Minor MH370 Mystery Resolved

Did a missing AUV like this one cause an international furor?


On January 31, Seabed Constructor vanished from the ship-tracking websites that various observers had been monitoring. This set up a minor international tizzy, with a number of outlets publishing headlines such as “MH370 mystery deepens as search vessel vanishes off radar for three days sending conspiracy theorists into a frenzy.”

The ship had been acting strangely in the hours leading up to its disappearance, sailing around in a big circle and then steaming in a beeline towards southwestern part of the search area, where it had started its work weeks before. It was in the midst of this beeline run that its AIS tracking system was apparently turned off. (This disappearance had nothing to do with radar, but whatever.)

Seabed Constructor reappeared a few days later, this time heading for a scheduled resupply stop in Perth. Ocean Infinity offered no explanation for what had happened. Some of the more imaginative independent MH370 researchers speculated that the ship had surreptiously been plundering shipwrecks found during the first seabed search.

On February 8, the notoriously unreliable Australian aviation journalist Geoffrey Thomas wrote a story in Perth Now claiming that the explanation was that the searchers had found found some interesting “geological formations” and “had returned to revisit those points of interest discovered on its first sweep and turned off its satellite tracking system so as not to give the relatives false hopes.”

Coming from Thomas, this almost certainly had to be untrue. Sure enough, more evidence has now emerged, and it appears that some kind of equipment fault was to blame.

The eighth search update released this morning by the Malaysian government reveals that “Earlier during the underwater search operation, an ROV was damaged and a decision was made to ‘wet store’ the ROV to minimize disruption to search operations.” Probably whoever wrote this meant AUV, autonomous underwater vehicle, rather than ROV, remotely operated vehicle, since ROVs are used to hone in on a target once it’s been identified. So far the search has found no targets.

Most likely, what happened is that at the end of January one of the AUVs went rogue, Seabed Constructor sailed around trying to find it, realized that it was probably at the southwestern corner of the search area, sailed down to go look for it–and while doing so realized that its bizarre behavior was being watched and so shut off the AIS to avoid further embarrassment.

Yesterday Richard Cole tweeted that Seabed Constructor had apparently deployed seven AUVS at the southern end of the southern leg of the secondary search zone, then dashed down to where the AUV lay on the seabed and deployed its ROV to retrieve it. “Probably the most complex search configuration we have seen so far,” he observed.

Earlier this morning Seabed Constructor finished its ROV work and hurried northward to gather up the AUVs, which were nearing the end of their endurance.

I’m guessing that the AUVs have a feature whereby if they lose communications with the mother ship they go to a predesignated point and rest on the seabed to conserve energy until they can be recovered.

I love the euphemism “wet store,” by the way. This is a major advancement in nautical terminology. If it had been around in 1912 then the White Star Line could have just said that the Titanic had been put in wet storage.

In other news, the latest report says that Seabed Constructor has now scanned 24,000 sq km. That doesn’t mean it’s 1,000 sq km from finishing the designated search area, though, because it still has to do the “southern leg” segments of the secondary and tertiary zones. These are not large however and should not take more than a few days.

333 thoughts on “Minor MH370 Mystery Resolved”

  1. @David: thanks for the link. Again, I’m in general agreement with you.
    Here is the updated timeline:

    2010-06-15 R [***engine 2 change***]
    2013-03-25 R outside flat http://j.mp/2HXWvog
    2013-05-08 L [***engine 1 change***]
    2013-08-04 L inside flat http://acetojourney.blogspot.co.at/2013/08
    2013-11-06 R outside flat jetphotos.com/photo/7851588
    2014-02-11 R outside flat? jetphotos.com/photo/7809115
    2014-03-07 R inside ? jetphotos.com/photo/7784591
    2014-03-07 L outside upswept? jetphotos.com/photo/7784591

  2. Jeff Wise pointed out many times the incredible “coincidence” that within only 4 months 2 MAS B777 and all their passengers perish under extremely rare and suspicious circumstances:

    • “I see every reason to connect MH17 and MH370 – in fact a connection seems utterly obvious to me. As I’ve pointed out many times, they were sister planes, part of a small fleet of only 15 777s flying in MAS livery, and they came to grief within quite a short time span. One might argue about whether the shootdown of MH17 was intentional (though that, too, to me seems fairly obvious) but there is very little doubt that it was shot down by a regular Russian Army launcher operating under the guidance of the GRU.”¹

    • “2 Malaysian Airlines 777s – of which only 15 existed out of a worldwide commercial aircraft fleet of perhaps 18,000 – happened to be targeted within the span of 4 months”²

    • “If the plane didn’t go south, then where did it go? Not all the Inmarsat data […] was susceptible to spoofing. From the portion that wasn’t, it’s able to generate a narrow band of possible flight paths; they all terminate in Kazakhstan, a close ally of Russia. Intriguingly, 3 ethnic Russians were aboard MH370, including one who was sitting mere feet from the electronics bay hatch. 4½ months later, a mobile launcher from a Russian anti-aircraft unit shot down another Malaysia Airlines 777-200ER, MH17. A year after that, the majority of pieces of debris wind up being discovered by a man who had spent the last 3 decades intimately involved with Russia.”³

    In the quotes above, Jeff establishes a connection between MH17 and MH370, and – in the last quote – also implies a possible connection between the MH17 shootdown and the MH370 debris, which Jeff believes was planted.⁴

    Going one step further, after the downing of MH17 conspiracy theories began swirling around arguing that 9M-MRO and 9M-MRD have been switched [link] and/or that 9M-MRD debris was thrown in the Southern Indian Ocean, somewhere along the 7th arc, in order to be subsequently found and mistakenly catalogued as 9M-MRO debris, a practically identical MAS B777.

