689
I will sue you because you broke my ransomware.
Hopefully Newag (the manufacturer) loses this case. This is malicious design on Newag's part.
Malicious design is putting it mildly. This is fraud with a bit of blackmail sprinkled in. They bricked perfectly functioning trains that their customers already had paid for, because another workshop was chosen for servicing them after the warranty period of the train ended. Then they charged over 20k € to unlock trains they deliberately locked before. The unlocking itself took them 10 minutes.
In a just world the Newag CEOs would go to jail for this, but sadly we all know this won't happen.
fraud
Sabotage. Property made unusable. Passengers were literally stranded in the middle of a journey.
Yeah, this has a criminal component of endangering train traffic and putting hundreds of lives at risk.
This is not merely fraud or property damage. This should be seen in the context of attempted homicide.
The story I read the trains were bricked in the maintenance yards. Do you have the source about passangers?
This very article.
And one batch of the 45WE EMU (electric multiple unit, the kind of train that doesn’t have a separate engine up front to pull the passenger cars), would switch off automatically when passing through the Mińsk Mazowiecki railway station. Trains full of passengers were left stranded.
Thanks! (I hope you didn't expect me to read the article, I'm too cool for that!)
Oh, certainly not.
Every potential buyer of trains should ban this company from new sales.
Yeah. I’m not buying another train from them ever again
Same here. Fucking train makers.
Good for you! I'm going to boycott them, too.
Same. My personal Home <-> Work line will never see a Newag train.
I was just thinking this. I imagine that there is only a few hundred train operators in the world, so they can all be reached easily, and would pay attention to the Polish rail operator.
Simply explain the whole ordeal and bullshittery, and let them know what will happen to them.
It's unlikely that Newag would get another sale. They are fucking with mainly state operator, who have a LOT of time and resources.
If I were the Polish operator, I would have found a new hobby.
Operator in my country luckily ordered a bunch of Škodas to complement and replace the old Stadlers, so I don't think we're gonna be using Newag any time soon.
For what? Being decent human beings?
Yeah apparently that's a crime nowadays.
Capitalism is a scourge.
Quote of this century.
I keep a small list titled "illegal heroes", and these hackers are on that list. It's bullshit that they're being hounded like this.
They are not illegal heroes, they are pentesters and were paid by train company SPS who were using these trains.
https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains
They had a talk at CCC 2 years ago, and last one too I think. It's pretty funny.
When corporation does crime and has the balls to sue the victims
EU companies are learning well from the US!
Newag executives should be in jail for fraud
Newag [train maker] claims that the Dragon Sector [whitehat hacker] team endangered passengers’ safety by modifying the software without proper experience. But Newag then turns right around and claims that Dragon Sector did not modify the software at all. They point out that EU law only allows reverse engineering of software in order to fix bugs. And if Dragon Sector did not actually modify the software, it cannot have fixed any bugs, in which case their reverse-engineering must be illegal.
So if they just say they were gonna get to the bug fixing part but haven't yet they're in the clear. Boom, another decisive victory for the Dragon Sector.
Train company response: it's a feature, not a bug, so you're still guilty
Do they... not know what reverse engineering means?
It's worse. They are saying that the EU copyright law, as written, only allows decompiling/reverse engineering to "fix bugs". A bug fix would involve a software patch of some sorts. But the security researchers did not have time to write a patch yet, what they did is tell the customer "Yep, it's fucked. Your vendor put in a killswitch to make the trains brick themselves." So that does tell them where the problem is, but it is not a bona fide bug fix from the Bugfix region of France, and therefore illegal.
Ah so it's just sparkling engineering
But the security researchers did not have time to write a patch yet
This is not true. They never intended, and said would never try to make any modifications to the train software, because it would be very illegal, you can't make modifications to the trains without the train having to go through recertification again and they have no credentials to be making any modifications to trains.
They only analysed a copy of the software, and found secret undocumented unlock codes that could just be typed in at the cabin without having to modify anything.
After a bit of digging it looks like Newag has had a steady supply of government contracts:
25.01.2023 - 10,7 billion PLN (2,5bn EUR) for EMUs
24.07.2024 - Newag CEO mentions current contracts with PKP Intercity total 9bn PLN (2bn EUR)
21.11.2024 - 7,7bn PLN (1,8bn EUR) for hybrid MUs
23.06.2025 - most recent one I could find, 270 million PLN, EMUs for a local railway
Stock is up 260% since June 2022
In Poland we don't negotiate with corporate terrorists, we throw money at them. 🙃
They should be being sued for doing anti repair tricks.
The guys exposing the anti repair tricks are the heroes here.
I am looking forward to their next update:
@Pro #capitalism at its #worst (AGAIN)
2022, members of #DragonSector were called by a train repair shop Serwis Pojazdów Szynowych (#SPS) work out why #trains refusing to run. Digging into the code revealed a #software trap that would disable trains if they were anywhere near a #repair facility that wasn’t run by the manufacturer, Newag. But Newag used a pretty inaccurate way to determine when the trains were in a rival repair shop, which led to some unexpected consequences. #right2repair
This is devious.
Don't you love the anti-circumvention clause?
I couldn't tell better. "The sheep are made to be sheared". Each day, critical thinking fades a little more, leading people into a spiral of submission that has never been as swift and humiliating.
Where legal fund
CCC was collecting some money for them last year, not sure if this is still active https://www.ccc.de/en/updates/2024/das-ist-vollig-entgleist
Edit: looks like they were past the goal they had then but if this goes on maybe 30k € won't be enough, hopefully someone sets something new up
this post was submitted on 29 Jul 2025
689 points (100.0% liked)
Technology
73567 readers
3170 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS