Malware's role in fatal 2008 air crash

Contrary to some reports, malware did not cause the 2008 Spanair crash that killed 154 people. But an infected computer could have contributed to failures in the airline maintenance system that might have helped prevent the crash.

A Spanair flight that crashed two years ago killed 154 people and was Spain's worst air disaster in 25 years. Recent reports have suggested that an infected computer warning system was the reason pilots were not alerted that the plane’s wing slats were not properly positioned for takeoff. That does not appear to be true — Spanair JK 5022 was not brought down by a Trojan.

What might have happened is that an airline maintenance department computer used to track problems reported on aircraft was running slow, possibly because of a malware infection, and mechanics had not entered the latest incident report for that aircraft before the fatal takeoff attempt.

The infection did not cause the crash, but it might be the reason that the aircraft was not flagged for attention, which in turn could have led to the crash. That indirect contribution to a disaster illustrates the importance of keeping even routine back-office information technology systems protected and clean of malicious code so that they can properly support mission-critical operations.


Related stories:

FAA identifies computer error that caused delays

FAA pushing to get advanced technology into air traffic control


The Spanish MD-82 airliner crashed on a takeoff attempt at Madrid’s Barajas Airport Aug. 20, 2008. Although final conclusions have not been issued, initial reports from Spanish authorities and the U.S. National Transportation Safety Board, which assisted in the investigation, indicate that slats on the aircraft’s wings were not in the proper position when the plane began its takeoff — and the crash was mostly because of the crew’s failure to notice that. According to an NTSB report issued in August 2009, there were no audible warnings of the problem in the cockpit because a faulty relay had disabled a takeoff warning system.

The aircraft reportedly had two maintenance problems the day before the crash and had aborted one takeoff because of a faulty sensor immediately before the fatal takeoff attempt. The airline’s maintenance tracking system is supposed to issue an alert when three similar problems occur on an aircraft.

However, according to Spanish news reports, it took about 24 hours for the airline to enter this information. The system also reportedly was running slow, which delayed the entry of the third incident on the day of the crash. The Spanish judge in charge of the investigation has ordered the airline to turn over data related to the computer's condition.

Until the investigation is completed, the ultimate causes of the crash will not be known for sure. But it appears unlikely at this point that malware was involved in the immediate failures that brought down the plane.

However, even if an infected computer was not directly involved, it appears that it could have been the indirect reason for the failure to flag the aircraft for additional attention. There is no indication yet that this maintenance system had been specifically targeted for attack or that an attacker’s intent was to interfere with aircraft operations.

But the incident highlights the importance of properly protecting and maintaining IT systems, even those that are not obviously high-impact systems.

It could be that the lack of an updated antivirus program contributed to the loss of those lives on Spanair JK 5022.