Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan-Infected Computer Linked To 2008 Spanair Crash

Posted by Soulskill on from the blue-screen-of-literal-death dept.

An anonymous reader writes "Two years ago, Spanair flight JK-5022 crashed shortly after takeoff in Madrid, killing 154 of its 172 passengers and crew. El Pais online newspaper reports that the ground computer responsible for triggering an alarm after three failures are reported in a plane failed to do so. The computer was infected with trojans (Google translation of Spanish original)."

21 of 324 comments (clear)

  1. Shit. by fuzzyfuzzyfungus · · Score: 5, Funny

    Holy Safety-critical system running Windows and apparently not adequately air-gapped, batman!

    1. Re:Shit. by TheRaven64 · · Score: 5, Insightful

      The Internet is not the only source of infection. What about removable media, removable drives, or other machines on a private network that can connect to either the Internet or removable media? Perimeter defences are part of good security, but they are not the whole of it.

      --
      I am TheRaven on Soylent News
    2. Re:Shit. by JamesP · · Score: 4, Interesting

      We run critical stuff on Windows, they don't have access to the Internet. Deal with it.

      Well, no. It's you who has to deal with it.

      good luck

      --
      how long until /. fixes commenting on Chrome?
    3. Re:Shit. by Charliemopps · · Score: 4, Insightful

      We had to secure a computer at a company I worked at years ago. The IT department claimed it was secure (they had put Norton AV and firewall on it) I laughed when the owner of the company told me about it. He asked if I could do better. I put the computer in a metal drawer, locked it, drilled a hole in the back for the cables to come out and handed him the key. "There, now it's secure." He thought I was kidding until I pointed out the USB ports and drive bays.

    4. Re:Shit. by tibit · · Score: 4, Interesting

      Those mission-critical-designed-for OSes are, unfortunately, likely to be secure by obscurity. Something like vxWorks or QNX is not a big enough target for malware writers or blackhats, but I'm quite sure those platforms are full of holes simply because they are not very exposed. I'd say that linux, perhaps with realtime extensions, would be a somewhat better platform -- it's exposed way more, and most of the holes have been patched.

      --
      A successful API design takes a mixture of software design and pedagogy.
    5. Re:Shit. by Vectormatic · · Score: 4, Insightful

      i think MS also disclaims any responsability, that should tell you enough about windows' fitness for mission-critical stuff

      regardless of law, putting any mission critical system (especially when lives depend on it) on a windows machine should be chargeable with criminal negligance, and in this case, manslaughter

      --
      People, what a bunch of bastards
    6. Re:Shit. by Rob+Riggs · · Score: 4, Funny

      Did you remove the networkcable too?

      No can do, my friend. Anti-virus software is useless without a network connection to keep the virus definitions up to date.

      --
      the growth in cynicism and rebellion has not been without cause
    7. Re:Shit. by Xiaran · · Score: 4, Insightful

      I worked for many years in the security industry. We had to do this to prevent security guards turning off the machine when they alarmed as it would interrupt their naps. Probably the best story I heard about a secure room was in Australian Defence. A contractor was installing a secure door to make a secure room(where you store your import and documents and hard disks after hours). Once completed a senior military guy comes down and is really impressed by this thick steel door with massive bolts etc. The contractor said its pretty good, but he reckoned he could get inside within 10 seconds. The military guys cannot believe it and bets the guy $100 he cant do it. They lock the door and the contractor then proceeds to go to the side of the secure room and put his foot thru the plaster board panelling, kicking out a large chunk and allowing him to crawl into the room in about 5 seconds.

    8. Re:Shit. by sjames · · Score: 4, Insightful

      Considering that 154 people died because this system did not issue the warning it was supposed to, I would say it most certainly IS a mission critical system, it just isn't treated as one.

      Of course, it sounds like the whole thing was a tragedy of errors. The pilot should have seen that slats and flaps were in the wrong position, the computer in question should have flagged the plane for grounding, the on board computer should have raised the alarm. There should have been maintenance records independent of the computer that should have raised the flag on pre-flight. Not one of those things happened and people died as a result.

      I would call it a comedy of errors except that it's hard to call 154 deaths a comedy.

  2. Re:What operating system was used? by mseeger · · Score: 4, Insightful

    Because humans are humans. Possible chain of events: "Hmmm. I want to surf in the internet but have no PC. But wait, there is our maintenance PC. If i install iTunes on it and connect it to my iPhone, i may surf during work. Hurray! I can even download the hot pics of my favorite celebrity to which i received a link from these chinese guy."

