return to table of content

Polish trains lock up when serviced in third-party workshops

jaymzcampbell
21 replies
1h11m

This brought to mind the AARD "crash" which Microsoft used to basically destroy competition from DR-DOS back in the day.

The AARD code was a segment of code in a beta release of Microsoft Windows 3.1 that would determine whether Windows was running on MS-DOS or PC DOS, rather than a competing workalike such as DR-DOS, and would result in a cryptic error message in the latter case. This XOR-encrypted, self-modifying, and deliberately obfuscated machine code used a variety of undocumented DOS structures and functions to perform its work.

https://en.wikipedia.org/wiki/AARD_code

https://www.geoffchappell.com/notes/windows/archive/aard/drd...

https://news.ycombinator.com/item?id=36042213

sonicanatidae
20 replies
54m

This tracks for Microsoft. The very same company that told Compaq that if they sold any PCs with OS/2 Warp, they would never sell another one with Windows.

Humans are why we can't have nice things. OS/2 Warp was a great OS.

greiskul
13 replies
41m

We really need to have much stronger anti trust legislation and enforcement. It is absolutely ridiculous to allow companies to behave this way.

And before someone says that "free market is always good and government is bad", the optimum free market strategy if there is no government is to hire hitmen to assassinate the executives of competidor companies. A real competitive free market will always require the government to prohibit companies from forming artificial mottes around their monopolies.

SAI_Peregrinus
6 replies
30m

The optimal free market with no government is for corporations (collections of people) to use violent force to enforce their goals. A sufficiently powerful corporation is indistinguishable from a government.

rootusrootus
4 replies
24m

A sufficiently powerful corporation is indistinguishable from a government.

Only if the government is a dictatorship. A sufficiently powerful corporation will never look like a functional democracy.

sonicanatidae
0 replies
21m

looks around for an example of a functional democracy

devbent
0 replies
18m

Boards appoint executives, boards are voted in by shareholders, shareholders are determined by $, the more money you have the more votes you can buy.

Companies are, in theory, dysfunctional representative republics.

TeMPOraL
0 replies
4m

No, if you remove either corporations or governments from the equation, the remaining thing will morph and split to recreate this. Corporations aren't fixed in stone - a sufficiently powerful one may be indistinguishable from a dictatorship, but it'll also evolve the same way.

JoshTriplett
0 replies
7m

A sufficiently powerful corporation will never look like a functional democracy.

True, but neither will a sufficiently powerful government.

sonicanatidae
0 replies
25m

A sufficiently powerful corporation is worse than a government, because the current government at least pretends to play by the rules and in a lot of cases, does. The issue is the rules themselves, which were crafted by? Corps.

Corps are entirely different. They push harder and harder and harder for PROFITS and will inevitably cross lines. When crossing those lines not only has no meaningful penalty, but actually turns a profit, after the fines are subtracted, they will not only continue to do it, but push even harder. After all, there's no real consequences, so why worry?

rootusrootus
2 replies
25m

And before someone says that "free market is always good and government is bad"

I've never really understood that dichotomy myself. The free market IS good, that is for sure. But it won't exist unless the gov't uses its power to create it. Companies have to be kept small enough that there will always be a bunch of choices. And that won't happen by itself.

sonicanatidae
1 replies
23m

The free market clowns are like Libertarians, imo.

Hopelessly reliant on systems that they detest.

Ever notice the folks advocating free markets the hardest have the most to gain by steamrolling the little people?

Free markets are a dream and not something that can exist in the real world, without significant consequences for the majority.

TeMPOraL
0 replies
7m

Ever notice the folks advocating free markets the hardest have the most to gain by steamrolling the little people?

Or so they believe. They haven't thought just how much they're dependent on goods and services provided by all the "little people", at every moment of their lives. They haven't realized that in case of a societal collapse, they won't be on top - they'll be under the guillotine.

thegrimmest
0 replies
1m

Funny that your optimum free market strategy is murder. A market where murder is a legitimate strategy is anything but free. In fact a good litmus test as to the freedom of a market (or any social structure) is the legitimacy of murder.

Comparing murder to antitrust therefore seems to be a pretty weak argument. Deontological libertarians would view the use of force required to enforce antitrust as authoritarian overreach. They would see no moral justification in the enforcement of arbitrary limitations on the voluntary transactions of consenting parties. They would see these as tyrannical.

