20 trains filled with people stopped, ease of exploitation is irrelevant - many events reported as hacks stem from obvious negligence, this is the same as writing an admin password down or leaving it default and having it used by attackers.
I also left a comment addressing the potential for varied interpretations of hacked.
You can activate the emergency stop in any train. Just like that, go figure! No security around those things at all, sometimes a thin pane of glass but that's easily taken care of. Or light an emergency flare next to the tracks. If it's that simple you almost have an obligation to show how insecure this is. And you could easily orchestrate this or do it again a short while later on another train.
/s
Whatever happened to personal responsibility? Hackers without ethics (no matter whether acting on their own or for some larger entity) are less than useless.
> You can activate the emergency stop in any train. Just like that, go figure! No security around those things at all
That’s false, at least on modern trains, in France, for what I know.
Any modern train will not stop when you pull the alarm lever.
The first thing that will happen is that you will be in communication with the conductor, then the train will be stopped in only two scenarios : either you are communicating a real emergency or you don’t respond at all to the conductor asking you what happens after a given delay (which IIRC is 10 seconds).
And fwiw, a friend of mine who is conductor explained to me that if you activate the alarm lever by inadvertence, the worst thing you can do is to not answer by fear of having problems. If you say it’s an error, the conductor will just ignore it and continue its day while if you say nothing, the conductor is forced to emergency brake the train and all the trains on the line.
I don't know the French way, but coming form Germany:
For logner tunnels etc there is an override, where emergency break doesn't break immediately as stopping a train mid-tunnel is most of the time the worst choice. Smoke in tunnel is dangerous. Emergency help can't reach it. Evacuation has confined space. etc. There emergency break rings an alarm with the engineer. If they ignore it, it will stop after a while, but usually they will use intercomm to understand the reason.
A way however you can stop trains on a German train line is by putting a 2kHz electromagnet on the tracks. That will tell the train that it just crossed a red signal and will stop.
How irresponsible of (gasp) European Commision to publish the exact specification (frequencies and timings of the tones) of the command used in this attack (in Poland):
This is well documented in each railway publication.
Also the risk is .... not existent. To damage railway infrastructure there are way more efficient and simple ways (getting a rail to derail, destroy some signaling cables, ...)
The "attack" here would require quite some investment in equipment (power etc.) and only bring a single train to a realtively quick stop, well in safe margins, where the driver after a quick check with the dispatcher can override and continue the ride, while investigators would collect the equipment.
It's impractical for a stunt (way simpler and more effective: just walk close to the tracks and they will do emergency stops for all trains close by) and ineffective for an attack.
Yes, there are other ways to bring trains to a halt or to derail them. Even so I think it is irresponsible to spread such information further than it has to go, especially on a site called 'hacker news', and even more so in a thread where people are openly arguing that insecure systems should be replaced by more secure ones. Rail infra is not as easy to update as your average web based project and keeping such information out of the hands of would-be experimenters can only be good. No downside, possible upside: easy decision.
So: just that: you don't need to do anything beyond pulling the lever to get the train to stop. The override is that you say everything is ok, but if you do not the train will absolutely stop.
This is to ensure that if the driver / conductor is incapacitated the train will still come to a halt. And that in turn is because runaway trains have happened.
It's always funny when those "grey hats" or similar "it's just a prank bros" find out they're "vulnerable" to a pair of handcuffs, or to judicial findings, or even worse things
I've had a several months long run in with a so-called 'hacker' on HN who is now - fortunately - in jail for something else. This got really tedious and the lack of support was quite frustrating (to put it mildly). I'm sure he thought it was all fun and games. He's threatened swatting people on here, destroying their businesses, families and so on. And all from the relative safety of what he believed to be anonymity.
Such people have no place in society and setting them loose on neighboring countries is inviting a tit-for-tat that we can all do without. Personally I think these attacks are very close to - or already over the threshold for - acts of war.
Emergency stop signal should be easy to send when it is needed.
Most trains have a emergency brake lever inside which is also very easy to abuse, but is there for safety. It is better to enforce harsh penalties for abuse.
In Germany, in addition there is yet another emergency signal - if you need a train to stop (say, because someone fell into the tracks) and you can see the train (so no time to call 112), wave your hand in a circular motion [1].
