I can't believe they just googled 'best polish hackers' and found someone who could do it

"so they didn't have any idea what to do. So they Googled Polish hackers and found us" is one of the best parts of the talk lol

​@@aspuzling Ikr? Reality is better than memes sometimes

@@iaial0 In such cases, the reality usually _becomes_ a meme, as I suspect this will

​@@iaial0 the very neat thing about reality is that unlike fiction , it doesn't has to make sense to sound plausible , since is reality lol

Days* as it happens twice a year:D

@@_xano And for 10 days in November and then 11 days in December, so 21 days in a year in total. Notice that the condition was "equal or greater than".

Sadly "international" is apt here, since newag does have international buyers (angry face), although probably not for long.

57:15 for the skippers. Don't skip though.

​@@Piotrek7654321 What were the dates again?

Yet another instance of indies outperforming the AAA's😁

I'm personally okay with the fact that Netflix doesn't make shows about the IEC 61131-3 standard. That being said, I also haven't watched anything on Netflix at all in the past year.

I would have asked them which Hollywood star they want for each of their roles in the inevitable TV drama!

If you liked this, the post office stuff on ITV is pretty gripping.

good goy, remeber to resubscribe

On top of that, what happens if the company goes out of business? Sure, someone else will buy the assets of the company, but while the new owners are getting caught up on the code do all of the trains everywhere in the world stop working in the meantime?

Quite simply, the company should be forced to dissolve and close and anyone that had anything to do with this should be jailed. This is the only way to deter companies from doing this malpractice.

@@JohnDoe-bd5sz Silly, knee-jerk reaction. It's not the company who is at fault but a few people, some of them at the top. If you were to dissolve the company, what would happen to hundreds, if not thousands, of innocent workers? This kind of knee-jerk bullshit, headline style reaction is just as bad. Grow up.

@@roo72 The problem is, this will just end up like the DieselGate scandal, the top people will claim this was just some rogue employee or employees that did this, and the top had no idea. In the end some engineer or a few of them and some mid level manager, will get fired and possibly jailed and the ones in the top, that did the actual ordering of these criminal practices will go free, and the company will just continue to do this. Next iteration will be even more nefarious and obfuscated / encrypted. The only way to stop these people is to dissolve the company or atleast force the company to get a complete new leadership, and subject to some form of government oversight, where they will be forced to pay the government to supply them with some check-engineers that will have to sign off on anything they do with the software in the future.

@roo72 Ok, maybe not _dissolve,_ but certainly something big to -force- convince every other mf against doing that.

This isn't really right to repair. Newag didn't sell the locomotives with a requirement for themselves to do the maintenance. This is straight up fraud.

​@@windwalker5765 but clearly if it's designed to only be repairable at a manufacturer's shop it's meant to give the impression that external maintenance isn't sufficient which would suppress external maintenance for no valid reason Restricting right to repair and being fraud aren't mutually exclusive

This is exactly what right to repair means, having access to ALL of the relevant documentation for the things you own. The lockout code was hidden from the owners of the trains and it screwed them over. @@windwalker5765

This is deliberately designed to disable functions of critical to infrastructure piece of equipment in such a way to make it appear a 3rd party repair service caused damage. This would fall under deceptive buisness practices and possibly under laws regarding interference with commerce and public transportation with malicious intent. In the US doing this would be prosecuted under several serious laws under the "patriot" act.

@@iotkualt i would argue that intentionally restricting right to repair is always fraud, but sadly thats not law as it stands now in most countries... but yeah newag clearly went above and beyond when it comes to that kind of sabotage somehow i get the feeling that if you want to screw over customers by restricting their ability to repair their purchases... maybe dont do it to the governments of countries... they kinda have just a little bit more power and leverage to fight back

That was just my thought. This is not just stupid, this is criminal.

Last time a scandal like this occurred was the Volkswagen emissions scandal and -excluding the fines- the first person penalized was one of the engineers. None of the managers were penalized. Though I 100% agree that whoever responsible for the decisions should be held accountable but I am a bit pessimistic on this too. I sincerely hope the Polish and EU institutions prove me wrong this time.

Newag's owner is very close to PiS. He has protection. That's why they said "this is going to get political"

No, someone needs to go to jail.