    (As a side note, there was also some confustion between 9M-MRD and 9M-MRC: [link])

    I have to admit that I haven’t closely followed those theories and thus don’t know their merits, but in case there were something to them, it might also be interesting to verify which RR logos are present on the MH17 debris. In case there was indeed some foul play concerning the MH370 debris, one would have to wonder where the ROY piece with the “MAB RR logo” comes from, given that thanks to Farid Manap’s photograph we now suspect Romeo Oscar wore “Boeing RR logo[s?]” 1 day before (and thus as good as certainly on the day of) its disappearance.
    From MH17 ?

    ¹ jeffwise.net/2017/02/23/first-mh17-perpetrator-identified/comment-page-2/#comment-203759
    ² jeffwise.net/2016/02/24/mh370-suicide-or-spoof-part-2-motive
    ³ jeffwise.net/2017/01/18/were-mh370-searchers-unlucky-or-duped
    ⁴ jeffwise.net/2016/04/14/mh370-debris-was-planted-ineptly and inquisitr.com/3003738

  3. Looking into the question of the MH17 engine logos, I have discovered that they were present in a variety of configurations:

    • 1997-2000: black engine logos
    • 2000-2005: white engine logos
    • 2008-2013: NO outer engine logos

    source: [link]

    It’s also interesting to see that within 6 months, MH17’s engine 2 outer logo disappears and reappears again:

    • 2013-06-01: L inside white logo + R outside no logo — source: archive.is/b1Wgc
    • 2013-09-07: L outside no logo – source: archive.is/NrgRx
    • 2013-12-28: L inside white logo + R outside white logo – source: archive.is/Va8MD

    I think we can conclude that the engine logos are frequently changed in some cases.
    This is also stated here [link]:
    “I wouldn’t reference any of the RR logos since those cowl pieces are easily and often interchanged from plane to plane.”

  4. Regarding debris, I always had a huge problem accepting that you’ve got this enormous aircraft, but yet all the stuff that’s “found” by Blaine et al seems to just happen to be pieces with markings on it. Rolls Royce. No Step. Jeez, like 2% of the plane exterior has stuff written on it, yet that’s exactly what’s found? Come the F on. And then a whole other cluster of stuff found is all by one guy, and it fits in his knapsack???? I have no clue wtf happened to the plane, I still think any theory is as good as the next. But everything about the debris just smacks of evidence tampering in the highest order.

  5. Just before MH17 was shot down, it had white logos:
    • 2014-07-10: L outside white logo — http://j.mp/2I35lAS
    • 2014-07-17: L inside white logo + R outside white logo — http://j.mp/2I13ooO

    So if the R inside logo can also be confirmed as white, then MH17 definitely cannot be the source of the ROY piece.

    My other takeaways so far:
    • Engine logos can change quite frequently.
    • We cannot assume inner/outer logos to be the same, given that we now have proof of a mismatch configuration (white logo inside + no logo outside).
    • For both reasons, we need photographs of all 4 locations taken shortly before MH370’s disappearance.

  6. @Peter Norton,

    The MH-17 crash site (or rather sites, as debris was scattered in clusters over a five-mile area and several towns) was notoriously unprotected, and it wasn’t until the end of November 2104 that much of the wreckage was removed to Amsterdam.

    In a story available here


    The Wall Street Journal reported the following:

    “Pieces of the under-wing pod that holds the right Rolls-Royce Trent 800 engine were found nearly 4.7 miles from Hrabove, where both engines were found. Photos of debris show the broken remains of the Rolls-Royce logo and indications of piercing damage.”

    Frustratingly, they did not include any such photo, nor have I been able to find one. In fact, (more) frustratingly, one photo of 9M-MRD before it was shot down I have found shows the port engine with no Rolls Royce mark at all!


    Other photos, taken, I believe, closer to the aircraft’s demise, sometimes don’t have the mark and sometimes do, but when they do, the mark always appears to have a a sliver or bright backing, and not the dark ground that the claimed 9m-MRO piece has:


    I think that would suggest that regardless of whether the two disasters were linked (as I believe they were) and whatever may have become of the debris of MH-17, it’s not likely that it washed up all barnacle crusted on the beach.

  7. BuyerNinety said:

    “I suggest that one possible way … and when the FMS ‘engaged’ autoland and the electrical system reconfigured,
    that then the SDU (or some other logical unit that is required to be powered so it can
    be recognized as present by the SATCOM system as part of SATCOM’s operational conditions),
    was then repowered and the SDU then proceeded to action a log-on.”

    But could the aircraft systems reinstate the bus tie without manual intervention?

    That would seem risky from a systems safety viewpoint: An aircraft is damaged/something has gone wrong (let’s say) and there has been a short or a fire caused by something powered by the left bus. To prevent further damage the pilots have closed down and then isolated the left bus by opening the bus tie. They then need to land urgently, and due to bad weather (low vis at the diversion airport, say) they engage autoland and power is again supplied to the short / fire … ooops.

    “If the electrical power system is in a non-normal configuration before an autoland, other power configurations support the bus isolation.”

    And could autoland be engaged without the left bus and tie?

  8. Jeff Wise said:

    “A weaker, but more accurate, statement of my position would be: “There’s no easy explanation for how the SDU came to be turned off and turned back on again, so this crucial event (and its implications for the provenance of the Inmarsat data) deserves to be the center of our discussion and inquiry.””

    As has been said before here and in other places many times (going way back here, as far as the time of Nihonmama even) one possibility is that the left bus was de-powered and isolated to remove power to something that couldn’t be de-powered in any other way from the cockpit.