On a modern train, if you activate the button and the driver doesn't react at all, it will eventually stop the train, but the driver gets a few moments to decide what to do, and in a lot of cases their decision is going to be explicitly "Don't stop" because of the disproportionate number of inadvertent or malicious activations.
On the tube, where (aside from a handful of long distance expresses e.g. to/from Amersham) your train is going to stop at a station anyway in the next couple of minutes they have notices explaining to people that the best way to get e.g. medical assistance is going to be to get off the train at a station, where they can help you, not stay on it and push the emergency button hoping somehow assistance magically teleports to a moving train.
See my other comment. On modern trains, the emergency lever doesn’t stop the train anymore but let you speak to the conductor. The train will only stop if you don’t speak for several seconds or in case of a real emergency.
And tbh, I just can’t see which sort of emergency can happen inside the train that would require an immediate full stop. Even if something life threatening is happening inside, the best option is to call and meet the emergency services in the next station.
Examples where a passenger-initiated emergency stop would help:
The Eschede crash in Germany: https://en.m.wikipedia.org/wiki/Eschede_train_disaster -- part of the wheel came through the floor into the passenger compartment. The passenger couldn't find an emergency stop, and by the time they'd found a conductor and got their attention (which took minutes) the train crashed.
Trap-and-drag accidents where somebody on the platform gets clothes trapped in the train door and is pulled along with the train as it starts to pull off. If you don't emergency-stop the train within seconds that person is likely to suffer serious injuries or die. Likely the conductor/guard isn't near that door and only passengers will have seen the problem.
In case of a detachment, the train will automatically perform an emergency brake (without the possibility of manual intervention by the conductor).
Trains are fail-safe. They only run because the brakes are held open by a pressured air system running along the whole train. In case of a detachment, the hose connecting the wagons would break, releasing the air pressure and thus slamming the brakes down.
Harsh penalties are ineffective and irrelevant in terrorism and warfare situations, or even only against lunatics.
Here I don't think that this signal system is designed to be used by the public. I'm guessing that there are transmitters installed and operated by the railways and perhaps police/emergency services but no-one else.
I am sure that the system will now be upgraded to include cryptographic authentication or something to that effect.
In this case I am pretty sure that a single organisation controls the whole system, transmitters and receivers. So I see no reason why they would update one side but not the other. There has to be a minimum level of competence and enforced procedures to run any important systems...
Ever walked around in a factory? Those big red mushroom buttons everywhere actually work. Absolutely nothing is going to stop you from hitting one of them. It's not unlike the social contract: the assumption is that you too are kept safe by others.
Abusing such systems is the lowest of the low, and will get you in serious trouble. As would be sabotaging fire fighting equipment, arson, bomb threats, throwing stuff onto the highway and so on. The fact that you can't see any reason means that you are probably not in charge of safety anywhere. The battle is so asymmetrical that you can't win unless people stick to the assumption that their lives are valuable too. If that is no longer the case you are technically at war.
This is why suicide bombers have an easy time of it: they have broken out of that social contract and are willing to give up their own lives to take the lives of others. You simply can not effectively defend against this unless you are willing to throw out the social contract and become a police state yourself (or suffer eventual loss of life).
The minimum level of competence to run an important system (to put a train in motion, for instance) is definitely there. But to stop an important system should need no competence, it should just require presence and action. Any other requirements are not going to be secure (because too many people need to have access to such systems, including all of the public) but will cause the critical part to fail just when it is needed.
Obviously in a factory people who are let in are vetted and authenticated to start with.
Here we're discussing a radio transmission (from what I understand) in the wild that can come from absolutely anyone and anywhere and stop a whole train. There is no reason for this not to be secured.
I didn't claim that there should be a special competence to remotely stop a train, and indeed we may want something as simple as a big red button. But not anyone should be able to push that button and there should obviously be competence to run the system behind the scene as per my previous comment.
> Obviously in a factory people who are let in are vetted and authenticated to start with.
Factory workers are not vetted beyond being able to perform some function on behalf of the factory owners / operators. That can be as much as having finished grade school. On your first day you have the run of the place.