Newag responded by filing suit against the team that uncovered this shit. Imagine my shock. This will end with prison time for Newag highier ups. If this was done to some machine for private entity - i wouldn't hold my breath, but that was actually equipment for goverment co-owned entity. Those people are fucked and they know it.

But it was "a third party contractor", like all bad things any company does.

"doing updates without re-certification" reminds me Beoing 737Max fiasco... updating planes' software without pilot retraining

@@drivingpsyche Max was different scenario but also cheating because money first...

"These updates done by Newag days before the maintenance sound like a clear case of computer sabotage." - I think that they don't have any strong evidence for that (without somebody from Newag actually snitching on their managers, which would be nice), that's why they didn't mention this explicitly in the presentation either. They would've had to do firmware dumps before the Newag guys came, but they probably didn't.

@@CoolKoonThey said in the video that they have a lot of differnt version of the code and they also said that they extracted the logs from the PLC which are showing the history of updates to the firmware.

They are just doing A/B testing.

At that point it's more like alphabet testing

Just adding onto this thought. If one of these trains already reached End of Life (or ran enough to need a full overhaul) then i would guess that the software is far beyond testing fase. I can understand if delivery schedule was a bit too quick for full testing of all functionalities that during delivery of the first trains the software was stil incomplete. But so far into the life of these trains and with normal maintenance. These trains all need to be running the same software. Or maybe the last two versions or something. These are all the same series of trains. Should be the same hardware.

I think I know what happened here. I am not familiar with this flavor of PLC (I do Allen-Bradley), but I imagine all of the PLCs are programmed from the IDE instead of a binary file. As such, it would be recompiled every time they download the code to the PLC, and any small change would be reflected in the binary files. Such small changes could include serial numbers (hard-coded as they basically change a constant in the code) or adding the new kill checks. If the PLC holds a copy of the source code even changes in comments would stand out in a diff. I am sure they would have checked for a local copy of the source code first (stored as a database file) even though they haven't mentioned it. That said, the method they used to pull the machine code might not have been able to pull the database file.

Oh, that is just PLC-Programming and mechanical engineering. Everything is just "unique" - but those professional PLC-Programers hold it together, with ducttape and string..

Only to discover at the end of the maintenance contract that you bought crappy code, and even OK'd it. Because well ... why even pay some nerd to do unimportant checks before you sign the deal of the century?

«Nonfree software is an injustice and should not exist.» ~ Richard Stallman

And you won't get a single bid. The only people that get source code are the DOD and you know what they pay for it.

@@otm646No, you'll get one bid by the one company that noticed they can charge 10 times the equipment's worth if they are the only bidder. And the next time everyone's in again because they want that nice 91% profit margin, too. And it will work even better when all train operators insist on getting the code. Because any company not bidding will also not sell any trains.

The railway operators are more like defense apparatus than individual car buyers. They already pay a lot, they don't have much of audience competition, they are considered strategic state assets, and they have comparatively easy access to legislature

I hope they got payed well for this.

Even the bicycle riding communist is for more competitiveness 😤

Nice to see you here. It's pretty crazy that you can own the train but not what makes it tick. Even if there was nothing nefarious going on, what if the company went out of business? All that code could potentially be gone forever and there would be no way to fix any bugs that crop up in the future. Source code and toolchains should be provided so that the providers can build from source and directly upload firmware. IP rights shouldn't be able to dictate whether a train can turn on or not.

That was my thought as well, considering the behaviour of large firms of other commercial vehicles (John Deere). More concerning to me is the mystery undocumented internet-connected box.

publicly available infrastructure, publicly available code

I can confirm that Both Germany and France's leading train manufacture's are also doing this...

Has been for 10+ years. In companies people responsible for procurement/ guarantee/ repair aren't paying from their own pocket and often got 0 consequences if the company suffers long-term losses because of their dumb decisions. And higher-ups have no clue what they are looking at (or don't care). "emergency repair: replacement of dingle-bob 32.3STFU v2 - 15.000$"

Welcome to new reality :)

It's everywhere. John Deere is famous for this kind of crap. I work for a YT channel that has fun servicing various electronic devices. A while ago we had a circular saw from Milwaukee that wouldn't start. After some digging it turned out the microprocessor that controls the motor was busted. Out of curiosity we checked if replacing the CPU would help, but what we learned is that the firmware on the CPU is custom and locked. We would have to unlock the CPU to read the custom ROM, but the only way to do this is to type in a 16-character password, and if you type in the wrong password ONCE, the entire chip is instantly wiped clean. How insane is that? A freaking saw that if you try and read the ROM on a chip in order to fix it, it has a self-destruct function! Like, I sort of get it, you have to protect trade secrets, but come on, is this some kind of James Bond reference I'm not getting? XD

It was always way worse in business devices, the difference is some businesses were quite open about it.

