With what is presented here, the fact that in some cases it was sneakier false failures of the secondary compressor component, the hidden nature of the faults, and the specific geofencing around opponents yards, I'd disagree with /u/Ioper and say there isn't much of a chance of it not being malicious. Trains are a strategic industry and I expect europe in general to come down like a pile of bricks.
BurdensomeCount
Apparently "BIPOC" is a racial slur now.
11mo ago
This is the sort of stuff which grinds my gears. Newag should be sued until they collapse and the company has to be sold off completely to someone else, who will hopefully be less shitty.
Ideally also from companies who employed them (one can dream).
Prison time would also work, I guess, but overall in such case "you are losing 50% of your wealth, guess you are selling your flat and going back to renting" seems a good penalty to me.
magic9mushroom
If you're going to downvote me, and nobody's already voiced your objection, please reply and tell me
do_something 11mo ago
The amount of losses incurred by this would be large enough that 50% might not actually even cover it. And going full-damages isn't unwarranted as a punitive measure either; this was nearly not caught, so any punitive measure has to massively exceed ill-gotten gains in order for it to be rendered clearly-negative-EV for the fraudster.
The repair stuff could make sense if they are liable for something like catastrophic failures, you really wouldn't want a someone else cheaping our on a repair in that case.
Then they either genuinely forget about this when the maintainance contract goes to someone else or they "forget" about it.
The shutdown after X hours could also make sense as a security measure. IE. It should be impossible to drive the train for that long without mandatory maintenance.
As far as I understand it this is fairly common practice with heavy machinery these days and it isn't secret.
These kinds of things could explain why polish authorities have been so anemic in their response.
It could very well be that all this is nefarious and illegal but it could also be at least partially a mistake or ineptitude on the part of Newag. One shouldn't underestimate the extreme incompetence in IT of the management team in these kinds of companies. There was a major it security scandal in 2019 in Sweden where ~200k recorded calls to the state Health advicory service had been publicly available and the CEO of the company providing the product clearly had no idea how computers worked, never mind his own product. He made some famous statements claiming that someone had connected an "internet cable to the harddrive" (not possible, and it's not called an internet cable), he also said you needed a special "command movement to slip in the back door" (I can not emphasize enough how ridiculous this sounds in Swedish), which you of course didn't.
Some coder at some point might have done this due to some vague instructions from techicnally incompetent managers, it got documented poorly or the management forgot this even existed even if documentation did.
The repair stuff could make sense if they are liable for something like catastrophic failures
this contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation
they lied, sabotaged train and tried to sabotage companies competing for servicing overhaul tender
they were caught by hackers hired by one such sabotaged company (with first hard proof delivered 43 minutes before servicing contract would be broken by train company)
Newag continues to lie and try to blame others.
but it could also be at least partially a mistake or ineptitude on the part of Newag
Yes, and there are indicators of this. But none of them reduce that all this is nefarious and hopefully illegal.
Trains were programmed to falsely report being broken down after specific date, or after specific number of mileage or after being repaired at repair yards run by competition.
This was not documented, Newag lied about it when asked and continues to lie.
I realise all that. I'm saying that the reasoning for why this exists might not be nefarious or even intended to sabotage competition.
Newag continues to lie and try to blame others.
That might be possible but it's not stated anywhere in the article. The only mention of communication with Newag is when they stated that the breakdowns was due to a "safety system" which could very well be correct.
The issue isn't that they lied, it's that they failed to communicate what this security system was or how to disable it. This is just glossed over but seems very important.
It could be due to incompetence or malice, or some combination. I'm saying that the existence of these kinds of systems doesn't necessarily imply intentional industrial sabotage. Regardless, they clearly failed to live up to their contractual obligations.
What I'd be interested in is a more detailed explanation of these systems, and the systems in other trains they aren't servicing themselves. Is this a generalised system or tailor-made for each train/competitor? The article isn't clear on this but it seems like a fairly important detail. If it's the latter then intentional industrial sabotage seems like a given, if it's the former it is plausible that it could be due to incompetence and/or poor routines.
I'd also like to know more about what Newag has said and what happened in the communication between the two companies.
The lack of this information and the limited response from Polish authorities makes me suspicious.
https://youtube.com/watch?v=XrlrbfGZo2k CCC publication is making situation quite clear, even if they do not take final step (because it is not fully 100% provable and they will likely end as witnesses in court cases, and what is clearly provable is damming anyway)
spicier bits include Newag making software changes to specific trains, two/three days before being send to be repaired at workshop of their competition ( https://youtube.com/watch?v=XrlrbfGZo2k&t=2369 ), not mentioning software updates in paperwork, train predicted to break down at specific date (due to bug in sabotage code) and then doing this...
overall great presentation, though quite technical (presented at hacking conference)
sarker
It isn't happening, and if it is, it's a bad thing
Ioper 11mo ago
"illicit" repairs at normal repair businesses? Might as well shut down the train if it's at the newag yard, could be some illicit activity going on there too.
This contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation.
Repairs done at repair yards of competition were NOT illicit, Newag lost bid for overhaul.
The repair stuff could make sense if they are liable for something like catastrophic failures, you really wouldn't want a someone else cheaping our on a repair in that case.
This can be rectified by entering a clause in the contract that if the train ever gets repaired by someone else they then become liable for all future failures etc., it's not even a big issue as the tender for repairs can include a term that the repairer takes upon themselves liability if any of the parts they repair later malfunctions and they bidders can price in the cost of this liability into their bids.
As someone born in Poland with dual citizenship and spends 3 months of the year there on average, Poles execute the finest black market repairs in the world. There is a very high level of technical education left over from the communist era with a healthy disrespect for authority, also left over from the communist era. If I was going to have anything illegally repaired, I'd do it in Poland. (until recently Ukraine would have been #2, now I think its Czechia, maybe Slovenia)
This contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation.
Repairs done at repair yards of competition were NOT illicit, Newag lost bid for overhaul.
This website is a place for people who want to move past shady thinking and test their ideas in a
court of people who don't all share the same biases. Our goal is to
optimize for light, not heat; this is a group effort, and all commentators are asked to do their part.
The weekly Culture War threads host the most
controversial topics and are the most visible aspect of The Motte. However, many other topics are
appropriate here. We encourage people to post anything related to science, politics, or philosophy;
if in doubt, post!
Check out The Vault for an archive of old quality posts.
You are encouraged to crosspost these elsewhere.
Why are you called The Motte?
A motte is a stone keep on a raised earthwork common in early medieval fortifications. More pertinently,
it's an element in a rhetorical move called a "Motte-and-Bailey",
originally identified by
philosopher Nicholas Shackel. It describes the tendency in discourse for people to move from a controversial
but high value claim to a defensible but less exciting one upon any resistance to the former. He likens
this to the medieval fortification, where a desirable land (the bailey) is abandoned when in danger for
the more easily defended motte. In Shackel's words, "The Motte represents the defensible but undesired
propositions to which one retreats when hard pressed."
On The Motte, always attempt to remain inside your defensible territory, even if you are not being pressed.
New post guidelines
If you're posting something that isn't related to the culture war, we encourage you to post a thread for it.
A submission statement is highly appreciated, but isn't necessary for text posts or links to largely-text posts
such as blogs or news articles; if we're unsure of the value of your post, we might remove it until you add a
submission statement. A submission statement is required for non-text sources (videos, podcasts, images).
Culture war posts go in the culture war thread; all links must either include a submission statement or
significant commentary. Bare links without those will be removed.
Jump in the discussion.
No email address required.
Notes -
The hackers have now presented at CCC.
With what is presented here, the fact that in some cases it was sneakier false failures of the secondary compressor component, the hidden nature of the faults, and the specific geofencing around opponents yards, I'd disagree with /u/Ioper and say there isn't much of a chance of it not being malicious. Trains are a strategic industry and I expect europe in general to come down like a pile of bricks.
More options
Context Copy link
This is the sort of stuff which grinds my gears. Newag should be sued until they collapse and the company has to be sold off completely to someone else, who will hopefully be less shitty.
I would be satisfied with responsible people being hit by large fines and maybe spending some time in prison (though not expecting this).
Yeah, to align incentives you do have to make the money come out of the people who made the criminal decisions.
Ideally also from companies who employed them (one can dream).
Prison time would also work, I guess, but overall in such case "you are losing 50% of your wealth, guess you are selling your flat and going back to renting" seems a good penalty to me.
(not that such outcome is likely)
The amount of losses incurred by this would be large enough that 50% might not actually even cover it. And going full-damages isn't unwarranted as a punitive measure either; this was nearly not caught, so any punitive measure has to massively exceed ill-gotten gains in order for it to be rendered clearly-negative-EV for the fraudster.
Sadly, courts in Poland love to give sentences like "you have stolen 2 million? 2 months of prison, without requiring to give defrauded money back".
I would take spending 2 months in Polish prison for 2 million.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
The repair stuff could make sense if they are liable for something like catastrophic failures, you really wouldn't want a someone else cheaping our on a repair in that case.
Then they either genuinely forget about this when the maintainance contract goes to someone else or they "forget" about it.
The shutdown after X hours could also make sense as a security measure. IE. It should be impossible to drive the train for that long without mandatory maintenance.
As far as I understand it this is fairly common practice with heavy machinery these days and it isn't secret.
These kinds of things could explain why polish authorities have been so anemic in their response.
It could very well be that all this is nefarious and illegal but it could also be at least partially a mistake or ineptitude on the part of Newag. One shouldn't underestimate the extreme incompetence in IT of the management team in these kinds of companies. There was a major it security scandal in 2019 in Sweden where ~200k recorded calls to the state Health advicory service had been publicly available and the CEO of the company providing the product clearly had no idea how computers worked, never mind his own product. He made some famous statements claiming that someone had connected an "internet cable to the harddrive" (not possible, and it's not called an internet cable), he also said you needed a special "command movement to slip in the back door" (I can not emphasize enough how ridiculous this sounds in Swedish), which you of course didn't.