    Later, something else on that bus (perhaps that had also been de-powered as an unintended consequence) was required and so the bus was powered again. Perhaps that something was autoland. It may equally have been the left windscreen heater, or something else.

    Although very relevant to the questions surrounding the SDU reboot, this has not been looked into and disproved or proved yet, as far as I know.

    The AMM may list what the left bus solely powers (ie. that cannot be powered in any other way) once the left IDG and backup generators have been turned off and the bus tie opened. That is a starting point to prove or disprove first suggestion why it was disconnected. The shortlist would have to contain only those things that can be powered solely by the left bus, and that cannot be turned off from the cockpit in any other way.

    The requirements for autoland may prove/disprove the second part.

  9. @all:
    Please look at this 2014-02-14 image of MH17: https://i.imgur.com/katBLkF.jpg
    it’s a cutout from this original source image: airliners.net/photo/2415404/L

    What do you think? Is what we see in the green circle a tiny portion of a white RR engine logo (the same as we see on the L engine) ?

    If yes, than we have now pictures of all 4 locations for MH17 and all of them show white RR engine logos:
    • 2 logos were photographed on 2014-07-17 during the ill-fated flight’s take-off (see my last posting)
    • 1 logo was photographed on 2014-07-10 (see my last posting)
    • 1 logo was photographed on 2014-02-14 (see this posting)

    Based on that we know that:
    • On the day of the crash MH17 had (at least) 2 white logos.
    • 1 week prior MH17 had (at least) 3 white logos.
    • 5 months prior MH17 had 4 white logos.

    I think it’s 99% safe to assume that after 2014-02-14 (4 white logos) none of the logos was changed to black, due to these 3 factors in combination:
    – the relatively short time-span of 5 months (weakest argument)
    – it simply would have looked odd to have 3 white + 1 black logo
    – they would have had to change from white to black exactly the one logo (R inside) we don’t have a recent picture of, which only has a 25% chance

    Given that MH17 seems to have sported 4 white RR logos when it crashed, I don’t see a way in which the (black) ROY piece could have originated from MH17.

  10. @Peter Norton, Nice sleuthing!

    I have to say, I’ve been incredibly impressed by the way that everyone has joined in to respond to Graham Leishman’s contribution. This is the best that online collective mystery-solving can aspire to. No squabbling or conspiracy theories, just swift, solid detective work and mutual support. Superb.

    @PS9, It certainly has long loomed as a possibility that the SDU was turned off, then on again, as an unintended side effect of something else being turned off and on again. This might actually be the case. However, the possibility that it might have happened does not to my mind justify the position that the reboot can be accepted as unproblematic, as the ATSB and the IG have done. The fact of the reboot, taken with the condition of the debris and the failure of the SIO search, make the default narrative extremely problematic. The position of the IG and the ATSB seems to be to ignore the first two and accept the latter with a shrug.

    Another thing about the inadvertant-byproduct idea: After four years, no one in the “MHiste” community has been able to figure out a plausible intended target of the rebooting might be, based on what’s known of how the 777 is wired. There may be some as-yet unknown piece of equipment that would fit the bill, but if we collectively can’t discover it in all those years, what are the odds that Zaharie could have?

  11. Thanks Jeff.
    I think based on the photographs we unearthed collectively, it’s safe to assume (see above) that MH17 carried 4 white RR logos when it crashed. Save some David Copperfield trick, ROY (black) cannot be MH17 debris (white).

    But the original question remains:

    « … where the ROY piece with the “MAB RR logo” comes from, given that thanks to Farid Manap’s photograph we now suspect Romeo Oscar wore [at least 1] “Boeing RR logo(s)” 1 day before its disappearance. »

    As it currently stands, I see only 4 possible explanations:

    1) We misinterpreted Farid Manap’s photograph [link] and contrary to what we thought, it shows 2 MAB RR logos. Given the many other photographs of 9M-MRO with MAB logos, ROY could then be assumed to be MH370 debris. (This will be ruled in/out once we hopefully have Farid’s photograph.)

    2) 9M-MRO carried mismatching (i.e. not identical) RR logos: some MAB RR logos and some Boeing RR logos. (Since they were all black, the mismatch would be much less eye-catching and therefore more acceptable than a combination of black and white RR logos.) Unless explanation #1 (above) applies, we see both types of logos on 9M-MRO photographs and ROY just happened to be one of 9M-MRO’s MAB RR logos.

    3) ROY naturally washed ashore long ago from another crashed plane with RR engines (but wasn’t this ruled out already via official statement that no other jet is missing in this area?)

    4) If explanations #1-#3 are wrong, maybe ROY was “planted” (e.g. taken from an aircraft boneyard and thrown somewhere into the IO)


  12. It seems to me the RR debris is too small to come from the outside engine cowlings. If someone has a link to the debris being held please post.

  13. General news about MH-370 mentioned Boeing’s apparent patent on remote flight control yet most articles didn’t indicate the actual patent number and/or title of the patent.

    The actual patent number is: US 7,142,971. The title of the patent is, “System and method for automatically controlling a path of travel of a vehicle”. The patent holder is Boeing.

    Under “detailed description of the invention” section of the patent is the following:

    “The automatic control system may also be connected to a battery backup power supply, such that power to the automatic control system may not be interrupted, even if the electric power to the system is interrupted.

