Tag Archives: e-ticket sofware

Another grain of sand on the pile: The e-ticket fiasco

There is a Hungarian word “nagypolitika” (literally “large politics”) that is used when talking about a piece of news or an event that has national or international significance. Today’s topic is anything but “nagypolitika.” On the contrary, on the surface at least, it seems like an insignificant affair that luckily hasn’t caused major problems, only annoyance. Yet, judging from the public’s reaction to the faulty software of the newly introduced e-tickets of the Budapest Transit Center (Budapest Közlekedési Központ/BKK), the case has become the focal point of all the frustration Hungarians are experiencing over the incompetence and the arrogance of the Orbán regime in general.

Itcafé, an internet site serving those interested in information technology, claims that the present public mood can be compared only to the impromptu mass demonstrations against the government’s plans to introduce a heavy tax on internet use during the fall of 2015. Just like then, thousands are planning to march in defense of the 18-year-old boy who discovered the software glitch in the first place. Our young hero handled the situation pretty much the way most white hat hackers would have. After he discovered that by changing something in the “POST request” he could set his own price for a ticket, he purchased a monthly ticket for 50 forints (20 cents) instead of 10,000 ($38.00). He then fired off an e-mail to BKK pointing out the security risk, assuring them that his intentions were good. He also perhaps foolishly announced that at the age of 13 he wouldn’t have made such a gross error as the one he found in the brand new e-ticket software. The software company responsible for this shoddy piece of work was I T Systems Magyarország, an affiliate of the German I T Systems Group.

I T Systems Magyarország reported the hacking “crime,” and the police appeared at the boy’s house some 300 km from Budapest and arrested him. The very fact of the arrest upset the internet crowd, but the fact that the arrest took place at 7 a.m. really infuriated them. Media critics of the government interpreted the timing as intimidation, especially since this was not the first time that the Hungarian police have visited people for some minor offenses as, for example, not appearing in court as a witness, in the early hours. Soon enough everybody began calling our hero “the ethical hacker,” although, as I T System countered, “an ethical hacker” is someone who is hired by the company to catch glitches of the kind Szilárd found. The fact is, of course, that no one had found the glitch before our hacker reported it. I T Systems claimed that they had no choice but to move against the boy, regardless of his intentions.

Soon enough other security problems came to light, one of which at least was quite serious. Index warned those who had already signed up on BKK’s website for an e-ticket to change their passwords immediately because hackers can get to their passwords and their e-mail addresses. At a joint press conference given by BKK and I T Systems, the journalists gained the impression that the companies were blaming the customers instead of admitting that there is something wrong with the whole system. As days went by, anger grew. First, BKK’s Facebook page was bombarded with less than polite comments about what people thought of BKK and the decision to bring charges against the boy. On one afternoon 35,000 comments appeared on the site. Two days ago BKK’s website stopped functioning, and it is still unreachable. It is hard to tell whether it became the victim of not so ethical hackers or was just overloaded with users who wanted to vent their frustration. The two companies remained silent until late Friday night when they released a terse statement about the illegal hacking of their system, adding that they were sorry that the accused is a young student whose intentions were well-meaning, but otherwise they expressed no remorse. People demanded an apology.

BKK released statements about all the improvements they are working on, which only revealed the ignorance of the company about the technical aspects of the software the company purchased. The CEO of BKK kept talking about installing a “stronger firewall” as a solution, which of course is nonsense given the problems of the software. At last on Saturday the two companies “issued a half-hearted apology,” as 24.hu put it. Most likely Mayor István Tarlós put pressure on Kálmán Dabóczi, CEO of BKK, to make a statement. A day earlier Tarlós had disclaimed any responsibility for the situation created by the joint incompetence of BKK and I T Systems. Tarlós also promised an investigation of the whole debacle. The CEO of I T Systems by the end was also forced to engage the “ethical hacker” in professional dialogue, which almost sounded like a job offer.

All’s well that ends well, one could say. The boy was a bit shaken by the few hours he had to spend in jail; the software will be fixed; and the two CEOs have been humbled. It is possible that the head of BKK will lose his job as opposition parties demand. Why then the demonstration? The answer, I think, is simple. This public outburst is not just against the shabby treatment of the “ethical hacker.” It is against the whole system which is riddled with incompetence and graft. Vasárnapi Hírek pointed out that the Budapest Transit Authority has been promising an e-ticket system for ten solid years. According to them, this useless software cost 250 million forints. However, according to another source, “BKK received a 550 million forint subsidy” for a project that “is not worth more than 1 or 2 million.” Where did the money go, asks Z. V. in a letter to the editor. Actually, I’m afraid these figures greatly underestimate the real cost of the e-ticket project. I found an item on BKK’s official website—which unfortunately I can’t access at the moment, and which may no longer be there when the website comes back online—from 2012, according to which the city council voted to launch the e-ticket service and for that purpose the City of Budapest gave 6 billion forints to BKK. Six billion. Five years ago, and that’s what came of it.

Finally, here is an interpretation of this BKK affair that I wish were mine. The Hungarian “Szilárd” reminded Szabolcs Bogdán, a writer, of Mathias Rust, the 17-year-old West German youngster who in 1987 landed his plane on Red Square, escaping recognition by the Soviet Air Force. The self-confident Soviet leaders with seemingly limitless powers ruled the empire, but then came this small plane from West Germany. Heads rolled in the Soviet Air Force and the bigwigs thought all was well, merely a fleeting embarrassment. It turned out, however, that the weakness of the whole political system was laid bare by this plane’s landing. The regime was not omnipotent.

I don’t think the comparison is far-fetched. I don’t know how long it will take, but Orbán’s seeming self-confidence is unwarranted. Political life in Hungary right now is like the pile of sand made famous by the Danish physicist Per Bak: once the pile reaches the critical point, adding another grain of sand to it may cause an avalanche. There are times when one small thing can inexorably change the course of history.

July 23, 2017