@@B3RyL On the other hand, this proved to be very handy when Russians stole dozens of Ukraine John Deere tractors and the factory disabled them remotely. It has pros and cons, so I'd say as long as the company is transparent about it ("We can disable stuff, we won't tell you how exactly because trade secret, but we can do it, turn to us with repairs of PC stuff"), then it's okay to me. But the train example here is basically intentionally sabotaging competing repair shops, which sounds insane.

The presentation also wraps up at 43 minutes. Maybe the answer isn't 42 after all.

If they make a movie out of it, the hacking is going to be all over the place

So like the Christmas movie Vabank, but with the events on 21 of December

BTW i'm not familiar with selectron plc, but siemens, omron, moeller, rexroth both allows you to upload a plc program from the plc (yeah, the logic is different there, downloading means you transfer program from pc to plc, uploading means the opposite. Upload and download isn't about the way the files goes, but the network hierarchy it goes trough. In hierarchy the internet is above your machine, and you load up to it if you send data, load down when you receive; but machines like a mouse or a PLC is below your computer, so sending data is download). Its just strange...

im rating for the movie about this story... :D

And John Deere. They do this with their farm equipment.

Its worse then that their stocks owned in part by the same finacal firms and they do it to boost stock prices.

"Over 40% of the revenue of the icecream manufacturer comes from "servicing" for Mc Donald's and there are secret codes to unlock the machines." - That's "laissez-faire" America for you right there: cheats, frauds and crooks having a blast. In literally EVERY country in Europe they'd be investigated and (most importantly) prosecuted for fraud.

@@LasOrveloz "They do this with their farm equipment." - No, IIRC their method is much more sophisticated: they use components pairing and thus their machines "only" break if you attempt to swap those parts out yourself. This was much more sinister because those Polish trains literally broke for no apparent reason (i.e. a real fault).

@@LasOrveloz”you’ll own nothing and you’ll be happy. “

That may just end the entire consumer electronics/utilities market in the EU - all for it :D

SU and take my money then lol

Printers...

I doubt firmware will prevent the thing from self destructing - these days they break due to lack of structural integrity and the cheapest way possible of designing/building those things.

1. The trains are not being used by a single city, they're being used by various operators all over Poland, mostly owned by regional authorities (voivodships, kind-of equivalent to US states or German lands). Some have also been exported to Italy and they are also supplying trains for Bulgarian metro, but given that Newag doesn't do maintenance there they don't really have an incentive to cheat, so this scheme is limited to Poland (probably...hopefully) 2. They are being investigated by the prosecution for fraud and industrial sabotage.

I don't think the programmers should necessarily go to jail, maybe a hefty fine if they were paid off/bribed, but it's almost certain that they were given an ultimatum of some kind by their boss. Decisions like this are absolutely made by upper management, not the programmers.

​@@OutbackCatgirli don't think "just following orders" legally cuts it as justification for stuff this bad (nor should it)

@@OutbackCatgirl "I don't think the programmers should necessarily go to jail" - The programmers would've had the right to refuse doing work that's clearly illegal, so they probably won't escape a sentence either (although their sentence will probably be lighter). The main person to be prosecuted is the manager (company owner?) who was the mastermind behind this..

@@pietiebrein The law normally recognises that employees are subject to coercion because most people aren't financially secure enough to just quit their job. If your boss tells you to go break somebody's kneecaps, "I was just following orders" isn't going to be a defence, because breaking kneecaps is inherently illegal. But if your boss tells you to write some code to do xyz, you're generally not held personally liable, because writing code isn't illegal _per se._

:)

"Finding the geo fencing areas feels a bit like those Diesel exhaust controller speed-distance regions" - Yeah, but this is even worse, because it's a clear-cut anti-competitive behavior. There's no way they can explain this away in any way possible.

