Subj: More on electronic hijacking -- scary!
Date: 10/15/01 5:07:24 AM Pacific Daylight Time

This web page is something of an overwritten mess, but since it says
"This report may be republished unedited for non-commercial reasons in
the interests of public safety" I copied it in its entirety. Your link to
the Rumor Mill News article pointing out disrepancies in passenger lists
sure makes me wonder if any Arabs were on board.

is not one I'd previously seen.

See what you think...

Click here to view approach and attack profile video of United Flight
175 (World Trade Center #2)    

     In the mid-seventies America faced a new and escalating crisis, with
US commercial jets being hijacked for geopolitical purposes. Determined
to gain the upper hand in this new form of aerial warfare, two American
multinationals collaborated with the Defense Advanced Projects Agency
(DARPA) on a project designed to facilitate the remote recovery of
hijacked American aircraft. Brilliant both in concept and operation,
“Home Run” [not its real code name] allowed specialist ground controllers
to listen in to cockpit conversations on the target aircraft, then take
absolute control of its computerized flight control system by remote
      From that point onwards, regardless of the wishes of the hijackers
or flight deck crew, the hijacked aircraft could be recovered and landed
automatically at an airport of choice, with no more difficulty than
flying a radio-controlled model plane. The engineers had no idea that
almost thirty years after its initial design, Home Run’s top secret
computer codes would be broken, and the system used to facilitate direct
ground control of the four aircraft used in the high-profile attacks on
New York and Washington on 11th September
     Before moving on to the New York and Washington attacks, we first
need to look at the ways in which an aircraft is normally controlled by
its pilot, because without this basic knowledge, Home Run would make no
sense. In order to control an aircraft in three-dimensional space, the
pilot uses the control yoke (joystick) in front of him, rudder pedals
under his feet, and a bank of engine throttles located at his side.
Without engine thrust the aircraft would not fly at all, so the throttles
are largely self explanatory: For more speed or altitude increase
throttle, for less speed or altitude decrease throttle.
     In order to raise or lower the nose of the aircraft, the pilot pulls
or pushes on the control yoke, which in turn raises or lowers the
elevators on the horizontal tailplane. To bank the aircraft left or
right, the pilot moves the control yoke to the left or right, which in
turn operates the ailerons on the outer wings. Lastly, to turn left or
right at low speed or “balance” turns at high speed, the pilot presses
the left or right rudder pedals as required, which in turn move the
rudder on the vertical stabilizer.
     Back in the early days of flight, the control yoke and rudder pedals
were connected to the various flight control surfaces by thin cables,
meaning the pilot had direct physical control over every movement the
aircraft made. This was no great problem for an average man flying a
small biplane, but as aircraft grew ever bigger, heavier and faster over
the years, the loadings on the control yoke and rudder pedals became
huge, certainly well beyond the ability of a single pilot to handle
     By the late fifties we were well into the age of hydraulics, where
just like the power steering on your automobile, hydraulic rams were
placed in line between the pilot’s control cables and each individual
control surface. Now when the pilot moved the control yoke, the cables
activated sensors, which in turn activated one or more hydraulic rams,
which in turn moved one or more control surfaces. For the first time
since Bleriot and the Wright brothers, pilots were of necessity being
steadily distanced from direct control of their own aircraft.
     When the multinationals and DARPA finally came on the scene in the
mid-seventies, aircraft systems were even more advanced, with computers
controlling onboard autopilots, which in turn were capable of controlling
all of the onboard hydraulics. In combination these multiple different
functions were now known as the “Flight Control System” or FCS, in turn
integrated with sophisticated avionics capable of automatically
landing the aircraft in zero visibility conditions. In summary, by the
mid-seventies most of the large jets were capable of effectively
navigating hundreds of miles and then making automatic landings at a
selected airport in zero-zero fog conditions. All of this could be
accomplished unaided, but in theory at least, still under the watchful
eyes of the flight deck crews.
     In order to make Home Run truly effective, it had to be completely
integrated with all onboard systems, and this could only be accomplished
with a new aircraft design, several of which were on the drawing boards
at that time. Under cover of extreme secrecy, the multinationals and
DARPA went ahead on this basis and built “back doors” into the new
computer designs. There were two very obvious hard requirements at this
stage, the first a primary control channel for use in taking over the
flight control system and flying the aircraft back to an airfield of
choice, and secondly a covert audio channel for monitoring flight deck
    Once the primary channel was activated, all aircraft functions came
under direct ground control, permanently removing the hijackers and
pilots from the control loop.
     Remember here, this was not a system designed to “undermine” the
authority of the flight crews, but was put in place as a “doomsday”
device in the event the hijackers started to shoot passengers or crew
members, possibly including the pilots. Using the perfectly reasonable
assumption that hijackers only carry a limited number of bullets, and
many aircraft nowadays carry in excess of 300 passengers, Home Run could
be used
to fly all of the survivors to a friendly airport for a safe auto
landing. So the system started out in life for the very best of reasons,
but finally fell prey to security leaks, and eventually to compromised
computer codes.
    In light of recent high-profile CIA and FBI spying trials, these
leaks and compromised codes should come as no great surprise to anyone. 

