Malware Contributed To Plane Crash
Investigation into Spanair flight 5022 finds that monitoring server had been disabled by Trojan application.
Slideshow: Next Generation Defense Technologies
|(click for larger image and for full photo gallery)|
The Spanish agency charged with investigating the accident has listed the official cause as pilot error, because the pilots failed to extend the MD-80 airplane's takeoff flaps and slats, which would have helped the airplane to rise. Instead, the plane stalled just seconds after takeoff.
More Security Insights
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- Getting a Grip on Mobile Malware
White PapersMore >>
But the agency also found that a warning alarm meant to ensure that the pilots didn't leave the flaps and slats retracted failed to sound, and that the warning had failed to sound on two previous occasions.
According to Spanish daily El Pais, those failures, which were non-trivial, should each have been immediately logged in a maintenance system, which would have spotted the recurring fault and triggered an alarm at the airline's headquarters in Palma de Mallorca, keeping the plane grounded until the issue was fixed.
But authorities say that the maintenance system had been infected by a Trojan application, rendering the monitor useless. In addition, two engineers currently under investigation for manslaughter apparently failed to log the device faults, even though under company policies they were required to do so immediately. When they did attempt to enter the faults, the plane had already crashed, at which point they found that the monitoring system apparently wasn't working.
The judge, Juan David Perez, has demanded that the airline turn over copies of all entries in the maintenance system from the days before and after the crash.
"I am not a pilot, so I cannot speak with authority on how to fly a passenger airliner, but it seems clear to me that this accident was caused by the failure of a number of controls leading to a disastrous outcome," wrote Rick Wanner of the SANS Internet Storm Center, on his blog. "Clearly the SpanAir diagnostic system (a detective control) designed to detect anomalies in the airliners system failed, possibly due to a Trojan. Also it appears the pilots bypassed part of their pre-takeoff checklist, leaving the flaps and slats in a position not recommended for takeoff."
"This one all boils down to inadequate training and a lack of professional behavior," said a responder to Wanner's post, citing 25 years of jet avionics experience. "They had to have had ample indications that certain systems were not working, they didn't follow the checklists and they didn't abort when they failed to reach certain speeds at certain points during the takeoff roll."
Find out how to classify, find, and protect unstructured data across the enterprise in this Dark Reading report. Download it here (registration required).