Was Iranian Missile Operator Tricked Into Shooting Down The Ukrainian Airlines Plane Over Tehran?

ukraine airlines plane crash tehran site

The Iranian confession that their military shot down the Ukraine International Airlines plane near Tehran is the end of the matter as far as international diplomacy and the media is concerned. The official story then about what happened is this:

It’s 2am on January 8th 2020 and our guy is sitting in a Tor-M1 air-defense missile system about 10kms north-west of Imam Khomeini international airport, west of Tehran.

General Soleimani had been buried the day before, and in the last half-hour or so a couple dozen Iranian ballistic missiles had been fired from western Iran at two US bases in Iraq.

The entire Iranian military is on alert and stress levels are particularly high. There’s been a lot of chatter about a likely US response to the Iranian missiles and our guy is one of several teams positioned around Tehran tasked with shooting down anything on his radar screen that fits the profile. But as the hours pass without incident, he starts to doubt he’ll see any action – at least, not tonight.

By 6am the only thing he can report having seen on his radar screen are each of the 9 scheduled flights that departed the nearby airport that night. He watched them take normal flight paths off the northwest runway, climb into the clear night sky and then veer north or northeast. Since the Tor-M1 system he is operating is fitted with IFF (Identification Friend or Foe) functionality, he could even see their call signs. The second-to-last one was Qatar Airways Flight QR8408 heading for Hong Kong.

Flights Tehran Ukrainian Airlines
© flightradar24.com
Click to enlarge – Flight paths of the 10 flights that left Khomeini Airport that night (before, during and after the Iranian airstrikes)
Tehran airport flights Ukrainian Airlines
Click to enlarge – Flight paths of the 10 flights that left Khomeini Airport that night (before, during and after the Iranian airstrikes)

The last flight that night would be Ukraine International Airlines Flight PS752 heading for Kiev. It departed one hour late at 6.12am, but followed the exact same initial flight path as the previous flights. As it climbed and reached 4,600ft above ground level, the plane’s transponder suddenly stopped working at about 6.14am, 2 minutes or so after take off. The plane then made a sharp right turn heading east and turning back around towards Tehran city, traveling another 15-20kms over 4 minutes before crashing into an area near a football field and exploding on impact.

For some as yet unknown reason, our guy had suddenly become convinced that the Boeing 737 was an ‘enemy target’. As per protocol, he had requested authorization to launch, but his superiors could not be reached because of ‘some problem with the communication network‘. Again according to protocol, he had a 10-second window in which to decide whether to launch or not. Still convinced the 737 was a cruise missile or enemy aircraft, he launched the two missiles that sealed the fate of the 178 people on board.

The Iranian government and military has taken full responsibility for the shooting down of Flight 752, but no one has yet explained why a presumably well-trained missile system operator, having watched 9 commercial airliners fly past him that night, was so convinced that the 10th one was an enemy target that he made a decision – by himself – to shoot it down.

Iran purchased 29 Tor-M1 air-defense systems from Russia in late 2005. In 2012, Wikileaks revealed that they may have quickly become compromised:

Jerusalem Post TOR-M1 codes Russia Iran

Unluckily for Iran, two years after their large purchase of M1s, the Russians rolled out Tor-M2E which, significantly upgraded, included “protection against spoofing.” As it relates to general internet usage, spoofing means:

“when a hacker or malicious individual impersonates another user or device on a network, duping users or systems into believing they are communicating or interacting with a different person or website.”

In military terms however, spoofing usually refers to radar-spoofing and involves capturing enemy radar signals and sending them back in an altered format in order to confuse the radar operator about what he is seeing.

A few years ago, US weapons manufacturers began rolling out these EW units for operational use by the US Navy and Air Force:

US Navy EW spoofing

Note specifically what this technology is for:

“U.S. Navy airborne electronic warfare (EW) experts are continuing their support of radar-spoofing electronic warfare (EW) technology from Mercury Systems Inc. that can fool enemy radar systems with false and deceptively moving targets.”

That the anti-spoofing upgrade was added to the later version exposes a vulnerability in the Tor-M1 system that shot down the Ukrainian plane – a vulnerability which allowed an enemy to potentially “impersonate another [target] on a network, duping [operators] into believing they are communicating or interacting with a different [aircraft].”

