Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Trojan-Infected Computer Linked To 2008 Spanair Crash

Soulskill posted about 4 years ago | from the blue-screen-of-literal-death dept.

Transportation 324

An anonymous reader writes "Two years ago, Spanair flight JK-5022 crashed shortly after takeoff in Madrid, killing 154 of its 172 passengers and crew. El Pais online newspaper reports that the ground computer responsible for triggering an alarm after three failures are reported in a plane failed to do so. The computer was infected with trojans (Google translation of Spanish original)."

cancel ×

324 comments

Sorry! There are no comments related to the filter you selected.

FP (-1, Troll)

Anonymous Coward | about 4 years ago | (#33312436)

Flight post!

Mission Critical (1, Interesting)

Anonymous Coward | about 4 years ago | (#33312446)

If there ever was a computer that needed to be kept running this was it! WTF - I think some managers need to get investigated.

Windows? (-1, Troll)

Anonymous Coward | about 4 years ago | (#33312450)

The airplane was running Windows?

Re:Windows? (1)

FTWinston (1332785) | about 4 years ago | (#33312514)

Read TFA:

the ground computer

(my emphasis) So no, not the plane. But mission control :S

Re:Windows? (1)

FTWinston (1332785) | about 4 years ago | (#33312526)

TFS, I mean. Not even TFA. /facepalm

Re:Windows? (2, Funny)

LordLimecat (1103839) | about 4 years ago | (#33312608)

Or possibly TSA?

Re:Windows? (0)

Anonymous Coward | about 4 years ago | (#33312682)

Those damn TLAs!

Re:Windows? (1)

Abstrackt (609015) | about 4 years ago | (#33312764)

Or possibly TSA?

In America, TSA reads you.

Re:Windows? (3, Funny)

WrongSizeGlass (838941) | about 4 years ago | (#33312524)

No, but this computer was running the old version of Flight Simulator.

Re:Windows? (0)

MrShaggy (683273) | about 4 years ago | (#33312744)

Kind of brings a sad new meaning to 'BSOD'

Shit. (5, Funny)

fuzzyfuzzyfungus (1223518) | about 4 years ago | (#33312456)

Holy Safety-critical system running Windows and apparently not adequately air-gapped, batman!

Re:Shit. (1, Insightful)

Anonymous Coward | about 4 years ago | (#33312500)

Windows (and all Microshit in general) should be strictly forbidden in every safety-critical application.

I put the blame on governments for not having done it so far. And in the media and taxpayers, for not pressing for it.

MS is evil, but there will always be evil people. It is the fault of the rest for not fighting tirelessly against them.

Re:Shit. (1, Insightful)

Anonymous Coward | about 4 years ago | (#33312560)

We run critical stuff on Windows, they don't have access to the Internet. Deal with it.

Re:Shit. (5, Insightful)

TheRaven64 (641858) | about 4 years ago | (#33312606)

The Internet is not the only source of infection. What about removable media, removable drives, or other machines on a private network that can connect to either the Internet or removable media? Perimeter defences are part of good security, but they are not the whole of it.

Re:Shit. (4, Insightful)

Charliemopps (1157495) | about 4 years ago | (#33312902)

We had to secure a computer at a company I worked at years ago. The IT department claimed it was secure (they had put Norton AV and firewall on it) I laughed when the owner of the company told me about it. He asked if I could do better. I put the computer in a metal drawer, locked it, drilled a hole in the back for the cables to come out and handed him the key. "There, now it's secure." He thought I was kidding until I pointed out the USB ports and drive bays.

Re:Shit. (2, Insightful)

TheHonch (1390893) | about 4 years ago | (#33312944)

Did you remove the networkcable too?

Re:Shit. (2, Insightful)

LordLimecat (1103839) | about 4 years ago | (#33312626)

Arent there OSes designed specifically for mission critical applications out there, for just this kind of thing? Doesnt the list NOT include off-the-shelf OSes like Windows and OSX?

Re:Shit. (0)

Anonymous Coward | about 4 years ago | (#33312670)

wxworks

Re:Shit. (3, Interesting)

AlecC (512609) | about 4 years ago | (#33312920)

Except that this was not really a mission critical system - it was a fault logging system in the maintenance department. So far as one can tell from a machine-translated popular article, it was meant to log if a single aircraft had a number of different faults logged close together, because faults at different stations might not otherwise get correlated. As such, it is basically an IT system with response requirements in minutes, not a real time system with fault tolerance requirements. One of the systems which failed might have been a warning system which would have warned the pilots of the mistake which cause the crash.

Re:Shit. (3, Insightful)

skyride (1436439) | about 4 years ago | (#33312984)

Well its either had a hand in causing the deaths of 154 people, and therefore was a mission critical system. Or it wasn't a mission critical system and the entire article is just a load of sensationalist garbage.