> Here we're discussing a radio transmission (from what I understand) in the wild that can come from absolutely anyone and anywhere and stop a whole train.
Oh no! Such radio transmissions have been the norm for decades and plenty of such older systems are still in use all over the world. Abusing such systems is easy. Upgrading them properly is costly and carries risk so the default is to leave things as they are.
> There is no reason for this not to be secured.
Well, why don't you propose a system that is 'secured'? And then I'll show you fifty ways in which your so called secured system can be 'hacked'. For instance, pre-emptively by stealing some of the gear.
There are fall-backs for all of those and the final fall back is flares and hand signals which every railway man hopes to never see in their lives. Fucking with infra is easy. Creating systems that are still just as safe but that are secure isn't easy at all: it is impossible. As every hacked website proves. And even if you could: the next thing that would happen is that these jerks would derail the trains instead of stopping them because that too is stupidly easy.
At some point we all rely on each other not to do bad stuff.
We know that a lot of our critical infrastructure is vulnerable, as this article again shows. This may have been "the norm" for decades but this has to be fixed. Unfortunately it often takes a catastrophe for things to be fixed.
At least here there was no catastrophe but still enough noise at a sensitive enough time that, again, I am sure that those systems will be upgraded.
Also, we're discussing securing infrastructure against threats up to state actors. They don't care about harsh penalties unless these are painful counter-attacks.
As far as I'm concerned the system worked exactly as designed. Nobody died, all trains stopped safely for a minute or so. Props to whoever designed the system and to all of those involved for keeping their heads cool.
What will most likely happen is that we will see more such acts of sabotage, against these and other systems.
Some suspects (Polish nationals) have been arrested:
Defilibrators, strategically positioned at places where a lot of people congregate. Such as train stations or city centers.
Herearound those are not locked. There's nothing stopping you of taking it out and toss it into the river.
The social contract is such that you just don't fucking do it and frankly, I never heard of such a thing happening. And yes, we have our shares of assholes.
Contrast that to the UK, where they are under lock and code. You call an operator explaining the emergency and she may unlock it.
There are two problems that I can see (and probably more). The communication device adds another layer of potential failure. And those two minutes it takes to unlock the device may be the difference between life and death.
I, for one, know in which kind of society I prefer to live. Even given the very occasional asshole who breaks that contract and abuses the accessibility of that life saving device.
Sadly, given the current situation, we'll probably have to migrate from the current (easy to use and available) system to something more secure (and fragile).
Some people will die, but if that happens again there's not much choice.
No, I don't think we should. What we should do is hunt these perps down and take them out of circulation for a long long time. Because it isn't possible to make a system both easy to access and secure at the same time and if the price is that people will get killed who have nothing to do with any of this then we will end up losing our critical infrastructure just as sure as if you bombed it.
It's very hard to find a source of a radio signal sent from a middle of nowhere (having only a few trains to trinagulate). Of course we should do this, but if someone starts abusing this to raise chaos in the country, we may have no other choice. And we have an enemy country very interested in causing problems nearby.
>Because it isn't possible to make a system both easy to access and secure at the same time
Not right now, but since 2009 we're implementing GSM-R, and we still don't have it. It's not a bad solution, but nobody really cared until the recent abuse happened.
Legacy... hard to overcome that in a few years when it took many, many decades to deploy the original gear. This stuff is quite expensive, deployed everywhere and needs to continue to be backwards compatible while the new solution is rolled out, which is difficult to achieve.
But this is automatic system - any train which receives such signal automatically activates it's brakes without any human interaction.
So it's not just calling a school saying there's a bomb, but using the info about the right frequency and signal pattern triggering remotely all alarms in neighborhood.
My first thought when seeing the headline was: if they actually hacked into the control system to stop the trains, could they also hack into the German train system to make the trains go on time?
But sadly the hack was merely an emergency stop signal. It sounds like it's about as much a hack as pulling the emergency brake.
If disabling car remotely in specific area is the same as turning off the ignition key in these cars/using the parking brake, then yes. As the information how to do that should not be public and was not meant to be used be anyone, but only by authorized people (technology from 70') it's kind of hack. Exactly as using the Blue boxes[1] to hack telephone networks
The term is 'security by obscurity' and it doesn't work. Because it's only a few bits of information and once documented it is a matter of time before the data is out there.
