How Technology Is Unraveling the Clues of Flight MH17
A look at the technology helping piece together what happened to Flight MH17 in Ukraine. By Patrick Tucker
Over the weekend, the Malaysia Airlines Flight MH17 tragedy turned into a “Law and Order” episode on the international stage with Secretary of State John Kerry appearing on Fox News and other outlets to make a systemic case against Russia, prompting Fox News interviewer Chris Wallace to observe that Kerry was once “a prosecutor in Massachusetts.”
So what does Kerry’s case consist of? The U.S. is confident that the murder weapon was an SA-11 Gadfly 9K37M1 Buk -1M fired missile. A dispatch from the U.S. Embassy in Ukraine indicates that the rocket launcher was given to pro-Russian separatists by Moscow. At this point, no one is saying that the separatists intended to down a passenger jet. Evidence (see below) suggests that rebel forces believed the plane was a Ukrainian military transport vehicle, since the Buk radar guidance system provides very, very little information about the type of target it’s pointing at. Pro-Russian conspiracy mongers, meanwhile, are looking to plant blame for the incident on Ukraine, claiming that the downing of the plane was a deliberate act of the Ukrainian government.
The entire future of the Ukrainian conflict could change dramatically and decisively as a result of last week’s events. The United States may finally have the justification to begin better arming the Ukrainians, which would escalate the conflict. So far the Pentagon has only provided non-lethal assistance. But Kerry said the U.S. is talking with the Kiev about “what they need,” and that could include “anything except American troops”
The U.S. will also look to convince European partners to impose tougher sanctions on Russia. “Four percent of Russia’s trade is with the United States; 50 percent of their engagement is with Europe,” Kerry told Fox News. If the U.S. can present a case to show that Russia gave the Ukrainians the arms and the training to down an airliner carrying mostly Dutch citizens, European partners may side with the U.S. in a tougher sanctions regime.
The argument against Russia must be incredibly persuasive. Here’s a look at the forensic technologies that will make the case.
Infrared Satellite Imagery
“We know with a certainty that we saw the launch from this area…we know that it occurred at this very moment that this aircraft disappeared from the radar screen” said Kerry on Sunday.
The most important element in instilling similar certainty among European partners will probably be infrared satellite imagery. The National Reconnaissance Office, or NRO, and the Air Force Space Command operate a number of infrared satellites, such as the Space Based Infrared System (SBIRS). There are currently two SBIRS satellites in orbit but there will be six by 2022, with Lockheed Martin as developer, under control of Air Force Space Command.
The NRO couldn’t comment on the use of infrared satellites in the MH17 case, except to tell Defense One that “facts about the NRO constellation, including capabilities and past and present operations are classified.” But the U.S. has understood the importance of infrared satellite imagery for reconnaissance since the 1950s when we developed these systems for very much the same reason we are using them today, to track rocket launches from machines like the SA-11. For a great primer, read Sean Gallagher’s piece here.
Satellite images provide a literal smoking-gun portrait of the events surrounding the downed plane. But the U.S. has burned its fingers on smoking gun satellite images before. Other pieces of evidence will likely play a role as the U.S. builds its case.
Chemical Signatures on Airplane Parts
To prove that its theory of the events is true, the U.S. needs data from investigators on the ground in Ukraine from the Organization for Security and Co-operation in Europe, OSCE. They, in turn, need access to the debris at the crash site to collect samples from evidence. That’s proven to be a thorny issue, as evidenced by news reports that the controlling separatist forces in Donetsk are obstinate, threatening, commonly intoxicated and have blocked both media and investigators.
Kerry said that OSCE monitors were given just three hours to access the scene on Saturday--and the site is already compromised. “We understand airplane parts have been removed,” Kerry said.
If the Obama administration is correct, what will the ground evidence show? The distribution of debris, once fully catalogued, would confirm a violent sudden explosion, as opposed to a long trail of parts indicating a slow breaking apart and would include missile shrapnel. It would also show that the radar-guided missile likely exploded within about 65 feet from the target. Infrared imaging might show explosive residue somewhat evenly distributed on the bottom of the plane. Conversely, an excessive amount of explosive residue on the engines could indicate that the missile was heat seeking and not shot from an SA-11 and that the U.S. was wrong.