Re:Shit. (2, Insightful)

AHuxley (892839) | about 4 years ago | (#33313006)

Think of it as: The boss person for the "mission critical applications" area was given a nice long lunch and presented with some back of the napkin math just before an upgrade.
The savings in hardware and software over aspects of a traditional OS was amazing... and thats how an off-the-shelf OS could get into mission critical area.
Marketing has its lists of areas to wine, dine, seduce and penetrate.

Re:Shit. (1)

jimicus (737525) | about 4 years ago | (#33313010)

There are, but they don't guarantee that the person writing the code that runs on them is any smarter than the office cheese plant.

Re:Shit. (4, Interesting)

tibit (1762298) | about 4 years ago | (#33313054)

Those mission-critical-designed-for OSes are, unfortunately, likely to be secure by obscurity. Something like vxWorks or QNX is not a big enough target for malware writers or blackhats, but I'm quite sure those platforms are full of holes simply because they are not very exposed. I'd say that linux, perhaps with realtime extensions, would be a somewhat better platform -- it's exposed way more, and most of the holes have been patched.

Re:Shit. (3, Insightful)

Dunbal (464142) | about 4 years ago | (#33312636)

they don't have access to the Internet.

      Hopefully they don't have access to USB keyrings, flash drives, thumb drives and CD/DVD ROMS that have access to the internet, either...

Re:Shit. (0)

Anonymous Coward | about 4 years ago | (#33312782)

They use foppys disks

Re:Shit. (0, Informative)

Anonymous Coward | about 4 years ago | (#33312672)

Then you are at risk of a serious incident. Not having access to the internet greatly reduces the probability of it, but it is still unacceptable for many reasons. Even more so than having another OS AND access to the Internet.

Your decission-maker is morally liable if something bad happens. And even if the probability is lowered for not having access to the Internet, the consequences if something happens will be equally serious.

Re:Shit. (4, Interesting)

JamesP (688957) | about 4 years ago | (#33312886)

We run critical stuff on Windows, they don't have access to the Internet. Deal with it.

Well, no. It's you who has to deal with it.

good luck

Re:Shit. (3, Insightful)

fuzzyfuzzyfungus (1223518) | about 4 years ago | (#33312668)

I'm not sure that banning Windows by name would be of too much use. A quick trip down the router aisle at any computer store will show you more degenerate abuses of embedded linux and VXworks than you care to think about, and I'm told that things don't get better nearly as fast as you would hope as prices rise in other industry segments.

Anyone, though, using Windows in an environment where it could trivially be infected(ie. internet connected or contractors doing flash drive upgrades) really needs to be shown the door, yesterday. I'm also not sure why there would be "a" computer responsible for raising the alarm. Commodity x86 gear is pretty reliable for what you pay; but it isn't that reliable. If the safety of one or more 100 million+ aircraft, and everybody on board, is at stake, why are there not multiple systems, all independently capable of raising the alarm?

Re:Shit. (3, Insightful)

Pojut (1027544) | about 4 years ago | (#33312726)

If the safety of one or more 100 million+ aircraft, and everybody on board, is at stake, why are there not multiple systems, all independently capable of raising the alarm?

You're talking about an industry who would likely charge passengers for use of the bathroom, if they could get away with it. Why do you think there aren't multiple systems?

Re:Shit. (0, Flamebait)

Anonymous Coward | about 4 years ago | (#33312868)

I suggest baning Microsoft altogether.

Re:Shit. (1)

freedom_india (780002) | about 4 years ago | (#33313034)

HEY! Why do you blame taxpayers for it? We don't have any say in how our Government spends our money. e.g., waging wars based on lies. if i don't support the war, can i avoid paying that portion of it in my tax? NOOOO.. So why blame us for the stupidity of the Government?

Re:Shit. (1)

3vi1 (544505) | about 4 years ago | (#33313074)

Do you really think Governments are going to ban Windows?

The more likely result, if we make all non-technical people aware of this particular instance: Government legislature that says *all* computers must use TPC such that they can only run programs that are created by authorized entities and signed with certs.

This is a one-way ticket to the cessation of all innovation in the field of computing.

We shouldn't even give time to this here.

What operating system was used? (2, Interesting)

sa666_666 (924613) | about 4 years ago | (#33312462)

Just wondering what operating system those computers used, and how they contracted a virus from the outside network (when they probably shouldn't have been connected at all)??

Re:What operating system was used? (3, Funny)

TheKidWho (705796) | about 4 years ago | (#33312478)

I take it you've never worked with real people before?

Re:What operating system was used? (4, Insightful)

mseeger (40923) | about 4 years ago | (#33312508)

Because humans are humans. Possible chain of events: "Hmmm. I want to surf in the internet but have no PC. But wait, there is our maintenance PC. If i install iTunes on it and connect it to my iPhone, i may surf during work. Hurray! I can even download the hot pics of my favorite celebrity to which i received a link from these chinese guy."

Re:What operating system was used? (1)

AnonymousClown (1788472) | about 4 years ago | (#33312750)

I can even download the hot pics of my favorite celebrity to which i received a link from these chinese guy."

You don't even need to get a link from a Chinese guy. Just searching for your favorite celeb will get you infected [msn.com] .

I got hit with that fake "Virus on the PC" warning and "scanner" by looking for Christina Hendricks photos. I even got it from a hobby electronics blog site once.

It didn't get too far because I run under a user account on XP.

Re:What operating system was used? (1, Funny)

Anonymous Coward | about 4 years ago | (#33312512)

You call them thumb drives, we call them dick drives; they spread disease, screw everything they come in contact with, and leave you in a sticky situation.

Re:What operating system was used? (0)

Anonymous Coward | about 4 years ago | (#33312832)

Evidently you have a really small dick.

Re:What operating system was used? (0)

Anonymous Coward | about 4 years ago | (#33312528)

In Spain there's no regulation on High-Risks Computers usage and responsability, so anybody with no preparation at all can be in charge of "those computer things"...
Most computer scientist and engineers (and I'm one of them) are flying away to foreign countries, in which engineers seems to have more social recognition.

Re:What operating system was used? (0)

Anonymous Coward | about 4 years ago | (#33312678)

Could you give me a list of these countries? I'd love to find one!

Re:What operating system was used? (0)

Anonymous Coward | about 4 years ago | (#33312798)

Any country in which you are not payed 12000€ a year when working as an engineer, whilst any other occupation has a minimum salary of 30k€/year.

Re:What operating system was used? (2, Insightful)

Buggz (1187173) | about 4 years ago | (#33312556)

The operating system really isn't the issue here, failure to isolate the system is. I've set up several windows systems inside a double firewall which in turn are set up with a VPN to whatever the systems needed to communicate with, and nothing else. Those did exactly what they needed to do because nothing else would get in or out. That a mission critical system gets infected at all points to a serious flaw somewhere, a goddamned alarm system shouldn't need any active usb-ports nor any access to the internet besides an encrypted line to whoever is supposed to receive the alarm and respond. I hope this is viewed as a criminal case, someone did an absolutely horrendous job or didn't do it at all and 154 people lost their lives because of it.

Re:What operating system was used? (1)

Buggz (1187173) | about 4 years ago | (#33312588)

Disclaimer: rant based solely on the summary and a bit of pure speculation. I, of course, didn't read TFA.

Re:What operating system was used? (3, Insightful)

LordLimecat (1103839) | about 4 years ago | (#33312658)

Its STILL not a high-availabilty OS, and should not be treated as such. Windows can be great for normal business use when properly set up, but it isnt designed for mission critical stuff-- if your graphical shell can bring down the OS, its probably not a good candidate for that kind of thing.

Re:What operating system was used? (1)

Buggz (1187173) | about 4 years ago | (#33312790)

I agree, but any chain is as strong as the weakest link. The safest OS in the world can't handle sheer stupidity or ignorance, or if it does it's basically useless for anything.

Re:What operating system was used? (1)

AlecC (512609) | about 4 years ago | (#33312964)

Except, as far as I can see, the function of this system is to collect fault logs from all the places the planes might fly to, and correlate them. I.e. central to its primary function is network communications of some sort. Now, they could run a private network over their entire operation range (most of Europe, I would guess), but that would would be prohibitively expensive for what is basically a third-line support function. So I bet they used the internet. Of course, they could have run a locked VPN over the Internet, which would have been better. But I cannot see top security being applied to what is essentially an office system.

Re:What operating system was used? (2, Insightful)

mcgrew (92797) | about 4 years ago | (#33312654)

Are you new to computing? How many Mac or Linux or BSD users do you know who have ever gotten a trojan infection?

The pilots were incompetent (2, Interesting)

GaryOlson (737642) | about 4 years ago | (#33312486)

At the bottom of the article, it states the computer system did not alarm when the pilots failed to use the flaps properly on takeoff. That pilot should have had his license revoked.

Re:The pilots were incompetent (1)

Sockatume (732728) | about 4 years ago | (#33312548)

Undoubtedly, however there are meant to be safety nets against pilot incompetence. If such a system was compromised (as noted in a comment below, this is slightly dubious) then that error is partly responsibility for the incident.

Re:The pilots were incompetent (1)

Trent Hawkins (1093109) | about 4 years ago | (#33312618)

is this going to be another one of those Toyota things, where they recall the carpets (or OS in this case) call NASA and several million dollars later find out that the driver is a moron?

Re:The pilots were incompetent (4, Informative)

Pojut (1027544) | about 4 years ago | (#33312622)

From the Wikipedia page [wikipedia.org] (emphasis mine):

"On 17 August 2009, CIAIAC released an interim report on the incident [21]. The interim report confirmed the preliminary report's conclusion that the crash was caused by an attempt to take off with the flaps and slats retracted, which constituted an improper configuration, and noted that safeguards that should have prevented the crash failed to do so. The cockpit recordings revealed that the pilots omitted the "set and check the flap/slat lever and lights" item in the After Start checklist. In the Takeoff Imminent verification checklist the copilot just repeats the flaps and slats correct values without actually checking them, as shown by the physical evidence."

Daayum.

Re:The pilots were incompetent (3, Interesting)

Zocalo (252965) | about 4 years ago | (#33312632)

The pilots kind of revoked their own licenses. Permanently. All of the crew perished in the crash.

The thing that bugs me is that flight systems on passenger jets are multiply redundant and their are strict rules about what can and can't be done when there is a system failure. For instance there are usually at least three autopilot systems, and if only one is indicating a fault then the flight crew has to perform all flight operations manually. WTF happened with regulatory control that didn't enforce that this kind of redundancy and human oversight applied to critical systems on the ground as well?

Re:The pilots were incompetent (2)

Pojut (1027544) | about 4 years ago | (#33312770)

The pilots kind of revoked their own licenses. Permanently. All of the crew perished in the crash.

"It's just been revoked!"
"Peter, that line doesn't work here."
"Oh. Uh...I'll have what she's having!"

Re:The pilots were incompetent (1)

gstoddart (321705) | about 4 years ago | (#33312916)

WTF happened with regulatory control that didn't enforce that this kind of redundancy and human oversight applied to critical systems on the ground as well?

If I understand the garbled translation, I think that the airline failed to enter into their computers in a timely manner that there had been existing problems ...

A deficiency of that computer is joined also by the fact that Spanair took about 24 hours to score in the computer failures of its planes , according to the judge admitted two mechanics from the airline. Spanair took about 24 hours to score in the computer failures of its planes . This is not a trivial matter, and expected the flight JK 5022 Madrid Barajas would not have taken off if its share on the computer had been a day.

Essentially, a compounding of human error and a virus-ridden computer prevented the whole redundant system from working correctly. Basically, if you break screw up enough of the steps along the way, your redundant system doesn't have enough information to be of any use.

Though, honestly, I find the translation from Spanish to be really difficult to follow in some places, so I could be way off on my interpretation of some of it.

Re:The pilots were incompetent (0)

Anonymous Coward | about 4 years ago | (#33312652)

That pilot should have had his license revoked.

Well, nobody in the crew will fly anymore, since they all died: http://en.wikipedia.org/wiki/Spanair_Flight_5022#Casualties

Re:The pilots were incompetent (1)

Amouth (879122) | about 4 years ago | (#33312660)

i Think he died with a lot of the other people on the plane

Re:The pilots were incompetent (2, Funny)

nedlohs (1335013) | about 4 years ago | (#33312714)

Being dead does that automatically anyway.

Catch-22 (2, Insightful)

PolygamousRanchKid (1290638) | about 4 years ago | (#33312856)

That pilot should have had his license revoked.

Well, I think the crash took care of that.

Unless the pilot was Captain Orr from Catch-22 . . . then he and all the other passengers would be frolicking in Sweden for the rest of the war . . .

More than just revoked... (0)

Anonymous Coward | about 4 years ago | (#33313092)

That pilot should have had his license revoked.

I think you'll find that his license was indeed "revoked"... by Darwin himself.
Unfortunately over 150 other people paid the price as well.

Its an MD82 (3, Informative)

MichaelSmith (789609) | about 4 years ago | (#33312510)

wiki link [wikipedia.org]

Beyond the translated Spanish article I can't find anything else about this idea of an alerting system being infected with malware. Typically such systems are simple, embedded and not interfaced in ways which could cause them to run software they are not meant to.

This bit from wikipedia is interesting:

The MD-80 Advanced was to incorporate the advanced flight deck of the MD-88, including a choice of reference systems, with an inertial reference system as standard fitting and optional attitude-heading equipment. It was to be equipped with an electronic flight instrument system (EFIS), an optional second flight management system (FMS), light emitting diode (LED) dot matrix electronic engine and system displays. A Honeywell windshear computer and provision for an optional traffic-alert and collision avoidance system (TCAS) were also to be included. A new interior would have a 12% increase in overhead baggage space and stowage compartment lights that come on when the door opens, as well as new video system featuring drop-down LCD monitors above.[4]

link [wikipedia.org]

Apparently this upgrade got dropped in 1991, so the system still in use must be pretty low tech.

Re:Its an MD82 (1)

J-1000 (869558) | about 4 years ago | (#33312600)

Of course, as you know, there are plenty of viruses still floating around on floppy disks.

Nothing to do with the plane (5, Informative)

Kupfernigk (1190345) | about 4 years ago | (#33312624)

This is an aggregating computer at SpanAir HQ which is supposed to record aircraft alerts and notify when too many of them happen too close together. Its only connection with the on-board computer is that somehow it receives the alerts from it. Its OS is unstated. It is not a mission-critical system, it is a decision-support system. Even so, someone looks to have been careless.

Whoever modded up the above post - you've missed the point. There may have been a fault in the on-board management system - or human error failing to heed a warning - but nothing in TFA suggests that malware was in any way involved on the flight deck.

Re:Its an MD82 (1)

UnknowingFool (672806) | about 4 years ago | (#33313120)

The summary is a bit misleading. The computer on the plane does not appear to be infected. What was infected was a warning control system computer at Spainair headquarters that monitored and recorded the planes. If I'm reading the article right, a component on the plane (it says "device" so it may not be a computer) failed at least twice before the flight took off. Since the central computer was infected with Trojans, it was not adequately recording nor triggering an alert that should have grounded that plane.

What? (5, Insightful)

miffo.swe (547642) | about 4 years ago | (#33312536)

Who puts Windows on anything even remotely mission critical? If you could blame someone, it should be the person deciding that.

Re:What? (1)

Dexy (1751176) | about 4 years ago | (#33312716)

It doesn't say anything about Windows in TFA.

Re:What? (0, Flamebait)

McNihil (612243) | about 4 years ago | (#33312772)

"Who puts Windows on anything even remotely mission critical?"

ooooh! I know I know I know... waving hand frenetically HIGH in the air

"Clueless idiots!"

Re:What? (1)

AlecC (512609) | about 4 years ago | (#33313114)

Then it comes down to your definition of "mission critical". This was an office-base maintenance support system which should, but did not, have warned that this aircraft was logging a lot of faults close together. If it had worked, the aircraft would probably have been grounded to investigate the cluster of faults (three in two days). Now, the actual cause of the accident seems to be that the pilots made a stupid mistake, and a system which supposed to tell them that they had done so failed to work. There is no direct connection between that system failure and the others, but they might all have been symptomatic of some general fault which might have been discovered had the aircraft been grounded. The infected data logging system was pretty far from the flight line. Do you insist that all such systems are upgraded to the much more expensive mission-critical status? If so, it might result in the systems simply not existing: they would become too expensive for their perceived benefit.

The article translates to VIRUS not Trojan (-1, Troll)

Anonymous Coward | about 4 years ago | (#33312562)

Whine Windows fabboi's
What do you expect using a TOY OS.
  Thank goodness the FAA uses RED HAT.

Complimentary 7 point Slashdot troll guide... (4, Interesting)

vistapwns (1103935) | about 4 years ago | (#33312570)

Here is your complimentary guide to trolling this story: 1. Pretend only windows can get infected with trojans. 2. If you can't do 1. adequately, then pretend Windows is some how easier to infect with trojans than other OSes. 3. Accuse anyone who disagrees with you of being paid off. 4. Make thoughtless absolutists statements like Windows has no security model, and is not a networking OS. 5. Mention chair throwing as proof that MS personnel are unstable, but never mention wife murdering linux developers. 6. Repeat other MS bashers without researching what they're saying. 7. Mention "640k ought to be enough for anyone" as much as possible without giving thought to the brain dead simple idea that MS had nothing to do with the addressable memory limit of the 8086. Following this guide is sure to get you modded up and liked by many other slashdotters, so be sure to follow it closely!

Re:Complimentary 7 point Slashdot troll guide... (3, Informative)

LordLimecat (1103839) | about 4 years ago | (#33312690)

Problem with your rebuttal: Whether or not other systems can get trojans, you should NOT be using Windows for anything that needs 100% uptime to guarentee safety of human lives, plain and simple. If the entire system can be locked up and made responsive by userland apps, then it isnt qualified to be responsible for the safety of human lives.

Re:Complimentary 7 point Slashdot troll guide... (1)

rolfc (842110) | about 4 years ago | (#33312740)

Actually, number 2 is not trolling. Windows is the only OS that support driveby.infections without interaction with the user. So it is easier to infect.

Re:Complimentary 7 point Slashdot troll guide... (1)

vistapwns (1103935) | about 4 years ago | (#33312862)

How so? A flaw in flash, for instance is going to leave you open to a drive-by on any OS with any browser. Simple fact. If you mean across the network attacks on services/daemons listening to ports, then the answer is no Windows is not susceptible to those kinds of attacks either, not since XP SP2 enabled the firewall by default. Unfortunately it's possible you are talking about something altogether different, that's the problem with the windows bashers, they are never specific, they just throw out ambigious damning unfounded generalizations over and over again...

Re:Complimentary 7 point Slashdot troll guide... (1)

realityimpaired (1668397) | about 4 years ago | (#33312906)

In response to your point 2, Windows *is* easier to infect than other operating systems. But that has little to do with the level of security/privileges in the OS these days (Win 7 is a *huge* step forward as compared to, say, Windows 95, where you could bypass a login screen by hitting ESC). More, the reason Windows is easier to infect is because of market share.

