Fact check: malware did not bring down a passenger jet

Fact check: malware did not bring down a passenger jet

Summary: I've been reading breathless and shocking headlines for several days now alleging that "malware brought down a Spanish jet" in a fatal 2008 crash. It's yet another case study in how the Internet echo chamber works to take a single report and distort it beyond recognition. No, malware didn't cause that crash. Here's what really happened.

SHARE:
77

I've been reading breathless and shocking "reports" for several days now explaining that "malware brought down a Spanish jet." And once again we have a case study in how the Internet echo chamber works to take a single report and distort it beyond recognition. I've now read articles from more than 20 online publications repeating this story. Not a single one has done even a shred of research beyond simply quoting a bad translation of the original Spanish-language report.

The reality? Yes, the crash of Spanair flight 5022 at Madrid-Barajas Airport in August 2008 was a tragedy, with the entire crew and 154 passengers losing their lives. But malware did not bring down that plane. The actual cause of this crash has been extensively documented in official reports from the Spanish Civil Aviation Accident and Incident Investigation Commission (CIAIAC). Their website contains a preliminary report published shortly after the accident, an Interim Report released last year at roughly this time, and a Progress Note published just last week. The official English translation of the most recent report does not mention viruses or malware. The actual cause is far more prosaic: the pilots missed a crucial item on their checklist and took off with the flaps in the wrong position:

The investigation has determined that the takeoff was attempted while in an inappropriate and unapproved configuration, since the flaps and slats were fully retracted. The system outfitted on the airplane to warn of an inadequate takeoff configuration (TOWS) also failed to activate.

Was there a problem with the computer on the plane? Not according to the CIAIAC:

[T]he information stored on the computers for the enhanced ground proximity warning system (EGWPS), the advanced flight management (AFMC), central air data (CADC), digital flight guidance (DFGC) and the optical inertial reference units (IRU) has been extracted. The results from the analysis of the data recovered from the ground proximity warning system computer are available and consistent with the data found on the flight data recorder (DFDR) and from the two air data computers, which indicate that both units were functioning normally on the previous flights and at the time of the accident.

In fact, as airline-safety experts noted, the aircraft in question, a McDonnell Douglas DC-9-82 (MD-82), is not computerized (its design dates back to 1979 and the last delivery was in 1997). The exact same type of aircraft was involved in the eerily similar fatal crash of Northwest Airlines Flight 255 in Detroit in 1987. The investigators in that crash concluded that the cause was pilot error.

So where did these alarming reports of malware-infested computers come from? The original article, from Spain's El País newspaper, opens with this paragraph:

El ordenador central de la compañía Spanair en el que se anotaban las averías de los aviones estaba contaminado con programas informáticos maliciosos cuando se produjo, hace hoy dos años, el accidente del vuelo JK 5022. La computadora, situada en la sede de la aerolínea en Palma de Mallorca, emite una señal de alarma en el monitor cuando registra tres problemas técnicos similares en el mismo aparato.

My Spanish is rusty, but it's good enough to get the gist of the report: A computer at the airline's maintenance headquarters in Palma de Mallorca was infected with some sort of malware  ("troyanos," or Trojans) at the time of the accident. That same computer is used to record incident reports submitted by mechanics and is programmed to raise an alarm if the same problem occurs three times on the same aircraft. [Update: As a commenter with avionics test experience notes, this "alarm" is probably not a flashing light or a ringing bell. It's more likely a pop-up dialog box or an e-mail alert.]

On the day of the crash, the plane returned to the gate after the crew noticed a problem. The mechanics at the airport identified the issue and cleared the plane for takeoff. They apparently didn't know that this was the third report of a similar problem in a two-day period. But even if the headquarters office had maintained its PC perfectly, the plane would still have taken off. The mechanics were still entering their report at the time of the crash, and as a May 2010 report in the same newspaper noted, the headquarters office had a custom of entering data 24 hours after it was received. None of those three incidents were recorded on the allegedly infected PC until after the plane had crashed.

There's no doubt that this accident was a tragedy. It might even have been preventable. But the cause was not a piece of malware on a PC hundreds of miles away. Reports from air safety investigators are written in circumspect language, reflecting the fact that they are the work of engineers and potential expert witnesses in civil and criminal actions. In this case, it's easy to read between the lines of last week's Progress Note, in which the investigators note that they are continuing to analyze "the operator's maintenance structure and organization … specifically, the procedures described in the company's manuals [and] the degree of compliance by maintenance personnel."

In fact, two mechanics who checked the plane before take-off and Spanair's head of maintenance at Barajas were hauled before a judge on manslaughter charges, according to a 2008 BBC report. The fact that a PC used for such a critical function might have been susceptible to infection suggests that the entire maintenance operation was lax and poorly run. In other words, the malware, if it existed, was one symptom among many of a much larger management problem at an unprofitable airline.

Meanwhile, the publications that teased readers with inflammatory headlines need to go back to journalism school. "Malware Contributed to Plane Crash" and "Trojan blamed for Spanish air crash" are simply not accurate. The most disgusting one of all the headlines I read was "Murder by malware: Can computer viruses kill?" The editor and author of that post should hang their heads in shame.

