The SDU Re-logon: A Small Detail That Tells Us So Much About the Fate of MH370

MCS 6000
The Honeywell/Thales MCS6000 Satellite Data Unit is the middle of the three boxes shown here.


One of the peculiarities of the MH370 mystery is that, while we have only a very small handful of clues about the fate of the plane, some of them often get overlooked due to their highly technical nature. Today I’d like to revisit a topic that I’ve touched on before but which I feel continues to be get short shrift: the re-logon of the  MH370 Satellite Data Unit, or SDU. Just on its own, this little data point tells us a great deal about what happened to the missing plane.

First, some basic background. Flight MH370 took off from Kuala Lumpur International airport at 16:42 UTC on March 7, 2014 bound for Beijing. At 17:07:29, the plane sent an ACARS report via its satcom. At 17:20:36, five seconds after passing waypoint IGARI and a minute after the last radio transmission, the transponder shut off. For the next hour, MH370 was electronically dark. The next ACARS transmission, scheduled for 17:37, did not take place. At 18:03 Inmarsat attempted to forward an ACARS text message and received no response, suggesting that the satcom system was turned off or otherwise out of service. At 18:22, MH370 vanished from primary radar coverage over the Malacca Strait. Three minutes later the satcom system connected with Inmarsat satellite 3F-1 over the Indian Ocean and inititated a logon at 18:25:27.

The question is, by what mechanisms could MH370’s satcom have become inactive, then active again?

Logging on and off the satcom is not something airline pilots are trained to do. A pilot can deselect the satcom as a mode of transmission for ACARS messages so that they go out over the radio instead, but this is not what seems to have happened in the case of MH370. According to the ATSB report issued in June of 2014,

A log-on request in the middle of a flight is not common and can occur for only a few reasons. These include a power interruption to the aircraft satellite data unit (SDU), a software failure, loss of critical systems providing input to the SDU or a loss of the link due to aircraft attitude. An analysis was performed which determined that the characteristics and timing of the logon requests were best matched as resulting from power interruption to the SDU.

Like most of us, I’d never heard of an SDU before MH370 happened.

It’s a piece of equipment which processes the signals that are transmitted and received between the plane and the satellite network. The SDU lives above the ceiling of the passenger cabin, toward the back of the airplane, near the rear emergency exit. The reason it’s there is that in order for it to work efficiently, it needs to be located as close as possible to the satellite antennae, which protrude from the top of the airplane just above it. Imagine an electronic version of an old-timey ham radio operator sitting underneath a radio tower. Bear in mind that the SDU doesn’t generate information per se; it’s just providing the link between the aircraft and the satellite. A useful analogy is to think of your smart phone. When you turn it on, it connects to the cell network, but it doesn’t communicate with anyone until you send a text message, make a phone call, or activate an app.

The SDU is a very important piece of equipment in the MH370 saga because the seven pairs of BTO and BFO values, which together comprise all that we know about the final six hours of the flight, depend on computations carried out in the SDU.

How could the SDU power interruption have occurred? For one thing, it couldn’t have happened accidentally. Independent researchers have spent months trying to figure out a way that the SDU could have logged off and back on again without human intervention, without success. So it must have been intentional. However, there is no on/off switch for the SDU in a 777 cockpit. A person wanting to turn the SDU off has two options. The first is to descend into the electronics and equipment bay (E/E bay) through a hatch at the front of the first-class cabin and flip three circuit breakers located there. I call this the “easy way.” The second method, which can be accomplished directly from the cockpit, is to isolate the portion of the plane’s electrical system which feeds the SDU, the left AC bus. I call this the “hard way.” Since it’s quite complicated, I’d like to discuss it in greater detail.

According to IG member Barry Martin, the left main AC bus can receive its electrical power from any one of four sources:

  • left main engine IDG via a left generator circuit breaker
  • right main AC bus via both left and right bus tie breakers
  • auxiliary power unit generator via an auxiliary power breaker and the left bus tie breaker
  • backup generator converter which connects to the left transfer bus via a left converter circuit breaker, and the left transfer bus connects to the left main AC via a left transfer bus breaker.

In order to prevent any of these from supplying electrical power, Martin writes, a multi-step process is required:

The left IDG can be disconnected in a couple of ways via the flight deck electrical power system control panel. The preferred method would be via the left generator control switch. The second method is by use of the guarded drive disconnect switch, which permanently disconnects the IDG and the connection can only be remade on the ground. The L GEN CONT switch will open the left generator circuit breaker, but the left bus tie breaker would then automatically close to re-energise the left main bus so the left BTB must be switched to ISLN on the electrical control panel before attempting to disconnect the IDG.

