Re: [IP] Malware kills 154

2010-08-24 Thread Bill Frantz
This came in from SANS NewsBites Vol. 12 Num 67 : Did a computer 
virus cause the 150 deaths in the Spanair crash?


 --Judge to Examine Evidence on Malware in Spanair Fatal Air 
Crash Case

(August 20  23, 2010)
A Spanish judge will investigate whether or not malware on a Spanair
computer system had anything to do with the system's failure to raise
alerts prior to a 2008 airplane crash that killed 154 of 172 
people on
board.  The official cause of the crash was pilot error; the 
pilots were

found to have failed to extend the airplane's take-off flaps and slats.
However, the investigation also found that a warning system 
failed to
alert the pilots that the flaps and slats had not extended and 
had also

failed to do so on two previous occasions.  Each failure should have
been logged into Spanair's maintenance system, which was found 
to be

infected with malware.  Three failures would have triggered an alarm
that would have kept the airplane grounded until the problem was fixed.
The judge has called for Spanair to release computer logs for 
the days

before and after the crash.  The malware infection appears to have
spread through a flash drive.
Internet Storm Center: http://isc.sans.edu/diary.html?storyid=9433
http://www.securecomputing.net.au/News/229633,trojans-linked-to-spanish-air-crash.aspx
http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=226900089
http://content.usatoday.com/communities/technologylive/post/2010/08/infected-usb-thumb-drive-implicated-in-deadly-2008-spanair-jetliner-crash/1?loc=interstitialskip
http://www.theregister.co.uk/2010/08/20/spanair_malware/
http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/
http://news.cnet.com/8301-1009_3-20014237-83.html?tag=mncol;title
[Editor's Note (Schultz): This is a potentially very significant turn
of events. If the loss of 172 lives can be traced to the 
presence of
malware, corporate executives and government officials are 
likely to

take security risk management much more seriously than they generally
now do.]

OBLegal: Please feel free to share this with interested parties 
via email, but
no posting is allowed on web sites. For a free subscription, 
(and for

free posters) or to update a current subscription, visit
http://portal.sans.org/

Cheers - Bill

---
Bill Frantz| gets() remains as a monument | Periwinkle
(408)356-8506  | to C's continuing support of | 16345 
Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos, 
CA 95032


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: [IP] Malware kills 154

2010-08-24 Thread Steven Bellovin

On Aug 24, 2010, at 12:32 19PM, Chad Perrin wrote:

 On Mon, Aug 23, 2010 at 03:35:45PM -0400, Steven Bellovin wrote:
 
 And the articles I've seen do not say that the problem caused the
 crash.  Rather, they say that a particular, important computer was
 infected with malware; I saw no language (including in the Google
 translation of the original article at
 http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepiesp/20100820elpepinac_11/Tes,
 though the translation has some crucial infelicities) that said
 because of the malware, bad things happened.  It may be like the
 reactor computer with a virus during a large blackout -- yes, the
 computer was infected, but that wasn't what caused the problem.
 
 The problem was evidently a couple of maintenance technicians who didn't
 do their jobs correctly.  The computer comes into the matter because one
 of its jobs was to activate an alarm if a critical system whose failure
 *was* the proximate cause of the crash was not working properly.  It
 didn't activate the alarm, which would have led to the aircraft being
 prohibited from taking off, because of the malware.
 

What I have not seen are any statements attributed to the investigating agency 
that support your last conclusion: that the malware is what caused the alarm 
failure.  

I saw a very good summary of the official findings; I'll ask permission to 
repost them.

--Steve Bellovin, http://www.cs.columbia.edu/~smb





-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: [IP] Malware kills 154

2010-08-24 Thread Chad Perrin
On Tue, Aug 24, 2010 at 06:44:02PM -0400, Steven Bellovin wrote:
 
 On Aug 24, 2010, at 12:32 19PM, Chad Perrin wrote:
 
  On Mon, Aug 23, 2010 at 03:35:45PM -0400, Steven Bellovin wrote:
  
  And the articles I've seen do not say that the problem caused the
  crash.  Rather, they say that a particular, important computer was
  infected with malware; I saw no language (including in the Google
  translation of the original article at
  http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepiesp/20100820elpepinac_11/Tes,
  though the translation has some crucial infelicities) that said
  because of the malware, bad things happened.  It may be like the
  reactor computer with a virus during a large blackout -- yes, the
  computer was infected, but that wasn't what caused the problem.
  
  The problem was evidently a couple of maintenance technicians who didn't
  do their jobs correctly.  The computer comes into the matter because one
  of its jobs was to activate an alarm if a critical system whose failure
  *was* the proximate cause of the crash was not working properly.  It
  didn't activate the alarm, which would have led to the aircraft being
  prohibited from taking off, because of the malware.
  
 
 What I have not seen are any statements attributed to the investigating
 agency that support your last conclusion: that the malware is what
 caused the alarm failure.  
 
 I saw a very good summary of the official findings; I'll ask permission
 to repost them.

I'd love to see it.  I don't for the life of me remember which articles I
saw from which I got that impression of events; if you have better
sources, I'd love to know about it.

-- 
Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]


pgpW0QF5sQrBw.pgp
Description: PGP signature


Re: [IP] Malware kills 154

2010-08-23 Thread Steven Bellovin

On Aug 23, 2010, at 11:50 30AM, John Levine wrote:

 Authorities investigating the 2008 crash of Spanair flight 5022
 have discovered a central computer system used to monitor technical
 problems in the aircraft was infected with malware
 
 http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/?gt1=43001
 
 This was very poorly reported.  The malware was on a ground system that
 wouldn't have provided realtime warnings of the configuration problem
 that caused the plane to crash anyway.
 

And the articles I've seen do not say that the problem caused the crash.  
Rather, they say that a particular, important computer was infected with 
malware; I saw no language (including in the Google translation of the original 
article at 
http://www.elpais.com/articulo/espana/ordenador/Spanair/anotaba/fallos/aviones/tenia/virus/elpepiesp/20100820elpepinac_11/Tes,
 though the translation has some crucial infelicities) that said because of 
the malware, bad things happened.  It may be like the reactor computer with a 
virus during a large blackout -- yes, the computer was infected, but that 
wasn't what caused the problem.


--Steve Bellovin, http://www.cs.columbia.edu/~smb





-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: [IP] Malware kills 154

2010-08-23 Thread Steven Bellovin

On Aug 23, 2010, at 11:11 13AM, Peter Gutmann wrote:

 Perry E. Metzger pe...@piermont.com forwards:
 
 Authorities investigating the 2008 crash of Spanair flight 5022
 have discovered a central computer system used to monitor technical
 problems in the aircraft was infected with malware
 
 http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/?gt1=43001
 
 Sigh, yet another attempt to use the dog ate my homework of computer
 problems, if their fly-by-wire was Windows XP then they had bigger things to
 worry about than malware.
 
To say nothing of what happens when you run a nuclear power plant on Windows: 
http://www.upi.com/News_Photos/Features/Irans-Bushehr-nuclear-power-plant/3693/2/
 (slightly OT, I realize, but too good to pass up).


--Steve Bellovin, http://www.cs.columbia.edu/~smb





-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com