The Drive: The Crucial Clue MH370 Investigators Missed

Angus Houston, chief coordinator of the Joint Agency Coordination Centre

[Note: this piece ran today on TheDrive.com. It hits upon some points I’ve made here previously, but ties them together more concisely than I’ve managed in the past and also fits into the series of major points and revelations I want to make over the next few days. So bear with me… thanks!]

This much we know: Precisely five seconds after MH370 left Malaysia-controlled airspace, someone turned off all of the communications equipment and cranked the plane into a hard left-hand turn. Beneath a clear starry sky, the plane completed a one-eighty, skirted the edge of Thai airspace, and barreled over the Malay peninsula. Hanging a right around the island of Penang, it flew pedal-to-the-metal up the Malacca Strait. Then, an hour and 20 minutes after takeoff, at 18:22:12 universal time, it slipped off military radar coverage.

At this point, MH370 had gone completely dark. It could have flown anywhere in the world and no one would have been the wiser. But then something happened—something that might rank as the strangest part of a very strange story. Two minutes after it slipped out of radar coverage, someone turned the power to an obscure piece of equipment called the Satellite Data Unit, or SDU, back on. One minute later, at exactly 18:25, the SDU finished its reboot process and reconnected with the Inmarsat communications satellite orbiting 22,000 miles over the Indian Ocean.

Over the course of the next six hours, the plane exchanged hourly pings with Inmarsat. These pings didn’t contain any overt information about the location of the plane—this is a communications system, not a navigational one—but by closely examining the associated metadata, scientists were able to extract clues about where the plane had gone. Their analysis led them to a patch of ocean 1,500 miles west of Australia. The plane, they deduced, must be within this area.

Five years later, we know they were wrong. The plane wasn’t there. Hundreds of millions of dollars were spent scouring the seabed with the latest technology, only to ascertain that the plane’s endpoint lay nowhere within an area the size of Great Britain. How could this be? The Australian investigators in charge of the search have declared that based on their analysis, the search has exhausted “all prospective areas for the presence of MH370.”

One of their assumptions must have been wrong, obviously. But which one?

Curiously, amid the vast expenditure of effort spent in pursuit of MH370, search officials have never adequately grappled with what I see as the case’s central clue: the 18:25 reboot. This, after all, was the event that led directly to the creation of the data that sent investigators on their massive seabed hunt. And it turns out to be awfully weird. So if we want to find a place where the MH370 investigation went off the rails, this should be the first place to look.

Indeed, there are so many reasons to be suspicious of the 18:25 reboot that I find it helpful to divide them into four categories.

1. It Came Out of Nowhere

In discussing the case, search officials have always treated the existence of MH370’s Inmarsat data as unremarkable. After all, Inmarsat data is something that every plane with a functioning satcom system produces as a matter of course. But the circumstances here are not normal. There’s no reason why even an airline captain, let alone a garden-variety hijacker, would have either the means or the motive to turn this obscure piece of equipment off—and even less so to then turn it back on again. Why would you want to create an electronic signal when up until that point your M.O. has been evasion?

Also weird is the fact that it turned on at exactly the most fortuitous moment. Once the reboot happened, the plane found itself in a highly unusual electrical configuration, with all the communications gear turned off—except for the satcom. There is no discernible reason why anyone—especially a bandit hightailing it out of Dodge—would want to do this. Satellite communications expert Gerry Soejatman told me that it is “very uncommon” for aircraft to fly this way. Indeed, out of the 10,000 planes airborne over the surface of the earth at any given moment, not a single one of them is likely to be running this configuration.

2. It Conveniently Transmitted An Unexpected Clue

Once the authorities had this data set in hand, it happened to contain a subtle clue as to where the plane went. This, too, defied the odds.

The Inmarsat data set consists of the logged metadata of a satellite communications signal. The system is explicitly designed to exclude information about where and how the plane is traveling. Yet when Inmarsat’s in-house scientists examined the data set, they realized that because the system wasn’t working properly, a residue of navigational information had leaked into the communications signal. It was this residue that allowed them to deduce—incorrectly, it turns out—where the plane had gone.