Most virus infections still rely on good old social engineering: they e-mail themselves as an attachment to a user, and the user has to unwittingly open it, infecting their system. Such methods are entirely possible in *any* operating system, given an appropriately clueless user. With more people using the operating system, it stands to reason that there's going to be more clueless people using the operating system. Most of the reason that Linux is more secure is because of its obscurity, making it not really worth targeting. But if you follow the security bulletins, then you know damned well that there are viruses/rootkits for Linux and for OS/X out in the wild today.

Not surprised (1)

Mainframes ROCK! (644130) | about 4 years ago | (#33312590)

The microcomputer world is an open sewer. Always has been, always will be.

There will come a day (1)

linzeal (197905) | about 4 years ago | (#33312596)

When someone's malicious Trojan, Virus or other Malicious Coding will be used as evidence in a murder/manslaughter trial; however, what is needed, is a day when any seriously incompetent bit of code on a vital system should have the potential to be used in criminal court. I'm an Mechanical Engineer and I have to have a certification and insurance even as a contractor, why should I have to spend 1000's of dollars a year doing so I can work on building the mechanical systems of the plane when the programmers involved in avionic hardware don't? It would be like having licensing requirements for all doctors involving the body except Psychologists and Brain Surgeons.

A result of employee loafing (3, Insightful)

hessian (467078) | about 4 years ago | (#33312610)

1970s:

"I'm sorry, our computers are down." (Reality: our employees are playing NET TREK and DUNGEON on a Friday afternoon.)

2000s:

"I'm sorry, our computer has a trojan." (Reality: our employees finally found an "unused" machine to surf porn, got loaded up with Russian malware, and now it's nobody's fault.)

Re:A result of employee loafing (0)

Anonymous Coward | about 4 years ago | (#33312818)

I call bullshit on this one. I have yet to hear about a trojan that causes updates on a database to be delayed by 24 hours. This is simply a case of the techies' procrastination having dire consequences. They're just passing the buck, and some unsuspecting sysadmin is about to get his ass on a sling.

IIRC, the technicians detected the issue which caused the catastrophe (a heat probe which was detecting overheating on some part of the plane, which would cause the plane to be grounded) and decided to put some ice bags on it to "fix the issue". Even the pilots were discussing that (the black box audio from the cockpit was leaked last year, and it's kind of funny, except for the 152 stiffs). This, I assure you as a Spaniard, is the typical Spanish fuck-up in its "way over budget" version. These bastards and their boss should really consider getting into politics, they'd fit right in.

I guess someone needs to update Wikipedia... (1)

qwerty8ytrewq (1726472) | about 4 years ago | (#33312620)

The list, by cause [wikipedia.org] does not mention virus, trojan, hacking or any thing similar as a cause for an airline crash, although it reads like a contributing factor in the article, rather than a primary cause.

(Damn pilot error.... how long till the AI's can fly planes? oh wait, they can [gizmodo.com] ).

So, when... (5, Insightful)

Titan1080 (1328519) | about 4 years ago | (#33312630)

Does the 'War on Trojanists', begin? But seriously, someone wrote that virus. That means that someone, somewhere (probably Estonia), is guilty of killing 154 people.

Summary needs a bit of clarification (5, Informative)

ptbarnett (159784) | about 4 years ago | (#33312650)

The infected computer was one being used by mechanics to enter maintenance log entries. According to the article, an alert is supposed to be raised if three failures in the same part or subsystem occurred. If I understand the broken English correctly, they would have taken the plane out of service had the maintenance log entry been completed before the plane attempted to take off.

But, the problem that was supposed to be logged was reportedly an overheated pitot tube. That was not the cause of the crash: the report says that the pilots did not set the flaps correctly and a warning alarm did not go off. This was not related to the problem with the computer being used by mechanics.

The article appears to be trying to link two independent events: a separate problem with the plane and an error by the pilots. Or maybe it's just the broken English translation.

Re:Summary needs a bit of clarification (0)

Anonymous Coward | about 4 years ago | (#33312828)

01. The computer emits an alarm signal when three similar technical problems are registered in the same device ..

02. The Spanair plane accumulating three incidents, which were not registered in time on the computer ..

03. An internal company report, dated the day of the accident, indicates that the monitor was contaminated with "Trojans." ..

04. Spanair took about 24 hours to score in the computer failures of its planes ..

05. When employees tried to open the computer to write these three incidents realized that the monitor was useless by the invasion of Trojans. By then, the ship had crashed ..

06. The aircraft has an alarm that warns the driver if you forget to turn those fins. That day, the alarm did not ring.

Re:Summary needs a bit of clarification (5, Informative)

Anonymous Coward | about 4 years ago | (#33312974)

Spanish is my mother tongue, so maybe I can shed more light after reading the original article:

The procedures of Spanair are to log incidences right away whenever they are detected. Three accumulated incidences and the plane is grounded.

Two incidences had been found the day before the crash. One incidence was detected on the same day of the crash.

