Another grain of sand on the pile: The e-ticket fiasco

There is a Hungarian word “nagypolitika” (literally “large politics”) that is used when talking about a piece of news or an event that has national or international significance. Today’s topic is anything but “nagypolitika.” On the contrary, on the surface at least, it seems like an insignificant affair that luckily hasn’t caused major problems, only annoyance. Yet, judging from the public’s reaction to the faulty software of the newly introduced e-tickets of the Budapest Transit Center (Budapest Közlekedési Központ/BKK), the case has become the focal point of all the frustration Hungarians are experiencing over the incompetence and the arrogance of the Orbán regime in general.

Itcafé, an internet site serving those interested in information technology, claims that the present public mood can be compared only to the impromptu mass demonstrations against the government’s plans to introduce a heavy tax on internet use during the fall of 2015. Just like then, thousands are planning to march in defense of the 18-year-old boy who discovered the software glitch in the first place. Our young hero handled the situation pretty much the way most white hat hackers would have. After he discovered that by changing something in the “POST request” he could set his own price for a ticket, he purchased a monthly ticket for 50 forints (20 cents) instead of 10,000 ($38.00). He then fired off an e-mail to BKK pointing out the security risk, assuring them that his intentions were good. He also perhaps foolishly announced that at the age of 13 he wouldn’t have made such a gross error as the one he found in the brand new e-ticket software. The software company responsible for this shoddy piece of work was I T Systems Magyarország, an affiliate of the German I T Systems Group.

I T Systems Magyarország reported the hacking “crime,” and the police appeared at the boy’s house some 300 km from Budapest and arrested him. The very fact of the arrest upset the internet crowd, but the fact that the arrest took place at 7 a.m. really infuriated them. Media critics of the government interpreted the timing as intimidation, especially since this was not the first time that the Hungarian police have visited people for some minor offenses as, for example, not appearing in court as a witness, in the early hours. Soon enough everybody began calling our hero “the ethical hacker,” although, as I T System countered, “an ethical hacker” is someone who is hired by the company to catch glitches of the kind Szilárd found. The fact is, of course, that no one had found the glitch before our hacker reported it. I T Systems claimed that they had no choice but to move against the boy, regardless of his intentions.

Soon enough other security problems came to light, one of which at least was quite serious. Index warned those who had already signed up on BKK’s website for an e-ticket to change their passwords immediately because hackers can get to their passwords and their e-mail addresses. At a joint press conference given by BKK and I T Systems, the journalists gained the impression that the companies were blaming the customers instead of admitting that there is something wrong with the whole system. As days went by, anger grew. First, BKK’s Facebook page was bombarded with less than polite comments about what people thought of BKK and the decision to bring charges against the boy. On one afternoon 35,000 comments appeared on the site. Two days ago BKK’s website stopped functioning, and it is still unreachable. It is hard to tell whether it became the victim of not so ethical hackers or was just overloaded with users who wanted to vent their frustration. The two companies remained silent until late Friday night when they released a terse statement about the illegal hacking of their system, adding that they were sorry that the accused is a young student whose intentions were well-meaning, but otherwise they expressed no remorse. People demanded an apology.

BKK released statements about all the improvements they are working on, which only revealed the ignorance of the company about the technical aspects of the software the company purchased. The CEO of BKK kept talking about installing a “stronger firewall” as a solution, which of course is nonsense given the problems of the software. At last on Saturday the two companies “issued a half-hearted apology,” as 24.hu put it. Most likely Mayor István Tarlós put pressure on Kálmán Dabóczi, CEO of BKK, to make a statement. A day earlier Tarlós had disclaimed any responsibility for the situation created by the joint incompetence of BKK and I T Systems. Tarlós also promised an investigation of the whole debacle. The CEO of I T Systems by the end was also forced to engage the “ethical hacker” in professional dialogue, which almost sounded like a job offer.