What’s important to understand here is that the vast majority of planes flying around are not going to be leaking navigation information in this way. For that to happen, a bunch of things have to line up. The plane has to be equipped with an SDU manufactured by Thales, rather than the other leading manufacturer, Rockwell Collins; the plane has to be flying under the footprint of a satellite that is past its design lifespan and has run low on fuel; and the path of the plane has to be along a north-south axis.

As I mentioned, most planes don’t leak this kind of subtle clue in their satcom transmissions. The fact that MH370 was can only be viewed as awfully convenient—especially if someone’s intention was to throw investigators off your scent.

3. The Story It Told Couldn’t Be Cross-Checked

Even more suspicious than what the evidence revealed was what it didn’t. Due to the particularities of the situation in which the plane found itself, there was no other evidence available to confirm the clue encoded in the Inmarsat data.

Because the plane had just flown beyond the edge of the Malaysian air-defense system, and because the flight took place late enough at night that Indonesia had turned off its own military radar, MH370’s presumed turn south could not be confirmed by radar.

Because Malaysia Airlines subscribed to the cheapest Inmarsat service available, Classic Aero, the transmissions between the plane and the satellite did not automatically include the plane’s position information.

Because the entirety of the flight track lay under the footprint of a single satellite, its direction of flight could not be confirmed by a log-on with a different satellite.

And because the entirety of its flight track to the south was over open ocean, there was no chance for it to be accidentally observed in transit.

4) When Evidence Later Emerged That Could Have Confirmed The Turn South, It Didn’t.

Starting in mid-2015, pieces of debris started washing up on beaches in the western Indian Ocean. By now, some 30 pieces have been found. Investigators assumed that after more than a year these would be covered in rich colonies of marine organisms, whose makeup would shed light on the path the pieces had taken through the ocean. To their surprise, they found none of them hosted organisms more than a couple of months old. Biologically, that doesn’t make sense—and suggests human intervention.

So too does the fact that oceanographers have been unable to come up with a drift model that explains how all the pieces arrived where they did, when they did.

Finally, if the data and its implications were both valid, then the only plausible perpetrator would be the plane’s captain, Zaharie Ahmad Shah. But apart from a single suspicious flight simulator run found on his home computer, there is nothing about Shah that paints him as a suicidal mass murderer. His family said he was a loving husband and father. His friends said he was a cheerful soul who loved to cook, fly model airplanes, and make balloon animals. His professional record was spotless. His YouTube account consisted of home-improvement videos in which he demonstrated how to fix leaky windows and tweak an air conditioning system to save electricity. Though Muslim, he was no fundamentalist. He criticized terrorists, subscribed to Richard Dawkins’s YouTube channel, and supported democratic reform in Malaysia. Watching him, he seems the most normal guy in the world. Even, it must be said, a little boring—nothing like the handful of other pilots who are known to have deliberately crashed their planes, all of whom had significant emotional or mental-health problems.

So when the Australian, Chinese, and Malaysian governments decided to commit hundreds of millions of dollars to the search of the southern Indian Ocean, they literally did so solely on the basis on the mathematical analysis of a set of numbers whose provenance they could not explain, and whose implications they could not double-check. We know today that their confidence was misplaced. MH370 didn’t go where the scientists had deduced. That means that something must have been awry with the data. But what?

As it turns out, it’s possible for a hypothetical hijacker to tamper with the settings in the SDU in such a way that some of the values it produces will imply that a plane is traveling one way when it’s really traveling another.

Over the years, I’ve asked various individuals within the search team how they could be so confident in the integrity of the Inmarsat data. None was able to rule it out on technical grounds. Instead, I got answers like the one that Mark Dickinson, Inmarsat’s vice president of satellite operations, gave me: The idea is simply too unlikely. For someone to have tampered with the data, “whoever did that would have to have six months’ worth of knowledge of what would happen, in essence, have to know how the data would be used,” he said. “There’s nothing to show that evidence at all as far as I’m aware.”