However, the technicians did not enter the incidences into the system right away, because the system was too slow (assumedly due to the malware)

The system did not trigger any alarm on the same day because the incidences had not been entered by the technicians. The plane was deemed airworthy, and then the accident happened due to the multiple causes described elsewhere.

Re:Summary needs a bit of clarification (4, Informative)

Registered Coward v2 (447531) | about 4 years ago | (#33313062)

The infected computer was one being used by mechanics to enter maintenance log entries. According to the article, an alert is supposed to be raised if three failures in the same part or subsystem occurred. If I understand the broken English correctly, they would have taken the plane out of service had the maintenance log entry been completed before the plane attempted to take off.

But, the problem that was supposed to be logged was reportedly an overheated pitot tube. That was not the cause of the crash: the report says that the pilots did not set the flaps correctly and a warning alarm did not go off. This was not related to the problem with the computer being used by mechanics.

The article appears to be trying to link two independent events: a separate problem with the plane and an error by the pilots. Or maybe it's just the broken English translation.

Very true - the accident appears to have been the result of a series of crew errors that lead to an improper takeoff condition:

From Wikipedia: On 17 August 2009, CIAIAC released an interim report on the incident [21]. The interim report confirmed the preliminary report's conclusion that the crash was caused by an attempt to take off with the flaps and slats retracted, which constituted an improper configuration, and noted that safeguards that should have prevented the crash failed to do so. The cockpit recordings revealed that the pilots omitted the "set and check the flap/slat lever and lights" item in the After Start checklist. In the Takeoff Imminent verification checklist the copilot just repeats the flaps and slats correct values without actually checking them, as shown by the physical evidence. All three safety barriers provided to avoid the takeoff in an inappropriate configuration were defeated: the configuration checklist, the confirm and verify checklist, and aircraft warning system (TOWS).

Had they not made a series of compounding errors the flight probably would have been uneventful; it appears the deactivated systems was not related to the crash. It may be that some other systems were improperly set - ground vs flight mode - which caused problems and may have contributed to the accident; but none are related to the maintenance computer. Should the plane have been grounded due to an early problem? Maybe; but that may not have prevented the errors that lead to the crash.

We'll never know what the pilots were thinking; but having aborted one takeoff they may have assumed, intentionally or not, that they systems were set for takeoff and did a cursory check as a result; I've seen that happen in other industries where checklists are used. You interrupt the expected course of actions and people simply pick up where they left off, without assuring the systems were properly set for operation.

your company has to be nuts.... (0)

Anonymous Coward | about 4 years ago | (#33312680)

To have a critical system run windows.

Honestly, Why do companies keep going for the lowest bidder that cuts corners hard and uses windows for anything critical? It's even in the Windows EULA that you are NOT to use windows for anything mission critical where lives are at stake.

Anonymous Coward (0)

Anonymous Coward | about 4 years ago | (#33312684)

I am a Spanish Software Engineer, and the problem here not is Windows
running on the critical systems, or malware, the real problem is that the
Computer Engineering's Jobs (Critical...) don't have to be occuped by an engineer.

to sum up, the proffesion is not regulated!

or just an excuse? (1)

frovingslosh (582462) | about 4 years ago | (#33312694)

Maybe the computer was infested with trojans, although no evidence is offered to support this, not even the names. If it was, that still doesn't say that the trojans caused the problem. After all, the computer must have been running well enough even with the infestation to seem to be working. I'm inclined to think that trojans may just be a way to not really address the real problem.

Pandora's flight box (1)

Drakkenmensch (1255800) | about 4 years ago | (#33312696)

This opens a new legal can of worms - if a trojan or virus is found to be resposible (at least partially) of a plane crash, can the creator fo this virus be held legally liable for the crew and passenger deaths?

Re:Pandora's flight box (1)

IndustrialComplex (975015) | about 4 years ago | (#33312972)

This opens a new legal can of worms - if a trojan or virus is found to be resposible (at least partially) of a plane crash, can the creator fo this virus be held legally liable for the crew and passenger deaths?

I don't see why not. It might be hard to prove murder, but negligent homicide should be fairly easy to show. Reckless endangerment should be damned near an automatic conviction if you can prove that the person released the virus even if it DIDN'T hurt anyone.

The same way you can be cited for unsafe driving even if no crash occured.

This has boinged my BS meter (1)

CaptSlaq (1491233) | about 4 years ago | (#33312710)

So this computer has not been "sending notifications in a timely manner"? This summary smells, but its what I gathered from the article. Can a native speaker put up a good translation of this? If this is the case, it's a case of a broken PROCESS, as the mechanic(s) should have some sort of secondary mechanism to flag trouble and say "this isn't safe".

From what little I've read, the computer is a scapegoat and indicative of several failings in the system.