    In addition to disabling any onboard capability to supercede or disengage the automatic control system, the processing element may also transmit a signal to any remote location(s), which may include but are not limited to an airline office, an airport, and one or more governmental agencies, such as a Federal Bureau of Investigation (FBI) office, a Central Intelligence Agency (CIA) office, a Federal Aviation Administration (FAA) office, the office of Homeland Security, a military center, and/or an anti-terrorist agency office, to indicate that the automatic control system of the vehicle has been engaged, as represented by box 44 of the FIGS. 1 and 2.”


    Not sure if any of this would apply to MH-370.

  14. @David
    This may be an easier reference;

    Here is a possible original RR (background reflective) sticker which
    provides a possible size for the sticker – it is consistent with the
    size of the ‘Roy’ stencil also, though. This is seen on alibaba com

    (On youtube , at ‘MALAYSIA_Nonstop_The_Boeing_777_Story_Part_3_of_3’ at
    time 06:59, it appears that a reflective sticker is present on the first 777
    delivered to Malaysia, 9M-MRA ‘Super Ranger’ in 1997. I note this only
    for completeness.)

    @JeffWise Posted March 23, 2018;
    “There’s no easy explanation for how the SDU came to be turned off and turned back on again”
    I don’t disagree with that statement. It’s good that you now can’t be
    completely blindsided in relation to this matter of Autoland.

    @PS9 I will try to post back my answer for your question within 24 hours.

  15. @buyerninety. Decals/stickers complicate what might have been the way before stencil use. Maybe durability became an issue and even drag given that flushness of fasteners is commonly sought, particularly where the boundary layer is laminar.

  16. Interesting article from 2012 The Telegraph: Soviet Union used civilian airliners to spy on Britain

    The Soviet Union used civilian airliners to conduct spying missions over Britain during the Cold War, according to previously classified files released today.
    The files, released by the National Archives, show how Russian aircraft engaged in the hazardous and illegal reconnaissance missions would suddenly switch off onboard transponders broadcasting their position to air traffic controllers before veering away from approved flight paths to find their targets.
    “One incident of particular interest took place on 9th November,” wrote Nott. “An Aeroflot IL62 made an unauthorized and unannounced descent from 35,000 ft to 10,000 ft just below cloud level, to fly over RAF Boulmer, a radar station currently being modernised. It subsequently climbed back to 37,000 ft.”

    The aircraft’s transponder had been switched off during what was clearly a premeditated act.

    Nott continued: “It was the same aircraft which over flew the USN (United States Navy) base at Groton when the first Trident submarine was being launched. You will recall that as a result of this incident the President banned Aeroflot flights over the USA for a short period.”


    Similarities to MH370
    – switching off transponders
    – veering off flight path
    – decending from 35000 to 10000 feet, then climbing back up again

  17. Death of NIKOLAI GLUSHKOV due to strangulation (along with poisoning of Sergei Skripal) in the UK: Glushkov wrote that AEROFLOT was upto 30% staffed and FULLY controlled by the FSB/GRU
    Nikolai Glushkov was hired by Boris Berezofsky to run AEROFLOT in the 1990’s, and discovered that it was fully controlled, and partly staffed by KGB operatives.
    Glushkov died of strangulation a few days after the poisoning of former GRU colonel Sergei Skripal in the UK.

    Death of a Dissident: The Poisoning of Alexander Litvinenko and the Return of the KGB

    From p.141 onwards (2007 edition)

    Boris had first become interested in Aeroflot in early 1995, when he was setting up ORT. He quickly discovered that of all the giants of the ex-Soviet economy, Aeroflot was perhaps the most saturated by spy agencies. He knew that to take hold of this prized asset, he would have to confront very powerful and resourceful interests.
    …Hoping to eventually privatize the airline, Boris installed his best management team, headed by Nikolai Glushkov, the forty-five-year-old PhD physicist turned financial expert who had been his principal associate in the automobile business. When Glushkov arrived at his new offices in February 1996, he was shocked to discover that the “spy problem” was much greater than anyone could have expected.
    … The spy agencies were largely left to their own devices during the “shock therapy” of 1991-1993, with little supervision and insufficient funding. What Glushkov discovered was that the spies had turned the national airline into a cash cow to support international spying operations and the livelihood of thousands of operatives around the world.
    “The things we found were absolutely mind-boggling,” Glushkov to me in a conversation in London ten years later. “Aeroflot finances abroad were managed by mysterious off-shore companies; we could not identify the people behind them.”
    Proceeds from ticket sales went to 352 foreign bank accounts, but it was impossible to establish who controlled them. All heads of foreign Aeroflot offices were operatives of the SVR or GRU; they were not accountable to the company management.
    “To compound the problem, there were secret services personnel on the staff: 3,000 people, out of the total workforce of 14,000! The head of human resources was an FSB officer. The head of security was an FSB officer. And we could not touch them. So you know what I did?” Nikolai smiled. “I sent them a bill. I wrote a letter to the head of the SVR, Mr. Primakov, and the director of the FSB, General Barsukov, asking them to pay for their people’s salaries.” It was the summer of 1996.
    The next thing he knew, he received a phone call from Korzhakov. He screamed and yelled, promising to “destroy” Glushkov if he “continued to violate the rights of the services.”

    After the spies were purged, the performance of the airline improved steadily. Glushkov obtained Western insurance coverage for the planes; replaced its aging fleet of Russian aircraft with leased Boeings; hired attractive, bilingual staff; and improved the quality of food. Within three years, the company became profitable; its stock skyrocketed from $7 to $150.

    In the beginning of February Glushkov’s entire team was purged from Aeroflot. Skuratov’s office announced that they were starting a criminal probe into the airline’s finances.