The left main bus can still be powered from the left transfer bus which picks up power from a solid-state variable-speed constant-frequency backup generator converter. The easiest method of preventing this is by simply opening the left transfer bus breaker, which allows the left transfer bus to remain energised to ensure the left transformer rectifier unit stays powered. However, I don’t see an option on the flight deck control panel to manually open the left transfer bus breaker. A second option would be opening the left converter circuit breaker, connecting the left transfer bus to the backup generator. Again, there’s no L CCB switch on the panel. Therefore the third option is to switch both backup generators off, which is possible via the panel.

This explanation is somewhat above my paygrade but my takeaway is that isolating the left AC bus requires some technical savvy—indeed, technical savvy beyond the ambit of 777 pilots. When I asked Patrick Smith, a 777 pilot who is one of the most well-regarded aviation commentators in the US, about the SDU reboot, he replied, “The what?” After I explained, he answered: “There isn’t a 777 pilot alive, I’ll bet you, who has the remotest clue as to what the SDU is.” I’ve brought up the topic with many other 777 pilots I respect and have gotten essentially the same response.

I would add that while it seems clearly possible to power the SDU on and off my isolating and then reconnecting the left AC bus, to do so would be a risky undertaking. In a fascinating blog post on an airline pilot who goes by the handle “Ken” describes going through a simulated left AC bus failure in the course of a training session. He notes that among the systems lost were Window Heat (Left) and a Primary Hydraulic Pump (Left). “No biggie,” he writes, but adds that in addition:

…there are a whole host of ancillary services lost. Many of these are reflected by the amber lights on the overhead panel. Having looked at the roof – you later discover even then that it’s not the whole story. In this particular scenario we decided to return to KLAX. Part of the return process was fuel jettison down to maximum landing weight. Guess what? Without the Left Bus – the main tank jettison pumps are failed. You’ll be advised of this… when you start the fuel jettison. I didn’t give this a second thought… but the discussion we had afterwards that included a talk about this little quirk of the Boeing EICAS/ECL was interesting. There are no EICAS/STATUS messages to advise you of everything you’ve lost, and in many cases, until you attempt to use something that’s failed – you won’t know about it. Older aircraft used to publish a Bus Distribution List (Electrical and Hydraulic) so that you’d know exactly what you’d lost with a particular electrical bus failure – but not on the 777. My fellow pilots were vaguely disturbed by the lack of information.

It’s not impossible to imagine that one of the pilots cooked up a plan that involved switching off the satcom by isolating the left AC bus, but to do so they would have had to do intensive research into the issue, without any way of knowing if their research was complete. “ It can be difficult to find out just what equipment is powered by a particular bus,” says Smith, “so if you start isolating buses you’ll likely wind up shutting down things you don’t mean to or expect to.” All told, this would be a complicated and risky strategy.

And to what end? Why would anyone want to depower the SDU anyway?

One might imagine that the SDU was powered down for the same reason that the other forms of electronic communication were shut down around the time MH370 reached IGARI: to slip away from ATC surveillance in order to pull a 180 and slip away undetected. One doesn’t need to depower the SDU to go dark, however.  If the satcom was deselected for ACARS and the IFE was switched off (both of which are easily accomplished from the cockpit) then there would be no reason for a pilot to fear that the satellite would give away his position.

Some have raised the possibility that whoever took MH370 didn’t want to turn off the SDU per se, but wanted to turn something else that was on the left AC bus and wound up taking the SDU along with it as an uintended consequence. If so, the crucial question then becomes: What else is powered by the left AC bus? It wasn’t easy to find out, but after months of painstaking digging, a number of independent researchers were able to collectively determine that some of the other systems fed by the AC bus are:

  • TCAS (Traffic Collision Avoidance System)
  • Cockpit door lock
  • The centre tank override and jettison pumps
  • Some galley equipment
  • IFE (in-flight entertainment system, which includes passenger satellite phone service)
  • One of the high-frequency radios
  • The main passenger cabin lighting system (the night, cabin and cross-aisle lights remain powered)
  • The Cockpit Voice Recorder (CVR)

There is only one piece of equipment on this list that someone who is in the process of stealing a plane might be strongly motivated to shut off, and that is the cockpit voice recorder. Recall that in December, 1997, the pilot of Silkair Flight 185 apparently got up out of his seat and pulled the circuit breakers for the CVR before returning to the cockpit and flying the plane into the ground. Because the CVR wasn’t working, investigators couldn’t tell exactly what happened in the cockpit in the moments before the crash, so the pilot’s guilt was impossible to establish conclusively. Which presumably was the point.

