• This is a political forum that is non-biased/non-partisan and treats every persons position on topics equally. This debate forum is not aligned to any political party. In today's politics, many ideas are split between and even within all the political parties. Often we find ourselves agreeing on one platform but some topics break our mold. We are here to discuss them in a civil political debate. If this is your first visit to our political forums, be sure to check out the RULES. Registering for debate politics is necessary before posting. Register today to participate - it's free!

Malware implicated in fatal crash

LaMidRighter

Klattu Verata Nicto
DP Veteran
Joined
May 19, 2005
Messages
30,534
Reaction score
10,682
Location
Louisiana
Gender
Male
Political Leaning
Libertarian - Right
Story is here: Malware implicated in fatal Spanair plane crash - Technology & science - Security - msnbc.com Spanair flight 5022 was lost in 2008 killing 154 passengers and leaving 18 survivors. The NTSB implicated a malware infection which disabled critical alarm systems leaving the crew basically blind to major systems failures. People are welcome to their opinions here but I think it's time to get even more serious in prosecuting hackers and other malware creators.

I've said for years that people who attack computer integrity are capable of ruining lives and should be given as harsh of a sentence as legally allowed to deter the next one from even trying it. Maybe my opinions are a little draconian as far as these hackers go, but I hope that the originator of the trojan horse is discovered and charged with 154 federal homicide counts and then sued by the 18 survivors into oblivion.
 

Orion

Banned
DP Veteran
Joined
Jun 25, 2008
Messages
8,083
Reaction score
3,918
Location
Canada
Gender
Male
Political Leaning
Independent
Because I'm a sci-fi nerd, the first thing I thought of is Battlestar Galactica and how the Cylons were able to infect computers that were networked. How exactly does malware get into an on board flight system unless it is connected to an outside source? Maybe flight companies should reconsider making their systems opened to the world wide web where hackers can gain access.
 

LaMidRighter

Klattu Verata Nicto
DP Veteran
Joined
May 19, 2005
Messages
30,534
Reaction score
10,682
Location
Louisiana
Gender
Male
Political Leaning
Libertarian - Right
Because I'm a sci-fi nerd, the first thing I thought of is Battlestar Galactica and how the Cylons were able to infect computers that were networked. How exactly does malware get into an on board flight system unless it is connected to an outside source? Maybe flight companies should reconsider making their systems opened to the world wide web where hackers can gain access.
That was the thing, the article mentioned that all these systems network to each other. I'm thinking a workstation must have had the file and then fed it through. I forgot which type of protocol they mentioned was suspect but it's a creepy thought that major flight control systems can be disabled that easily. I completely agree that seperate intranet systems should be used with zero access to outside computers.
 

Hoplite

Technomancer
DP Veteran
Joined
Feb 6, 2010
Messages
3,779
Reaction score
1,077
Location
California
Gender
Male
Political Leaning
Moderate
This leads me to ask why there was no (or lax) antivirus or malware prevention software present.

In the digital age, such software is a basic form of protection that anything hooked up to anything else should have. If you dont use the software, I have little sympathy for you if you get infected.

It's like unprotected sex; it is at least partially your fault if you catch something because you didnt do the bare minimum to protect yourself.
 

LaMidRighter

Klattu Verata Nicto
DP Veteran
Joined
May 19, 2005
Messages
30,534
Reaction score
10,682
Location
Louisiana
Gender
Male
Political Leaning
Libertarian - Right
This leads me to ask why there was no (or lax) antivirus or malware prevention software present.

In the digital age, such software is a basic form of protection that anything hooked up to anything else should have. If you dont use the software, I have little sympathy for you if you get infected.

It's like unprotected sex; it is at least partially your fault if you catch something because you didnt do the bare minimum to protect yourself.
You have a point in a way, there is responsibility on the part of the air traffic network to insure all systems are functioning properly but the passengers on the plane are innocent in all of this. All they did was buy a ticket and expect a reasonably safe flight. The big problem though with blaming ATC though is that this trojan horse was suspected to have hit the VPN network(after re-reading the article) and these are less protected backdoors that hackers love to use, apparently the antivirus software was completely bypassed as these networks are not necessarily as protected.

Again, the hacker assumes the majority of the blame here IMO as it is his malware that corrupted critical files and had those not been created the plane would never have even taken off. The flight crew and passengers literally had no chance.
 
Last edited:

Hoplite

Technomancer
DP Veteran
Joined
Feb 6, 2010
Messages
3,779
Reaction score
1,077
Location
California
Gender
Male
Political Leaning
Moderate
You have a point in a way, there is responsibility on the part of the air traffic network to insure all systems are functioning properly but the passengers on the plane are innocent in all of this. All they did was buy a ticket and expect a reasonably safe flight. The big problem though with blaming ATC though is that this trojan horse was suspected to have hit the VPN network(after re-reading the article) and these are less protected backdoors that hackers love to use, apparently the antivirus software was completely bypassed as these networks are not necessarily as protected.

Again, the hacker assumes the majority of the blame here IMO as it is his malware that corrupted critical files and had those not been created the plane would never have even taken off. The flight crew and passengers literally had no chance.
I agree that a great deal of the blame rests on the creator of the malware however the airline that flies the plane shares in that responsibility. They were responsible for protecting their network and it seems as though they didnt do such a good job of it. When people die because a business failed to take adequate safety measures to prevent something, part of the responsibility for the fatalities rests on their shoulders.
 