This stems from a core disagreement about the nature of society. Some people see it a as a collective project for the good of all participants (the sticky point being the definition of "good", and the non-optionality of "collective"). Others see it as simply an agreement to coexist peacefully and cooperate only voluntarily, while embracing the Darwinian nature of said coexistence.

Each side is well meaning I'm sure, but I find it hard to reconcile these two worldviews.

sonicanatidae
0 replies
38m

We simply need meaningful penalties that involve jail time and % fines, on top of the ill gotten gains. The current model is steal $1 million, get fined $250k, enjoy the profits.

Sadly, that'll never happen, because CU made bribery legal and who's congress going to listen to? The 100s of millions they allegedly govern or the guy that handed them $25k for a kitchen remodel.

Spoiler: It's not the citizens.

JoshTriplett
0 replies
5m

the optimum free market strategy if there is no government is to hire hitmen to assassinate the executives of competidor companies

There's a huge difference between opposing regulation and permitting murder. Equating the two is a strawman, given that there are a large number of people who oppose various regulations and very few who would want to legalize murder.

pmarreck
5 replies
48m

all this looks like points for open source. You can’t exactly stop someone from putting an open source OS on their hardware, and if the train software was open-source, then this “clawback code” nonsense would have been impossible to keep secret.

and you’re right, OS/2 Warp WAS a great OS. As soon as it started losing market viability, it should have gone open source as a defensive self-preservation tactic.

When LLaMa was released for free, it basically guaranteed it would never die a corporate death

Workaccount2
2 replies
43m

Now we just need a a good open source OS made for lifelong windows/macOS users. Not one made for lifelong linux users.

sonicanatidae
0 replies
41m

Sorry, best I can do is a Elementry OS Linux.

goodpoint
0 replies
32m

Or not.

ta1243
0 replies
33m

You can’t exactly stop someone from putting an open source OS on their hardware

Of course you can. Have secure boot requiring a signed bootloader. Currently Microsoft are good enough to sign a linux bootloader so you can run things like ubuntu.

Doesn't mean that in 73 years you'll have a situation where OSS is not only illegal, but you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that [0]

[0] https://www.gnu.org/philosophy/right-to-read.en.html

sonicanatidae
0 replies
42m

OS/2 Warp is still used today, albeit in very limited situations.

I managed IT at hospitals for a large part of my career. At one of them, they had a "Lanier transcription cluster". It was 6 systems. One of them was an OS/2 Warp install that managed the modem cards.

It's apparently used to manage hardware, like those modem cards. Evidently, it does a great job of it.

I agree with you though. I think that Open Source would have made it much more of a competitor to Windows, today.

Then again, throw enough resources at anything and it could contend...ok.. not TempleOS, but everything else. ;)

kozak
18 replies
3h1m

This is probably perfect for some EU anti-monopoly lawsuit, am I right?

izacus
4 replies
2h14m

This should be a standard consumer protection law (right to repair), not a monopoly thing :/

joshuaissac
1 replies
1h53m

EU consumer protection laws generally do not apply to B2B contracts (although member states can gold-plate them to extend their scope).

izacus
0 replies
1h3m

Sure, but that just means it needs to be adjusted to cover outright sabotage after sale like this.

Sosh101
1 replies
1h40m

More like highly criminal behaviour like fraud and extortion.

plagiarist
0 replies
1h27m

I don't see how it isn't literal fraud if the behavior isn't documented in the purchasing contracts.

mardifoufs
3 replies
1h51m

Seems like the trains were manufactured by a European corporation so probably not lol.

sofixa
2 replies
1h34m

Do you think European regulations don't apply to European companies? They do, it just gets less publicity when e.g. Criteo get fined for abusive tracking than when Google do.

mardifoufs
1 replies
51m

They do, just less so. It's harder to poke around big industrial players of member states.

faeriechangling
0 replies
6m

Size might let you escape with a slap on the wrist but it’s hard to imagine Poland doesn’t get its pound of flesh over this.

artursapek
2 replies
1h35m

Someone’s definitely going to jail for this. I can’t even think of what the defense’s argument could be.

actionfromafar
1 replies
48m

Maybe “I am friends with the Law and Justice party”?

TeMPOraL
0 replies
1m

Most people in Poland don't even understand how rail has been privatized and shattered into half a million companies. To a regular person, if it's train, it's "PKP" (Polish National Railways) - therefore something the government is responsible for.

