flere-imsaho (@[email protected])

so this is getting some traction since tuesday; let me gather the coverage here: * original @[email protected]'s [article](https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/); in polish * [Awarie pociągów Newagu: hakerzy ujawniają, kto stoi za celowymi usterkami](https://wiadomosci.onet.pl/kraj/awarie-pociagow-newagu-hakerzy-ujawniaja-kto-stoi-za-celowymi-usterkami/g4hymmg) – from onet.pl; in polish * [Spółka Newag zagrożona wieloma konsekwencjami prawnymi](https://www.gazetaprawna.pl/firma-i-prawo/artykuly/9374529,spolka-newag-zagrozona-wieloma-konsekwencjami-prawnymi.html) – first attempt at legal analysis from gazeta prawna; in polish * [Dieselgate, but for trains](https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/) – english translation of the @[email protected]'s article; in english * [Hacker finden versteckten Killswitch im Zug](https://www.golem.de/news/polen-hacker-finden-versteckten-killswitch-im-zug-2312-180077.html) from golem.de; in german * [more previously unknown details](https://oko.press/kto-unieruchamia-pociagi-impuls-sledztwo-hakerow) plus statement from the legal team representing the analysts, article written by indomitable @[email protected]; in polish one of the most important pieces of the article is countering the narrative of the pr agency hired by the train manufacturer (who are suggesting that the on-board computers were re-programmed “*by the hackers*”) – there's a statement from the group that no plc code on board of the trains was actually changed by the analysts, and that they have code dumps from before and after visits to the newag service depots) * another [nicely written debunk](https://zaufanatrzeciastrona.pl/post/jak-badacze-naprawili-zepsute-pociagi-newagu-i-inne-ciekawe-aspekty-tej-afery/) of the claims made by the train manufacturer and their pet pr agency; from @[email protected] in polish * [the story hits the us](https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/) via the 404 media and @[email protected]; in english * [same, but through ars technica](https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/) – by @[email protected]; in english (h/t @[email protected]) * [updates & new take from onet](https://wiadomosci.onet.pl/kraj/nowe-fakty-o-skandalu-z-pociagami-newagu-sprawe-od-dawna-znala-abw-i-premier/l66xnl8), with slightly sensationalized title; in polish * [gizmodo keeps up with latest onet revelations too](https://gizmodo.com/polish-train-shutdown-hackers-prime-minister-repair-1851111884); in english (h/t @[email protected]) * onet [reports](https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf) that despite newag denials of ever implementing stoppage conditions in their firmware, another newag-manufactured train stopped today – on 21st of december – due to ekhm, unexpected secondary compressor failure condition; in polish (h/t @[email protected]) * links to @[email protected]'s announcement of the podcast episode with the dragon sector folks – [zaplanowana awaria](https://mstdn.social/@polamatysiak/111634953753953166) (non-spotify sources downthread from the linked toot); in polish (h/t @[email protected]), * the 37c3 presentation on [breaking drm in polish trains](https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains) up now for rewatch, very technical; by the three people directly involved, in english. try to catch the polish tongue twister names! * [the train that died on 21st o december arose from dead on 1st of january](https://www.onet.pl/informacje/onetwiadomosci/nowe-fakty-o-skandalu-z-pociagami-newagu-staja-i-ruszaja-w-okreslonych-datach/vt6pbkm,79cfc278) – new article from onet; in polish * [report](https://wiadomosci.onet.pl/kraj/tajemnicze-usterki-w-pociagach-newagu-sprawa-zajeli-sie-poslowie/f9xfzhb) from the tumultuous hearing before parliamentary committee (incl. probably the first direct confrontation between newag minions and the dragon sector folks); from onet, in polish. * and the [hearing itself](https://www.youtube.com/watch?v=KoGpr_LhAKc), kindly provided by @[email protected] ; video in polish (2h18m), no subtitles or transcript (yet), links to newag and dragon sector presentations within. * something i completely missed: the polish press agency published an article that misquotes the communique from the prosecutor and tries to move the onus to the security specialists (strangely just like the newag's narrative); see the [fedi thread](https://mstdn.social/@rysiek/112638140811710567) with links to the debunks, dementi from the prosecutor and comments from the dragon sector folks (in polish). corrections have been requested. * newag [sues the security researchers](https://social.hackerspace.pl/@q3k/112693911864133850) for, wait for it, *copyright infringement*; this is civil lawsuit initiated by newag and not related to the criminal proceedings; via q3k's fedi account (in english). * a comedic moment: during newag civil lawsuit's proceedings newag informed the court that they requested the internal security agency (polish: ABW, agencja bezpieczeństwa wewnętrznego) take down all articles regarding the case, the “materials instructing on how to hack trains” and that they start special supervision over all attendants of the original OhMyHack conference (from [@zaufanatrzeciastrona](https://infosec.exchange/@zaufanatrzeciastrona/112778955872695806)), in polish; via [leszek ciesielski's toot](https://chaos.social/@makdaam/112789590627698006), in english) * first day of the civil lawsuit (newag vs the researchers), [report in polish](https://szmer.info/post/4255555). #NEWAG #IndustrialSabotageInPoland #RightToRepair #Trainsomware #SecondaryCompressorFailureDay