I can understand Dickinson’s hesitation. For the perpetrators to fool the search effort by staging an elaborate hoax, they would have to have been significantly smarter than the investigators themselves. In the early days of the search, this seemed outlandish. Then again, back in those days, everyone expected the facts to line up neatly and for a reasonable solution to pop out. That’s off the table. We now know that whatever happened to MH370 must have been extremely odd.

Skepticism about the integrity of the Inmarsat data has been spreading. In 2018, David Gallo, the Woods Hole oceanographer who led the effort that found Air France Flight 447 deep in the Atlantic, wrote on Twitter: “I never thought I’d say this….I think there is a good chance that MH370 never came south at all. Let’s put it this way, I don’t accept the evidence that the plane came south.”

When I reached him on the phone, Gallo told me he was flummoxed by the authorities’ insistence that the Inmarsat data and its interpretation had to be correct. “This is where I got so frustrated,” he said. “The plane’s not there, so what the hell? What’s going on?”

It appears that French investigators share Gallo’s suspicion. According to Ghyslain Watrelos, a family member of three MH370 passengers who has been briefed on the matter, the arm of the French military currently investigating the case has been looking into the integrity of the Inmarsat data.

“The essential trail is the Inmarsat data,” Wattrelos said. “Either they are wrong [in their analysis] or they have been hacked.”

If the latter is the case, the ramifications are scary. Whoever took MH370 was determined, aggressive, and far more sophisticated than investigators have been willing to contemplate. They have also succeeded in fooling officials, the public, and most of the press for half a decade. That’s an uncomfortable prospect, and one that many people would prefer to ignore. But if it’s true—or even possibly true—then it’s something that needs to be dealt with expeditiously. Because that could mean whoever took MH370 is still out there…and nothing whatsoever has been done to stop them.

This article originally appeared on TheDrive.com.

24 thoughts on “The Drive: The Crucial Clue MH370 Investigators Missed”

  1. @Jeff
    If MH17 was a warning then so was MH370. The warning was obvious to those being warned. Everyone else just saw white noise. Following the money always leads to the answer.

    Russians had made large deposits into Cypriot banks that began failing. They needed some place to launder their money so they bought 1MDB bonds. When it appeared that monies had been embezzled from 1MDB they didn’t want to be left out in the cold again and they couldn’t use the courts so they needed to warn Malaysia. Twice. The first warning could have been an accident. The second warning would not be misunderstood.

    A Guide to the Worldwide Probes of Malaysia’s 1MDB Fund
    By Shamim Adam and Laurence Arnold
    March 7, 2018, 1:00 PM PST
    Updated on May 13, 2018, 8:22 PM PDT
    Mahathir Mohamad says his country is seeking to recoup billions of dollars of 1MDB funds, including fees from Goldman Sachs. The bank made $593 million working on three bond sales that raised $6.5 billion for 1MDB in 2012 and 2013, dwarfing what banks typically make from government deals.

    New York Times Feb 17 2014
    Liz Alderman
    “No matter what European leaders say now, all of our clients are saying, ‘Let’s split our accounts among as many different countries and banks as we can,’ ” Mr. Zertalis said. “They say ‘We won’t keep our money in Cyprus, but we don’t feel secure about Europe anymore, either.’ ” He said many had turned to financial institutions in Canada, Switzerland and Asian countries.

  2. Loved the book, Jeff. Read it all in one sitting.

    Was curious about the difference between the Thales SDU and the Rockwell Collins SDU… what makes Thales more vulnerable to spoofing?

    Also, just to make sure I understand the BFO offset… this value is not actually a part of the signal, correct? That is, it is not a field that is recorded in the ping packet itself, but rather, it is deduced by comparing the frequency the SDU should have been using to the frequency that it actually used, correct?

    Thanks. Again, great book.

  3. @Sean, Thank you so much! My understanding is that the Rockwell SDU corrects for Doppler shift by measuring the error in the incoming signal and then just flipping it around for the outgoing signal. So there’s no navigational information used in producing the signal.

    Right, the BFO is not encoded information, it’s just a measure of how wrong the signal frequency is–how far off it is from what it’s supposed to be.