I don't think Law and Justice will be happy about some corp screwing with infrastructure and having the voters blame the government for it.

tormeh
1 replies
1h23m

It's not a monopoly, so no. Would make just as much sense to ask for a DMCA takedown of the trains.

namaria
0 replies
56m

Do you think anti monopoly legislation only applies when some company controls some market outright?

throwaway092323
0 replies
54m

Help us, European Union. You're our only hope.

throwaw33333434
0 replies
1h27m

If I understand correctly apart from hardcoded `ifs` there was a backdoor as well.

Russian agencies could use it to slow down transit of military aid to Ukraine.

In my book you could argue a criminal case.

faeriechangling
0 replies
12m

I would reach for other laws like sabotage and extortion and something that probably exists specifically for the protection of public infrastructure and charge them criminally and raid the offices and take out the executives in cuffs.

They screwed with the rich and powerful here why not throw the book at them?

Glyptodon
0 replies
2h11m

It seems like some mix of vandalism and fraud too.

dheera
17 replies
2h29m

Who are these hackers and how did they get their hands on a train, among all things?

jseutter
11 replies
2h9m

The truth is almost stranger than fiction. They are members of a group called Dragon Sector and were brought in by the train operator after 6 of their 12 largest trains became unresponsive after having inspections done at a rail yard owned by not-the-manufacturer of the trains. The manufacturer said the trains became unresponsive because of malpractice at the train repair shop and mentioned some condition that didn't appear to be in the maintenance manual. The train operator made contact with Dragon Sector and asked for their help.

It's a wild read: https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhak...

It appears to be malicious code included by the manufacturer to prevent third party repair that at one point included geolocation for triggering. Given that the train operator had to reduce train schedules for this which impacted service and income, it might end up as evidence in a lawsuit against the manufacturer at some point.

Pet_Ant
4 replies
1h49m

Well the error message claims that they are infringing copyright. It very well could be that they are within their rights if the initial license/contract stipulated that they would only service the trains in their authorised locations. This should be illegal, but very well might be.

xeeeeeeeeeeenu
1 replies
1h31m

Excerpt from an Onet article[1] about this:

Until a few years ago, rolling stock manufacturers such as Newag from Nowy Sącz and PESA from Bydgoszcz were able to dominate the maintenance market. It was mainly them who entered tenders for compulsory maintenance of their vehicles, because other companies knew they were at a disadvantage. At the time, the dominant narrative of the manufacturers was that the "Maintenance System Documentation," a kind of manual for a given vehicle, was the manufacturer's secret, its intellectual property, and under no circumstances could this be passed on to other service companies. This led to a situation in which railroad companies across the country were forced to use the manufacturer's expensive service. And the latter, having a monopoly on repairing its trains, dictated outlandish prices, even tens of percent higher than another company would have given, the rail safety expert points out.

Our source adds that later, thanks to the European Union Agency for Railways, the interpretation of regulations changed, allowing other companies access to service trains. This led to the opening of the market to other companies in the industry.

[1] - https://wiadomosci.onet.pl/kraj/awarie-pociagow-newagu-haker...

fargle
0 replies
1h27m
planede
0 replies
1h32m

How would copyright be in-scope at all? At worst this infringes EULA.

p_l
0 replies
21m

They didn't win the contract for servicing, and the law required opening up service in the first place.

vidarh
2 replies
1h54m

I would love to know if the checks were as brazen as presented in that post, or if the coordinate checks were obfuscated in some way. It sounds like they just assumed the operator would fold long before even getting at the code and couldn't even be bothered trying to make it look accidental.

q3k
1 replies
1h51m

The main obfuscation was the way IEC 61131-3 constructs get first compiled to C and then to assembly.

There's a lot of indirection and zero strings in the resulting code, meaning it's very difficult to actually find whatever logic you're looking for. But once you see it, it is obvious and seems like it was built like any other logic.

vidarh
0 replies
1h42m

That's amazing. If I was going to pull a stunt like this, I'd like to think I'd find some way of trying to make it look like a bug.

Must be very satisfying to find something like this.

I guess this is going to provide plenty of billable hours for lawyers at this point...

plagiarist
1 replies
1h18m

if the day is greater than or equal to 21st and

if the month is greater than or equal to 11 and

if the year is greater than or equal to 2021

then report a compressor failure.

[...] It was probably the software author's inability to construct IFs that made it necessary to wait until November 21, 2022 for the planned failure.