    Relevance to MH370
    – FSB/KGB has a lot of experience in not only controlling a civilian airline, but actually operating it for military/espionage and other nefarious purposes as well
    – AEROFLOT took delivery of it’s first Boeing 777 in 1998 and flew them on routes to the USA

  18. @Jeff,
    Related to your article, for the sake of information accuracy, it should be noted that MH370 Weekly Search Report No 8 states “Seabed Constructor had successfully recovered the damaged ROV that had been ‘wet-stored’.”.

  19. @HB, Right, I’d seen that, but it didn’t make much sense to me, why would they deploy an ROV at the very start? And how to explain the sailing in a circle before turning off the ship-tracking?

    @CliffG, Spine-tingling. Great stuff.

  20. “Remote flight control… The automatic control system may also be connected to a battery backup power supply, such that power to the automatic control system may not be interrupted, even if the electric power to the system is interrupted.”

    “one possibility is that the left bus was de-powered and isolated to remove power to something that couldn’t be de-powered in any other way from the cockpit.”

    Maybe the left bus was de-powered as a try to desactivate that (hypothetical) remote fight controller, then later seing that (because the battery backup supply) that failed to do the trick the left bus was repowered again?

  21. @PS9 said;
    “But could the aircraft systems reinstate the bus tie without manual intervention?”

    24-50-00, page 166
    “Under normal conditions, the ELMS and the B/U generator convertor divide the
    electrical system.”…
    “If the electrical power system is in a non-normal configuration before an
    , other power configurations support the bus isolation. The GCUs then
    control part of the bus isolation.”

    24-09-00, page 118;
    “Load Switching:
    The power management panels contain ELMS electronic units (EEU).
    The EEUs control and monitor loadswitching devices in their related ELMS panels.
    However, the EEUs do not control all of the loadswitching devices.
    The GCUs, BPCU, and backup generator converter directly control some of the
    large loadswitching devices in the power panels. Airplane systems directly
    control some load switching in the power management panels.”

    It is unstated what ‘Airplane Systems’ are being referred to. It could be that
    when Autoland causes the electrical System to reconfigure, that is an example
    of the Flight Management System directly controlling some load switching.

    On 24-09-00, Page 152, it states;
    (in regard to what can happen subsequently after the ELMS has actioned a load shed),
    “Failure of interpanel operations, prevents any load restoration.”
    Presumably, this could apply to the ELMS but may not necessarily apply to the
    ‘GCUs and Backup Generator Converter’.

    A possible scenario might be that a fault occurred and the ELMS disconnected
    sections of the electrical system from the faulty section. If the fault
    progressed and then caused damage to the wiring of the ARINC 629 Data Bus,
    (no ELMS interpanel operations), then the ELMS could go into that ‘Do Not
    Action Load Restoration’ behaviour.
    If Autoland had previously been ‘armed’, then when (later) MH370 arrived further
    along its flightpath where certain conditions for Autoland to ‘engage’ were
    fulfilled, then possibly the Autoland function of the FMS caused the GCUs and
    the Backup Generator Converter to action a reconfigure of the electrical system
    – this being a circumstance where the electrical power system was in a
    non-normal configuration
    (before the Autoland reconfiguration) and then
    loadswitching devices‘ (other than the ELMS EEU’s) actioned the

    @PS9 said; “And could autoland be engaged without the left bus and tie?”

    If you have followed the above, then it is understood that it is Autoland that
    caused a reconfigure of the electrical system (say when near NILAM), and that
    is why, say, the Left AC Main Bus came back up – the ELMS couldn’t action a
    reconnection, but the Autoland reconfiguration, for example, connected the
    running APU to the Left AC Main Bus and repowered it. (So Left GCB was opened
    by the ELMS, and later the Left BTB was closed by the GCU’s or the Backup
    Generator Convertor, as a result of Autoland ‘engaging’.)

    Seems quite theoretical – obviously more study required.

  22. « The automatic control system may also be connected to a battery backup power supply, such that power to the automatic control system may not be interrupted, even if the electric power to the system is interrupted. In addition to disabling any onboard capability to supercede or disengage the automatic control system, the processing element may also transmit a signal to any remote location(s), which may include but are not limited to an airline office, an airport, and one or more governmental agencies, such as a Federal Bureau of Investigation (FBI) office, a Central Intelligence Agency (CIA) office, a Federal Aviation Administration (FAA) office, the office of Homeland Security, a military center, and/or an anti-terrorist agency office, to indicate that the automatic control system of the vehicle has been engaged »

    As someone who has discussed the remote control / remote hijacking theory on this blog back in 2014, I’m still intrigued by the thought. It’s the stuff of nightmares for a pilot: your plane starts to develop a life on its own …

    Drones have been remote-controlled for years. The technology ( https://en.wikipedia.org/wiki/Boeing_Uninterruptible_Autopilot ) is certainly there, but “safety concerns, including the possibility that such a system could be hacked, have prevented its roll-out”.

    There were also numerous reports about aircraft vulnerabilities to hacking. For instance:

    « A US government official revealed that he and his team of IT experts remotely hacked into a Boeing 757 as it sat on the runway and were able to take control of its flight functions. » http://bit.ly/2E06Q0p

    If we entertain the thought of remote controlling for a moment, it would explain a lot of unsolved questions:
    no mayday calls: coms were remotely disabled
    SDU shutdown: In a quest to depower the remote control unit, Zaharie, as is known a DIY genius, desperately flipped circuit breakers and ended up isolating the left AC bus. Losing the SDU was simply a side-effect / collateral damage of this action.
    SDU relogon: As quoted above, the
    “battery backup power supply [would ensure] that power to the automatic control system may not be interrupted, even if the electric power to the system is interrupted”. Therefore Zaharie would have realized that by interrupting the electrical power, he doesn’t change the situation one bit (because the RC unit runs on battery power). So he reconnected the left bus again (SDU logon).