In this case: the data is the same for large swaths of the former USSR so it isn't strange at all that an enemy actor has access to that information. Poland could do the exact same thing to Russia. But I hope they have better ethics.
>could they also hack into the German train system to make the trains go on time?
Knowing German "digitalisation", the train system probably runs on pen, paper, letters, phone calls and faxes, making it resilient to cyber attacks. Your move hackers!
> The saboteurs reportedly interspersed the commands they used to stop the trains with the Russian national anthem and parts of a speech by Russian president Vladimir Putin.
> The only real limitation of the train-paralyzing radio attack, Olejnik says, would be that the saboteurs would have to be relatively close to the target trains—somewhere from hundreds of feet to miles, depending on the power of the radio equipment used in their disruption operation. [...] Given that the disruptions appear to have occurred in three different Polish administrative regions across the country, getting that equipment close enough to all the target trains would likely have been the biggest challenge for the saboteurs.
So it was a coordinated attack. This could really turn into a DoS vector against the railway system - if I extrapolate from Germany there should be enough Z-Zombies in Poland that it's a real danger. If it isn't even done by FSB or GRU but considering that all you need an antenna, a USB-SDR? and a notebook this could get really ugly.
Isn’t it that the case with most major news-report breaches? Last big one I read was “18yo hack rockstar through a nvidia firestick!!” Where in reality it isn’t the full story, the stick part was just to access internet to carry another social engineering attack anyone with kali linux can do with a usual script. The sophisticated attacks however, make to the news usually years later as it goes undetected for some time, since usually the objective is to exfiltrate data silently rather than a show up.
This is such nonsense agitprop. There is zero evidence "Russia did this".
I could just as easily see the CIA doing it, because everyone knows that the CIA wants to have the world blame Russia for evil things in order to distract from the CIA's vast litany of evil things.
And such a position would be equally specious in light of the evidence: there is none at hand, either way.
What you are doing is merely participating in two minutes hate of the enemy de jour ..
I know that... and I thought it was obvious that whoever did it, thought it would be funny to play the Russian national anthem on the signal because they knew the West would immediately blame Russia, like our friends here already did (would Russian agents play their national anthem for fun if this was a nation-level job?? Sounds ridiculous, right? But then again, that may be what they knew you would think :D)!
> I could just as easily see the CIA doing it, because everyone knows that the CIA wants to have the world blame Russia for evil things in order to distract from the CIA's vast litany of evil things.
I don't think the CIA needs to do anything to have the world blame Russia. Russia itself is already doing a very good job in this regard.
And if Russia is the enemy de jour (better, de la décennie), it can only blame itself.
BRICS called, they wanna give back some funny money they've been hoarding. I think you might want to send it to the folks in the UMBRAGE group, see what they have to (not) say about it ..
Besides which, attacking a rival countrys' infrastructure is an act of war (NS2, etc.) so making the Poles hate Russia even more - eventually resulting in public support of Polands' occupation of Western Ukraine attaining critical populist mass .. seems like an easy outcome of this attack.
What does Russia gain from stopping a few trains in Poland? Nothing. What does the CIA gain from making Poles hate Russians even more? A heck of a lot. Especially given todays newsroll explaining the Zelensky doesn't have its allies support for the invasion of Russia ..
>de la décennie
Nope, that's still the USA for a significant portion of the world.
> BRICS called, they wanna give back some funny money they've been hoarding. I think you might want to send it to the folks in the UMBRAGE group, see what they have to (not) say about it ..
https://en.wikipedia.org/wiki/Vault_7#UMBRAGE
Russia has similar groups of cyber threat actors so this doesn’t really prove anything.
> so making the Poles hate Russia even more
I’m pretty sure Polands feelings regarding Russia are poor enough that a simple attack on their rail system is not going to make them change the way they feel.
> eventually resulting in public support of Polands' occupation of Western Ukraine attaining critical populist mass .. seems like an easy outcome of this attack.
This doesn’t seem like it’s ever gonna happen as it doesn’t have any reason to.