Some coder at some point might have done this due to some vague instructions from techicnally incompetent managers, it got documented poorly or the management forgot this even existed even if documentation did.
Me to my patients when it's time to do a PR
More options
Context Copy link
this contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation
they lied, sabotaged train and tried to sabotage companies competing for servicing overhaul tender
they were caught by hackers hired by one such sabotaged company (with first hard proof delivered 43 minutes before servicing contract would be broken by train company)
Newag continues to lie and try to blame others.
Yes, and there are indicators of this. But none of them reduce that all this is nefarious and hopefully illegal.
Trains were programmed to falsely report being broken down after specific date, or after specific number of mileage or after being repaired at repair yards run by competition.
This was not documented, Newag lied about it when asked and continues to lie.
Newag was nefariously sabotaging competition.
I realise all that. I'm saying that the reasoning for why this exists might not be nefarious or even intended to sabotage competition.
That might be possible but it's not stated anywhere in the article. The only mention of communication with Newag is when they stated that the breakdowns was due to a "safety system" which could very well be correct.
The issue isn't that they lied, it's that they failed to communicate what this security system was or how to disable it. This is just glossed over but seems very important.
It could be due to incompetence or malice, or some combination. I'm saying that the existence of these kinds of systems doesn't necessarily imply intentional industrial sabotage. Regardless, they clearly failed to live up to their contractual obligations.
What I'd be interested in is a more detailed explanation of these systems, and the systems in other trains they aren't servicing themselves. Is this a generalised system or tailor-made for each train/competitor? The article isn't clear on this but it seems like a fairly important detail. If it's the latter then intentional industrial sabotage seems like a given, if it's the former it is plausible that it could be due to incompetence and/or poor routines.
I'd also like to know more about what Newag has said and what happened in the communication between the two companies.
The lack of this information and the limited response from Polish authorities makes me suspicious.
Newag claims that this system does not exist, and if exist it was added by competition and it is not their fault.
Obviously, competition sabotaging repair service done not be Newag seems quite unlikely. Not sure why they went with this idea.
it was in some later articles, including some Polish ones and their PR releases
https://www.newag.pl/wp-content/uploads/2023/12/Oswiadczenie-NEWAG-06.12.2023.pdf
They are claiming they never introduced software that simulated failures and if it existed it was added by competition.
They demand withdrawal from service trains that were analysed, threaten legal action against SPS and people who analysed software.
it was a not a security system
Thanks for the added context. If what you say is true then it sounds like a pretty open and shut case.
https://youtube.com/watch?v=XrlrbfGZo2k CCC publication is making situation quite clear, even if they do not take final step (because it is not fully 100% provable and they will likely end as witnesses in court cases, and what is clearly provable is damming anyway)
spicier bits include Newag making software changes to specific trains, two/three days before being send to be repaired at workshop of their competition ( https://youtube.com/watch?v=XrlrbfGZo2k&t=2369 ), not mentioning software updates in paperwork, train predicted to break down at specific date (due to bug in sabotage code) and then doing this...
overall great presentation, though quite technical (presented at hacking conference)
Very interesting. Thank you!
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
There's no plausible explanation for having data on the locations of repair shops.
Where else do you imagine illicit repairs would be done?
"illicit" repairs at normal repair businesses? Might as well shut down the train if it's at the newag yard, could be some illicit activity going on there too.
More options
Context Copy link
This contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation.
Repairs done at repair yards of competition were NOT illicit, Newag lost bid for overhaul.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
This can be rectified by entering a clause in the contract that if the train ever gets repaired by someone else they then become liable for all future failures etc., it's not even a big issue as the tender for repairs can include a term that the repairer takes upon themselves liability if any of the parts they repair later malfunctions and they bidders can price in the cost of this liability into their bids.
That assumes the repair is logged or discovered. Perhaps shoddy black market repairs is or has been an issue in Poland?
Obviously this doesn't apply when there the maintainance contract gets transferred like here.
I want to understand more about what you're working with/where you're coming from.
See my message to you.
More options
Context Copy link
More options
Context Copy link
As someone born in Poland with dual citizenship and spends 3 months of the year there on average, Poles execute the finest black market repairs in the world. There is a very high level of technical education left over from the communist era with a healthy disrespect for authority, also left over from the communist era. If I was going to have anything illegally repaired, I'd do it in Poland. (until recently Ukraine would have been #2, now I think its Czechia, maybe Slovenia)
The communist era ended 34 years in the past, mind you.
In six years, eastern Europeans will have lived without communism for as long as they've lived with it.
More options
Context Copy link
More options
Context Copy link
This contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation.
Repairs done at repair yards of competition were NOT illicit, Newag lost bid for overhaul.
Yes?
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link