  4. @Jeff

    That’s really interesting. Does this mean that the Thales unit has a pre-loaded lookup table of the positions of all the satellites in the world that it might communicate with, and then calculate the frequency difference using the plane’s location and velocity relative to the position of the particular satellite it’s talking to? It seems like the satellite’s actual position would be required to make the calculation, and I can’t think of any way to get that information other than through a pre-loaded lookup table.

    Here’s an interesting thought. From a computer programming perspective, the easiest way to get the effect you are proposing would be to take the correct data from the IRS unit, and run a simple transformation on it before it’s sent to the SDU. In fact, the best thing to do would probably be to place a small computer between the IRS and SDU that simply intercepts, transforms, and sends on the data with as few changes as possible.

    So, let’s speculate about the transformation the hijackers might have used. It would need to be simple- this caper is complex enough without worrying about tricky transformations. If the transformation they used is simple and generates no data loss, then it would be reversible, in theory. That would mean the recorded BFO data should still have real information buried in it. We might even be able to calculate where the plane really went, if we guess the transformation correctly.

    Off the top of my head, a very simple transformation would be to invert the latitude of the plane’s actual position- that is, change the N to an S, but leave everything else the same. (I’m not sure that would be enough to get the desired effect- there might need to be some changes to the velocity vector, too- but it feels plausible).

    And as long as I’m indulging in wild speculation, let’s go one step further. It occurs to me that the latitude swap transformation I just proposed might explain why the initial BFO value after reboot was so “radically different from any of the previous 100”. Assuming the plane was actually just north of the equator at that point, but the frequency was adjusted as if it were instead just south, the initial change in frequency adjustment (between the last real ping and the first spoofed login) would look really big- as if the plane had been teleported to a different location.

    Which is kind of what the graph in chapter 27 looks like, come to think of it.

  5. @Sean, Well, welcome aboard! Really interesting idea. Victor Iannello came up with a similar idea that I came very close to including in the book (and didn’t just out of laziness, maybe I’ll go back and put it in) to the effect that if you changed a single parameter in a lookup table in the SDU you would get the observed effect. The parameter is the satellite inclination. Victor did quite a bit of guesswork and sleuthing, it was really quite impressive. He deduced that a parameter could be set to take the satellite’s inclination into effect, but that the effect was small and that it was usually just left equal to zero, even after the satellites in the 3F fleet had started to drift. So if you took the satellite’s actual inclination, and reversed the sign, it would make the plane look like it was going south when it was really going north. I never checked his math but took his word for it. You can read it here: http://jeffwise.net/2015/05/17/guest-post-northern-routes-and-burst-frequency-offset-for-mh370/

  6. Jeff Wise said:

    “That lack of cell messages has been noted before and I don’t think anyone has any good answers.”

    One darn good answer would be that someone placed a good quality cell phone jammer in an overhead locker / galley cupboard halfway down the plane.

    That would fit in with the disabling of all the other methods of communication (and tracking), particularly email/SMS over IFE which, of course, is used primarily by passengers.

    It’s interesting – we all assume the left bus was turned back on and that triggered the SDU, rather than asking if the SDU data was simply plotted from that point to suggest continuity.

    That could explain why it seemed to come on just out of radar range.

    As people have asked previously: ‘Why was it turned on just then?’ – Usual answer: ‘Because he was just outside of radar range.’ Question: ‘How did the pilot know he was just outside of radar range?’

    How did he?

  7. @Mark, I think it would be a fairly straightforward matter to map out radar coverage zones and plan accordingly. I recall reading somewhere that radar-return intensity falls with the fourth power of distance, so the fall off is pretty abrupt. The plan might just have been, “Plug the juice back in at MEKAR.”

  8. Oh man, I can feel myself getting hooked now. 🙂

    Victor’s analysis looks quite compelling. If there’s a way to get the desired effect by changing only one thing, that’s got to be the preferred method.

    Still though… If I was planning sometime like this, the big concern I would have would be logging in to change an internal parameter on someone else’s system. No matter how familiar you are with a type of system, having to change a particular one while under stress and time constraints is a recipe for failure. The appealing part about introducing a filter/transformation between the IRS and the SDU is that you don’t have to change the function of either existing system. The fewer software systems you have to change on the fly, the better off you’ll be. You can test and debug your filter/transformer quite thoroughly before you ever get on the plane, and once aboard all you have to do is connect it between the units and turn it on.