The idea that MH370’s pilot isolated the left AC bus in order to shut down the CVR is problematic, however. For one thing, it would be far simpler to depower the CVR the “easy way,” by going down into the E/E bay and pulling the circuit breakers. But maybe the pilot had locked the co-pilot out of the cockpit, and so wasn’t free to leave to go down into the E/E bay? In that case, isolating the left AC bus would have had the reverse of the desired consequences. Anyone savvy enough to know how to depower the left AC bus would also understand that the CVR over-writes itself every two hours. Therefore cutting power to the CVR would result in the preservation of the recording of whatever was said and done when the pilot talked the copilot out of the cockpit and locked the door.

Of course, if the pilot planned to fly the plane six hours into the middle of the southern Indian Ocean, he’d have no reason to shut down the CVR anyway, since its contents would be come erased during the long flight into oblivion.

To sum up, the fact that the SDU logged back on with Inmarsat three minutes after leaving primary radar coverage is one of the most significant clues that we have to the fate of MH370. By itself, it rules out the possibility that MH370 went dark due to fire or electrical malfunction (which remains a popular theory despite being impossible for several other reasons as well) and it strongly suggests that the plane was not hijacked by one of its own pilots for the purposes of committing suicide (another popular theory). Instead, the SDU re-logon suggests the plane was taken over by a passenger or passengers with a sophisticated knowledge of aircraft electrical systems.

This may well be one of the reasons that the French judicial authorities are treating MH370 as a terrorist investigation.

131 thoughts on “The SDU Re-logon: A Small Detail That Tells Us So Much About the Fate of MH370”

  1. I appreciate this has been discussed previously but —- What would it take to construct an SDU that logged on, 3 minutes after leaving primary radar coverage to be a well prepared masquerade.

  2. @Jeff

    Very interesting. However, you can also switch off the SATCOM by load shedding, it you switch to backup generator. To do this, you need to isolate the IDG generators and the APU, (easily done from the overhead panel) This forces a backup generator to immediately come on line and power essential services, but shed the SATCOM, TCAS and one of the HF radios.

    The backup generator can power the LH main AC bus through the Transfer Bus. Only one backup generator can be online during this time.

    If you switch off the IFE from the overhead panel or by isolating the LH main AC bus, you also switch off the cabin video cameras. I think the pilot avoided this by switching to backup generator, instead, so that he could monitor the cabin while the depressurization was taking effect.

    An experienced pilot would have known which circuit breakers to pull on the overhead panel. I totally disagree about specific, specialised knowledge being required.

  3. Hi Jeff,
    That was a very clear and concise explanation of this complicated issue.

    I have one question – the facts as you outline them seem to suggest that IF the pilot (or another actor) had shut down the left A/C bus, then the cockpit door lock would have been disabled. Might this not have been the primary goal?

    Do we have any way of finding out whether, once the power supply to the lock is disabled, the door is in an open or locked state? My suggestion is that someone outside the cockpit may have shut off the left A/C bus to gain access OR someone inside the cockpit may have shut it off to prevent access. I don’t know which one of these two scenarios is consistent with the way the door mechanism actually works, but it seems to me that one of them must be.

  4. Jeff,how does your theory( above) shape up when considering the report of a conversation regarding negotiations between the pilot and ground during the flight 5 hrs from fuel running out ( See SeanSpoonts blog ) ???

  5. @mk, There were no such conversations.

    @Eoghan, Thank you. Great question. I believe that if the circuit breaker is pulled the door lock will open, but would welcome other readers jumping in to confirm or deny. Needless to say, if you’re outside the cockpit door and have gone into the E/E bay, you wouldn’t need to isolate the left AC bus, you could just pull the relevant circuit breaker.

    @ROB, Thanks, that’s another way to de-power the SDU via a means that requires a fairly sophisticated understanding of the aircraft electrical system, so I think only reinforces the point I was trying to make.

  6. This is a very interesting subject. I’m glad to know a bit more about it – I was going to suggest Eoghan’s point about the cockpit door but also – what if there was a fire indication which meant someone wanted to shut down power to the IFE system or one of the other possible items that this would affect?

