Re: [IP] Malware kills 154
This came in from SANS NewsBites Vol. 12 Num 67 : Did a computer virus cause the 150 deaths in the Spanair crash? --Judge to Examine Evidence on Malware in Spanair Fatal Air Crash Case (August 20 23, 2010) A Spanish judge will investigate whether or not malware on a Spanair computer system had anything to do with the system's failure to raise alerts prior to a 2008 airplane crash that killed 154 of 172 people on board. The official cause of the crash was pilot error; the pilots were found to have failed to extend the airplane's take-off flaps and slats. However, the investigation also found that a warning system failed to alert the pilots that the flaps and slats had not extended and had also failed to do so on two previous occasions. Each failure should have been logged into Spanair's maintenance system, which was found to be infected with malware. Three failures would have triggered an alarm that would have kept the airplane grounded until the problem was fixed. The judge has called for Spanair to release computer logs for the days before and after the crash. The malware infection appears to have spread through a flash drive. Internet Storm Center: http://isc.sans.edu/diary.html?storyid=9433 http://www.securecomputing.net.au/News/229633,trojans-linked-to-spanish-air-crash.aspx http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=226900089 http://content.usatoday.com/communities/technologylive/post/2010/08/infected-usb-thumb-drive-implicated-in-deadly-2008-spanair-jetliner-crash/1?loc=interstitialskip http://www.theregister.co.uk/2010/08/20/spanair_malware/ http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/ http://news.cnet.com/8301-1009_3-20014237-83.html?tag=mncol;title [Editor's Note (Schultz): This is a potentially very significant turn of events. If the loss of 172 lives can be traced to the presence of malware, corporate executives and government officials are likely to take security risk management much more seriously than they generally now do.] OBLegal: Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/ Cheers - Bill --- Bill Frantz| gets() remains as a monument | Periwinkle (408)356-8506 | to C's continuing support of | 16345 Englewood Ave www.pwpconsult.com | buffer overruns. | Los Gatos, CA 95032 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: [IP] Malware kills 154
On Aug 24, 2010, at 12:32 19PM, Chad Perrin wrote: On Mon, Aug 23, 2010 at 03:35:45PM -0400, Steven Bellovin wrote: And the articles I've seen do not say that the problem caused the crash. Rather, they say that a particular, important computer was infected with malware; I saw no language (including in the Google translation of the original article at http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepiesp/20100820elpepinac_11/Tes, though the translation has some crucial infelicities) that said because of the malware, bad things happened. It may be like the reactor computer with a virus during a large blackout -- yes, the computer was infected, but that wasn't what caused the problem. The problem was evidently a couple of maintenance technicians who didn't do their jobs correctly. The computer comes into the matter because one of its jobs was to activate an alarm if a critical system whose failure *was* the proximate cause of the crash was not working properly. It didn't activate the alarm, which would have led to the aircraft being prohibited from taking off, because of the malware. What I have not seen are any statements attributed to the investigating agency that support your last conclusion: that the malware is what caused the alarm failure. I saw a very good summary of the official findings; I'll ask permission to repost them. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: [IP] Malware kills 154
On Tue, Aug 24, 2010 at 06:44:02PM -0400, Steven Bellovin wrote: On Aug 24, 2010, at 12:32 19PM, Chad Perrin wrote: On Mon, Aug 23, 2010 at 03:35:45PM -0400, Steven Bellovin wrote: And the articles I've seen do not say that the problem caused the crash. Rather, they say that a particular, important computer was infected with malware; I saw no language (including in the Google translation of the original article at http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepiesp/20100820elpepinac_11/Tes, though the translation has some crucial infelicities) that said because of the malware, bad things happened. It may be like the reactor computer with a virus during a large blackout -- yes, the computer was infected, but that wasn't what caused the problem. The problem was evidently a couple of maintenance technicians who didn't do their jobs correctly. The computer comes into the matter because one of its jobs was to activate an alarm if a critical system whose failure *was* the proximate cause of the crash was not working properly. It didn't activate the alarm, which would have led to the aircraft being prohibited from taking off, because of the malware. What I have not seen are any statements attributed to the investigating agency that support your last conclusion: that the malware is what caused the alarm failure. I saw a very good summary of the official findings; I'll ask permission to repost them. I'd love to see it. I don't for the life of me remember which articles I saw from which I got that impression of events; if you have better sources, I'd love to know about it. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpW0QF5sQrBw.pgp Description: PGP signature