site banner

The latest in industrial sabotage: geofenced passenger trains that fail when repaired in competitors' yards

badcyber.com

Some were also rigged to fail after a certain date or beyond a certain mileage.

20
Jump in the discussion.

No email address required.

The hackers have now presented at CCC.

With what is presented here, the fact that in some cases it was sneakier false failures of the secondary compressor component, the hidden nature of the faults, and the specific geofencing around opponents yards, I'd disagree with /u/Ioper and say there isn't much of a chance of it not being malicious. Trains are a strategic industry and I expect europe in general to come down like a pile of bricks.

This is the sort of stuff which grinds my gears. Newag should be sued until they collapse and the company has to be sold off completely to someone else, who will hopefully be less shitty.

I would be satisfied with responsible people being hit by large fines and maybe spending some time in prison (though not expecting this).

Yeah, to align incentives you do have to make the money come out of the people who made the criminal decisions.

Ideally also from companies who employed them (one can dream).

Prison time would also work, I guess, but overall in such case "you are losing 50% of your wealth, guess you are selling your flat and going back to renting" seems a good penalty to me.

(not that such outcome is likely)

The amount of losses incurred by this would be large enough that 50% might not actually even cover it. And going full-damages isn't unwarranted as a punitive measure either; this was nearly not caught, so any punitive measure has to massively exceed ill-gotten gains in order for it to be rendered clearly-negative-EV for the fraudster.

Sadly, courts in Poland love to give sentences like "you have stolen 2 million? 2 months of prison, without requiring to give defrauded money back".

I would take spending 2 months in Polish prison for 2 million.

The repair stuff could make sense if they are liable for something like catastrophic failures, you really wouldn't want a someone else cheaping our on a repair in that case.

Then they either genuinely forget about this when the maintainance contract goes to someone else or they "forget" about it.

The shutdown after X hours could also make sense as a security measure. IE. It should be impossible to drive the train for that long without mandatory maintenance.

As far as I understand it this is fairly common practice with heavy machinery these days and it isn't secret.

These kinds of things could explain why polish authorities have been so anemic in their response.

It could very well be that all this is nefarious and illegal but it could also be at least partially a mistake or ineptitude on the part of Newag. One shouldn't underestimate the extreme incompetence in IT of the management team in these kinds of companies. There was a major it security scandal in 2019 in Sweden where ~200k recorded calls to the state Health advicory service had been publicly available and the CEO of the company providing the product clearly had no idea how computers worked, never mind his own product. He made some famous statements claiming that someone had connected an "internet cable to the harddrive" (not possible, and it's not called an internet cable), he also said you needed a special "command movement to slip in the back door" (I can not emphasize enough how ridiculous this sounds in Swedish), which you of course didn't.

Some coder at some point might have done this due to some vague instructions from techicnally incompetent managers, it got documented poorly or the management forgot this even existed even if documentation did.

special "command movement to slip in the back door"

Me to my patients when it's time to do a PR

The repair stuff could make sense if they are liable for something like catastrophic failures

this contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation

they lied, sabotaged train and tried to sabotage companies competing for servicing overhaul tender

they were caught by hackers hired by one such sabotaged company (with first hard proof delivered 43 minutes before servicing contract would be broken by train company)

Newag continues to lie and try to blame others.

but it could also be at least partially a mistake or ineptitude on the part of Newag

Yes, and there are indicators of this. But none of them reduce that all this is nefarious and hopefully illegal.

Trains were programmed to falsely report being broken down after specific date, or after specific number of mileage or after being repaired at repair yards run by competition.

This was not documented, Newag lied about it when asked and continues to lie.

Newag was nefariously sabotaging competition.

I realise all that. I'm saying that the reasoning for why this exists might not be nefarious or even intended to sabotage competition.

Newag continues to lie and try to blame others.

That might be possible but it's not stated anywhere in the article. The only mention of communication with Newag is when they stated that the breakdowns was due to a "safety system" which could very well be correct.