LaMidRighter

Klattu Verata Nicto
DP Veteran
Joined
May 19, 2005
Messages
30,534
Reaction score
10,682
Location
Louisiana
Gender
Male
Political Leaning
Libertarian - Right
I agree that a great deal of the blame rests on the creator of the malware however the airline that flies the plane shares in that responsibility. They were responsible for protecting their network and it seems as though they didnt do such a good job of it. When people die because a business failed to take adequate safety measures to prevent something, part of the responsibility for the fatalities rests on their shoulders.
I think we agree for the most part. What I believe ended up happening was that to save money a single open network must have been used, possibly past the money issue the dept. may not have had the manpower to create and maintain a seperate network or even some workstations may have needed to be accessed by non-flight engaged controllers to feed info to the system.

In any case I think that flight computers should be on a seperate network not open to the rest of the computers specifically for this issue. Even if it takes hiring an intermediary to communicate commands between the two system operators by physical means such as radio or phone I'd say it would be worth it to avoid a future catastrophes such as this.
 

Hoplite

Technomancer
DP Veteran
Joined
Feb 6, 2010
Messages
3,779
Reaction score
1,077
Location
California
Gender
Male
Political Leaning
Moderate
I think we agree for the most part. What I believe ended up happening was that to save money a single open network must have been used, possibly past the money issue the dept. may not have had the manpower to create and maintain a seperate network or even some workstations may have needed to be accessed by non-flight engaged controllers to feed info to the system.

In any case I think that flight computers should be on a seperate network not open to the rest of the computers specifically for this issue. Even if it takes hiring an intermediary to communicate commands between the two system operators by physical means such as radio or phone I'd say it would be worth it to avoid a future catastrophes such as this.
The only way you could really ensure there was zero risk would be either to have NO communication whatsoever with any other network. That isnt practical as you need firmware and software updates as well as GPS and navigational information.

The other alternative is have flight computers communicate in a language that programs dont understand unless they've been designed to.

Better just to have serious anti-virus software.
 

LaMidRighter

Klattu Verata Nicto
DP Veteran
Joined
May 19, 2005
Messages
30,534
Reaction score
10,682
Location
Louisiana
Gender
Male
Political Leaning
Libertarian - Right
The only way you could really ensure there was zero risk would be either to have NO communication whatsoever with any other network. That isnt practical as you need firmware and software updates as well as GPS and navigational information.

The other alternative is have flight computers communicate in a language that programs dont understand unless they've been designed to.

Better just to have serious anti-virus software.
True on the av software but I've been hacked in times that I thought I was bulletproof as well. Dunno, I guess I'd rather a dual network with a human communicating the two commands just to be safe. I'll let the pros sort this one out.
 

Hoplite

Technomancer
DP Veteran
Joined
Feb 6, 2010
Messages
3,779
Reaction score
1,077
Location
California
Gender
Male
Political Leaning
Moderate
True on the av software but I've been hacked in times that I thought I was bulletproof as well. Dunno, I guess I'd rather a dual network with a human communicating the two commands just to be safe. I'll let the pros sort this one out.
There's no such thing as bulletproof. In my experience, those who consider themselves "impervious" to viruses or malware often have the biggest security holes.
 

LaMidRighter

Klattu Verata Nicto
DP Veteran
Joined
May 19, 2005
Messages
30,534
Reaction score
10,682
Location
Louisiana
Gender
Male
Political Leaning
Libertarian - Right
There's no such thing as bulletproof. In my experience, those who consider themselves "impervious" to viruses or malware often have the biggest security holes.
I agree with that. Learned that lesson the hard way. LOL!
 

rathi

Count Smackula
DP Veteran
Joined
Oct 10, 2006
Messages
7,890
Reaction score
4,730
Location
California
Gender
Male
Political Leaning
Independent
It is nothing but shear incompetence that this was allowed to happen. The system used to monitor the aircraft before take-off should operate under a closed network at all times. If you need any kind of firmware or software update, it should be done manually with physical access. Anti-Virus software is worthless, the only real defense is to avoid the attack vector in the first place.
 

mac

DP Veteran
Joined
Jun 13, 2010
Messages
22,499
Reaction score
4,266
Location
DC Metro
Gender
Male
Political Leaning
Moderate
Because I'm a sci-fi nerd, the first thing I thought of is Battlestar Galactica and how the Cylons were able to infect computers that were networked. How exactly does malware get into an on board flight system unless it is connected to an outside source? Maybe flight companies should reconsider making their systems opened to the world wide web where hackers can gain access.
Probably injected when on board software was updated.
 

Deuce

Outer space potato man
DP Veteran
Joined
Feb 6, 2010
Messages
75,074
Reaction score
32,898
Gender
Male
Political Leaning
Undisclosed
It is nothing but shear incompetence that this was allowed to happen. The system used to monitor the aircraft before take-off should operate under a closed network at all times. If you need any kind of firmware or software update, it should be done manually with physical access. Anti-Virus software is worthless, the only real defense is to avoid the attack vector in the first place.
That's probably precisely when the malware got in. There aren't that many ways to get data of any kind into those computers.
 
Top Bottom