All’s well that ends well, one could say. The boy was a bit shaken by the few hours he had to spend in jail; the software will be fixed; and the two CEOs have been humbled. It is possible that the head of BKK will lose his job as opposition parties demand. Why then the demonstration? The answer, I think, is simple. This public outburst is not just against the shabby treatment of the “ethical hacker.” It is against the whole system which is riddled with incompetence and graft. Vasárnapi Hírek pointed out that the Budapest Transit Authority has been promising an e-ticket system for ten solid years. According to them, this useless software cost 250 million forints. However, according to another source, “BKK received a 550 million forint subsidy” for a project that “is not worth more than 1 or 2 million.” Where did the money go, asks Z. V. in a letter to the editor. Actually, I’m afraid these figures greatly underestimate the real cost of the e-ticket project. I found an item on BKK’s official website—which unfortunately I can’t access at the moment, and which may no longer be there when the website comes back online—from 2012, according to which the city council voted to launch the e-ticket service and for that purpose the City of Budapest gave 6 billion forints to BKK. Six billion. Five years ago, and that’s what came of it.

Finally, here is an interpretation of this BKK affair that I wish were mine. The Hungarian “Szilárd” reminded Szabolcs Bogdán, a writer, of Mathias Rust, the 17-year-old West German youngster who in 1987 landed his plane on Red Square, escaping recognition by the Soviet Air Force. The self-confident Soviet leaders with seemingly limitless powers ruled the empire, but then came this small plane from West Germany. Heads rolled in the Soviet Air Force and the bigwigs thought all was well, merely a fleeting embarrassment. It turned out, however, that the weakness of the whole political system was laid bare by this plane’s landing. The regime was not omnipotent.

I don’t think the comparison is far-fetched. I don’t know how long it will take, but Orbán’s seeming self-confidence is unwarranted. Political life in Hungary right now is like the pile of sand made famous by the Danish physicist Per Bak: once the pile reaches the critical point, adding another grain of sand to it may cause an avalanche. There are times when one small thing can inexorably change the course of history.

July 23, 2017
Sort by:   newest | oldest | most voted
Member

Trump is practicing the same kind of super-corrupt, super-incompetence, but at a much larger and more ruinous scale, putting the whole planet at risk. Let’s hope both of these abhorrent and absurd castles of sand soon implode.

comment image

wrfree
Guest

comment image?w=620

Vlad… doing an admirable job after the demise of Uncle Joe to get back in the ‘great game’. The Kremlin bagged their idiot.

petofi
Guest

@ wrfree

“The Kremlin bagged their idiot.”

I agree, but it’s not quite so simple.
The background problem is the deterioration in American democratic practice:

1) it’s a two-party system that gangs up on any effort for a third party to enter it;

2) the Democratic party’s control by the Clinton is deplorable. Worse still, is the ‘super delegate’ system
used at their nomination convention. This procedure short circuits the importance of the state decisions.
Were it not for the super delegates voting en masse for Clinton, Sanders would’ve won the convention.

3) The Republican Party has totally lost all respect for the constitution and the welfare of the country–they care only to be in power. The hapless moron, Trump, who has sold out the country to the Russians as well, is the result. And yet, the Republicans are not ready to move against Trump; and without them, there’s no dethroning the (global) village idiot.

So, the problem is not only Trump. The bigger problem is how the two political parties have absconded with the political system and made it their private game…

Member

You’re wrong about Clinton and Sanders.

Nate Silver: “Clinton will be the Democratic nominee because substantially more Democrats have voted for her. In addition to her elected delegate majority, she’s received approximately 13.5 million votes so far in primaries and caucuses, compared with 10.5 million for Sanders.” https://fivethirtyeight.com/features/hillary-clinton-clinches-democratic-nomination-according-to-ap/

In other words, Hillary got 3 million more primary and caucus votes than Sander. Votes by the superdelegates reflected the popular will of the party – they didn’t change the outcome of the nominating process.

Istvan
Guest
Petofi the Constitution sets a high bar for impeachment, its unlikely to happen with a Republican majority in Congress. Trump asserted on Saturday that he had the “complete power to pardon” his friends, relatives and possibly himself to short-circuit a special counsel’s investigation into any possible collusion between his team and Russia during last year’s campaign. He also said he did not need to use his pardon power at this point. I agree with President Trump he could pardon all of those associated with him that are implicated in the Russia investigations and that act would not be an impeachable offense. Trump now seems most concerned about keeping in the good graces of the US military. Hence his speech commissioning ceremony for the nuclear-powered Gerald R. Ford the other day, it’s the first in a new class of aircraft carriers in 42 years. He said in part: “American steel and American hands have constructed a 100,000-ton message to the world: American might is second to none… When it comes to battle, we don’t want a fair fight. We want just the opposite. We demand victory, and we will have total victory, believe me.” That speech was targeted at those in… Read more »
Guest