    Would there be an alternative way in which to do this if necessary? Or would pulling the bus be the default option, to be restored once a fire, for example, was successfully extinguished?

    I’m coming at it from a point of view of non-malicious intent, here, just for the time being.

    I suppose the fact the a/c didn’t make it back home, and seemingly took a very strange path despite the restoration of ACARS, invites us to think it must have been malicious intent.

  7. @jeffwise: The log-on request at 18:25 could have been due to many things beyond a restoration of power to the SATCOM. Off the top of my head:

    1. Restoration of the P-channel sync signal after a maneuver put the satellite in the null of the antenna pattern.
    2. A log-on to IOR after it had been logged onto another satellite.
    3. Restoration of the P-channel sync after interference (jamming) was removed.
    4. A log-on to IOR after it had logged into a spoofed satellite (emulated GES).
    5. A log-on after a software-initiated manual reboot but with no power interruption. This could have occurred in as part of the access to the non-volatile memory required for the BFO spoof scenario I have described in the past.
    6. A log-on after navigational data to the SDU was restored.

  8. As facts are established my statement grows nearer to the truth, and that is all clues tells us what did _not happen_. This is bigger than human intervention.

    I strongly believe there could be something at the bottom, but it is not the plane with people in it. There may be only a few pieces. It could be in one or two places. One is where the pings were disregarded. The few items are located between the pings either slightly above the sand or underneath. These are the black box and a piece 2x 3x times the size of the flaperon.

    If i remember correctly there will be no more debris found above the water on any land.

    Please dont delete my post. I have reasons to sound like a maniac.

  9. @ROB

    “Re the IFE: not quite sure what you mean. Anyway, no messages were transmitted at the time of the reboot. The IFE was enabled by the IFE logon request at 18:28, ie 90 seconds after the initial logon at 18:25, which as I understand it, means that the IFE/seat power switch on the cockpit overhead panel was on at the time. No messages were sent out during the first hour, because the SDU itself had been deliberately de-energised in order to prevent this happening.

    I think this switch was set to off a short time later. The switch was still off at the time of the 2nd reboot at 00:19, because only the initial logon request got transmitted (the IFE request was never received by the ground station)”

    My understanding is the “IFE/PASS SEATS” switch (FI, App. 1.6E, 12) turns off power specifically for the IFE in the cabin/for the passenger seats, but that doesn’t mean the IFE is switched off completely.

    I find it plausible that this was done early after the diversion (by a hijacker).

    Otherwise, it is plausible that someone tried to submit a message to the ground. At the time of the reboot, I surmise the message would have been transmitted.

    Also, there was no IFE data transmission at any point after 18:28, but there were IFE transmissions before the diversion, automated updates rather than messages sent.

    The ATSB must be aware of that and still have reason to believe that the IFE remained operational until the end – at least in theory.

    Therefore, my understanding is the IFE was switched off for passenger use, but not completely, i.e. it still logged on. As far as I remember, a possible reason discussed here is the use of the satellite phone in the cockpit.

  10. To try to clarify, is there evidence that the L MAIN bus was isolated, as if to imply, that the R MAIN and other buses were still energized ? Or, could the broad brush of a widespread power failure, from both IDG’s, also explain the power interruption to the SDU ?

    Appears to state that without electrical power, engines revert to Alternate thrust mode, which provides more thrust for the same lever settings, than the primary mode. So power failure could kick the a/c into overboost and explain the very high near maximum speeds the plane reached ?

    FI states that the right engine cowling had a hole on the bottom at the six o’clock position. If the a/c descended from high altitude at high speed, if say the pilots lost control of the plane or tried to descend quickly, it would have flown into a wall of denser air at or below 30,000′ generating high dynamic “ram” pressure, which could have fractured the fuselage, ripped off antennas or other protruding parts of the plane, especially if the twelve year old craft was already fatigued, like its right engine cowling. Maybe even smash in windows.

    Fatigued fuselage, mechanical failure of pitot and antenna mounts, ripping out more holes in the skin of the a/c, precipitating depressurization and further fracturing of the fuselage therefrom, would have made the cabin appear to be “Disintegrating” and caused the pilots to attempt descent… Plausibly overly rapid if the pilots were unfamiliar with alternate engine mode and surprising amounts of excess thrust from their lever settings…

    Intuitively seems like a sweeping power failure deactivating wide swaths of circuits might be a very natural circumstance to explain everything, without requiring any surgically precise excising of a specifically targeted SDU device. Afterwards we focus on the satellite data, but maybe not even an afterthought at the time?