Topics: Malware, CXO, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

77 comments
Log in or register to join the discussion
  • RE: Fact check: malware did not bring down a passenger jet

    Thanks for clearing this up Ed. I don't know anyone who thought the trojan took down the airplane except the one d-bag who kept posting and never worked for an airline. There was no way possible that a trojan could have taken it down, not with all the restrictions the FAA has on flight checks and the company's own internal software audits. Anyone who thought otherwise is a fool, which leads us back to the d-bag who never worked for an airline.
    Loverock Davidson
    • flight checks... software audits...

      All the checks, balances, backups or what have you are all for naught when 2 pilots forget to extend the slats for takeoff.

      That is one of the most unbelievable mistakes that I could ever imagine anyone making in a cockpit. I'd like to hear the voice recorder to see if they were distracting themselves talking about something ( major breach of policy) or maybe the captain called for slats but the first officer failed to set them. (worse than a breach of policy)

      I have over 10,000 hours in complex, turbine powered aircraft. That equates to around 5,000 takeoffs and landings. I can tell you a pilot worth his pay never misses anything in such an important phase of the flight.

      We had a bunch of calculations and tasks to do, figuring takeoff power settings, Vr speed, 'point of no return' both speed and length of remaining runway at that point, SET THE FLAPS and confirmed with the indicator...it's about the busiest you get in a cockpit. Easy to forget something, except for the fact it's impossible to forget anything;
      it's all on the checklist.

      How can you forget something staring you in the face in black and white? There's only one way: you didn't use the checklist.

      If you fly the same aircraft day in and day out you get to where you probably could fly it in your sleep. But this kind of familiarity can be dangerous. I'm sure when that pilot was pushing the power levers forward he "knew" everything was as it should be. He was obviously wrong.

      But I always remembered what I was getting paid to do, which was get the ship from point A to point B safely. I didn't care that some of my swashbuckling coworkers said I 'look(ed) like a 'dink' for always insisting the FO read and confirm every item. If 'macho' is doing everything by rote, well, this is what you get.

      If I'd been at the helm that MD80 no doubt all those people wouldn't have lost their lives, at least not on that flight.

      Mechanical failure is one thing. You do prepare for it and most of them are survivable. But something as simple as a checklist.. I have a hard time comprehending this degree of mindlessness. No excuse.
      pgit
      • RE: Fact check: malware did not bring down a passenger jet

        @pgit
        Well said! I figured that's what happened here.
        Loverock Davidson
      • RE: Fact check: malware did not bring down a passenger jet

        @pgit <br><br>I've been flying since 1971 and, like you, have a whole lot of hours in my log book.<br><br>None of us like to see Pilot Error as the conclusion of a crash investigation, but the report of Spanair flight 5022 leaves no room for any other conclusion.<br><br>All too often familarity with an aircraft leads to complacency in the left seat's reagard for the checklist -a sure recipe for disaster.
        Noah44
      • RE: Fact check: malware did not bring down a passenger jet

        @pgit
        @pgit <br><br>I've been flying since 1971 and, like you, have a whole lot of hours in my log book.<br><br>None of us like to see Pilot Error as the conclusion of a crash investigation, but the report of Spanair flight 5022 leaves no room for any other conclusion.<br><br>All too often familarity with an aircraft leads to complacency in the left seat's reagard for the checklist -a sure recipe for disaster.
        Noah44
      • pressures, all of them stupid

        @Noah44

        I couldn't believe how small minded some of my coworkers were. They considered using the physical checklist to some kind of sign of weakness, unfamiliarity, lack of professionalism even.

        There was a macho angle to it. When ego enters the cockpit, watch out.

        Human nature is ultimately unavoidable. But I found the best/safest pilots to be the humble type. I for one never complained when even a newbie copilot pointed out something I may have missed or potentially was about to. Thank God for a working, conscientious second set of eyes.

        There's also a lot of bitching that goes on up front. Remeber the Northwest flight that overshot over 100 miles because the crew were looking at work schedules and complaining abot the resulting pay.

        Or the tragedy in Buffalo when the commuter crew was discussing similar, it icing conditions on approach, no less.

        Sad but true the industry has "evolved" in a way that it tends to drive out the smarter and more capable folks. Few are lucky enough to get a part 91 corporate job (like I did) where better and safer are the considerations and the bottom line is no factor at all. (except for an annual assessment of comparative costs, eg vs airline travel)

        BTW I ended up chief pilot and director of flight ops. Humble pays off. I was elevated due to my perpetual self doubt, always questioning my every move. That's a routine this world sorely needs in every walk of life.
        pgit
      • Well said sir

        @pgit
        As an engineer, we as a group often get derided for being sticklers for procedure. This is why we do it. To get things done the right way day after day, particulary when lives are on the line.
        NJSteveK
      • RE: Fact check: malware did not bring down a passenger jet