Oops!

sdflhasjd
0 replies
32m

And it magically starts working again on the 1st December.

ysofunny
0 replies
19m

The most poetic part is how the train maker are merely looking out for their own profit margins.....

Economic theory(?) would suggest that if they don't do this, their competition eats their lunch and drives them out of business.

heck, Volkswagen did something much shadier to get their vehicle's emissions to comply

wielebny
1 replies
2h27m

Here a comprehensive write-up in Polish in a somewhat sensationalized - but rightly so - tone: https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhak...

HeWhoLurksLate
0 replies
1h7m

https://translate.google.com/?sl=auto&tl=en&text=https%3A%2F...

for those of you who like me can't quite understand literally anything otherwise

meithecatte
0 replies
2h16m

As explained by the linked article in Polish, the workshop reached out to them and asked of they could figure out why the train isn't working.

mciancia
0 replies
2h16m

tldr hackers are from DragonSector (one of the top CTF teams) - https://dragonsector.pl/

They were contacted by workshop which was doing maintenance of those trains and had no idea why they stopped working

Crosseye_Jack
0 replies
2h9m

You wouldn’t download a train, would you?

atticora
11 replies
2h6m

It would be so easy to get away with this kind of extortion at my work. Nobody reads my code that carefully, or cares if I don't get it reviewed and just merge it. Only one other person could understand it if he tried, and he has no interest or involvement in it. It could easily look like just a bit of incompetence on my part that requires some additional consulting from me after I have moved on.

That's not how I roll ... or sleep well, so my employer is in no danger from me. But there are many short-term devs who come through here, and I don't have the time to police them in detail.

But conceivably an LLM could do it. It could be just another step in a build pipeline. But, when LLMs can do this well, they can also write most of the code going into the pipeline.

ceejayoz
6 replies
1h56m

This doesn't sound like the sort of thing some rogue developer secretly slips into the codebase.

fnimick
5 replies
1h45m

Exactly. This is a company initiative to increase company profits. It's smart business, as long as it's not illegal or the fine is insufficiently high.

nerdbert
2 replies
1h26m

Is it smart business though? Once disclosed it provides future purchasers with a strong reason to avoid your products. Who wants to spend millions on trainsets that could become unserviceable in the event that the seller goes out of business or makes some mistake in authorizing service centres or gets into a dispute with us over another matter?

serf
0 replies
1h7m

it's just tight-rope walking at that point. If your company has sufficient leverage within the market they can get away with murder.

see: John Deere

fnimick
0 replies
1h21m

It can be smart business if the probability of it being disclosed is low enough. Using fake numbers as an example, if you can make an extra $1 million on repairs and will suffer $100 million in fines / lost business if it becomes known, as long as the probability of it becoming known is less than 1%, it's a net positive expected value.

silvestrov
0 replies
35m

I would guess this is also why the code was found: it's parallel construction.

Somebody was told to take a closer look.

Otherwise it would be very weird to have 3rd party developers disassembling firmware code. I've never heard of that happening because a train didn't want to start.

Flammy
0 replies
1h29m

Yup that is how I read it as well. Product decision.

Thorrez
1 replies
1h52m

But how would you profit off of it? In the case here the company profits by forcing trains to use first-party workshops.

vidarh
0 replies
1h40m

"Last time this failed, Bob was the only one who could fix it."

"Bob resigned a few months ago."

"See if he is willing to do some consulting. We'll pay whatever rate he demands."

I still occasionally have past employers call about things years after I left, and if I'd have been immoral enough to pull something like this, those systems could have been full of time bombs.

justinclift
0 replies
1h56m

But conceivably an LLM could do it.

It'd be kind of funny if an LLM did that "unintentionally", and wasn't able to unlock the code it wrote... ;)

bombcar
0 replies
39m

It's kind of amazing how blatant it was, they weren't even really trying to hide it much.

Similar to the VW emissions thing; if they'd been intentional about it they could have made it look much more like a mistake.

Bermion
9 replies
2h6m

How many similar practices actually get discovered? In a way this is the "right" thing to do in a capitalist society. We are incentivising this behaviour by making it profitable. An honest company cannot compete with a company doing this, unless very rigorous regulations and enforcement of them. This gets harder and harder as tech gets more opaque. Adding more regulation, auditing, hoping that _all_ entrepreneurs are honest, are crutches trying to patch a fundamentally broken economical system.