  23. internet search for “aircraft hacking” yields many interesting results:

    « Could Terrorists Hack an Airplane? The Government Just Did. »

    « A computer security expert hacked into a plane’s in-flight entertainment system and made it briefly fly sideways by telling one of the engines to go into climb mode. Chris Roberts […] told the FBI […] he had hacked into in-flight entertainment centers on Boeing 737s, 757s and Airbus A-320 aircraft “15 to 20 times”, according to court documents. […] Roberts would wiggle and squeeze the Seat Electronic Box under his seat, which connected to the plane’s in-flight entertainment system, or IFE. He would then connect a cable to the box and connect it to his computer. From there, Roberts was able to hack into the plane’s Thrust Management Computer using default IDs and passwords. He overwrote computer code for the planes’ thrust management computer, which he told agents allowed him to make the plane climb on his command. At least once, according to the document, he told one engine on a plane to climb, causing the plane to move sideways as it flew. Roberts also used software to monitor traffic from the cockpit. » https://ind.pn/2GcDd1U

  24. Regarding Hacking, you may note this incident on a petrochem facilities (https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html)

    What is relevant is that the system hacked is a high integrity safety system and had no connection to the external world apart indirectly via engineering workstations from which firmware upgrade, configuration upgrade could be done. Knowing the systems quite well, this requires a very high level of sofistication.

    The FMC or AIMS have similarities in terms of architechture and may also have some kind of vulnerability via an engineering interface. However, i would have thought that if something like that happened, there would have been some kind of distress code and more mobile phone connections from passengers or crew. So in any case, such attack would have required someone onboard to explain the silence of passengers/crew.

  25. The idea of a “hack”, remote access to the plane systems, has been discussed before; it certainly is an intriguing idea.

    I’m an absolute non-expert on such topics. Can the people who understand these things better than me answer some layman’s questions?

    First, how does the actual electronic link to the plane systems work. Presumably, this would be via satellite link? The way I picture this as a layperson is that somewhere on the plane, there is some unit akin to a Sat phone. The hackers would “call” this, and then “take over”? So which satellite system in particular do the theories here assume this was done via? Can any satellite (f ex, aber Russian military satellite) “call” the plane, or does that only work through specific satellite systems? Would such communication have been recorded/recordable by other satellites in the vicinity? Is that proven to work reliably (mobile phone connections on the ground aren’t even 100% reliable, sat phone connections less, on a moving plane somewhere over an ocean, even less?). I mean, the hackers would presumably like their control not to be super shaky… Having said that, would that maybe be a way to explain weird manoevres? Sat link intermittently lost, Zaharie taking over again? But that wouldn’t make sense because we could assume that the first thing he would want to do is communicate with the ground. So basically, a hacking theory implies near-100% steady Sat connection right, otherwise it would have been risky for the hackers? Another thing is, hacking implies that the movements of the plane whilst remote controlled (from the hackers’ point of view, ideally 100% of the time from the moment they took over) must be 100% compatible with remote control, ie it would imply that the plane could not have done the sort of movement that would be characteristic of a pilot on board.

  26. @Havelock, others:

    Recall the Iranian takeover of a U.S. military drone in 2011.

    The presumption was they somehow forced the vehicle into autopilot mode, killed comms and then spoofed GPS signals to fool the FMS to land where it thought was home but wasn’t

    All done remotely, of course, but I wonder if that needn’t be the case for an airliner with cockpit infiltration, switching to autopilot and then having ground operators override GPS. in this case the muscle only needs to be a couple guys, no flight training necessary.


    Would love to hear pros and cons, but if possible, seems a great deal simpler than entire remote mechanism that may or may not exist.

  27. @Scott O

    You wie: “All done remotely, of course”. As far as I understand the article, tricking an autopiloted drone (or other autopiloted machines) into believing false GPS (“spoofing the GPS coordinates”) requires two things: jamming the real GPS signals around the drone (as in, physically close to it) and then sending out a fake GPS signal for the drone to base its route on, again,afaiu, in the physical vicinity of the drone. As far as I understand this cannot be done completely remotely?

    My thought on this article is, if the Iranians or others could really do this, why is this the only time that it happened? If us military drones could really be hacked easily, presumably it would have happened a couple of times?

    The difference between the drone hijack and mh370 is that the drone could be forced into autopilot and that this autopilot had a predefined endpoint. If someone on MH370 had quietly jammed GPS, there would have been no telling where it would go, because even though Shah or the autopilot would have been confused, he would probably have noticed that something was off, and started to steer *somewhere*. I don’t think he just punched in the waypoints to Beijing after takeoff and then started to take a nap. The drone, however, was claimed to have been preprogrammed to land in Afghanistan, so if it had actually been tricked into thinking it was there, it would have followed its preprogrammed course.

    What you say is quite intriguing. On the one hand, a hacking plus on board hijacking personnel makes a remote control hijack easier to explain. It would mean that f ex if the data link was down for a moment, the pilot et al could be physically stopped from “doing stupid things”. Also, if the remote access was dependent on some physical action on the plane, f ex switching something off or having a signal jamming device physically on the plane, physical personnel on board would make it easier to explain how that should have worked. (From my limited technical understanding, I consider it fairly plausible that a remote hijacking would need physical on-board support).

