Capitalism is a scourge.
After a bit of digging it looks like Newag has had a steady supply of government contracts:
25.01.2023 - 10,7 billion PLN (2,5bn EUR) for EMUs
24.07.2024 - Newag CEO mentions current contracts with PKP Intercity total 9bn PLN (2bn EUR)
21.11.2024 - 7,7bn PLN (1,8bn EUR) for hybrid MUs
23.06.2025 - most recent one I could find, 270 million PLN, EMUs for a local railway
Stock is up 260% since June 2022
In Poland we don’t negotiate with corporate terrorists, we throw money at them. 🙃
When corporation does crime and has the balls to sue the victims
EU companies are learning well from the US!
I keep a small list titled “illegal heroes”, and these hackers are on that list. It’s bullshit that they’re being hounded like this.
Every potential buyer of trains should ban this company from new sales.
Yeah. I’m not buying another train from them ever again
Same here. Fucking train makers.
Good for you! I’m going to boycott them, too.
I was just thinking this. I imagine that there is only a few hundred train operators in the world, so they can all be reached easily, and would pay attention to the Polish rail operator.
Simply explain the whole ordeal and bullshittery, and let them know what will happen to them.
It’s unlikely that Newag would get another sale. They are fucking with mainly state operator, who have a LOT of time and resources.
If I were the Polish operator, I would have found a new hobby.
Operator in my country luckily ordered a bunch of Škodas to complement and replace the old Stadlers, so I don’t think we’re gonna be using Newag any time soon.
Newag [train maker] claims that the Dragon Sector [whitehat hacker] team endangered passengers’ safety by modifying the software without proper experience. But Newag then turns right around and claims that Dragon Sector did not modify the software at all. They point out that EU law only allows reverse engineering of software in order to fix bugs. And if Dragon Sector did not actually modify the software, it cannot have fixed any bugs, in which case their reverse-engineering must be illegal.
So if they just say they were gonna get to the bug fixing part but haven’t yet they’re in the clear. Boom, another decisive victory for the Dragon Sector.
Train company response: it’s a feature, not a bug, so you’re still guilty
Do they… not know what reverse engineering means?
It’s worse. They are saying that the EU copyright law, as written, only allows decompiling/reverse engineering to “fix bugs”. A bug fix would involve a software patch of some sorts. But the security researchers did not have time to write a patch yet, what they did is tell the customer “Yep, it’s fucked. Your vendor put in a killswitch to make the trains brick themselves.” So that does tell them where the problem is, but it is not a bona fide bug fix from the Bugfix region of France, and therefore illegal.
Ah so it’s just sparkling engineering
Hopefully Newag (the manufacturer) loses this case. This is malicious design on Newag’s part.
Malicious design is putting it mildly. This is fraud with a bit of blackmail sprinkled in. They bricked perfectly functioning trains that their customers already had paid for, because another workshop was chosen for servicing them after the warranty period of the train ended. Then they charged over 20k € to unlock trains they deliberately locked before. The unlocking itself took them 10 minutes.
In a just world the Newag CEOs would go to jail for this, but sadly we all know this won’t happen.
fraud
Sabotage. Property made unusable. Passengers were literally stranded in the middle of a journey.
Yeah, this has a criminal component of endangering train traffic and putting hundreds of lives at risk.
This is not merely fraud or property damage. This should be seen in the context of attempted homicide.
This and many other things is why I always thought that even from the viewpoint of “common good” reverse engineering, copying and disassembly and whatever else of everything digitally stored should be absolutely immune to the law. Otherwise it’s illegal to know if the other side is breaking the law to sue it.
Newag executives should be in jail for fraud
I am looking forward to their next update:
Where legal fund
CCC was collecting some money for them last year, not sure if this is still active https://www.ccc.de/en/updates/2024/das-ist-vollig-entgleist
Edit: looks like they were past the goal they had then but if this goes on maybe 30k € won’t be enough, hopefully someone sets something new up
@Pro #capitalism at its #worst (AGAIN)
2022, members of #DragonSector were called by a train repair shop Serwis Pojazdów Szynowych (#SPS) work out why #trains refusing to run. Digging into the code revealed a #software trap that would disable trains if they were anywhere near a #repair facility that wasn’t run by the manufacturer, Newag. But Newag used a pretty inaccurate way to determine when the trains were in a rival repair shop, which led to some unexpected consequences. #right2repair
This is devious.