  11. @Jeff: great piece, as always. But it baffles me that “sophisticated abduction” is the only explanation you feel is worth mentioning, when falsified ISAT data – starting from either 18:25 or earlier – is so much simpler, opens the door to far more believable scenarios, and explains so much more of the observable evidence.

    If we are now leaning – as I hope we finally are – towards “something happened which cannot be admitted” (F. de Changy’s phrase), a falsified ISAT data log explains…

    – the observed delays in its publication

    – the timing of this “logon”: 18:25 makes perfect sense as a place to punch in with falsified data AFTER determining that 18:22 is the last radar return anyone wants published; as the IG’s 2014 radar coverage chart made crystal clear, it makes no sense at all to think sophisticated highjackers would expect to be clear of all primary radar while still in the Malacca Strait.

    I’ve left out of my argument any specific elements of the disinformation campaign carried out by search leadership, because I expect we will all scale the scope of any such campaign to fit our theory. But in general, a disinformation campaign carried out by the same people who caused the “logon” (simply by appending it to the data log) has fewer moving parts. To me, such a scenario is more rational than supposing a group of sophisticated highjackers took the plane, with an unconnected group – search leadership – risking a disinformation campaign merely to conceal incompetence.

  12. Buyerninety,

    Re: “I don’t blame you for not being aware of this later statement of
    hers, but I hope you can understand that the 3km number you base
    your viewpoint on, was repudiated by Kate Tee.”

    I am well aware of the evolution of her statements. But you seem to be unaware who made her to change her initial description and for what purpose. If you don’t know – try to deduct it from the date of the update you cited.

  13. @VictorI, Thanks for adding these other reasons why the SDU could log off, then log back on again. I don’t know if they are all equally plausible/valid. A couple of observations:

    #1: If the satellite connection failed due to aircraft maneuvering, we would expect to see the plane log back on once stable flight was resumed. So the interval should have been just a few minutes instead of something on the order of an hour.

    #2: I believe it’s been explicitly ruled out that 9M-MRO logged on to any other satellite.

    #3-6: These explanations all require intervention by sophisticated hijackers and so essentially endorse my thesis. Indeed, you and I both think that #5 is the most likely explanation.

    What’s important to recognize about them is that, except for #1, they all involve

  14. Please permit us to ponder Aloha Airlines 243. It’s possible for large scale failure of the fuselage to precipitate depressurization and expel passengers from the aircraft, without compromising its flight worthiness. If MH370 suffered an Aloha 243 scenario, after the captain had turned off the fasten seatbelts signs, then over 200 passengers could have been whisked out of the aircraft. Perhaps other cargo escaped as well. Reducing the weight of the plane by dozens of tons would extend the maximum range. Relatedly but independently, perhaps various pieces of exterior and interior debris separated from the plane at various times and places ?? Perhaps recovered wreckage fell from the sky all along the ghost flight path ???

  15. @jeffwise: I think items 3,4 and 5 would suggest a sophisticated group was responsible. Item 6 could be from a technical malfunction that was resolved.

    @falken: Yes, item 4 is similar in concept to the Stingray cell phone intrusion.

    @Brock McEwen: Falsified satellite data would require the complicity of Inmarsat. The acceptability of this scenario correlates to acceptability that Inmarsat is dishonest. Obviously, there is a large range of opinions.

  16. @Brock, Standard operating procedure when cooking the data to support a conspiracy is to peddle a fraudulent narrative. In the case of MH370, there is no official narrative. To quote the Australian: “the head of the Australian Transport Safety Bureau, Martin Dolan, said there was a “diminishing level of confidence we will find the aircraft”. “We still think there is a good chance we will find the aircraft but that probability is falling so we have to start contemplating that we may not succeed,” he said. “Everyone … is still focused on the fact that the remaining 13,000sq km is still a lot of territory and it’s still entirely possible the aircraft is there. But we are also starting to think about the implications of not finding it.””

    It would be a shoddy conspiracy indeed to cook up data in such an elaborate way, without having any idea what sort of fake narrative it was supposed to support.

  17. @Erik Nelson, Accident scenarios don’t work. Sorry to be brusque, but we’ve been talking about this for two years now and some of these horses have been beaten to death.

  18. There may have been a body picked up from (east) china sea, and it is why blood type from the next of kind was checked.

    Inmarsat is innocent in the mh370 case. And yes mh370 only connected with one satellite, for the purpose of finding items.