        @pgit<br>Ego can often have nothing to do with it. The human mind is fallible, and if distracted even for a second, it can often have disasterous results.<br><br>Back in 1987, an MD-82 overshot the runway on takeoff and crashed into a highway overpass. The crash was a result of the crew forgetting to extend their flaps and slats prior to takeoff. As I recall, the crew were experienced, so it had not been a rookie mistake.<br><br>Rather, the flight crew had been distracted - not by anyone in the flight deck, but by ATC, who had requested that they change runways while they were still preforming the checklist. When they returned to the checklist, the pilots assumed they'd already done the first page and moved on to the next checklist.<br><br>The warning that would have gone off was disabled because the breaker that controlled it was also linked to another warning - the stall warning - that was a common annoyance to pilots taxi-ing in McDonnell Douglas airplanes. At the time, it had been common practice to open the circuit breaker that controlled the stall warning - also unfortunately disabling the flaps down warning - until after take-off. It is unknown whether this was the case, or if the breaker had simply failed, due to the panel being severely damaged in the crash.<br><br>The commission that examined the checklist used in the flight found glaring mistakes in the design of the checklists - the least of which was that it made no provision for showing the progress the pilots had made through the checklist. The crash prompted a widespread reexamination of standard checklists used across the United States and provided a major push to get switchboard and, later on, computerised checklists standardised in most major airlines throughout the country.<br><br>The point is that human failure is possible even in the simplest things. The simple fact is that we *don't* know all the facts that lead to the plane's demise, and to assume otherwise, or to assume that we would have behaved differently, is arrogance, plain and simple.
        MarkKB
      • RE: Fact check: malware did not bring down a passenger jet

        this is a very useful blog for the upcoming businesses . the points that are listed are grea . For any business goal setting and developing a plan are very essential and are the basis for the success.i will be applying these tips in my business . thank you.
        <a href="http://www.itmagic.ltd.uk/3-mobile-broadband.htm">mobile broadband offers</a>
        Amanda123456
    • RE: Fact check: malware did not bring down a passenger jet

      @Loverock Davidson If you had read Ed's article you would have noted that the incident took place in Spain and has nothing to do with the FAA.
      coopejx@...
      • Save your breath...

        @coopejx@... Like many Americans, Loverock somehow has the idea that the US's laws and bureaus have universal jurisdiction.
        daftkey
      • RE: Fact check: malware did not bring down a passenger jet

        @coopejx@...
        Fine, then I correct myself. All the restrictions the Spanish FAA equivalent has, there is no way this could be caused by a trojan.
        Loverock Davidson
      • RE: Fact check: malware did not bring down a passenger jet

        @coopejx@... If that airline/that aircraft ever operated commercially in US airspace, it was subject to the FAA.
        fairportfan
  • Very true, but, still having a virus on a critical computer system that

    generates alarms / warning is not acceptable. If they were running Windows, for such a critical computer, this is really embarrassing.
    DonnieBoy
    • I imagine that your emotions are

      that of embarrassment at the moment.

      Had you actually read the story you would have noticed that a virus or trojan did not stop the computer from alerting anyone of a problem, as

      "The mechanics were still entering their report at the time of the crash"

      You do appear to actually be upset that many found Linux an unacceptable operating system for mission critical operations.

      :|
      Tim Cook
      • RE: Fact check: malware did not bring down a passenger jet

        @Mister Spock @DonnieBoy

        You both obviously didn't read the article, but began trolling based on just the title of the article.

        "the aircraft in question, a McDonnell Douglas DC-9-82 (MD-82), is not computerized (its design dates back to 1979 and the last delivery was in 1997)"

        This clearly states that the airplane's systems WERE NOT COMPUTERIZED!!!

        This has nothing to do with which OS was or was not involved. If you want to keep trolling, go somewhere else and do it...PLEASE! Some people will never grow up, I guess.
        linux for me
      • Yes, due to the timing, the computer in question would not have been able

        prevent the accedent, even if working properly. BUT, THAT IS STILL NOT AN EXCUSE FOR A SAFETY CRITICAL COMPUTER NOT WORKING.
        DonnieBoy
    • Er.. Did you READ the article..?

      @DonnieBoy
      The article mentions that the airline didn't bother entering data into their computer for 24 HOURS. Virus or no virus - if there was a delay entering data into the database, NOTHING would have caught the fact that it was the 3rd time in 2 days there was a problem.
      Wolfie2K3
    • Come on guys, did you READ??? The computer in question was to ground planes

      for repeated problems with the same system, and they mechanics were about 5 minutes from entering information that would have grounded the plane. The grounding would have been in the form of an alarm to headquarters, then taking the plane out of service. Obviously, all of that would not have ocurred in time to prevent this accident, BUT THAT IS NO EXCUSE FOR A SAFETY CRITICAL COMPUTER NOT WORKING.
      DonnieBoy
      • RE: Fact check: malware did not bring down a passenger jet

        @DonnieBoy
        I work in avionics test. The words "SAFETY CRITICAL" are not applicable to a ground computer used to track maintenance reports, and alert management if a specific plane has a recurring problem. To call this an alarm or warning is wrong as well. No ringing bell or flashing lights go off at headquarters! More likely a popup dialog, or maybe an email gets sent.
        Richard in Phoenix