Newag's international deliveries outside Poland were limited, I recall only two contracts in Italy for just a few units. Newag has no maintenance business there, so no reason for cheating. The bigger contract in Bulgaria was for the manufacturing of Siemens' metro trains, and a French company just ordered Newag's locomotives last month.

@@Maciek888 Thank you for that! I'd expect anyone having dealing with them now or in the future will question their ethics for any consideration should they apply for new bids after this. Oh look, it's "those guys".

Actually it is worse than the diesel hack... that was meant to hide pollution, but this is forced service on otherwise functional units, and trains are aint cheap...

These "foreign" Newag train units could be a good evidence in the trail. I'm not sure, but I suppose that those Italian trains made by Newag will not have such malware. Because they were just sold without the maintaining packet after the warranty period. Operating area of those Italian trains is far away from Newag workshop in Poland. I don't know where actually those trains are serviced but I assume that somewhere in Italy and not by the Newag stuff. Because it is not worth transporting them thousands kilometers from Italy to Nowy Sącz only for service. The trick is that those Italian trains have also GPS and GSM devices and nobody knows if it is possible do implement malware remotely. The trick is also that these Italian operators which had owned Newag trains, refused further purchases from Newag although they had such option. They had a quarrel with Newag when some of those trains just stopped, needed servicing and Newag didn't give approval of fixing the units without its participation. The narrow gauge Newag trains in Sicily were out of service for 16 months. And Italians didn't agree for Newag "proposal". Sicilian Newag units have been finally serviced by Spaniards (CAF). And Sicilian train operator decided not to buy any further Newag trains.

Wikipedia lists a local operator in south eastern Italy (Ferrovie del Sud Est) running 5 Newag Impuls trains...

Money is a strong motivator. I think it's more the idea to ask hackers that needs a lot of credit rather than going through with it.

In the US, this would never be able to happen. It'd be questionable in most of Europe as well. Former Soviet block countries and Nordic countries tend to have a lot more "get shit done" attitudes.

Actually they migjt had some doubt that something fishy was going on. Giving up would have been accepting to give away some business to others without having a clue of the reason... Still the guy at WPS that signed to get hackers on board should get a hefty bonus 🎉

@@himaro101 Would that be not allowed by the law in US?

"White hacking" isn't something unheard of. Hiring a security company for an audit (they both try to hack you and analyze the code for possible security issues) is not unheard of. Tho usually companies pay to have themselves and their own products audited. Here it's different, but not as much, they hired the hackers to find a solution how to fix the train, because they couldn't do it themselves. Kinda just outsourcing. I was not chocked at all that they decided to hire someone to investigate the issues.

Googled and translated these articles of Penal Code: Art. 269 § 1. Whoever destroys, damages, deletes or changes IT data of particular importance for the country's defense, security in communications, the functioning of government administration, another state body or state institution or local government, or disrupts or prevents the automatic processing, collection or transmission of such data, is punishable by imprisonment from 6 months to 8 years. [...] Art. 286 § 1. Whoever, in order to obtain a financial advantage, causes another person to unfavorably dispose of his or her own or someone else's property by misleading him or her or by taking advantage of an error or inability to properly understand the action undertaken, shall be subject to the penalty of imprisonment from 6 months to 8 years.

for non polish people, what are those articles referencing ?

@@seedz5132 Art. 286. [Fraud] § 1. Whoever, with the aim of obtaining financial gain, leads another person to a disadvantageous disposition of their own or someone else's property by deceiving them or exploiting a mistake or inability to properly understand the undertaken action, is subject to imprisonment from 6 months to 8 years. § 2. The same penalty applies to anyone who demands financial gain in exchange for returning property unlawfully taken. § 3. In less serious cases, the perpetrator is subject to a fine, restriction of liberty, or imprisonment for up to 2 years. § 4. If the act described in §§ 1-3 is committed against a close relative, prosecution occurs upon the victim's request. Art. 269.[ Damage to Computer Data ] § 1. Whoever destroys, damages, deletes, or alters computer data of particular importance to national defense, communication security, government administration functioning, other state bodies or state institutions, or local government, or disrupts or prevents the automatic processing, collection, or transmission of such data, is subject to imprisonment from 6 months to 8 years. § 2. The same penalty applies to anyone who commits the act described in § 1, by destroying or exchanging a computer data carrier or destroying or damaging a device used for the automatic processing, collection, or transmission of computer data.

