A Polish hacking group, Dragon Sector, went public recently with a scandal about one of Poland’s oldest train makers, Newag, bricking its own trains when they were repaired by third parties. However, new reporting on Tuesday from Polish publication Onet alleges that Dragon Sector first went to government officials with the story a year ago, and it was even brought to the attention of the Polish Prime Minister at the time, Mateusz Morawiecki.
Dragon Sector went public with the train-bricking fiasco at a Warsaw conference this month out of frustration, according to Onet. The hackers had attempted to address this problem through government channels for over a year. Onet’s sources say that Poland’s Central Anti-Corruption Bureau is now investigating the scandal.
In August of 2022, Dragon Sector was hired to fix the software of some Newag brand trains that repair shops couldn’t get to start. The Polish media wrote about major train delays across the country at the time. Dragon Sector was quickly able to identify that these trains had been bricked; hackers say Newag ingrained software to disable trains when they reached the coordinates of certain third-party repair shops. The Polish hackers were able to obfuscate the bricking and get them to run.
Dragon Sector reported this bricking to the Polish government’s cybersecurity team, CERT, in December of 2022, who determined there was a strong chance the hackers were correct, Onet reports. The cybersecurity team brought the case to several government officials in May of 2023, including the Polish Prime Minister at the time. However not much happened, which is why Dragon Sector decided to go public with the story.
The problem with bricking a train is the same as bricking an iPhone. It’s a tactic commonly used by electronics makers to get added revenue from repairs, by ensuring that customers go back to the manufacturer instead of hiring a third-party repair service. Railway industry sources estimate that there is roughly $US200 million available annually in the Polish market for repairing and servicing trains, according to Onet.
The train manufacturer caught up in all of this, Newag, threatened to sue Dragon Sector last week for defaming its name, 404 Media reported. Because Newag’s trains transport weapons to the front lines of Ukraine, the company says vehicles serviced by Dragon Sector have been “hacked,” and must be taken out of service. Michael Kowalczyk, a member of Dragon Sector told Onet these claims are largely bogus, and an effort to divert attention from the essence of the problem.
It’s unclear why the Polish government did not penalize or go public with the Newag scandal in the last year. Former Polish Prime Minister Morawiecki called Newag the “beating heart” of its public and rail transport system in 2016 and said the country should reindustrialise Poland as Newag has. A controversial Polish millionaire, Zbigniew Jakubas, is also one of the largest investors in Newag. Sources told Onet that Poland’s anticorruption bureau is just now looking at the matter, but it has yet to reach a conclusion.