The Black Boxes
The Boeing 777, like all commercial aircraft, has two components recording inflight data. There’s a cockpit voice recorder in the front and a flight data recorder in the tail of the plane, which records information from the various sensors and other indicators throughout the craft. Data from these two sources is collected in the crash survivable memory unit or CSMU, which have been built to withstand the heat, water, and the physical effects of a major crash.
Controversy has surrounded the condition these boxes at the MH17 crash site, with conflicting reports indicating that they were to be sent to Moscow. At last check, the Donetsk rebels and Malaysian representatives had brokered a deal to exchange the boxes. Hours earlier on Monday morning, the speculation over their condition reached a fever pitch when the New York Post ran a screaming headline declaring a “rebel plot” to steal the recorders. Certainly they were in rebel hands for at least several hours.
How hard is it to hack a black box? According to technical experts familiar with their design who spoke to Defense One, the answer is not very. Modern-day flight data recorders use solid state drives, SSDs, to store information. Unlike the hard drive in most PCs, SSDs consist of a bunch of memory flash drives stacked on top of one another. They store memory with no moving parts so they are considered far more rugged than conventional hard drives. This is why engineers began using them on planes.
Ironically, SSDs may actually be more hackable than the conventional hard drives they replaced. When you overwrite a file on an SSD, you don’t leave the same clear record that you do when you delete a file on your computer. In fact, some members of the computer forensics community have sounded the alarm about the growing popularity of SSDs and the trouble they could cause in terms of evidence discovery and retention in the future. Graeme Bell and Richard Boddington of the University of Murdoch in Australia even went so far as to opine that “it seems possible that the golden age for forensic recovery and analysis of deleted data and deleted metadata may now be ending” because of SSDs.
In the case of MH17, the boxes aren’t likely to provide much new information. Forensics teams use them to determine the mechanical or human cause of a crash. But recovering the boxes could be useful in this case to categorically rule out pilot error or mechanical malfunction. If the data on the boxes does in fact suggest that something else happened to the plane, that development would no doubt fuel the conspiracy theories that have already taken route across the Internet, which could play to Russia’s advantage.
The Eyewitness Testimony
In the case of MH17, the world already knows who the most important witnesses are, members of the separatist army who quickly took to social media to brag about shooting down a plane they believed was a Ukrainian cargo jet. Of particular significance is a post from former Russian military officer Igor Strelkov, the self-declared Minister of Defense of the Donetsk People’s Republic. It appeared on VK.Com, Russia’s version of Facebook, and reportedly boasted that his troops had scored a hit, stating “we warned you—do not fly in our sky.”
The problem is that the witnesses are recanting. Strelkov (or someone) removed the post in short order. Similarly, as Agence France Press reports, pro-separatist forces began taking down incriminating tweets and posts shortly after they appeared. In one particularly revealing exchange, the Donetsk Republic Twitter feed, @dnrpress, acknowledged that “self-propelled Buk surface-to-air missile systems have been seized by the DNR from (Ukrainian) surface-to-air missile regiment A1402,” according to AFP.
In many ways, that may be the most important tweet in the entire conflict, since it now purports to show not only that not only did the separatists have the means to carry out the attack, but that they did not acquire the missile launcher from Russia, as the U.S. believes. Should Russia decide to put more distance between Moscow and the separatists, it may use that argument. It’s unclear how the social media posts, in total, will affect the U.S. case.
The good news for investigators is that items on the Internet tend to stay on the Internet, especially if they are interesting. Multiple screen grabs caught the posts before they vanished, each one corroborating the other.
All of this evidence tells the story of a unique moment in history.
In one swift command execution, one man, sitting behind an old radar screen and armed with a 1,500 pound rocket, caused the deaths of almost 300 people, affected Putin’s relationship with the separatists as well as Russia’s with Europe and possibly changed the direction of the conflict -- and history. If the last several days provide any indication of what lies ahead, there will be denial, accusation and overt lying to come. We may never really know what happened to MH17, but we can still get much closer to truth.
This story has been updated.
NEXT STORY: How Japan Fell in Love With America's Drones