@@seedz5132 basically that you can't f*ck with the state and it's critical national infrastructure otherwise the state will f*ck you

@@seedz5132 destruction of computer data and fraud

It's called tricore so it's probably THREE 68000s in a trenchcoat

The Selectron CPU 83x Series processor is based on the industrial 68000 version, 84x is based on ARM processors. The PLC log of these machines can be pulled from the unit with a basically free tool. In that log is to see when the software was uploaded and what was the windows user name, the timestamp can be wrong because the rtc is running only limited time if power was lost and can also be altered with the same tool. But then again this change of the rtc time will show up in the plc log report.

@@jm3779 So it IS a 68k in a trenchcoat!

@@SuperSmashDolls Not surprising since the embedded version of the 68K is still in production and being in industrial settings.

the 68k is a cpu that's easy to program for at a low level so it makes sense for embedded use

Part of the problem is that nowadays, companies are often owned temporarily by private equity firms that are only interested in very short-term profits, sometimes even keep changing hands between several private equity firms. Of course even when that's not the case, there is still the problem of management getting bonuses based on short-term profits.

@@johaquila Yeah. That's the problem of the entire system we live in, sadly.

My Scout brother

I think one reason for that is, that most penalties are not painful enough so the financial risk is not large enough to prevent this behavior. Imagine making 100 million profit in 10 years and then having to pay 10 million penalty ... that's still 90 million profit.

@@infinitynoka2209 Brother... There isn't many of us left.

Until you are unhappy and hack it to pieces and tell them you are mad as hell and you are not gonna take it anymore 😂

I never imagined you could spend 1h away from -suffering- factorio!

Need more constant combinators and chain signals... Pozdro.

hey Trupen you rock! have a great day!

Every factorio player is a software engineer in the making

Siemens learned that lessen the hard way, too, IIRC.

@@TheAgamemnon911 What are you referring to with your recollection? :)

As far as I know, only the "ODK" PLCs from Siemens supports this . I think there is a new way with the Xcelerator or something like this but this is only in a limited testing field. But a normal 1200 or 1500 PLC can not be programmed with C or C++ in TIA Portal. The only possible languages are FBD, LADDER, AWL, ST (SCL), Graph and CEM (not all languages are supported by the 1200 series).

​@@oy12laStuxnet? lol

But why would anyone want to break the Linux Direct Rendering Manager?

History has proven across many centuries that privatizing any element or fully of a social service from trains to boats, to electric and water generally ends up in poor quality predatory services. The world over needs to outright ban privatized social structures which are necessary for life. We shouldn't be forced to drive cars, we shouldn't be lorded over in locked trains, or at the whims of greedy shareholders because they want to reach quarterly goals by skimping on maintenance.

They are not amateurs.

Newag is a huge company in Poland, their trains drive in almost every Polish city.

I'd rather think that this is because those exotic PLCs are way cheaper than Siemens ones. Most likely it's the same as with Asian companies manufacturing cheap electronics. Nowadays, they often choose microcontrollers from Holtek or Padauk instead of more common ones like AVR, PIC, ARM-Cortex-M0 and the like in order to cut costs. Servicability or even availability of debug and test equipment aren't really important because it's cheaper to replace a faulty PLC instead of repairing it in the field.

@@vbinsiderdefinately that was not the case. Different in price is not that significant unless you go for big screen resolution HMI panels. They probably have chosen manufacturer who is not programmed easily but consider parts availability or running out of business by the vendor.

Well, i do automation too, but in some cases you need a check - as is said in video - different firmwares in same device can behave differently. If i will be the one performing this behaviour, i would also lock the code - where is the point "locking" the serviceability of the device, to checks like this, when i provide unlocked code with the device and everybody with few hours in code can bypass the function?

Regarding hard coded serial number, it is highly possible that the component you were replacing was crucial to safety of the plant. Usually it is easy to replace the serial number but needs proper credentials for it (safety).

