Was a Trojan responsible for the death of 154 people in a plane crash?

Investigations have been made into whether a Trojan caused a Spanish plane to crash.

Spanair's JK 5002 was bound for the Canary Islands but crashed shortly after takeoff from Madrid's Barajas international airport in August 2008, killing 154 of its 172 passengers and crew. An initial investigation blamed the crash  on an error by the pilot.

However according to a report by the Spanish newspaper El Pais, the plane's computer was ‘contaminated with malicious software', as the aircraft has an alarm that warns the driver if they forget to turn the fins and slats on, and on that day, the alarm did not ring.

The investigating judge Juan David Perez is investigating whether there is a relationship between the failure of the alarm and the damage that was dragging the plane. The computer was located at Spanair's headquarters and was programmed to record technical faults. If three of the same type were recorded, the plane would normally be grounded.

Australia's IT News reported that the hearing has revealed that three technical problems of the same nature had been detected by the plane's systems in the two days prior to the crash, but while the faults were transmitted to Spanair's central computer, it never registered them.

Rick Wanner, tech security analyst at the SANS Institute's Internet Storm Center, wrote on his blog that there is a lot of discussion in information security about controls: preventive; detective; and corrective.

Wanner said: “I am not a pilot, so I cannot speak with authority on how to fly a passenger airliner, but it seems clear to me that this accident was caused by the failure of a number of controls leading to a disastrous outcome. Clearly the Spanair diagnostic system (a detective control) designed to detect anomalies in the airliners system failed, possibly due to a Trojan. Also it appears the pilots bypassed part of their pre-takeoff checklist, leaving the flaps and slats in a position not recommended for takeoff.

“In information security, the stakes are rarely so high as human lives, but failures in controls often lead to unexpected consequences. A misconfigured firewall rule, allowing more permissive access to systems, a false negative in an IDS/IPS system, a user violating policy by plugging in a personal USB stick etc. The moral of the story is do not take your control systems and processes for granted. Audit and test them regularly to ensure they are operating correctly.”

Last year Rodney Joffe, senior vice president and senior technologist of Neustar and a director of the Conficker Working Group, claimed that viruses could become the cause of lives being lost at some point in the future.

He told SC Magazine: “SCADA control infrastructure has its own subset in security and if someone finds a way, there are power systems and if they are infected they will cause danger to human life.”

Sign up to our newsletters