14-Year-Old Turns Tram System Into Personal Train Set

F-3582 writes "By modifying a TV remote a 14-year-old boy from Lodz, Poland, managed to gain control over the junctions of the tracks. According to The Register the boy had 'trespassed in tram depots to gather information needed to build the device. [...] Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit.' Four trams derailed in the process injuring a number of passengers. The boy is now looking at 'charges at a special juvenile court of endangering public safety.'"

how many other "systems" like this?

[yagu]

I know some kids who are extremely bright, curious, and for lack of a better description, "like to experiment". Any one of these I think could have done the same thing, and with completely innocent (though mischievous) intent. For playing with such big toys in such a fashion there should be repercussions. But the kids I know who also could have done something like this would be much more on track with thinking about how they're moving switches than about what moving those switches implies.

However, I'm led to a different train of thought. What other systems are out there created in the same context, i.e., with little thought to external interference? I'm betting there are a "few". I wonder that in the process of designing something like this if we must pay more attention to the possibility of outsiders tinkering. I hope France's TGV has a bit more built in checks and balances than this. I hope the new Boeing 787 has more security built in than this [news.com.au].

I actually think (and hope) this kid's imagination and curiosity somehow gets channeled rather than squashed. He actually sounds like he could be a contributor. Of course, he's at least grounded for the next month.

wtf

[JohnFluxx]

It should be the enginners and their bosses that should be the ones facing criminal charges.

Special security training?

[Optic7]

Does it really take special security training for engineers to realize that controlling train junctions with TV remote controls (or close enough) might be a bad idea? Where's the whatcouldpossiblygowrong tag when you need it?

Re:wtf

[MightyMartian]

No bloody kidding. Yeah, the kid was doing what he shouldn't have, but who the hell develops something as critical as switch controls for a $#@!@% tram that can be so easily overridden. I don't buy this "not exposed" BS. That's why, in the old days of manual switches, you had padlocks on them to stop the earlier, low-tech version of this stunt.

Once they've finished throwing the book at this kid, someone ought to look at getting him into a decent technical school. Maybe, in a decade, he can replace the retarded engineers.

Good thing this isn't the US

[matt4077]

In some law systems, he'd probably be labeled a terrorist, charged with attempted murder (if he even gets a criminal trial) and spend 10 years in jail. Let's hope Poland is more civilized, I'd guess humiliation from the trial plus quite a lot of hours of community service will frighten him enough to never cross the line again. Then again, his parents will probably be ruined as they'll have to pay the damages.

Needs a challenge

[Thelasko]

Sounds like this kid was not adequately challenged by his school. At least that's what the story leads me to believe. If I was the judge I would let him off on the condition that he goes to a school where his curiosity will be encouraged but given enough direction so he doesn't get into more trouble.

Why is it that...

[Anonymous Coward]

Why is it that facility operators, be it trains, power plants, oil refineries, or anything have pathetic security, and when something does happen, they blame it totally on the perp who likely never had to confront even a single lock, much less a guard?

Makes me wonder if countries should have a special regulatory team whose job it is to attempt break ins on a regular basis to various areas, and levy fines to organizations failing compliance. Only problem is areas where people shoot to kill... telling a tiger team from a genuine trespasser/burglar/criminal before pulling the trigger.

Re:how many other "systems" like this?

[Kelbear]

14 year olds are young, but not so young to not realize that swapping train tracks around will affect what happens to trains when they reach that section of track. They might not follow that train of thought(pun intended) through to what the actual aftermath may look like, but it's no stretch of intelligence to conclude that a massive train moving at significant speeds will have a significant consequences when directed somewhere unexpectedly.

Not that I'm recommending dire consequences for the boy, I'm just saying that there is probably some malicious intent here, though he probably didn't calculate the magnitude of his mischief either. I'm envisioning something like: "I'm gonna screw around with this and it'll be funny watching them try to fix i--*FOOM*...oh...wow...shit I better go".

(And jeez, whoever designed that system that way is going to have a whole mess of flying poop coming their way).

I'm taking the troll -- on encryption, etc.

[Anonymous Coward]

Well, yes and no. Just give a bit of serious thought to the issue... I'm at work, have to AC.

It sounds as though the system worked of infrared pulse encoding, and that is why he could use a modified television remote. Imagine you are the one designing this (probably in the 1970's or 1980's...) It is generally desirable to keep things simple to ensure they actually *work* -- that is, having a rolling code that may be out of sync while having a signalling train hurtle toward the junction at 80 mph is not desirable -- you want a simple system that the train can activate if needed.

Anybody who has worked with security (my job) knows that the more layers you add, the harder (network) testing is, and the more ways something can go VERY wrong for a legitimate user.

If the train couldn't switch the junction box because it didn't have the right "password," you would also criticize the engineers.

I defend the train design -- this should be treated as sabotage, and is more along the continuum of putting a penny on the tracks or mechanically interfering with a junction box, things that are also dangerous, illegal, and difficult to defend entirely against.

Re:New terrorist plot for TV

[dgatwood]

This kid does deserve to get in trouble, though, big-time. You don't go around derailing trams, that's not cool.

I'm surprised nobody has asked the obvious question. Switches normally switch between two tracks. How does switching a train to a different track cause it to derail? Collide, sure, but derail? Sounds like a design problem to me... or a whole lot of design problems if it is possible for it to switch when a train is in the middle of the switch, as I suspect occurred. There should be safety interlocks to prevent switching from even being possible as long as a weight sensor at the switch is depressed.