"It prevents that somebody from outside service could easily do reverse enginnering of the PLC software." - Heh, the fact that Ghidra already had support for this architecture means that this equipment isn't nearly as rare as Newag guys thought it would be.... "If they for example used an Siemens PLC`s and other peripherals" - I have a feeling that the PLC they've chosen was significantly cheaper than the Siemens stuff....

Lets hope the fines are a significant % of global turnover... The penalty needs to really really hurt if it's to be a discouragement..

and indeed, that's a possibility since newag is now under criminal investigation under two articles of the Polish penal code (art 269 sabotage if critical infrastructure, from 6 months to 8 years prison, and art 286 unfavourable handling of other party's property i.e. the client's), as mentioned in other comment.

do you have the writeup? I can't find it

That will just lead to international passenger combustion day

And that mystery box (Prob a RPi and serial interface bus) linking the PIS mobile 4G coms to the train data bus would be the exact vehicle to do it via...

Corny ass profile pic

mają prawo ale źle ze tak z tym biegają po konferencjach. mnostwo producentow stosuje takie praktyki, niemcy juz zapomnieli o aferze wolkswagena? uczepili sie akurat polskiej firmy. produkcja pociągow to jedna z nielicznych branz gdzie Polska robi cokolwiek pod wlasną marką. gdzie i tak patrzac np. na lokomotywy to raptem 1/3 nowych lokomotyw to polskie produkcje, a reszta to siemens i bombardier. newag bedzie mial narobione gnoju no i pieknie, reszte pociagow kupimy od niemiec i bedzie pieknie. tak jak unia chciala.

@@Orzeszekk a co, mają siedzieć cicho i nie odzywać się przez jakiś źle pojmowany patriotyzm? To nie ich wina, że Newag sra do własnego gniazda. Tutaj żadnych teorii spiskowych nie trzeba dorabiać.

@@Orzeszekk Po pierwsze - nie doszukuj się obcych działań tam, gdzie ich nie ma lub są mało prawdopodobne. Newag mógł nie kombinować, a to robił i nadal robi. To jest decyzja podjęta wyłącznie przez nich. Więc nie, nikt się tu nikogo nie uczepił. Pilnują, aby ten producent dotrzymał swojej umowy. Przypominam, że w drodze przetargu ten zobowiązał się nie tylko do dostarczenia EZTów, ale również CAŁOŚCI dokumentacji i oprogramowania niezbędnego do wykonania przeglądów P3 lub P4 (zależnie od operatora). Czego jak widać nie zrobił. Oraz żeby ten rzekomy producent działał zgodnie z prawem, czego jak się wydaje, również nie robi. Mówisz, że inni producenci robią tak samo. To wskaż mi kiedy np. Siemens, Fiat, Alstom czy nawet PESA albo Fablok miały takie afery oraz, jeżeli były, jaka była ich reakcja, postępowanie i następstwa prawno-sądowe... Ale rozumiem, że skoro pewna partia (czy raczej "Partia") mówi, że wszystkiemu są winni Niemcy lub Unia, więc tak musi być... Tyle że nie. Tak nie jest. Pomijając kwestie geopolityki i tego, jak mało same Niemcy czy nawet UE znaczą na globalnej arenie międzynarodowej, VAG też złapano za ręce i też musiał naprawiać szkody. W USA czy Kanadzie odkupywali kilkuletnie, używane auta po pełnych lub blisko pełnych cen zakupu pojazdów! A masa problemów jeszcze przed nimi bo z tego co wiem w tle wciąż majaczy widmo cofnięcia europejskiej homologacji dla pojazdów z problematycznymi jednostkami napędowymi. Notabene analogiczna sytuacja jest tutaj bo UTK teoretycznie może cofnąć homologacje Impulsów ze zmienionym oprogramowaniem, jako że to nie było częścią pojazdu w momencie certyfikowania. To by była heca, jakby się okazało, że Newag musi przyjąć używane przez kilka lat EZTy, zwracając koszty przetargów... Jest to tylko i wyłącznie ich (Newagu) wina, a nie jakichkolwiek "niemców", jak to mówisz. Po drugie - mamy jeszcze Pesę czy Fablok, produkcja Alstomu czy Siemensa również odbywa się w Polsce. Czyli produkt jest polski, podatki fabryki rozliczane są w Polsce, podobnie jak podatki pracowników tej fabryki. Mamy też całą masę podwykonawców, którzy produkują podzespoły na potrzeby kolei, w tym również tych zagranicznych producentów. Oraz kilka innych i mniejszych zakładów zdolnych do produkcji taboru kolejowego. Ale tego w pewnej stacji telewizyjnej nie powiedzieli, prawda? Tak samo, jak tego, że części tych fabryk, gdyby nie zagraniczne inwestycje, w ogóle by nie było. Bo to przeczy strasznie głupiej, prostackiej i wypranej ze wszelkich faktów narracji. Ale spoko, jesteśmy narodem, który w jednym zdaniu potrafi się wywyższać nad innymi, tylko po to, aby 3 słowa później pokazać jak im zazdroszczą. Co zresztą uczyniłeś w swoim komentarzu. Bo przecież produkcja dla innych to hańba! W końcu takie Chiny wcale nie stały się, a Indie nie są na dobrej drodze do zostania globalną potęgą gospodarczą i militarną właśnie dzięki produkcji dla innych...

