill and James Cosmo – security experts have criticised the response to the emergency by characters on the train
Lack of detection software Â
Mr Cowan also drew attention to how the floor panel under which the suspect device was planted was left open, which would have been an unlikely move by the perpetrator.
He suggested that this was a plot device to ensure that those on board the train managed to spot the item.
He said: ‘Interestingly they were forced to leave the floor panel open so that the train crew would notice it.
‘The reality would be in a dark deep location in the train that wouldn’t be visible. Maybe they had to leave the floor panel off because the device had no signal if they put the floor panel back.
‘There are significant risks with a rogue device on a train network, I won’t detail them. Additionally intrusion detection software would be able to detect this type of attack, which is offered by RazerSource.’
Cast members Parth Thakerar, Gabriel Howell, Alexandra Roach and Pamela Nomvete are pictured in a scene from the BBC drama as their characters struggle to know what to do
Social media backlash
Social media has been busy with viewers commenting on the series, having tuned into the opening episode or binge-watched the entire series.Â
Among those defending the show was LÃam Rudden, who posted: ‘The writing might be shonky, the story ridiculously far-fetched, the casting annoyingly uneven but I have to admit, I’m a sucker for a train-bound thriller. #Nightsleeper is a good old-fashioned romp and a lot of fun.’
A user called DeafinitelyHere insisted: ‘I don’t get people saying “Oooh, this is so unrealistic”, of course it is, that’s the whole bloody point!! Sit back and enjoy the ride (no pun intended).’
Cal Parrish commented: ‘Just finished binge-watching #Nightsleeper. I did actually really enjoy it. Some ridiculous plot holes and unrealistic stuff but accept it for its absurdism and you should like it!’
And Cyber_Hannah_ wrote: ‘Aside from being holy, unrealistic, and laced with clunky dialogue, Nightsleeper was enjoyable. But then again, I am a sucker for hacker storylines.’
But more critical was Rachelbfx3, who wrote: ‘#Nightsleeper definitely peaked in the middle, then becomes unrealistic and slows down. Thanks for the BBC’s digs at the state of the UK’s train network though.’
Social media users have been posting starkly contrasting views of the show
Joe Cole is seen alongside fellow cast members Sharon Small and Katie Leung
CretanRunner posted: ‘Episode 1 of Nightsleeper seemed as if the series might be interesting. Episode 2 raised serious doubts. After that it went rapidly downhill. So unrealistic and unbelievable. Try again BBC.’
Martin Hammick remarked: ‘Having seen all of the 6 part BBC series #Nightsleeper, about an electronically hijacked train, it’s not as bad as some say, but there are flaws in casting, acting, scripting and length.
‘It should’ve been cut down to five episodes, leaving out most of the comedy+soapy sentimentality.’
And Judith Allen stormed: ‘Watching NIGHTSLEEPER and just periodically screaming “this isn’t how any of this works” at the television.Â
‘There’s a threshold of inaccuracy that I can accept, when it’s necessary to tell a story and there’s no way around it. And then there’s making s*** up instead of research.’
Britain’s National Cyber Security Centre has also posted about the show on X, using it as a prompt to encourage people to consider careers with them.
A message to the centre’s 142,300 followers on the social media site said: ‘Enjoying BBC’s Nightsleeper as much as we are? Thankfully, we’ve never faced such a scenario, but our expert team is ready for anything.
‘For more on the real-life NCSC, tips on how to improve your cyber security, career opportunities and more, visit http://ncsc.gov.uk.’