Killer Software: Boeing 737 Max And Other Fatal Computer Bugs

Rescuers work beside the wreckage of an Ethiopian Airlines' aircraft at the crash site
Rescuers work beside the wreckage of an Ethiopian Airlines' aircraft at the crash site
Olivia Han

PARIS — The so-called millennium bug, or Y2K, was the first time many began to understand the full potential of malfunctioning software to do harm. Of course, the predicted December 31, 1999 disruption of the internet, electricity, banking systems, and transportation didn't come to pass in the end. Still, the threat of bugs (and not the crawling kind) is very much still a reality, as the world has witnessed recently with the crashes of two Boeing 737 MAX planes in less than five months, and subsequent grounding of the aircraft around the world. On Thursday, investigators in the Ethiopian Airlines crash eliminated human error from the equation, increasingly the likelihood that software was to blame.

The total death count of 346 between the Lion Air Flight from Jakarta in October and last month's Ethiopian Airlines Flight taking off from Addis Ababa is a sobering reminder that even the most intricate software systems can cause grave harm to humans. In recent decades, similar such incidents have occurred around the world:

Dhahran Missile Attack

During the first Gulf War, on February 21, 1991, a ballistic missile struck a US army barrack in Saudi Arabia, killing 27 and injuring 98 after a software error of the Patriot defense system created a lag of 8 milliseconds, preventing the missile from being intercepted. The Patriot relies on complex split-second computations tracking the target's speed, trajectory & predicted course. One of the two batteries were shut down to repair a radar malfunction. One battery was thought to be enough protection but there were multiple computer problems coupled with four continuous days of operation which caused a shutdown just a few minutes before the attack.

U.S. military personnel search through the rubble after missile attack in Dhahran, Saudi Arabia — Photo: Wikimedia Commons

Mull of Kintyre

On June 2, 1994, a British RAF (Royal Air Force) Chinook helicopter crashed on the Mull of Kintyre in Scotland, killing all 25 passengers and four-member crew. This crash is considered to be one of the worst peacetime disasters suffered by the RAF as almost all Northern Ireland intelligence experts were on board. As a part of an update to the Chinook helicopters, FADEC (Full Authority Digital Engine Control) equipment was being integrated. A subsequent investigation by Parliament revealed that after examining only 18% of the code, they had found 586 anomalies.


The Therac-25 was a radiation therapy machine available in Canada and the U.S during the 1980s, offering a revolutionary dual treatment designed to use software based safety systems rather than hardware controls. The machine produced two types of beams; the first fired low-energy election which do not penetrate far into the body used for killing at shallow tissues such as skin cancer, and the second fired radiation via high-energy X-ray photons that travel further and are suited to treat deeper issues such as lung cancer. The removal of hardware safety measures caused the death of three patients from radiation overexposure of almost 1000 times the intended dose.


In 2018, a software miscalculation during a test run in Arizona of one of Uber"s self-driving cars killed a pedestrian, the first official death from an autonomous vehicle. The cars were constructed to include a lidar (acronym for light detection & ranging systems) sensor to help the car detect the world around it at any level of darkness. Although the car initially identified the pedestrian, the software registered her as a "false positive," thinking it was a can on the street — and kept driving.

Uber's selfdriving car postcrash — Photo: US National Transportation Safety Board

Ariane 5 Rocket

European Ariane 5 rocket was launched in 1996 to deliver a payload of satellites into Earth's orbit off the coast of French Guiana. However after only 37 seconds after its launch, the rocket flipped 90 degrees and began to veer off its path. Aerodynamic forces ripped the boosters off of the main stage, triggering a self-destruct safety measure. After a two-week report, it was found that the cause of the crash was a software error in the inertial reference system that reused the same code from the launch system's of the predecessor rocket, Ariane 4. The crash cost approximately $370 million, making it one of the most expensive software failures in history. In this case, at least, nobody was killed.

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!