​@@Orzeszekkszkalujo wielkie pociągi polskie, husaria!!!!!!!!!

@@Orzeszekk i bardzo kurwa dobrze, pretensje miej do janusza który sabotuje strategiczną gałąź własnego państwa dla paru szekli a nie do tego kto to ujawnił, co to kurwa za logika xD

Absolutely criminal charges. This is premeditated sabotage of critical infrastructure

Lets hope the fine is a substantial % of their global turnover. It really needs to hurt if it's going to be effective...

Three smoking guns -- geofencing, _predicted_ failures on _predicted_ days, and a matched check condition on two systems (the HMI and PLC both looking at >=21 days of service, then movement, but neither of them sharing a codebase)

"to jest historyczny moment!" - Indeed it is...

Already standard in every cellphone

some just like trains

Some wear hats :P

Orange and non-orange parts!

As the train's manufacturer they get to decide if it's a significant change to code. For example, "does it change the train's response to driver inputs?", like a change to brake controller behaviour, electrical braking only in brake steps 1 & 2, instead of blended (friction & electrical) braking beginning in step 2. That would require recertification, obviously.

@@capnskiddies surely any change to the ability to move the train affects safety, if there is a fire in the service yard and you need to move stock to prevent it burning then it being disabled for anti-competitive business reasons is safety critical. Also, disabling the train does change the "response to driver inputs".

Yeah, frightening. It makes you think just how many companies are doing these kinds of things at this very moment while we're all unaware of it.

I'm sitting on a tender review panel in the UK for new train stock. At our next meeting, the first hour will be this YT video...

There is a criminal investigation underway for fraud and industrial sabotage

I think he was worried that it would be used as political weapon between both political sides, like, sadly, many things are.

Someone commented that Newag's CEO is closely related to the PiS party that just lost the election but was in power before that ​@@harrry4007

If confirmed, all of those stuff is already illegal in Poland. There's nothing getting political can make better. At minimum it will hamper investigation at most just target the hackers due to retirees on the parliament seat not understanding digital technology.

It could be political in a way that the company is producing tangible industrial goods, paying taxes and offering jobs and making it suffer could have a negative political effect.

@@acidumirae Well every company does those things, including the bad ones. No, he's worried because until very recently, Poland had a corrupt far right government with close ties to the bad company. The government lost the election, though, so we'll see what happens next.

They spoke in the biggest auditorium at CCC, which has 3000 seats and there were people sitting on the floor/standing to fill all available empty space. Anyone would be nervous :)

It's an arms race, it'll just get harder to find... Money, getting more of it is the root of these activities, so any penalty needs to involve lots of money leaving the company, it must be significant and it must hurt, if only to serve as a warning to other companies tempted to adopt similar tactics to secure money... Personally, I'd go with 50% of global turnover as a fine based on the last 5 years average 12 month turnover figures. yes it's a huge sum of money, but it needs to be to land the message and be a warning for others...

Companies ahppen on a good product by accident most of the time. Company management is usually incompetent, but sometimes lucky...

Companies only attempt to do this when they KNOW the legislation at the point of abuse is not able to entrap them. Hopefully the government will criminally fault the company WITH JAIL TIME and legislate out these types of malicious code.

