Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan-Infected Computer Linked To 2008 Spanair Crash

Posted by Soulskill on from the blue-screen-of-literal-death dept.

An anonymous reader writes "Two years ago, Spanair flight JK-5022 crashed shortly after takeoff in Madrid, killing 154 of its 172 passengers and crew. El Pais online newspaper reports that the ground computer responsible for triggering an alarm after three failures are reported in a plane failed to do so. The computer was infected with trojans (Google translation of Spanish original)."

9 of 324 comments (clear)

  1. Complimentary 7 point Slashdot troll guide... by vistapwns · · Score: 4, Interesting

    Here is your complimentary guide to trolling this story: 1. Pretend only windows can get infected with trojans. 2. If you can't do 1. adequately, then pretend Windows is some how easier to infect with trojans than other OSes. 3. Accuse anyone who disagrees with you of being paid off. 4. Make thoughtless absolutists statements like Windows has no security model, and is not a networking OS. 5. Mention chair throwing as proof that MS personnel are unstable, but never mention wife murdering linux developers. 6. Repeat other MS bashers without researching what they're saying. 7. Mention "640k ought to be enough for anyone" as much as possible without giving thought to the brain dead simple idea that MS had nothing to do with the addressable memory limit of the 8086. Following this guide is sure to get you modded up and liked by many other slashdotters, so be sure to follow it closely!

    --
    "...I think the Microsoft hatred is a disease." - Linus Torvalds
  2. Re:The pilots were incompetent by Zocalo · · Score: 3, Interesting

    The pilots kind of revoked their own licenses. Permanently. All of the crew perished in the crash.

    The thing that bugs me is that flight systems on passenger jets are multiply redundant and their are strict rules about what can and can't be done when there is a system failure. For instance there are usually at least three autopilot systems, and if only one is indicating a fault then the flight crew has to perform all flight operations manually. WTF happened with regulatory control that didn't enforce that this kind of redundancy and human oversight applied to critical systems on the ground as well?

    --
    UNIX? They're not even circumcised! Savages!
  3. Swiss cheese by Fzz · · Score: 5, Interesting
    The crash of an airliner these days is rarely due to a single cause. There's a saying in the industry that a crash occurs when the holes in the Swiss cheese happen to line up. This appears to have been the case with this particular crash.
    • The direct cause was that the pilots attempted to take off without setting take-off flaps.
    • They were rushing because they'd had a technical issue, and returned to the terminal after previously taxiing to the runway and completing the take-off checks. So they accidentally skipped the critical check that the flaps were deployed when they lined up to take off the second time.
    • There's a take-off configuration alarm that is supposed to alert the pilots, but it wasn't working.
    • It wasn't working because the engineer removed the circuit breaker that powered it, in order to turn off a stuck heater on a pitot tube that was due to a malfunctioning switch.
    • This particular fault had been noted on previous flights, so should have flagged a warning on the airline's fault monitoring system.
    • The fault monitoring system had a trojan.

    Yup, the holes in the cheese certainly lined up that day. None of these, by itself, would have caused the crash.

  4. Re:Shit. by JamesP · · Score: 4, Interesting

    We run critical stuff on Windows, they don't have access to the Internet. Deal with it.

    Well, no. It's you who has to deal with it.

    good luck

    --
    how long until /. fixes commenting on Chrome?
  5. Re:Shit. by AlecC · · Score: 3, Interesting

    Except that this was not really a mission critical system - it was a fault logging system in the maintenance department. So far as one can tell from a machine-translated popular article, it was meant to log if a single aircraft had a number of different faults logged close together, because faults at different stations might not otherwise get correlated. As such, it is basically an IT system with response requirements in minutes, not a real time system with fault tolerance requirements. One of the systems which failed might have been a warning system which would have warned the pilots of the mistake which cause the crash.

    --
    Consciousness is an illusion caused by an excess of self consciousness.
  6. Re:Shit. by tibit · · Score: 4, Interesting

    Those mission-critical-designed-for OSes are, unfortunately, likely to be secure by obscurity. Something like vxWorks or QNX is not a big enough target for malware writers or blackhats, but I'm quite sure those platforms are full of holes simply because they are not very exposed. I'd say that linux, perhaps with realtime extensions, would be a somewhat better platform -- it's exposed way more, and most of the holes have been patched.

    --
    A successful API design takes a mixture of software design and pedagogy.
  7. Re:Windows? by Z00L00K · · Score: 3, Interesting

    In any case the malware author could be charged with 154 cases of second degree murder. Or will it be mass murder?

    It would be interesting to see that in court.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  8. Re:Windows? by halowolf · · Score: 3, Interesting

    And I would dearly love to see it in court. However I would imagine it would fit more under manslaughter rather than common law type murder, as I would imagine the trojan writer wasn't out to kill people. Though I would imagine you could argue malice is involved in writing trojans. I'm not a lawyer so don't take notice of anything I say. Though going by the poorly translated article there was more going on then just the trojans, the trojan computer may of been more of a contributing factor rather than the primary reason for the crash, due to reasons stated in the article.

  9. Re:Mission Critical by DougF · · Score: 4, Interesting

    Hate to rain on the IT parade here, but the investigation revealed that the aircrew had the aircraft on "in-flight" mode, leading to erroneous indications (forcing the first abort), and then excluding the no flaps/no slats pre-takeoff configuration error warning. The crew also called for the flaps/slats settings to be proper without actually checking them. In effect, they were able to defeat three separate safety measures to prevent exactly this kind of mishap from happening.

    It does not appear that an infection of the mainframe maintenance computer is anything more than a side note in this particular mishap. It may, however, be something for airline maintenance personnel to be aware of to prevent future incidents.

    The real question is why the aircrew are allowed to override a weight-on-wheels (WOW) sensor, when that is primary used for troubleshooting by ground crews. Putting the aircraft into "flight" mode while on the ground requires special attention to actions/procedures (as in when a USAF F-4 shot up a maintenance truck when the WOW switch was in override and the weapons crew performed an ops check on the gun system--ops check good, BTW).

    --
    Impetuous! Homeric!