Re:This has boinged my BS meter (1)

McNihil (612243) | about 4 years ago | (#33312874)

Exactly my thoughts... there wasn't anyone willing to take the blame or rather in this case they were most likely dead and the authorities weren't able to convincingly put the blame on someone that is dead without their defense. That's ok... pointing fingers is never a cool thing to do BUT to say that it was a computer glitch is more than a little arrogant against the people who are still alive and have been effected by the tragedy. It permeates an aura of a botched investigation and reeks of underhanded and ulterior motives where the authorities can now say that Virus/Worms/Trojans indeed can kill people and put a hefty criminal charges on infractions and their perpetrators. This happens all the time when there is nobody that can own-up... the nefarious mofo's will take any and all advantage to hoist control over the populace.

Swiss cheese (5, Interesting)

Fzz (153115) | about 4 years ago | (#33312766)

The crash of an airliner these days is rarely due to a single cause. There's a saying in the industry that a crash occurs when the holes in the Swiss cheese happen to line up. This appears to have been the case with this particular crash.
  • The direct cause was that the pilots attempted to take off without setting take-off flaps.
  • They were rushing because they'd had a technical issue, and returned to the terminal after previously taxiing to the runway and completing the take-off checks. So they accidentally skipped the critical check that the flaps were deployed when they lined up to take off the second time.
  • There's a take-off configuration alarm that is supposed to alert the pilots, but it wasn't working.
  • It wasn't working because the engineer removed the circuit breaker that powered it, in order to turn off a stuck heater on a pitot tube that was due to a malfunctioning switch.
  • This particular fault had been noted on previous flights, so should have flagged a warning on the airline's fault monitoring system.
  • The fault monitoring system had a trojan.

Yup, the holes in the cheese certainly lined up that day. None of these, by itself, would have caused the crash.

Re:Swiss cheese (0)

Anonymous Coward | about 4 years ago | (#33312870)

I'd like, just once, that when a perfect storm as they call it happen like that, instead of play blameshift and saveasscape ending up with everyone not guilty, to have all of them indicted for their part in the scenario. all of them:

the one that designed the system so that he could be infected by a virus
his supervisor
the it staff not noticing the virus
their supervisors
the pilots (were they alive)
the engineer replacing the faulty breaker

etc. etc. etc.

and they want to have networked auto drive cars (1)

Joe The Dragon (967727) | about 4 years ago | (#33312786)

and they want to have networked auto drive cars some day as well.

I hope that the windows based car navigation and sound system is not hooked to the drive part at all or even better no windows at all.

Re:and they want to have networked auto drive cars (2, Funny)

ground.zero.612 (1563557) | about 4 years ago | (#33312910)

and they want to have networked auto drive cars some day as well.

I hope that the windows based car navigation and sound system is not hooked to the drive part at all or even better no windows at all.

I would find it very difficult to navigate in a car lacking windows.

the problem was (0)

Anonymous Coward | about 4 years ago | (#33312830)

No, the crash wasn't caused by the computer: the problem should have been avoided by the information logged in that computer system. But it wasn't available.

Our lives do depend on computer systems.

No Cause and Effect Alleged (2, Interesting)

anorlunda (311253) | about 4 years ago | (#33312834)

The Spanish article cited in the summary does not allege any cause-and-effect relationship between the computer, the trojans, and the crash.

Nearly all crash investigations reveal factoids that cause suspicion and which invite people to jump to conclusions. Sometimes, the premature public debate on such issues cause emotional harm to victims, their families and other people involved.

I realize that I'm pissing into the wind to raise this topic. I's human nature to gossip. Slashdot is no different than any other public forum in this regard. It just frustrates me to see this happen again and again.

Accident? (1)

jesterpaul (1792638) | about 4 years ago | (#33312858)

Wow. I thought Trojans were supposed to prevent "accidents."

War? (1)

Archtech (159117) | about 4 years ago | (#33312888)

This news puts Trojans in a new light. Taking over PCs to run scams is one thing; causing the deaths of 154 people is entirely different. Every top law enforcement agency and intelligence organization should be working to track down all of those responsible - from the guys who wrote the Trojans to the managers who allowed them to contaminate their computers, and very possibly those who wrote the vulnerable software and those who sold it for such a safety-critical application.

I shall be interested to see whether this case gets the same level of attention from the CIA, etc., as the Lockerbie crash. The latter killed 270 people (including some on the ground), but that's just because there were more passengers on that particular flight. The essential crime - the destruction of an airliner and most, or all, on board - is the same. Are we about to see a "war on malware" from the White House and the Pentagon?

Ugh (1)

jav1231 (539129) | about 4 years ago | (#33312926)

Between this and hospital computers rebooting themselves after auto-updating how can people defend Windows in critical operations? At the very least run embedded WIndows or something more specialized. Though, yes, I admit I'd rather see them not run Windows at all.

Re:Ugh (0)

Anonymous Coward | about 4 years ago | (#33312970)

Main thing here is not wether Windoze yes or not. Main thing here is about security and regulation. This is all about.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>