  19. @Oleksandr
    Her initial description contained her statement that the aircraft
    she saw;
    a. Had cockpit (windows) that she could see
    b. Had no passenger windows (and she has been emphatic about that)
    She has NOT changed those points at any time.
    The change she made, later, was her estimation of the distance that
    the seen aircraft was from her. Please reread my last post again –
    no-one ‘made’ her change her estimation, she gives reason for the
    change in distance estimation as her subsequent experiences viewing
    aircraft e.g. on takeoff.
    She has repudiated the 3km estimation of distance, therefore it is
    irrational that you continue to formulate your viewpoint using 3km
    as a datapoint, and it can be misleading to other readers in the
    consideration of their viewpoints if you quote the 3km number as a fact.
    I thankyou for your responses and leave this matter of distance for
    your future carefull consideration.

  20. @buyerninety

    I believe her. I believe the oilrig worker. I believe the people from Maldives.

    But it was not mh370. After igari no one physicly saw it. Neither from planes, ground, ships. The only thing registered after igari is bits and bytes. Somehow manifested as stereo 2d where people saw something that cant be accounted for, just like the waterpings.

  21. buyerninety,

    Rubbish. She could not see passenger windows at the distance of 3 km, but possibly she could see the cockpit at such a distance if it was illuminated. Do you have a problem with geometry?

    And please stop confusing 3 km with the data point. I have never said this. What I said is that 3 km altitude is consistent with a number of other things.

  22. @JeffWise
    Without attempting to put forth an argument on this following
    point, I understand that the Electrical Load Management System (ELMS) automatically sheds AC loads by priority until the loads
    are within the capacity of the aircraft power generators.
    Could there not be a fault on an AC power bus (e.g. long duration
    short circuit), such that the ELMS ‘sheds’ the SDU off the other
    (now acting as a redundant) AC power bus (and subsequently the
    short circuit resolves itself, so both AC power buses are event-
    ually working, albeit one with damage/reduced functionallity so
    some other electronic equipment [exempting SDU] is unpowered.)?
    One other unreleated point – I believe that the EE Bay video
    makes reference to a door existing (probably a hatch) in the
    cockpit to the EE Bay. (Your lead-in considers only the hatch
    from the hallway to the EE bay, but allows no consideration
    that there is another entry to the EE Bay, from the cockpit).

  23. This is a fascinating discussion and is leading me to spend many nights googling on these terms. 🙂 Refering to my post on the previous story, I’m curious if anyone has verified that no passengers attempted to conenct to the wifi and then hit the internet for email etc… It should be fairly easy to verify since anyone that got on the wifi would have had to pay via a credit card. I just returned from an overseas flight europe->USA and as soon as the double chimes rang out meaning that it’s ok to use your laptop I think I saw 4-5 people in business class immediately get on the internet.

    It seems very likely to have happenned so in the spirit of ruling it out is it possible to confirm that no one conencted to the wifi? If someone did then computer experts might be able to deduce additional insight by looking at the logged traffic. If no passengers connected to wifi, then that adds further intrugue because that seems like very very odd behavior.

    Another data point to triangulate would be to look at the internet traffic behavior for that same flight over the previous 60 days. That would indicate what the general pattern is for customers on that flight.

  24. @Jeffwise This is a rather cogent and well-crafted piece of yours that lays out the basics re the SDU while opening doors to further enquiry.

    If we stay with the spoofing of the BTO data, the process for which is described by VictorI in #5 and to which you have previously alluded, AND we assume that the plane executed a safe landing somewhere, how can one reconcile this occurrence with the fact that we have yet to see any claims of responsibility or hear of any background chatter or see a witness emerge? If the aircraft was hijacked with the intent of being put to some later use, would we not have seen it emerge from the shadows by now? Call me unimaginative, call me Ismail for all I care, but odds are that the aircraft went into the water somewhere, given purity of the sound of silence that surrounds its loss.

    Regardless, thanks again for your succinct and logical review of the SDU and its behaviour, as I have long looked upon this aspect of the flight as an important element of the mystery. There obviously may be something to be revealed here; perhaps your piece will help others bring it to the surface.

    Apologies if I have missed the point here somewhere. I’m tired tonight, while I am finding that my hiatus away from your blog has generally eroded my ability to make any meaningful contribution.

  25. @Steve

    There were log-ins from passengers to chinese social chat apps during the disappearence. There are two ways that they can still be connected. One is they have direct contact from client to server. The other there is a connection timeout. It would be interesting to know how the clients exited the apps.