I feel really bad for the honest people working for Newag. Spending years developing a nice train and being proud of it, only to be exposed as a clown because of some shit like this. Cause I'm sure 95% of the employees didn't have any knowledge about those few rows of malicious code.

John deere

Actually some of the “locking” mechanism just normal security measures. When there is not at least one functioning compressor left it’s a good thing that the train will not allowed to move by its own, but after that is fixed the locking mechanism must release itself or the maintenance should be able to reset the lock. If that is by a tool or the HMI or a “cheat” code doesn’t really matter. What is concerning is that they say the software version was different from train to train. Because that should not be the case. After production and development, validation of all the requirements the software will be “frozen” and trains running in Service have all the same software version on that fleet. But don’t mistake that with a memory dump from train CPU memory that was in service, there of course will be a lot of data stored that divides between different trains. Like the train number itself and various counters, or for example all the wheel diameters. Therefore you need look carefully what is code and what is variable data.

@@jm3779 I would expect any normal security measures to be documented and known to all relevant parties.. So if secondary compressors don't work, the HMI should at least say train is not ready to go, call a maintenance; to the maintenance worker the compressor is not working, check it; all of that documented in a thorough "what to do when...". The abnormal security measures, as presented in the video: HMI says everything is ok, maintenance says everything looks ok, and computer experts say the CPU decided to power down the inverters because the train is out of warranty.

I think that this is just a normal "release operation" bit to the inverter.. I don't think they send an emergency stop via the standard CAN Bus, at least this would not be done in the industrial automation.

I understood the talk to mean that the conditions were not that the train would e-stop, but that it would not start (or at least the conditions were such that, if the train were in motion, the lock could not be triggered).

Normally pulse release to allow movement is done in two different ways, one of them is a hardware release and the other is by data communication. Hardware release has a lot of opening contacts like driving directions, door closed loop and many more. Software (data) release has the same but also others like enough air in the reservoir to be able to brake when moving or like the one shown in the slides who makes sure that at least one functional compressor is there. Everything of that makes sense for security reasons. Geofencing your competitors out of maintenance contracts is an other thing and not something you should be caught.

Polregio, mentioned here too, just signed a contract for new trains from Newag.

That's the best part, they're not. It can be qualified as sabotaging infrastructure and violating contracts. In summary, there will be blood

The problem is that when publicly owned companies (such as KD or Polregio) want to make big purchases (such as trains), they have to do a tender. Basically, they publish a quite detailed "wish list" of what they want. E.g. 20 trains with 200 seats, equipped for regional transport, able to go 160 km/h and so on - but way more detailed. Then, companies can make an offer for how much they would deliver these trains. Afterwards, the "best" offer is chosen following clear rules. Sadly, in most cases, this is the cheapest one. In general, these measures do make some sense to tackle corruption, inefficient spending of public money, cartels and so on. Though, what would be possible is to specifically ask for a full repair documentation in the tender, explicitly forbid any measures of the manufacturer that negatively affect repairability, and to go for sure write an extensive liability clause into the contract that the manufacturer is fully liable for any financial damages (including the cost of train cancellations for passengers) if such measures are detected.

Everything's legal unless it's illegal.

​@@skblablablabla well, there is a solution: all public tenders with a software component should require full access to all the source code within the product. This would promote transparency and open source solutions too.

Tickets sold out really quickly though

@@thewhitefalcon8539 even the room was completely full and they were not allowing more people in 10min before the start of the talk lol

​​​@@maximeborgesand the room was HUGE with a 2 floor stand (3-4 k people)

Reporting what the issue was and what they fixed is standard in repair contracts (at least if they are paid per problem), but that requires the contractor doesn't just lie. And if a company goes to such length with differently sabotaged software for individual trains they are going to lie. You can try to catch these cases by randomly sending someone to inspect the work as it is done, but if the trains are worked on for weeks it is not practical to have someone there all the time - and even if someone is there they would only see that among other repairs the software was updated, they wouldn't have the time or the knowledge to dig into the software like it was needed to actually find the sabotage.

They probably gave a somewhat true but opaque answer such as that they updated the firmware to make the startup sequence more robust under "service conditions". Companies can generally get away with such evasions because those who have the clout to demand a detailed account don't think they would understand it and prefer to nod their heads up and down.

Nie musisz sie zastanawiac. W wielu. Troche jednak inaczej to się robi 🙂