If capitalism were a software, we would call practices like this code smell. We can try patching it up with some specific legislation and (costly) enforcement by e.g. code auditing in this case. But the real issue is that our economy is not optimizing for global (national) utility, it is optimizing for profits of individual business owners.

augustulus
3 replies
1h35m

this is all true, but what is the better system? Communism has its merits, but it’s extremely reliant on competent, benevolent leadership and struggles to be economically viable in an American-dominated world.

I think that a Keynesian, well-unionised economy with strong regulation is the solution. I’m sure they exist, but I struggle to think of many examples in history of over-regulation leading to a fault, but I can think of many, many examples of under-regulation managing it, and yet largely due to the capitalist-controlled media, over-regulation is the more feared of the two. This isn’t to say that over-regulation isn’t possible, of course it is, but I don’t think it is in tech.

To go on a tangent, I personally don’t believe in the untrammelled progress of tech. I can understand why people are so vehemently against that idea, of course it’s frustrating to restrict human ingenuity, and there’s a lot of money to be made, but tech is quantifiably making people’s lives worse. Smartphones are a fucking travesty. IQ scores are down something like 10% from the 90s. The internet isn’t great, but at least when you had to be at home logged into a desktop there was some friction. Now an entire generation is plugged into it permanently. An entire generation that doesn’t really read books, rarely thinks alone and in many ways hasn’t had to learn organisational or navigational skills.

AI doesn’t look like it’s going to make any of this much better. Even if we don’t achieve AGI, which I hope, neural networks are only going to get better and better, the best and most powerful ones in the hands of the richest people, who will simply use them to worsen inequality even more.

What else is next? Neuralink? Human genetic engineering? You would hope regulation would stand up to them, especially aesthetic genetic engineering, but who knows?

What we need is a nice big solar flare EMP. Something like the Carrington event

fnimick
2 replies
1h13m

What's next is AI operated lethal weapons. You best believe all the elites are racing for those as fast as they can. As soon as those are a reality, all revolution against economic inequality becomes impossible.

The U.S. army wouldn't fire on civilian protestors, regardless of what a general ordered. An AI army would have no such restrictions or be vulnerable to appeals to morality and ethics.

Roark66
0 replies
45m

The U.S. army wouldn't fire on civilian protestors, regardless of what a general ordered.

World doesn't work like this. You'd think human sanity would prevail if given an order like that as some sort of built it "safety", but people who want to give orders like this can do it in a way that ensures they are complied with. Imagine the soldiers are told there are people with hidden guns in the crowd. Then you get few snipers to take out few soldiers from the crowd's direction and vice versa. The crowd starts shooting back as well as the soldiers.

Do you think this scenario is far fetched? That's exactly what happened during the EuroMaidan protests in Ukraine some years ago except instead of soldiers there was police. https://www.researchgate.net/publication/266855828_The_Snipe...

People are fully capable of killing each other with no help from AI.

AnimalMuppet
0 replies
1h0m

What's next is AI operated lethal weapons. You best believe all the elites are racing for those as fast as they can. As soon as those are a reality, all revolution against economic inequality becomes impossible.

Except for revolution by the AIs. AIs may not like selfish rich jerks any better than biological intelligences do.

mannykannot
2 replies
1h36m

The fact that an entity can sometimes benefit from deceit has nothing to do with capitalism, specifically, and capitalism is not the simple proposition that profit justifies anything, even if some people sometimes suggest that it is, in order to advance their agenda - in a rather deceitful manner, I might add!

fnimick
0 replies
1h19m

The pressure to benefit from deceit because outperforming competition is the only way to stay alive is unique to capitalism, though.

"capitalism is not the simple proposition that profit justifies anything" - of course, but it naturally leads to an environment where profit justifies anything. No business leaders avoid money-making immoral behavior unless it is overall unprofitable due to market conditions (a specific well-informed customer base, for example) or regulation.

augustulus
0 replies
1h19m

do you have a counter-argument? because what I’m reading here is “you’re wrong and lying or lied to because of an ‘agenda’” and that’s it

what do you think GP or someone who has lied to GP really thinks?

why are they lying?

what’s their agenda?

do you agree that we (in the West) currently broadly live under Friedman’s version of capitalism, and, if so, do you agree that it broadly follows the mantra of “profit/shareholder value above all else”?

if you don’t think we live under that system, what system do you think we live under, and what differs it from the mantra of “profit/shareholder value above all else”?

vidarh
1 replies
1h32m

For B2B contracts of this kind of size a solution is to insist on clauses with very steep damages in the event of evidence of specific measures to prevent third party service or similar, coupled with never again dealing with a manufacturer like this.