    Also the passenger’s cellphones were still working. Here where i live if someone tries to reach me and the cellphone is off the callers knows. I dont know what system they run in east asia.

  26. @Jeff: re: lack of narrative: on the contrary, the narrative has been palpable from the outset: “use whatever means necessary to a) promote the ISAT data as axiomatic (thereby hiding a true fate), yet b) keep alive as many competing ISAT-compliant theories as possible (thereby delaying/avoiding having to fully specify a fake fate, which could be definitively falsified)”.

    I can think of a number of scenarios supported by such a campaign. They range from simple negligence causing unaffordable liability right up to a planned false flag operation – and many things in between (which, for the record, I consider more likely than either of the above two bookends).

    And unless I’m given a reason to think otherwise, I am going to deem it highly unlikely a “sophisticated hijacker” scenario can explain either the ISAT data’s dubious history or how a “coast is clear!” logon would occur hundreds of miles INSIDE any reasonable expectation of radar range.

  27. “some of the other systems fed by the AC bus are:

    TCAS (Traffic Collision Avoidance System)
    Cockpit door lock
    The centre tank override and jettison pumps
    Some galley equipment
    IFE (in-flight entertainment system, which includes passenger satellite phone service)
    One of the high-frequency radios
    The main passenger cabin lighting system (the night, cabin and cross-aisle lights remain powered)
    The Cockpit Voice Recorder (CVR)”

    Doesn’t each of these systems (including the SDU) have their own breakers, if not in the cockpit, somewhere else? (Can someone upload the electric schematics?) That’s inconceivable. If there are individual breakers, then the SDU can just be switched off. IF NOT, then a short in any of these circuits will cause the main AC bus breaker to break the whole circuit, so if somebody simply shorts a light bulb in the cabin, then the whole AC bus goes off, the cockpit door unlocks, the CVR stops recording, no more flight entertainment system (passengers cannot see the map, and have no satellite phone service), reduced cabin lighting… that’s convenient for a hijacker… And no HF radio (or only one left to control) in the middle of the SIO, what else can he still dream of?

    If this is the case, It is even possible that this may be a secret method (a bit like the toilet door unlock mechanism hidden behind the toilet sign) known only by special persons (high rank government / military?) to gain access to the cockpit in case of emergency… If I were an aircraft builder, sure I would prepare secret back doors like this…

  28. @all

    There is no evidence whatever to support the notion that the ISAT data is not valid.

  29. @Trond: “As facts are established my statement grows nearer to the truth, and that is all clues tells us what did _not happen_. This is bigger than human intervention.”

    Trond has a point: If so much intervention has to happen to cause the effects we see, the likelihood becomes increasingly less. Consider, instead, that one single action caused a series of cascading effects — that has a reasonable probability.

    As I understand the B777, triggering the left engine fire extinguisher does it all: stop the engine, stop the fuel, isolate the left electrical bus, and so much more.

  30. @Nederland

    Iro the IFE: I do not agree with any of the points raised.

    There were no IFE communications transmitted from the aircraft at any time. The only transmissions were initial logon while on the ground, and the logon request at 18:28.

    It’s my belief that the Seat Power/IFE switch was kept on for the first hour in order to keep the cabin video system working (the IFE and the cabin video cameras are controlled by the same switch on the overhead panel, switch the IFE off and you switch the video system off as well)

  31. @buyerninety

    The only way into the EE bay, from inside the aircraft, is through a hatch in the floor in the passenger cabin, immediately behind the cockpit. There is no way into the EE bay from the cockpit itself.

  32. It’s possible the satcom pings were part of the plan to support the idea that the plane flew until the fuel ran out and the plane crashed. This may not be true, however, and MH370 landed, refueled, and flew for many more hours. A fully fueled 777 would have made it to Argentina, for instance. A human trafficking transport may not appear likely, but it’s still on the table, imo. Human trafficking is a global business. I read on the internet that a flight to South America and from there to Europe was an escape route for many Syrians. China and Malaysia are engaged in Argentina. This scenario would naturally imply that quite a number of people are in the know and that the debris is planted. It’s hard to believe, however, that none of the 239 on board came forward, but maybe when you are serious about disappearing without a trace… It would explain at least why there were no passenger messages. In this scenario no one actually has an interest to send a message. It would also explain the search delay in the beginning and the relative disinterest of a few countries.

    This scenario has its weaknesses like any other, but would explain why the satcom data may well be authentic, the assumed flight path more or less correct, but the search empty.