It strikes me that this kid not only found a security flaw in the system, but also found at least one very serious safety flaw that could have occurred due to electronics glitches even if he hadn't done this. It could have ben a lot worse, particularly if those same switching systems are used for any high-speed trains....

Engineers who built such...

[Anonymous Coward]

...heinously vulnerable systems are the ones who should get locked up in jail.

Re:New terrorist plot for TV

[anno1602]

Speculation: An alternative explanation would be that the two curves were of different diameter, and the driver intended to take the larger-diameter one, traveling at a speed too high for the sharper curve the tram ended up taking. Tram lines sometimes take pretty sharp turns.

Re:wtf

[MightyMartian]

One expects a lack of forethought and responsibility from teenagers. It's practically the defining characteristic of that stage of life. One expects a good deal from adult engineers.

Re:how many other "systems" like this?

[SleptThroughClass]

As a 14 year old I was quite aware of what would be involved with a train changing tracks, but that is because I actually had studied trains and was consciously aware of the physics involved in their movement. Someone who was focused on the field of electronics might not have considered the physical effects of tons of material being jerked sideways. More NASCAR, fewer video games.

Re:how many other "systems" like this?

[fm6]

I actually think (and hope) this kid's imagination and curiosity somehow gets channeled rather than squashed. He actually sounds like he could be a contributor.

That can actually said about almost any adolescent. The same qualities that make them hard for adults to live with are the ones that they use to create their own adulthood. The trick is to allow them to go through this stage without hurting anybody.

Re:Other Similar Systems: Signal Pre-emption

[Evil Adrian]

Those people that panic and don't move promptly should have their licenses revoked.

This whole thread is pissing me off. "He was young and didn't know what he was doing..." BS. If the kid is smart enough to hack into a system, he's easily smart enough to know how much a train weighs and what damage a train derailment will cause. Send this kid to jail!

Secondly, I hate when people excuse bad driving as normal. It's not acceptable. If you don't clear the intersection when emergency vehicles are coming, you shouldn't be driving, period. If you consistently drive 5mph under the speed limit, your license should be revoked. If you can't PARK YOUR CAR without extreme effort, license REVOKED! If you took licenses away from all the people that shouldn't have them for safety reasons, there would be 50% fewer people on the road, AT LEAST.

I hate people.

Re:The high cost of evolution.

[Doctor-Optimal]

It's better to have your lack of security demonstrated to you by a relatively benign agent before a truly malevolent one.

Is this not the rationale for penetration testing?

It's better to have your lack of security demonstrated to you by a relatively benign agent before a truly malevolent one.

Which sort is this 14 year old who derailed 4 trains and injured people again?
I'm not saying his punishment should be harsh but he *did* do wrong here and knew or should have known that he was doing wrong.

Re:how many other "systems" like this?

[Lemmy Caution]

Many 14 year olds are angry, isolated, and misanthropic, in the throes of adolescent angst and frustration. He may have been indifferent at best to the harm he could have caused. There were times in my own adolescence I was angry and self-pitying to the point of sociopathy.

Road rage much?

[PhxBlue]

Now, I'm all for people driving the speed limit, maybe a little more. But legally, the speed limit is an upper limit, not a lower limit. And people who drive like the speed limit is just a guideline tend, in my experience, to be more prone to road rage than those who actually obey it.

This whole thread is pissing me off. ... I hate people.

Maybe you should consider a class in anger management. Or take a deep breath and put on some jazz music when you get in heavy traffic.

Re:New terrorist plot for TV

[Anonymous Coward]

Speculation: An alternative explanation would be that the two curves were of different diameter, and the driver intended to take the larger-diameter one, traveling at a speed too high for the sharper curve the tram ended up taking. Tram lines sometimes take pretty sharp turns.

That would explain the case of a train entering the base of the Y and exiting the top. The far more likely case is that the train entered the top of the Y and the switching rail was on the other leg. The inner rail would be pointed at the other leg. Trains don't run well on a giant gap in the rail.

Re:how many other "systems" like this?

[LordLucless]

That might have been possible the first time. But he did it FOUR times. After he saw the first tram derail, then the consequences would have been made abundantly clear. The fact that he continued shows that he either didn't care, or enjoyed it.

Re:how many other "systems" like this?

[Muhammar]

Never forget that these things are done first time to figure out if can be done at all - and the second, third and fourth time for the benefit of friends (and sometimes alone too, to fight the boredom). Sharing the exitement of discovery and earning the bragging rights is your reward. Many bright guys at the age 14 are pretty sociopathically disposed.

Re:how many other "systems" like this?

[neomunk]

You're comparing roller coaster tycoon to an erector set and actually implying that the video game is more challenging?

See, NOW I feel old. I always thought that actually studying the engineering aspects and bolting things together to see if you have the design down right took more thought and imagination than 'the computer says this track piece won't fit, better click on the hole digging button'.

Or is it just the fact that if it's not on the big pretty color-making box and just in plain ole' 'real life' (how boring!) it somehow isn't modern enough to even consider being 'challenging'. After all, if it takes more than pressing a button and waiting for a machine to tell you if you hit the RIGHT button, it must be too simple and old fashioned for us modern folk.

In other words, that's just about the dumbest (or at least the most modern-centric) thing I've heard all week. Oh, and remember, this isn't coming from someone who's biased in favor of erector sets or biased against RCT (one of my all time favorite business simulations, and I like that whole genre), just from someone who enjoys them both and understands the limitations both are bound to as well.