    Of course, I could be way off base. If the protocol between the IRS and the SDU is encrypted, or in an esoteric binary format that’s hard to interpret and change on the fly, then this would probably be a bad idea. (Victor’s idea might still be the best bet in any case, even with the risk of needing to login to an unfamiliar system; at least in that scenario, you don’t need any additional hardware).

    Question… In the book, IRS is said to stand for Internal Referencing System. Might it actually be Inertial Referencing System? If so, do we know what manufacturer/model was used on MH370?

  9. Wow.

    So, it is indeed possible to transform data the way I imagined, and there are even pc based emulators for doing it. Wow, again!

    It seems like it would be possible, maybe not even that hard, to get some of the emulator software and use it to try to guess what kind of transformations they might have used. If there’s some straightforward transformation that, when reversed, gives bto data that matches a straight fast northerly route really well, or at least better than the existing bto matches the southerly route… Well. Well, well, well.

    Might have to look into that!

  10. @Sean:

    The SDU uses latitude, longitude, groundspeed and track direction to calculate the doppler compensation. It uses latitude, longitude, heading and bank angle to point the high-gain antenna towards the satellite. I think that spoofing the latitude would cause the connection to the satellite to be lost, because the antenna would be pointing in the wrong direction. The recorded metadata show that the high-gain antenna was working correctly.

    The IRS is part of the ADIRU (Air Data and Inertial Reference Unit). I believe the manufacturer is Honeywell.

    I believe that the satellite periodically transmits the system table that contains satellite orbit parameters. When an SDU starts the Log-On procedure, it first listens to the Satellite P-channel transmission and compares the version of the transmitted system table to the version stored in the SDU. If the transmitted version is more recent than its own, the SDU updates the stored version with the more recent. So one way to change the satellite orbit parameters in the SDU would be for the satellite to transmit a fake system table at the time of the Log-On. However, that may be far fetched, because it would require the cooperation of someone at the INMARSAT control center.

  11. Ia anyone following up the Deineka lead? Surely a surviving passenger would be the irrevocable proof the world needs?

  12. @Gysbreght

    Yeah, that would definitely be a problem. Seems like it would be hard to contrive a way to spoof the data that would give the effect desired, but keep the antennae pointed correctly.

    “The great tragedy of Science — the slaying of a beautiful hypothesis by an ugly fact.”

    Now, the editing of the satellite inclination parameter sounds even better.

  13. @Gysbreght

    Although… in looking at your list of parameters… I notice that the antenna direction is a function of latitude, longitude, heading and bank angle to point… while the doppler calculation depends on latitude, longitude, groundspeed and track direction. So, in theory, one could alter the groundspeed and track direction without messing up the antenna… right?

    Is the track direction a two dimensional vector? If it’s a compass direction, it would be interesting to see what happens to the BFO calculation if you invert the N-S component of the vector, e.g. change 315 degrees NW to 225 degrees SW, NNW 337.5 degrees to SSW 202.5 degrees, etc. That kind of change wouldn’t mess up the direction of the antenna… would it?

  14. @Sean:

    So, in theory, one could alter the groundspeed and track direction without messing up the antenna… right?

    Yes

    Is the track direction a two dimensional vector?

    Groundspeed is a vector. It can be defined by either –
    – magnitude and direction, or
    – the N-S component and the E-W component

    BFO is insensitive to the E-W component and only reflects the N-S component. I believe the SDU receives the groundspeed in the form of groundspeed magnitude and direction. I don’t know if the SDU software compares the location data and the speed data for compatibility.

  15. My tin foil hat theory is the Ukrainians hijacked MH370 with the plan to crash it into the Burj Khalifa.
    There is a photo of a stony faced Chustrak posing in front of it.
    What were they doing in Malaysia? Why were they flying to China? It has never been explained.
    I think it was tracked flying over the Arabian Sea and shot down.
    Inmarsat is based in UK and British security services provided the ping data to cover up the interdiction.

Comments are closed.