  33. @jeffwise:
    “some of the other systems fed by the AC bus are:

    (…) Cockpit door lock
    (…) Some galley equipment
    (…) The Cockpit Voice Recorder (CVR)

    There is only one piece of equipment on this list that someone who is in the process of stealing a plane might be strongly motivated to shut off, and that is the cockpit voice recorder. ”

    How about a highjacker first forcing access to the cockpit and one hour later, having neutralized the pilots and about to enter the wide Indian Ocean, ordering coffee from the galley?

  34. @All

    Interesting point iro the cockpit door:

    I remember reading a press article about Zaharie, shortly after the disappearance. The journalist has interviewed Zaharie’s Daughter who said that he been behaving quite normally in the days leading up to the disappearance. She said he had spent the final day repairing the bathroom door. Possibly just a coincidence, but you can’t help wondering.

  35. @Marc, Yes, all these things have their own circuit breakers in the E/E bay, including the cockpit door lock. So now you know how to get in.

  36. @ROB

    To my mind, some of the smaller data packages, i.e. the one at 16:43, relate to IFE data transfer rather than to ACARS traffic.

    The FI seems to come to the same conclusion.

  37. @jeffwise:

    RE: “According to IG member Barry Martin, the left main AC bus can receive its electrical power from any one of four sources:
    In order to prevent any of these from supplying electrical power, Martin writes, a multi-step process is required:”

    Mr. Martin makes it sound very complicated to isolate the left main AC bus from the cockpit. Just looking at the FCOM description of the overhead Electrical Panel it would seem rather easy:

    – L XFR Backup L switch to OFF
    – L GEN CTRL L Main switch to OFF
    – L BUS TIE switch to ISLN

    Does it really require ” technical savvy beyond the ambit of 777 pilots.” ?

  38. @ROB

    Would the cabin camera work if the left AC bus is isolated? As Jeff’s post above seems to indicate the IFE is turned off as well.

  39. @Dennis: falsified ISAT data remains on the list of explanations to consider, certainly. The likelihood of such falsification was material from Day 1, given the unprecedented nature of this disappearance. And with each passing day, the scale tilts AWAY from authentic data, due to the ongoing and utterly bizarro conduct of search leadership. The number of events and activities supporting faked data is now much longer than the list of events and activities supporting authentic data.

    But I concede analysts in this forum and elsewhere apply bafflingly diverse weights to each event/activity. There is no need to wallow in this ambiguity any longer. Let’s band together and force disclosure sufficient to demonstrate all these “pings” (primary radar, ISAT, co-pilot cell, LANL seismic, “FDR” acoustic) and other official directives (fuel limits, drift dynamics, scan paths) have been either authentically generated, or honest errors.

    I look forward to your full-throated support when we start to apply REAL pressure for such disclosure.

  40. @Brock

    I do strongly support full disclosure. Not sure how to apply real pressure, however.

  41. What really strikes me odd is that there were no passenger messages. Friends and relatives on board of MH17 and Air Asia 8501 posted photos they had received from the aircraft before the planes crashed. I think this is important to understand what was happening. I believe this whole incident began on the ground.

    @ Trond
    What do you suggest? A natural disaster or alien intervention? I want to keep an open mind. What would point to one or the other?

  42. @DL That’s an important point. 200+ passengers and crew, and other than a call from Zaharie to some woman, there was nothing.
    Surely on any other flight, people are texting an phoning up until the last minute. In fact, i’ve seen it when I fly.

  43. @Rob:
    “She said he had spent the final day repairing the bathroom door.”

    Lol. Did Zaharie also install a 777 cockpit door lock in his bathroom, while building his own simulator? What else? Maybe we can still find a clue about what happened to MH370 in Zaharie’s home…

  44. @Ed@DL

    I have heard that story a few times – no pre-flight communication, but I have not seen any confirmation from any “authority” on the validity. If you have a link to a credibly source, I would greatly appreciate it.

  45. @Marc

    Ha! Ha! very amusing. But stranger things have happened. It’s all too easy to overlook the obvious when investigating a crime and looking for clues. Probably, nothing in it.

    But don’t you think it’s rather coincidental that he was working on a door when in a few hours time he would be using one to hijack a plane?

  46. Jeff,

    Re: “By itself, it rules out the possibility that MH370 went dark due to fire or electrical malfunction”

    Why? Frankly, I think what you summarized in your excellent paper, makes a technical failure even more plausible than ever before.

Comments are closed.