    However, this theory also has issues. First of all, it implies a level of complexity that is again by orders of magnitude higher than a “simple” hijack. I mean, it implies that you get all the IT stuff figured out (i e you have access to such highly skilled people) PLUS you need to effectively physically have the plane hijacked. In sum: A^complex *B^very complex = very very involved.
    If you have “muscle” on the plane anyway, why go to all the trouble of trying to remote control the plane? As far as I understand, for the most part flying this plane would have required nothing more than typing in some waypoints. The plane could even have auto landed. Even if you believe in a end of flight glide, I guess training your muscle to get that done is easier than the remote control stuff. Also, in contrast to the Iranians and the drone, nobody has a potential PR benefit from doing it (or claiming to be able to do it). If you can’t brag about it, why extra complexity without convincing benefit?

  28. Another thing with remote control theories is the following:

    Those theories effectively presume that a perpetrator owns what amounts to a zero day exploit. Even zero days for average computer systems can be worth millions. A “gain unoverridable remote control to in-flight Boeing aircraft” would be somewhere close to priceless. If you wanted to put a monetary value on it, I am sure it would be in the millions. A key thing to note is this: The reason why zero day exploits are called zero days is that such software errors allowing unauthorized system access have been used (and known to the public) for exactly zero days. The moment you use such a hack, counter measures will be developed (anti virus programs will be updated etc). So it rapidly loses value the moment you use it. This leads to the following question: if you own such an ultra rare asset, one that is literally priceless, why would you waste it of all the planes in the world, on MH370??? Years have been spent trying to find out whether there was some valuable cargo on the plane, and we have nothing! There was nothing on the plane that couldn’t have been stolen without using a priceless zero day exploit.

  29. A succinct format of flaws for MH370

    Dr. Bobby Ulich (@DrBobbyUlich) tweeted at 5:45 PM on Wed, Mar 28, 2018:

    #MH370 “The attached photo is a list of all the observational data that must be satisfied by any theory to explain the loss of MH370.  Your comments and suggestions are welcomed.  It may be used to evaluate both hijacking and accident scenarios….”


  30. @all, in news today from the story linked below, and keeping in mind this intrusion occurred just a day after Russian diplomats were expelled across the West:

    “Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, sent out an alarming memo calling for “All hands on deck.”

    “It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,” VanderWel wrote, adding his concern that the virus could hit equipment used in functional tests of airplanes ready to roll out and potentially “spread to airplane software.”


  31. @Havelock, you make excellent points.

    As to a zero day exploit in the case of the drone: on the one hand, it would be an explanation for why we’ve not seen further autonomous vehicle theft (if, in fact, that is how the Iranians did it).

    On the other, this vulnerability was understood to exist for a year or two before the takeover.

    That leads me to question how such vulnerabilities in general are addressed. Do simple exploits take precedent? Do risk experts decided that no solution is necessary because despite the vulnerability the exploit is nearly (but not entirely) impossible to execute?

    From there, a follow up for me would be whether security experts extrapolated from drone to passenger aircraft and how similar or different the exploit or some iteration of it would be for MH370–the drone was Rockwell, the aircraft, of course, Boeing.

    As to the actual hijacking, agreed that it’s a complicating factor. But I imagine a pair of special forces who might do the dirty work of isolating or even dispatching a pilot and copilot. Sure, they wouldn’t need a lot of training for certain flight situations–I think of the 9/11 hijackers, but of course those actors didn’t need to land their planes; we don’t know if that’s true of MH370.

    If the goal wasn’t to crash it, they may have had been taught to trip the autopilot, activate the GPS spoofing from within and away they go. The simplifying factor here is that the operation doesn’t require physically adept operators to also be pilots or a pilots in addition to physically adept operators.

    Clearly others with better technical understanding can dismiss or find support for the mechanics of the idea. I just put it out there, and I do so with my own questions, including, why the flight path back across Malaysia?

    As to why MH370 itself, I am not sure, but we know its timing fits into the Crimea takeover. It also exists in a time when (I believe) Malaysian sovereign fund money was understood to be missing. And finally there is a proximity to when Donald Trump chose or was forced to choose to run for president of the United States. If you investigate his Twitter timeline, March 2014 shows many visits including those that appear to be Russian urging his candidacy.

    It is pure speculation based on a feeling I can’t get past, but MH370 and the follow-on MH17 incident all seem to me like they are unfortunate collateral damage in a broader and very significant geopolitical exploit.

  32. @Peter Norton
    I read that also.
    It is a predictable modus operandi of the poster you referenced, negative critiques, comments and criticism are his shtick. The saturation makes it challenging to find credence in his opinion.

  33. @Susie Crowe: A handful of factual errors were pointed out and rectified, which Dr. Ulich conceded himself, so I don’t know what you are talking about.

  34. Former Prime Minister of Malaysia, Mahathir Mohamad, said that the use of remote control technology was implicated in the disappearance of MH370:

    « Former Prime Minister of Malaysia, Dr Mahathir Mohamad […] describes his belief that MH370’s GPS signals and communication systems “must have been disabled or else the ground station could have called the plane.” He also […] claims that [Boeing] could have used patented technology to return the flight to a pre-determined landing location. Dr Mohamed goes on to cite an article published on The Flightglobal.com in 2006, which claims the CIA has the power to control aircrafts “remotely by radio or satellite if terrorists attempt to gain control of the flight deck”. “Clearly Boeing and certain agencies have the capacity to take over “uninterruptible control” of commercial airliners of which MH370 B777 is one,” he writes. » http://archive.is/EnY0T

  35. @Peter Norton

    No offense but this blog post from a clearly biased party with zero factual evidence given has exactly zero value and can at best be seen as disinformation. More fog.

    @Scott O

    Thank you for the kind words! I obviously have no detailed technical knowledge but it would seem like a drone and a passenger aircraft are fairly different systems so whether something that may or may not have worked on a drone could be ‘extrapolated’ seems unclear to me. If you’re able to hack a Boeing, it doesn’t really matter to me how you develop your hack, it implies that you’re a highly trained individual, ie it says something about those having access to such an asset.

