Is malware behind the Spanair plane crash?

Security experts are watching the outcome of the investigation closely.

Spanair Flight 5022 crashed shortly after taking off from Barajas Airport in Madrid on August 20, 2008. Of the 172 people on board, all but 18 died.

The official cause of the crash was listed as pilot error, according to cybersecurity researchers at the SANS Institute, because the plane took off even though its take-off flaps and slats weren't extended.

But the pilots should also have been warned about the flaps and slats. Spanair's maintenance system should have triggered an alarm that prevented the plane from leaving until the mechanical problems were fixed, but it didn't. The maintenance system was infected with malware.

A judge has now ordered Spanair to produce its computer logs for the days before and after the crash, and a final report on the causes is due in December.

As is so often true with disasters, the Spanair crash had multiple, intertwined causes, one researcher -- Rich Wanner -- points out:

Clearly the SpanAir diagnostic system (a detective control) designed to detect anomalies in the airliners system failed, possibly due to a Trojan. Also it appears the pilots bypassed part of their pre-takeoff checklist, leaving the flaps and slats in a position not recommended for takeoff. As ISC (Internet Storm Center) reader Frank pointed out that is most likely because the pilots had aborted the initial attempt to takeoff and most likely resumed the pre-takeoff checklist (a preventive control) too low in the checklist and missed a significant step. It is also clear that for some reason an internal system (a detective control) that should have detected the misconfigured flaps and slats for some reason did not alert the pilots to this condition.

If malware was involved in the crash, though, I believe it would be the first time -- correct me if I'm wrong -- that malware could be directly connected to deaths.

If that happens, it will be a sad day indeed in the history of computers and software.

This post was originally published on