Air Next: How A Crypto Scam Collapsed On A Single Spelling Mistake

It is today a proven fraud, nailed by the French stock market watchdog: Air Next resorted to a full range of dubious practices to raise money for a blockchain-powered e-commerce app. But the simplest of errors exposed the scam and limited the damage to investors. A cautionary tale for the crypto economy.

Sky is the crypto limit

Laurence Boisseau

PARIS — Air Next promised to use blockchain technology to revolutionize passenger transport. Should we have read something into its name? In fact, the company was talking a lot of hot air from the start. Air Next turned out to be a scam, with a fake website, false identities, fake criminal records, counterfeited bank certificates, aggressive marketing … real crooks. Thirty-five employees recruited over the summer ranked among its victims, not to mention the few investors who put money in the business.

Maud (not her real name) had always dreamed of working in a start-up. In July, she spotted an ad on Linkedin and was interviewed by videoconference — hardly unusual in the era of COVID and teleworking. She was hired very quickly and signed a permanent work contract. She resigned from her old job, happy to get started on a new adventure.

Others like Maud fell for the bait. At least ten senior managers, coming from major airlines, airports, large French and American corporations, a former police officer … all firmly believed in this project. Some quit their jobs to join; some French expats even made their way back to France.

Share capital of one billion 

The story began last February, when Air Next registered with the Paris Commercial Court. The new company stated it was developing an application that would allow the purchase of airline tickets by using cryptocurrency, at unbeatable prices and with an automatic guarantee in case of cancellation or delay, via a "smart contract" system (a computer protocol that facilitates, verifies and oversees the handling of a contract).

The firm declared a share capital of one billion euros, with offices under construction at 50, Avenue des Champs Elysées, and a president, Philippe Vincent ... which was probably a usurped identity.

Last summer, Air Next started recruiting. The company also wanted to raise money to have the assets on hand to allow passenger compensation. It organized a fundraiser using an ICO, or "Initial Coin Offering", via the issuance of digital tokens, transacted in cryptocurrencies through the blockchain.

While nothing obliged him to do so, the company owner went as far as setting up a file with the AMF, France's stock market regulator which oversees this type of transaction. Seeking the market regulator stamp is optional, but when issued, it gives guarantees to those buying tokens.

screenshot of the typo that revealed the Air Next scam

The infamous typo that brought the Air Next scam down

compta online

Raising Initial Coin Offering 

Then, on Sept. 30, the AMF issued an alert, by way of a press release, on the risks of fraud associated with the ICO, as it suspected some documents to be forgeries. A few hours before that, Air Next had just brought forward by several days the date of its tokens pre-sale.

For employees of the new company, it was a brutal wake-up call. They quickly understood that they had been duped, that they'd bet on the proverbial house of cards. On the investor side, the CEO didn't get beyond an initial fundraising of 150,000 euros. He was hoping to raise millions, but despite his failure, he didn't lose confidence. Challenged by one of his employees on Telegram, he admitted that "many documents provided were false", that "an error cost the life of this project."

What was the "error" he was referring to? A typo in the name of the would-be bank backing the startup. A very small one, at the bottom of the page of the false bank certificate, where the name "Edmond de Rothschild" is misspelled "Edemond".

Finding culprits 

Before the AMF's public alert, websites specializing in crypto-assets had already noted certain inconsistencies. The company had declared a share capital of 1 billion euros, which is an enormous amount. Air Next's CEO also boasted about having discovered bitcoin at a time when only a few geeks knew about cryptocurrency.

Employees and investors filed a complaint. Failing to find the general manager, Julien Leclerc — which might also be a fake name — they started looking for other culprits. They believe that if the Paris Commercial Court hadn't registered the company, no one would have been defrauded.

Beyond the handful of victims, this case is a plea for the implementation of more secure procedures, in an increasingly digital world, particularly following the pandemic. The much touted ICO market is itself a victim, and may find it hard to recover.

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!