The bigger problem is when manufacturers pull stunts like this on customers who can't afford and/or don't have sufficient financial incentive to figure out the underlying problem.

Bermion
0 replies
1h4m

Steep damages is in many cases not enough because the likelihood of being found out is so low. The damages then have to be extremely steep for this behavior to not be incentivised. Basically to bring the expectation value negative, the damages has to be larger than the profit gain by this behavior, divided by the probability to be caught. Often this will be more than the value of the company, and then the damages do not matter as they simply bankrupt. In that case, the rational business practice is to go for it and hope to not get caught. Any other behavior will eventually lead to bankruptcy in a competetive market.

flutas
7 replies
2h22m

I've honestly wondered for a while how many devices (from phones to cars) have features like this that haven't been documented yet.

Also how many engineers have worked on features like this without whistle-blowing over behavior like this.

hedora
5 replies
1h38m

I can’t change the 12V lead acid battery in my EV without using a reverse engineered OBD-II dongle. If you don’t use the dongle to reset the charge circuit, it fries the new battery in about a month.

Here are incorrect directions explaining how to do it:

https://www.mybmwi3.com/forum/viewtopic.php?t=17838

Step 14 requires the magic dongle.

Note that they are not disconnecting the main battery, so they are risking electrocution from the >> 100V DC batteries.

There are some comments about not letting the old battery get into a low voltage state.

That’s tricking the charger into not overcharging the new battery to death.

spuz
1 replies
1h17m

What is the story here exactly? Is there an official way to replace the battery that doesn't require a dongle? What does the dongle do exactly? Why does a new battery get drained if you don't follow this process carefully?

hedora
0 replies
52m

The charger learns how worn the old battery is, and overvolts old ones to get a bit more useful life out of them. When you disconnect and reconnect the battery it doesn’t reset the training algorithm, so it overvolts the new battery, reducing its lifespan to roughly 30 days.

There’s no official way to reset the charge algorithm without a dealer-only dongle, so you take it to the dealership to replace the battery (~$400 labor, $100 parts).

They could solve the problem by adding a “register 12V battery” option to the service menu, or by having it prompt the next time you start the car after 12V power is interrupted.

physhster
1 replies
47m

Registering batteries has been a thing for BMWs for at least a decade. The dance around keeping windows open etc is a little more annoying, but nothing out of the ordinary.

me_me_me
0 replies
5m

another reason not to buy BMW added to the list

rootusrootus
0 replies
17m

I can’t change the 12V lead acid battery in my EV

Aside from that not having anything to do with it being an EV, it's worth mentioning that many newer EVs (most of the ones sold, perhaps) use a lithium 12V battery now, not lead acid. So in generally they ought to last longer anyway. Plus Tesla, at least, doesn't 'register' batteries the way BMW does.

ysofunny
0 replies
20m

.... just imagine how many instructions you can hide in a 64-bit address space (I'm thinking of you intel hacker magic)

garyfirestorm
6 replies
2h31m

i think the remote lock makes it a backdoor and probably criminal?

plagiarist
4 replies
2h20m

I think hacking laws only apply when a pleb causes a corporation device to behave other to the corporation's desires. The reverse is just business.

radres
3 replies
2h16m

Depends on country's laws and contracts between parties. If the contract does not mandate service by the manufacturer, only suggests it, this sounds illegal. Not because of hacking, because of not documenting behavior and disturbing state entity hence the people.

plagiarist
2 replies
1h23m

Oh, yes. I agree that this sounds like actual fraud if it is undocumented. I disagree that disabling the machines would count as "hacking."

I am cynical about the latter because I personally would like this sort of malicious shit to qualify as hacking. I'd also like the telemetry and recording in all modern cars to be considered hacking.

hedora
1 replies
1h8m

One practical solution is to make certain clauses unenforceable in end user license agreements and all non-negotiated contracts.

For starters clauses allowing the vendor to upload any user specific data (anonymized or not) and prohibitions against specific uses of the software would be unenforceable.