  3. What? by miffo.swe · · Score: 5, Insightful

    Who puts Windows on anything even remotely mission critical? If you could blame someone, it should be the person deciding that.

    --
    HTTP/1.1 400
  4. Complimentary 7 point Slashdot troll guide... by vistapwns · · Score: 4, Interesting

    Here is your complimentary guide to trolling this story: 1. Pretend only windows can get infected with trojans. 2. If you can't do 1. adequately, then pretend Windows is some how easier to infect with trojans than other OSes. 3. Accuse anyone who disagrees with you of being paid off. 4. Make thoughtless absolutists statements like Windows has no security model, and is not a networking OS. 5. Mention chair throwing as proof that MS personnel are unstable, but never mention wife murdering linux developers. 6. Repeat other MS bashers without researching what they're saying. 7. Mention "640k ought to be enough for anyone" as much as possible without giving thought to the brain dead simple idea that MS had nothing to do with the addressable memory limit of the 8086. Following this guide is sure to get you modded up and liked by many other slashdotters, so be sure to follow it closely!

    --
    "...I think the Microsoft hatred is a disease." - Linus Torvalds
    1. Re:Complimentary 7 point Slashdot troll guide... by geekoid · · Score: 5, Insightful

      Windows is easier. It's a byproduct of sloppy architecture.

      It doesn't mean the others can't be compromised, but it's a fallacy to assume all OS's can be infected with the same level of difficulty.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  5. Re:The pilots were incompetent by Pojut · · Score: 4, Informative

    From the Wikipedia page (emphasis mine):

    "On 17 August 2009, CIAIAC released an interim report on the incident [21]. The interim report confirmed the preliminary report's conclusion that the crash was caused by an attempt to take off with the flaps and slats retracted, which constituted an improper configuration, and noted that safeguards that should have prevented the crash failed to do so. The cockpit recordings revealed that the pilots omitted the "set and check the flap/slat lever and lights" item in the After Start checklist. In the Takeoff Imminent verification checklist the copilot just repeats the flaps and slats correct values without actually checking them, as shown by the physical evidence."

    Daayum.

    --
    Living With a Nerd
  6. Nothing to do with the plane by Kupfernigk · · Score: 5, Informative
    This is an aggregating computer at SpanAir HQ which is supposed to record aircraft alerts and notify when too many of them happen too close together. Its only connection with the on-board computer is that somehow it receives the alerts from it. Its OS is unstated. It is not a mission-critical system, it is a decision-support system. Even so, someone looks to have been careless.

    Whoever modded up the above post - you've missed the point. There may have been a fault in the on-board management system - or human error failing to heed a warning - but nothing in TFA suggests that malware was in any way involved on the flight deck.

    --
    From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
  7. So, when... by Titan1080 · · Score: 5, Insightful

    Does the 'War on Trojanists', begin? But seriously, someone wrote that virus. That means that someone, somewhere (probably Estonia), is guilty of killing 154 people.

  8. Summary needs a bit of clarification by ptbarnett · · Score: 5, Informative
    The infected computer was one being used by mechanics to enter maintenance log entries. According to the article, an alert is supposed to be raised if three failures in the same part or subsystem occurred. If I understand the broken English correctly, they would have taken the plane out of service had the maintenance log entry been completed before the plane attempted to take off.

    But, the problem that was supposed to be logged was reportedly an overheated pitot tube. That was not the cause of the crash: the report says that the pilots did not set the flaps correctly and a warning alarm did not go off. This was not related to the problem with the computer being used by mechanics.

    The article appears to be trying to link two independent events: a separate problem with the plane and an error by the pilots. Or maybe it's just the broken English translation.

    1. Re:Summary needs a bit of clarification by Anonymous Coward · · Score: 5, Informative

      Spanish is my mother tongue, so maybe I can shed more light after reading the original article:

      The procedures of Spanair are to log incidences right away whenever they are detected. Three accumulated incidences and the plane is grounded.

      Two incidences had been found the day before the crash. One incidence was detected on the same day of the crash.

      However, the technicians did not enter the incidences into the system right away, because the system was too slow (assumedly due to the malware)

      The system did not trigger any alarm on the same day because the incidences had not been entered by the technicians. The plane was deemed airworthy, and then the accident happened due to the multiple causes described elsewhere.