The issue isn't that they lied, it's that they failed to communicate what this security system was or how to disable it. This is just glossed over but seems very important.

It could be due to incompetence or malice, or some combination. I'm saying that the existence of these kinds of systems doesn't necessarily imply intentional industrial sabotage. Regardless, they clearly failed to live up to their contractual obligations.

What I'd be interested in is a more detailed explanation of these systems, and the systems in other trains they aren't servicing themselves. Is this a generalised system or tailor-made for each train/competitor? The article isn't clear on this but it seems like a fairly important detail. If it's the latter then intentional industrial sabotage seems like a given, if it's the former it is plausible that it could be due to incompetence and/or poor routines.

I'd also like to know more about what Newag has said and what happened in the communication between the two companies.

The lack of this information and the limited response from Polish authorities makes me suspicious.

Is this a generalised system or tailor-made for each train/competitor?

Newag claims that this system does not exist, and if exist it was added by competition and it is not their fault.

Obviously, competition sabotaging repair service done not be Newag seems quite unlikely. Not sure why they went with this idea.

That might be possible but it's not stated anywhere in the article.

it was in some later articles, including some Polish ones and their PR releases

https://www.newag.pl/wp-content/uploads/2023/12/Oswiadczenie-NEWAG-06.12.2023.pdf

They are claiming they never introduced software that simulated failures and if it existed it was added by competition.

They demand withdrawal from service trains that were analysed, threaten legal action against SPS and people who analysed software.

they failed to communicate what this security system was

it was a not a security system

Thanks for the added context. If what you say is true then it sounds like a pretty open and shut case.

https://youtube.com/watch?v=XrlrbfGZo2k CCC publication is making situation quite clear, even if they do not take final step (because it is not fully 100% provable and they will likely end as witnesses in court cases, and what is clearly provable is damming anyway)

spicier bits include Newag making software changes to specific trains, two/three days before being send to be repaired at workshop of their competition ( https://youtube.com/watch?v=XrlrbfGZo2k&t=2369 ), not mentioning software updates in paperwork, train predicted to break down at specific date (due to bug in sabotage code) and then doing this...

overall great presentation, though quite technical (presented at hacking conference)

Very interesting. Thank you!

There's no plausible explanation for having data on the locations of repair shops.

Where else do you imagine illicit repairs would be done?

"illicit" repairs at normal repair businesses? Might as well shut down the train if it's at the newag yard, could be some illicit activity going on there too.

This contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation.

Repairs done at repair yards of competition were NOT illicit, Newag lost bid for overhaul.

The repair stuff could make sense if they are liable for something like catastrophic failures, you really wouldn't want a someone else cheaping our on a repair in that case.

This can be rectified by entering a clause in the contract that if the train ever gets repaired by someone else they then become liable for all future failures etc., it's not even a big issue as the tender for repairs can include a term that the repairer takes upon themselves liability if any of the parts they repair later malfunctions and they bidders can price in the cost of this liability into their bids.

That assumes the repair is logged or discovered. Perhaps shoddy black market repairs is or has been an issue in Poland?

Obviously this doesn't apply when there the maintainance contract gets transferred like here.

I want to understand more about what you're working with/where you're coming from.

See my message to you.

shoddy black market repairs

As someone born in Poland with dual citizenship and spends 3 months of the year there on average, Poles execute the finest black market repairs in the world. There is a very high level of technical education left over from the communist era with a healthy disrespect for authority, also left over from the communist era. If I was going to have anything illegally repaired, I'd do it in Poland. (until recently Ukraine would have been #2, now I think its Czechia, maybe Slovenia)

The communist era ended 34 years in the past, mind you.

In six years, eastern Europeans will have lived without communism for as long as they've lived with it.

This contract was intentionally constructed to decouple servicing overhaul and train construction, with manufacturer obligated to provide full servicing documentation.

Repairs done at repair yards of competition were NOT illicit, Newag lost bid for overhaul.

Yes?