This story has now reached the international IT media with the widely read site Slashdot having an article entitled, Company Gets 45,000 Bad Facebook Reviews After Teenaged Hacker’s Unjust Arrest. It is also appearing in my non-Hungarian Twitter feed. And I can confirm that the BKK has a 1-star rating on its Facebook page. While that may not seem like a big deal to many, negative sentiment on social media does impact on a company’s ability to attract advertisers, staff, etc..

Guest

Hungary’d better hope Anonymous doesn’t side with the young boy and retaliate on a larger scale against major official sites. That wouldn’t be pretty.

Ferenc
Guest

“2012: 6 billion forints to BKK”
This is probably the item Eva is referring to: “Döntött a Fővárosi Közgyűlés” (2012.Jan.25)
http://www.bkk.hu/2012/01/kozgyules_120125/
At the BKK website is also a document upon which that decision seems to be based: “BKK Elektronikus jegyrendszer – Megvalósíthatósági vizsgálat” (2011.Dec)
https://www.bkk.hu/apps/docs/megvalosithatosagi_vizsgalat.pdf

Member

“he discovered that by changing something in the “POST request” he could set his own price for a ticket, he purchased a monthly ticket for 50 forints (20 cents) instead of 10,000 ($38.00)”

OMG!

This is worse than when I made an online Christmas-Card where one Customer found that by altering the GET-request one could watch another persons Card…and that was 1999….and I had not a clue what I was doing, then that was not really my cup of tea.

Not to verify such a financial transaction on the server-side should be criminal initself.

Guest
One of the underlying problems is that most of the good IT people have left Hungary for greener pastures … And the other is that a career in any field in the state bureaucracy of Hungary nowadays depends not on your qualifications – but solely on your connections, just like in “Communist” times. My wife can tell stories about those years in the “önkormanyzat” – people barely able to read and write became bosses because they were in the Party. And her son tells similar stories about his current experiences. Rather OT (or not): Today I fetched a friend from the hospital and while waiting looked around. The people looked quite professional and were generally very friendly, a lot of cleaning and repairing of the old structure was going on but the main impression was: The whole building was of a standard that was current before WW2 … Reminded me of the German university hospital that my first wife had worked in – which was finally demolished 40 years ago because it just couldn’t be adaped any more … So again this shows Hungary’s basic problem: The infrastructure is at least 50 years behind the times and that takes its… Read more »
LwiiH
Guest

Not quite true. There are plenty of good it people in Budapest. The itscene has changed dramatically for the better with President, UStream, and google setting up incubat spaces. Also, this is a surprisingly common error but yeah, performing the calculation in the browser…. stupid but I fear given current trends in UI dev we’re going to see Moore of this

Guest

Yes, there are good IT people around (my wife’s son e g …:)) but they don’t work on sh*t projects for the government where the pay is horrible because the money goes you know where …
He tells me horrible stories too …
His former boss left for a better paying position in Germany, totally unepected – which left some projects in limbo

Istvan
Guest
Chicago for several months had all kinds of problems with the electronic ticket system for our mass transit system when it was introduced. There were numerous articles about it and stories on TV, here is one of many such stories http://www.chicagotribune.com/news/local/breaking/chi-cta-chief-ventra-developer-must-correct-poor-customer-experiences-20131105-story.html Of course because of the use of market mechanisms public officals could denounce the contracted private company that set up the service rather than have those who expose the flaws in the system arrested. The former Communist nations have inherently primitive responses to public outrage, rather than ameliorating the public with sympathetic and cynical comments they arrest the whistle blower. Today the system is functional, I totally don’t trust its security and refuse to use my credit card to recharge my stored value card and instead deposit cash into it. The reality of our e-ticket system was the elimination of many jobs for ticket agents working for the Chicago Transit Authority. This led to litigation by the union representing those workers, see http://www.heylroyster.com/news2/details.cfm?pageID=7&newsID=554 But in the end the job eliminations took place. Eva missed the larger story here and that is the eventual complete elimination of all public transit workers by robotic technology in Hungary and around the world.… Read more »
Jean P.
Guest

The time and cost it takes to develop and tune and Eticket system and similar public service systems are always and everywhere severely underestimated. In Hungary an additional problem is that the corruption percentage of the cost is increasing exponentially with time.

petofi
Guest

Istvan,
let’s get to something useful: what is your opinion of mayor Rahm?