Another way that the Tor-M1 system (and operator) could have been ‘spoofed’ that night is through alteration of the identifying signals sent by the transponder on the Ukrainian airliner. The newer ADS-B transponder systems that are today on most airliners are known to be vulnerable to hacking. Of most concern to transport authorities is the potential for hackers to inject ‘ghost aircraft’ into the ATC system, but it is equally possible for a hacker to inject data directly into the aircraft’s ADS-B so that it transmits false data about its identity, location, speed and direction.

In 2012, researchers from the Air Force Institute of Technology showed that a variety of “false injection” attacks can be readily coded on a commercial software-defined radio platform and launched from the ground or air with a cheap antenna. Attacks could cause aircraft to believe a collision is imminent, flood the airspace with hundreds of false transmissions, or prevent reception of legitimate messages.

Rich Kids of Tehran

Another curious part of the official story of the shoot-down of the Ukrainian plane involves a clique of Iranians who were responsible for documenting and distributing video footage of the missile launch and its impact with the plane, the crash, and photographs of what are allegedly the remains of the Tor-M1 missile.

On January 9th, an Instagram account called ‘Rich Kids of Tehran‘ – described as “a popular social media account showcasing Iran’s young and wealthy as they flaunt their wealth and jet around the world” – posted a video showing what was apparently a mid-air explosion. That same day, the New York Times contacted the administrator of the ‘Rich Kids of Tehran’ account and received the video in high resolution, and later confirmed its authenticity.

Additional footage subsequently released by unknown sources included CCTV camera footage from the vicinity of the crash site and which captured the moment of impact. A day later someone released alleged images of the missile that struck the plane.

Tor missile 1
Tor missile 2

Bellingcat analyzed the video footage and concluded that both videos were taken from a residential area in Parand, a suburb to the west of Imam Khomeini International Airport. Parand is a ‘planned city’ development outside Tehran that was built to house low-income families. Bellingcat also claims that the images of the missile are likely from the same Parand area.

Why one or more people associated with the ‘Rich Kids of Tehran’ – whose claim to fame in Iran is to be seen “brazenly driving Porsches and Maseratis through Tehran before the eyes of the poor” – happened to be in a low-income housing estate on the city’s outskirts at 6am on the morning of January 8th with cameras pointed at the right part of the sky in time to capture a missile hitting a Ukrainian passenger plane, is anyone’s guess. Although it is rather suspicious.

Who Would Induce Iran To Do This?

To have any chance of correctly understanding the shoot-down of the Ukrainian civilian airliner, it must be seen as a political rather than a military incident. A few days beforehand, the US had killed General Soleimani, an egregious attack on Iranian national pride. When Iran responded with pin-point accurate missile strikes on two US bases in Iraq, the score was – more or less – equal, as far as both parties were concerned.

You could argue, in fact, that Iran came out of the affair looking stronger and with more respect than when it entered. But all of that was undone with the shoot-down of the Ukrainian plane. Iran now appeared militarily inept, was forced to apologize to the world and protests groups in the country have used the tragedy to increase their calls for ‘regime change’.

The bottom line is that the claim that “panic and poor training” led the operator of the missile system to fire on a civilian airliner is not reasonable, particularly when a more reasonable explanation exists. The problem, however, is that the methods which were likely used to fool the operator left no trace or evidence that could be presented after the fact. Over the course of perhaps a couple of minutes, temporary and convincing data was presented to the operator and he acted on it.

So while Iran shot down the Ukrainian plane, it was not responsible for doing so. If you’re looking for those responsible, it would make sense to look to those who have been most vocal about the Iranian threat over a long period of time, have the most to gain from making Iran ‘look bad’, and who have a track record – a motto even – of waging war, or achieving their geopolitical goals, by deception.

Or we could look back 19 years at a report produced by the School for Advanced Military Studies at Fort Leavenworth that details a plan for enforcing a major Israeli-Palestinian peace accord which would require about 20,000 well-armed troops stationed throughout Israel and a newly-created Palestinian state.

MOssad wild card

2 thoughts on “Was Iranian Missile Operator Tricked Into Shooting Down The Ukrainian Airlines Plane Over Tehran?

  1. I am glad I happened on this article. It was very informative. I just happened to be blogging, nothing deep and nothing original, about Soraya Sepahpour-Ulrich and Finian Cunningham's article about the same unfortunate event. I will link to this article in my blog post when it's done. Just one thing: Does the author put credence in anything Bellingcat tells us? I hope that he doesn't.

Got something to tell me?

This site uses Akismet to reduce spam. Learn how your comment data is processed.