    How possible zero days are addressed also doesn’t really matter. You can be sure that at the latest the moment one is used by attackers it will be shut down. Ergo: you can use it once only.

    The only theory I could come up with why you would use it would be if you know that it has become known that such a zero day exists, and that Boeing is actively working on shutting it down. In that scenario, you might want ‘the Americans’ to know that you know, and that you’re smart and can f*** with them. I’m torn between the thoughts of “still, if so then why this particular plane and not a more valuable one?” And “in this scenario, it doesn’t matter, it’s just about showing off shortly before that exploit is shut down, with the added benefit of giving the Malaysians the finger “. However, if it really was like this, then I would find the MO uncharacteristically subtle, compared to the Buk, the polonium, etc.

    Frankly, no. To me this all doesn’t add up. I think that if we really want to entertain the idea of a hijack (as in, not by the pilot), we need to look keep looking into “why this particular plane”. For if either of the hijack theories are true, it implies enormous resources needed and expended. Also, I wanted to put forward the following: if we genuinely want to entertain the idea that there might have been hijackers on board (f ex the Russians/Ukrainians), we should look into whether they could have been offered an exit strategy. When you think about it, it’s hard to believe that f ex the Russian secret service hired a bunch of ex military guys enjoying their life for a suicide mission. Presumably, if the Ukrainians had hijacked the plane, they would have wanted to get out alive? And whoever had hired them would have had to give them a credible mission that would see them survive.

  36. @Peter Norton

    Apparently I also did not know what I was talking about. My reply after reading only one comment was sloppy, I appreciate you calling me out for it.

  37. @Peter Norton, I don’t think this is a productive line of inquiry.

    @Scott O, Whoever wants to explain the disappearance of MH370 now has to contend with a new fact on the ground: that the plane did not wind up where any reasonable interpretation of the Inmarsat data would have it go. So were investigators merely unlucky (and the plane happened to fly in a quirky, bendy, up-and-down way that by coincidence created signals that made it look like it was flying straight, fast, high, and normal) or were they tricked (presumably by a very sophisticated hack)?

    Almost by definition, if MH370 was hacked, it was not only a zero-day hack, but one so clever that the bright minds at Inmarsat wouldn’t even suspect that they were being duped.

    There are different kinds of hack; not every aspect has to be electronic. “Social engineering” is an important vulnerability. It’s what enabled the DNC hack before the 2016 US elections, for instance. My favored theory is that the Russians noticed that a low-on-fuel communications satellite will under certain circumstances inadvertently encode information in a data stream that would hint at a plane’s direction of flight. Their stroke of genius was to recognize how this insight could be weaponized. If a fly-by-wire commercial plane with an accessible E/E bay hatch and a Thales SDU were hijacked in the middle of the night, when most nations’ primary radars were off, and flown from the equator to a higher latitude while under the footprint of that satellite exclusively, one could create the electronic impression that the plane flew the other way.

    This plan would require not only advanced knowledge of sat com and aeronautical engineering, but significant operational experience dealing with ATC and air defence radars. But to pull it off would demonstrate jaw-droppingly formidable prowess–and if, four years later, your enemy is still completely flummoxed, then it would prove your total dominance of the information space.

  38. @ Susie: I didn’t intend to call you out at all. Apologies if it came across that way. In fact, I applaud Dr. Ulich for his effort. It’s a helpful method* to focus on the important things. I only wanted to caution that there were a few technical errors in his straw man document*, so that nobody internalizes wrong information. I’m sure he corrected the quirks later on and I hope this document will be developed further as teamwork.
    * http://workingwithmckinsey.blogspot.co.at/2013/07/McKinsey-straw-man.html

    @ Jeff: what line ?

  39. @Peter Norton, The remote hijacking is not a productive line of inquiry because, most notably, a) the uninterruptible autopilot technology was not installed on MH370, and b) being that the satcom was turned off, there would be no way to remotely control the plane. The deed had to be done by someone on board.

  40. @Jeff Wise:
    a) “not installed”: how do you know that?
    “SDU turned off”: You infer that mainly from OXCO and no coms with 3F1, right? Setting aside the former for a moment, could the latter be explained by MH370 being switched to another satellite (e.g. to a Russian spy satellite to keep in line with the remote hijacking theory) before reconnecting to 3F1 at 18:25?

  41. @Peter Norton

    “I didn’t intend to call you out at all. Apologies if it came across that way.”

    No offense taken, my appreiation of your correction was sincere

  42. @Susie Crowe: Thank you. I’m glad we found common ground. I realize that in my 1st posting I failed to mention that it’s nonetheless a valuable contribution, especially once the technical errors will be corrected, so I am to blame for our misunderstanding. I’ll take more care of my wording going forward. Dr. Ulich’s collaboration document is now at revision 3 last time I checked. I enjoy seeing his effort gaining traction.

  43. I know this isn’t a popular subject but I honestly believe that the whole thing is down to a massive cork up at Inmarsat. I have no idea on whether the BTO is actually a valid concept or not but I do believe that the math is based on flawed principles & I believe I understand why the BFO is such a mess.

    I personally on the basis that the search in the SIO ends in absolute failure would like to see a team of independent experts look at the entire concept that ISAT has designed to intepret the data. I include in that the way the data was recorded in the 1st place. I know the IG & others have checked the data time & again but the results are always inconclusive.

    I want the entire process stripping back to the bare bones. Only then would I have any faith in the concept.

Comments are closed.