The former ensures privacy, and the latter would make the behavior of the train manufacturer illegal (in the US), since it’d fall under the CFAA:

https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

(Sections a.5 and a.7 in the section “Criminal offenses under the Act”)

p_l
0 replies
49m

Various contract provisions are illegal in Poland as well, for example a contract can't prevent you from disassembling and reverse engineering any software or hardware, including building a compatible device so long as you do not literally copy the results over.

In this case, NEWAG violated contract, because they did NOT win the bid to do servicing, and didn't write anything down about being the only party able to service the machines.

masswerk
0 replies
23m

Only, if you can provide a proof for the train not being a printer or that it cant be used as such. /s

drra
6 replies
1h20m

So these trains are exclusively used in Poland by quite a big number of regional train companies. There are 5 servicing levels starting from P1 up to most complex P5. It used to be that only these major companies would do P3+ but since a few years tenders were won by several smaller competitors at much lower prices all thanks to European Union Agency For Railways that opened that market.

It started with 4 trains that were serviced by SPS Mieczkowski and just wouldn't start. The company was forced to pay €0.5m in penalties and trains were sent back to Newag. At the same time several other trains from different companies that didn't even got to service but spent a bit too much time in one place became immobilized. This all led to SPS Mieczkowski hiring Dragon Sector to investigate and they found several separate routines to disable trains.

This case is investigated by Central Anti-Corruption Bureau in Poland but I doubt it'll do much harm to Newag. The Office of Rail Transport of Poland that would spam rail company with complaints and orders for a small mistake in train schedule washed it's hands from intervening in this case and train purchases have highly regulated tender process and very little wiggle room for rail companies.

hindsightbias
3 replies
29m

Always heartening to see others trust in the lowest-bidder when dealing with a product that cruises at 150km/hr.

zamalek
0 replies
1m

It's also great to see others trusting a servicing shop that customers are forced to use no matter how sloppy or incompetent their work.

TomaszZielinski
0 replies
21m

In this case the lower offer was 22mln PLN, whereas the manufacturer's offer was 25mln.

TeMPOraL
0 replies
10m

Hypotheticals be hypotheticals, but here we don't have a case of the lowest bidder screwing up maintenance of a potentially dangerous piece of infrastructure; instead, we have the incumbent breaking aforementioned hardware on purpose, and blaming it on the lowest bidder.

Honestly, I think China got this right. Business is business, but when you start screwing with critical infrastructure, a firing squad should be on the table. And in this case, at least months to years of prison.

KptMarchewa
1 replies
1h16m

This case is investigated by Central Anti-Corruption Bureau in Poland but I doubt it'll do much harm to Newag. The Office of Rail Transport of Poland that would spam rail company with complaints and orders for a small mistake in train schedule washed it's hands from intervening in this case and train purchases have highly regulated tender process and very little wiggle room for rail companies.

It's clearly a crime of sabotage under Art. 254a kk. Tender process does not matter in this case. We just need a competent prosecutor.

https://sip.lex.pl/akty-prawne/dzu-dziennik-ustaw/kodeks-kar...

TomaszZielinski
0 replies
44m

Having read only that kk article, I'm not certain if trains are considered parts of the infrastructure?

SSLy
6 replies
1h21m

A rather amusing situation was encountered with another train set that refused to work on November 21, 2022, despite not being in service at the time. The computer reported a compressor failure, although the mechanics determined that there was nothing wrong with the compressor. Unfortunately, the train still did not raise its pantographs. The analysis of the computer code revealed a condition enforcing the failure, which read as follows:

if the day is greater than or equal to 21, and

if the month is greater than or equal to 11, and

if the year is greater than or equal to 2021

then report a compressor failure.
serf
3 replies
1h10m

I guess a charitable interpretation is that the compressor manufacturer set an 'expiry date' to ensure replacement of a vital component.

(but it's probably just shady business.)

Ukv
1 replies
45m

Also the wrong way to implement an expiry data, since it'd work fine again when the day goes below 21 or month below 11, even if the year is 2021 or greater - which seems to be what happened if they only noticed it in November 2022 rather than 2021.

garblegarble
0 replies
9m

It might lead to a fault that appears more realistic - it'll go away for a bit in December before coming back again... if the engineers say the compressor's good but the computer fails it intermittently, that seems like a good point to get the manufacturer involved which is what they wanted to force

TeMPOraL
0 replies
16m

Yeah, that's not a component expiry date. This reads more like "fire a warning shot in November, and then fuck the operator over during Christmas". It feels like trying to maximize damage, as 21-31 December is exactly where a huge chunk of population travels to visit their family homes, and many of them do so via trains.

bombcar
1 replies
49m

The real crime is not using a standard date time library and a simple > 2021-11-21

p_l
0 replies
3m

Can be often problematic on PLCs and the programming environment exposed to programmer.