Do you have any evidence that Poland is planning to occupy western Ukraine?.
> Especially given todays newsroll explaining the Zelensky doesn't have its allies support for the invasion of Russia .
Ukraine doesn’t want to invade Russia they want to stop Russias invasion so I’m not sure what this sentence even means.
>I’m pretty sure Polands feelings regarding Russia are poor enough that a simple attack on their rail system is not going to make them change the way they feel.
Its called agitprop because it agitates an existing condition.
>Do you have any evidence that Poland is planning to occupy western Ukraine?.
No.
>doesn’t really prove anything
Yeah. Thats the point. There is no evidence this was Russia, either. Still, the narrative persists throughout this thread ..
This isn’t hacking. The “system” is analogue radio, and the sequence of tones to activate emergency braking is public knowledge. Here: go to [0] and search with Ctrl-F for "radiostop". Now you can become a “hacker” too.
As the gruq discussed in his keynote at HITB-HKT a few days ago, one can make the argument that the "train system" was hacked: Simple mechanisms were used to bring the whole system down.
The sequence of tones to influence telephone switchboards were known as well. It was the origin of hacking. This may be an easy hack, but it still is one.
BTW, it's good that attention is being called to it. There is a bit of tension in the region, as you may know, and opponents are not going to play nice. That also makes me suspect this was not a malicious attack.
Not even that. Trains in Poland are generally using analog radio, if you go on frequency, which you can find publically, or just scan for it and say [specific phrase which you can find on Wikipedia] five times, that's the equivalent of playing the recording. All train operators who will hear that must stop immediately.
You don't want time for any non-mechanical verification because stopping a train needs to begin immediately if there are serious problems
Poland is apparently in the process of purchasing and installing GSM-R, which is basically like old mobile phone (cellular radio) technology but specifically for Railways. Although GSM's security is hardly state of the art it would definitely be reasonable to call that "verification" if they had it. The "easy" way for lay people to send such a message under GSM-R would be to obtain a real transmitter, maybe steal one.
Presumably since they're buying GSM-R they currently have either an ad hoc secure system or they don't have a secure system at all and so in the latter case yes there would be no verification.
I'll gladly agree to disagree, but I still think there was some degree of ingenuity involved in the whistle thing that would make it "hacking", whereas these kids basically just called a phone number.
You should break some kind of layer of protection or find some secret piece of information for it to be hacking. Otherwise you're just doing what anyone could do but had the decency not to.
Hacking actually means modifying something or repurposing it to do something else that wasn’t its main purpose. It is not necessarily a security breach, but I blame Hollywood on this.
Where is that written authoritatively that makes you so confident in such a statement? Non train operators repurposed radio equipment to stop trains. See how a bit of grammar makes all the difference, or maybe...just maybe trying to parse the term hacking so finely is part of the problem.
> Non train operators repurposed radio equipment to stop trains.
Exactly, see what I said above
>not necessarily a security breach
So in short, a security breach CAN be hacking (sometimes it’s not like mitm etc.), but every hacking is not a security breach. Say I used a company server to propagate another attack, that might be hacking by definition, but hacking a toaster with some rubber band to do X is definitely not a security breach.
Destruction is so much easier than creation. In a normal society there are ample opportunities for easy and cheap destruction. Given a handful of motivated and smart people and within an hour or two and $500 in budget you can significantly harm any open society.
But that doesn't mean that you are smart, it just means that as an attacker you have it easy. Electrical infrastructure, water, gas, telecommunications, railways and so on are all wide open to abuse and sabotage. Doing so however is in my opinion about as close as an act of war as you can get if you do it from another country and should net you a decade or more in jail if not. It's also supremely cowardly, not unlike calling in a bomb threat on an airport. Assholes will be assholes.
The "attack" is use of standard A 1r 'Alarm' signal for Radio-Stop rail system. Signal described in detail in readily available Ie-1 rail signaling manual, official Ministry of Infrastructure regulations, EU regulations (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...) and manuals for rail radio systems. There are multiple YT tutorials going back 10 years. Comments under one of the recent ones from 9 months ago already mention someone being arrested for doing very same thing 3 months prior.
It's about as much of a "hack" as calling to your school and saying there's a bomb.