Istvan
Guest

Not a nice man Petofi, Mayor Emanuel is a very hard politician for a former ballet dancer. He is smart, he comes from an extremist family by the way. His father Benjamin Emanuel, was an Irgun militant and reportedly was involved in the King David Hotel bombing in 1946. His brother has very big money and funds heavily the Democrat Party. I have met the Mayor many times including when he was in Congress and he lives about 3/4’s of a mile from my home. His wife is very nice and is a Catholic convert to conservative Judaism.

One of his children was robbed of his cell phone not far from my house and got punched in the head for good measure without fighting back, not a guy like his Dad I guess. Any thing else you would like to know?

exTor
Guest

comment image

http://hungarianspectrum.org/2017/07/21/viktor-orban-and-the-chabad-kosher-business/#comment-135791

A couple of days ago Ex_Hu_Can expressed an interest in communicating privately about my having moved to Csepel. [above] I’m willing to talk to him (I presume) about Csepel, Éva.

Are you willing to provide either him or me (or both of us) the other’s email address? I presume that you have more than one functioning email address. I myself have a dozen Gmail addies that I use for various forms of communication, some forms using more than one addy.

I am aware that you communicate with some of the more trusted posters to Hungarian Spectrum. This would be a favor to Ex_Hu_Can. You could email me with his address, after which I would not reveal yours. Thanx.

MAGYARKOZÓ

SmokingGuy
Guest

Dear exTor,

I changed my name on Eva’s advise from the previous Ex_Hu_Can as it was presumed that the underlines caused some access problems.

Thank you for your willingness to communicate directly with me. I hope I can learn a lot from you in the subject. I just sent an E-mail to Eva authorizing her to release my E-mail address to you. Please be aware of that I am not sitting at the computer 24/7 therefore I ask your patience for responses.

bimbi
Guest

OT yes, but… Much international newsprint has lately been expended on the attempt of the Polish government to take-over the Polish judiciary. But not a squeak about Hungary. As far as the European Union goes, the saddest part of this judicial take-over by the current government in Poland is that it has all been done before – in Hungary and not in Poland. In the sad mafia state of Orbán’s Hungary, since 2012, the government appoints the judges, says which judge will preside over which case and where and has loaded the highest court in the land with its own appointees. And what has the EU done about this? NOTHING!

And only now the EU has decide to give a severe finger-wagging to Poland? The EU institution is toothless, being driven only by big money and international corporations. No wonder democracy is being killed off all over the EU. It has already died in corrupt and criminal Hungary.

wrfree
Guest

Re: ‘EU doing…. nothing’

Well we can take a look at who they’re up against. Kaczynski is supposedly a ‘workaholic’ who’s a ‘stay at home’ politician. He’s an example of a fellow who really believes in his idea. This is a politician that gets alot done by not worrying about a commute.

The EU’s Timmerman hopes to have a response supposedly this week. If they haven’t been doing anything I’d guess they’re trying to get the reps back from Amalfi, Riviera etc etc….;-)…Mr. K looks ahead. Don’t think he knows what a vacation is.

Member

When Mr. K was prime minister, he didn’t know how to use a computer. Not sure how well he does on the efficiency front. But you are right when you say that he believes in his ideals.

bimbi
Guest

@wrfree 10:13 a.m.

“And what has the EU done about this? NOTHING”. What I have just quoted referred in my post above, clearly, not to current Poland but to the judicial take-over in Hungary engineered by Orban and (now EU Commissioner) Navracsics. With the Polish presidential veto, it remains to be seen if the EU needs to take action there. But the failure of the EU in Hungary set a terrible precedent for future EU (in)action. Mr.Kaczynski is well aware of this.

wrfree
Guest

Yes you’re correct. And I agree Mr K is up on ‘precedent’. Curious how far the EU will push back on what PiS is trying to achieve. The fact is there are now not one but two visibly ‘dissenting’ countries within the membership.
Like Fleetwood Mac they seem to be ‘going their own way’. I’m not too sure ‘same old same old’ by the EU is going to work if things go the signing into law route. They’ll have to take some action.