InsomniacL
4 replies
1h3m

"The manufacturer argued that this was because of malpractice by these workshops"

Is this intended to say:

    - The manufacturer says the locks are caused by malpractice of the 3rd party workshops
or

    - The manufacturer says they lock the trains because of past malpractice of the 3rd party workshops
The poster also states

"One version of the controller actually contained GPS coordinates to contain the behaviour to third party workshops."

This seems oddly specific, there are better ways to determine if the train has been serviced by the manufacturer or not, such as using PKI.

I can imagine a scenario where this isn't for greed of servicing fees, perhaps the brakes need replacing every x miles and if this isn't performed the train locks for safety. If the 3rd party workshops specified thought

    "there's more life left in these pads, I'll just reset the counter and make the train think the pads are new" 
The manufacturer would have significant backlash should the train then crash and kill people, regardless if the 3rd party workshop was at fault.

I'm all for right to repair for most things, however commercial public transport isn't one of them unless there's some vetting/accreditation process.

p_l
0 replies
55m

The workshops were already accredited and vetted, and followed official documentation that was supposed to cover the maintenance.

And the intended meaning of the sentence was that NEWAG implied that the workshops "did something wrong" and that's why the train didn't run.

celticninja
0 replies
1h1m

I disagree. The owner should be able to get them repaired without needing the manufacturer to approve.

Zak
0 replies
59m

It's certainly reasonable for governments to require some sort of licensing or accreditation to work on safety-critical public infrastructure. It is not reasonable for another service provider to have the final say over that, especially through the use of undisclosed software locks.

SahAssar
0 replies
56m

Any of those reasons should then have been documented in public, which the poster said it was not.

wafflemaker
2 replies
51m

How can somebody even attempt to find faults like these without being a magician? Are people reading tons of assembly code in the process?

shadowgovt
0 replies
47m

On an open source architecture, many eyes hypothetically leave few places for malicious action to hide. This is not always 100% foolproof, but it seems to work out pretty well most of the time.

On a closed source architecture, this sort of thing is generally safeguarded by contract and law. Company can get away with it once, but if the law and contracts were properly crafted there will be fines and jail time that discourages them from doing it again.

bombcar
0 replies
38m

Reading decompiled (reverse-engineered) code is not as insanely hard as it sounds. You can usually find functions, and then it's a matter of finding _what_ a function does.

If you can somehow attach a debugger or get breakpoints, it's even easier.

TomaszZielinski
2 replies
51m

The world is such a small place--I open HN and read a movie-grade story about trains that I took many times. In fact, it's even possible I was going by one of those grounded trains..

In any case, either there was no code review, or the reviewers accepted that for one reason or another. Not sure which case is more scary..

jrochkind1
1 replies
34m

Code review by a _third party_? Does that usually happen?

It's clear this was intended by the manufacturer of the trains, who directed the writing of the code, it's not like a hacker put this in without their manager knowing, right?

What kind of code review are you thinking of by whom?

[Wait, reading other comments, I'm thinking HN switched the article at the top, and some of these comments were written when the article at the top had much less information? That may explain why these comments are so confusing!]

TomaszZielinski
0 replies
11m

I have no idea how software for trains is (or should be) created.

So I meant a regular code review you would do for anything else.

I can see two scenarios at play:

1. either it's "free for all" and someone (anyone?) can put arbitrary shady stuff in the code

2. or there's a process for adding shady stuff to the codebase (some "stakeholder" creates a ticket, someone creates a PR, and the it's reviewed, etc.)

faeriechangling
1 replies
13m

So these repair workshops literally ransomed Poland by crippling critical infrastructure?

This is an incredibly brazen crime and I’m not so confident they will get away with it.

p_l
0 replies
0m

Manufacturer, not repair workshops - the repair workshops just won the bid and vendor decided to retaliate.

tester756
0 replies
32m

Holy shit those aren't some random ass hackers

They are members of top CTF team of last decade - Dragon Sector

Also, the story is wild as fuck!

brohee
0 replies
11m

Newag stock price falling quite a bit after the post, is that the first Mastodon induced price correction?

https://g.co/kgs/WVku4C