    2. Re:Summary needs a bit of clarification by Registered+Coward+v2 · · Score: 4, Informative

      The infected computer was one being used by mechanics to enter maintenance log entries. According to the article, an alert is supposed to be raised if three failures in the same part or subsystem occurred. If I understand the broken English correctly, they would have taken the plane out of service had the maintenance log entry been completed before the plane attempted to take off.

      But, the problem that was supposed to be logged was reportedly an overheated pitot tube. That was not the cause of the crash: the report says that the pilots did not set the flaps correctly and a warning alarm did not go off. This was not related to the problem with the computer being used by mechanics.

      The article appears to be trying to link two independent events: a separate problem with the plane and an error by the pilots. Or maybe it's just the broken English translation.

      Very true - the accident appears to have been the result of a series of crew errors that lead to an improper takeoff condition:

      From Wikipedia: On 17 August 2009, CIAIAC released an interim report on the incident [21]. The interim report confirmed the preliminary report's conclusion that the crash was caused by an attempt to take off with the flaps and slats retracted, which constituted an improper configuration, and noted that safeguards that should have prevented the crash failed to do so. The cockpit recordings revealed that the pilots omitted the "set and check the flap/slat lever and lights" item in the After Start checklist. In the Takeoff Imminent verification checklist the copilot just repeats the flaps and slats correct values without actually checking them, as shown by the physical evidence. All three safety barriers provided to avoid the takeoff in an inappropriate configuration were defeated: the configuration checklist, the confirm and verify checklist, and aircraft warning system (TOWS).

      Had they not made a series of compounding errors the flight probably would have been uneventful; it appears the deactivated systems was not related to the crash. It may be that some other systems were improperly set - ground vs flight mode - which caused problems and may have contributed to the accident; but none are related to the maintenance computer. Should the plane have been grounded due to an early problem? Maybe; but that may not have prevented the errors that lead to the crash.

      We'll never know what the pilots were thinking; but having aborted one takeoff they may have assumed, intentionally or not, that they systems were set for takeoff and did a cursory check as a result; I've seen that happen in other industries where checklists are used. You interrupt the expected course of actions and people simply pick up where they left off, without assuring the systems were properly set for operation.

      --
      I'm a consultant - I convert gibberish into cash-flow.
  9. Swiss cheese by Fzz · · Score: 5, Interesting
    The crash of an airliner these days is rarely due to a single cause. There's a saying in the industry that a crash occurs when the holes in the Swiss cheese happen to line up. This appears to have been the case with this particular crash.
    • The direct cause was that the pilots attempted to take off without setting take-off flaps.
    • They were rushing because they'd had a technical issue, and returned to the terminal after previously taxiing to the runway and completing the take-off checks. So they accidentally skipped the critical check that the flaps were deployed when they lined up to take off the second time.
    • There's a take-off configuration alarm that is supposed to alert the pilots, but it wasn't working.
    • It wasn't working because the engineer removed the circuit breaker that powered it, in order to turn off a stuck heater on a pitot tube that was due to a malfunctioning switch.
    • This particular fault had been noted on previous flights, so should have flagged a warning on the airline's fault monitoring system.
    • The fault monitoring system had a trojan.

    Yup, the holes in the cheese certainly lined up that day. None of these, by itself, would have caused the crash.

  10. Re:Mission Critical by DougF · · Score: 4, Interesting

    Hate to rain on the IT parade here, but the investigation revealed that the aircrew had the aircraft on "in-flight" mode, leading to erroneous indications (forcing the first abort), and then excluding the no flaps/no slats pre-takeoff configuration error warning. The crew also called for the flaps/slats settings to be proper without actually checking them. In effect, they were able to defeat three separate safety measures to prevent exactly this kind of mishap from happening.

    It does not appear that an infection of the mainframe maintenance computer is anything more than a side note in this particular mishap. It may, however, be something for airline maintenance personnel to be aware of to prevent future incidents.

    The real question is why the aircrew are allowed to override a weight-on-wheels (WOW) sensor, when that is primary used for troubleshooting by ground crews. Putting the aircraft into "flight" mode while on the ground requires special attention to actions/procedures (as in when a USAF F-4 shot up a maintenance truck when the WOW switch was in override and the weapons crew performed an ops check on the gun system--ops check good, BTW).

    --
    Impetuous! Homeric!