Observer
Guest

An industrious fanatic is not less dangerous or deplorable than the opportunistic power usurper and robber.

Guest

Shouldn’t the name of the developing company be “T Systems”? This is a (former ?) subsidiary of German Telekom – of which I don’t think too much anyway …

SmokingGuy
Guest

I am standing here as Balaam’s Donkey.

How dishonest a software developer and its client and how stupid a law enforcement agency be can to charge/arrest someone who discovered a serious fault in the new software that could have cause the BKK hundreds of millions of forints loss if this guy spread his findings in the underworld community rather than what he did; advised the potential victim.

They should have rewarded him and perhaps hire his services to be a tester for them after they think they fixed the issue. This is so narrow minded approach. I am not a lawyer but I could get this guy off the hook and fight for a major compensation easily.

I will check back here to see if Eva keeps her eyes on the issue and finds out the ending of this idiotic story.

Member

How stupid can a law-enforcement agency be?

Hungarian police were never known for their brainpower. In 2012, the elite anti-terror squad, TEK, made its big debut by arresting a kid dressed up like Luke Skywalker for a school play. In May 2007, police shot dead a would-be bank robber who had taken hostages at Szena ter, then one of the policemen made off with the money he was trying to steal. In 1998, investigators accused a desk worker at ÁB-Aegon in Eger, accusing her of sparking a nationwide bank panic with a single email.

“We Screw Things Up” should be the police’s motto instead of “We Serve and Protect.”

wrfree
Guest

Re: ‘They should have rewarded him and perhaps hire his services to be a tester for them after they think they fixed the issue’

Surprised BKK apparently didn’t have a department of one or two or three drilling through the action of the software before release. Any software going out to the public at large and that will see perhaps continual use needs to be put through the software wringer. ‘Takes time but sure saves the dime’.

petofi
Guest

The worst thing you can do to a Hungarico bureaucrat is to point out how simple and stupid he/it is. Period.

Ferenc
Guest

The story seems to spread in the international internet-media:
Austria: https://futurezone.at/digital-life/e-ticket-debakel-budapester-oeffis-ernten-shitstorm/276.782.321
Germany: https://www.golem.de/news/nahverkehr-18-jaehriger-e-ticket-hacker-in-ungarn-verhaftet-1707-129091.html
Holland: http://nos.nl/artikel/2184824-online-actie-na-arrestatie-klokkenluider-hongaarse-ov.html
Unfortunately there isn’t direct involvement by OV&Fidesz in this story… and from now on they’ll most likely blame others for this…

Member

OT (or maybe not?): a somewhat worrisome line is buried in this otherwise-innocuous story of prison guard training: the government is constructing several new prisons and so will need to fill 2,000(!) new prison guard jobs.

Wait, what? Why do we need a bunch of new prisons? Has a crime wave broken out in Hungary that I’m not aware of? Or do certain people in charge expect to have a large influx of new jail residents sometime soon?

http://index.hu/belfold/2017/07/24/kobanyan_valosagga_valt_donald_trump_alma/

Jean P.
Guest

Good question.

gdfxx
Guest

Far from me to defend those responsible for this fiasco. But ignoring the fact of the arrest of the “hacker” boy, one has to admit that government contracts – of any government – almost never come in on time and on budget. This is generally due to the technical incompetence of those government experts who write the specifications for the project and then manage the project’s implementation. Software projects perform worse than many others, for the same reasons. Just look at the case of the Oregon State’s attempt to create a website for the local implementation of Obamacare. After three hundred million US dollars the project was abandoned, it never worked. Some details can be read here (and many other places):

https://www.usnews.com/opinion/articles/2016-06-08/cover-oregon-health-care-disaster-showcases-havoc-wrought-by-obamacare

Guest

Rather OT:
These stories remind me of an old joke:

Why do government IT projects usually cost around 3.14 times as much as planned?

Because they are trying to square the circle!
35 years experience in Data Base Systems on my side …

wpDiscuz