      Activating the primary Home Run channel proved to be easy. Most
readers will have heard of a “transponder”, prominent in most news
reports immediately following the attacks on New York and Washington.
Technically a transponder is a combined radio transmitter and receiver
which operates automatically, in this case relaying data between the four
aircraft and air traffic control on the ground. The signals sent provide
a unique “identity” for each aircraft, essential in crowded airspace to
avoid mid-air collisions, and equally essential for Home Run controllers
trying to lock onto the correct aircraft. Once it has located the correct
aircraft, Home Run “piggy backs” a data transmission onto the transponder
channel and takes direct control from the ground. This explains why none
of the aircraft sent a special “I have been hijacked” transponder code,
despite multiple activation points on all four aircraft. Because the
transponder frequency had already been piggy backed by Home Run,
transmission of the special hijack code was rendered impossible. This was
the first hard proof that the target aircraft had been hijacked
electronically from the ground, rather than by [FBI-inspired] motley
crews of Arabs toting penknives.
     The Home Run listening device on the flight deck utilizes the
cockpit microphones that normally feed the Cockpit Voice Recorder (CVR),
one of two black boxes armored to withstand heavy impact and thereby
later give investigators significant clues to why the aircraft crashed.
However, once hooked into Home Run, the CVRs are bypassed and voice
transmissions are no longer recorded on the 30-minute endless loop
recording tape. If Home Run is active for more than thirty minutes, there
will therefore be no audible data on the Cockpit Voice Recorders. To
date, crash investigators have recovered the CVRs from the Pentagon and
Pittsburg aircraft, and publicly confirmed that both are completely
blank. The only possible reason for this, is data capture by Home Run,
providing the final hard proof that the attack aircraft were hijacked
from the ground, rather than by “Arab terrorists”.
     Many readers might by now be indignant; convinced this is incorrect
or misleading information because of “those telephone calls from the
hijacked aircraft”. Which telephone calls exactly? There are no records
of any such calls, and the emotional claptrap the media fed you in the
aftermath of the attack was in all cases third-person. We had the media’s
invisible “contact” at an airline who “said” a hostess called to report a
hijacking, and we had a priest (?) who “said” he received a call from a
man asking him in turn to call his wife and tell her he loved her.
     Presumably this man would have had his wife’s name filed in his
cellphone, and faced with imminent death would have called her direct.
The FAA helped out by claiming that it had “overheard” a heated argument
from a cockpit where the radio transmit switch had been left in the “on”
position. When push came to shove, the FAA was forced to retract, and
admit that the mythical argument was not on the tapes at all.
      Critically, the passenger manifests for all four aircraft serve as
the final (independent) proof that no alleged hijackers or anyone of
Arabic name boarded any of the four aircraft used in the attacks. As
Laurence T. May points out:
"On  September 11, airline check-in counters were the only places in the
United States that required travellers to present a photo ID in order to
travel. A photo ID meant (and still means) a card issued by some branch
of civil government. Years ago, the United States government took the
first step toward a national ID card when it mandated the  requirement
that all passengers present a photo ID card before being allowed to get
on a commercial airplane.
     "This means that the tightest security that the typical American
ever confronts is airport security. This is the model for all other
security systems governing the general public. Let's go through the
check-in routine together.
Pretend that it's September 11, and you are a check-in agent at either a
United Airlines counter or an American Airlines counter. It is your job
to ask the standard questions. "Did you pack your own luggage? Have you
had it in your possession at all times?" Then you ask for a photo ID. The
name on the ID must match the name on the ticket. The photo must match
the person presenting the card." .. And, you guessed it,  the name on the
must match that on the passenger manifest held by the airline ground
staff!  It seems highly likely that these revealing passenger manifests
will magically disappear when the American Government realizes the
dangers of allowing the public access to such incriminating documents.
For that reason I have listed the full manifests on a separate page. To
visit that page and copy the lists, click here.
     Whether more information will be forthcoming about Home Run is
unknown, but nowadays there  are large numbers of people apart from the
author privy to the basic data. As long ago as the early nineties, a
major European flag carrier acquired the information and was seriously
alarmed that one of its own aircraft might be “rescued” by the Americans
without its authority. Accordingly, this flag carrier completely stripped
the American flight control computers out of its entire fleet, and
replaced them with a home grown version. These aircraft are now
effectively impregnable to penetration by Home Run, but that is more than
can be said for the American aircraft fleet.
     A casual count indicates that more than 600 aircraft in the USA and
elsewhere are still vulnerable and could be used in further attacks at
any time,  which might help explain why America has been bombing the
Afghans primarily with bags of wheat. For the first time in US history,
American officials appear to be genuinely fearful of future reprisals,
and justifiably so with 600 giant bombs parked on the wrong side of their
missile defence shield.
     It is a “Catch 22” situation. In order to make all of the aircraft
safe, the flight control systems would have to be stripped out and
replaced, at a cost of billions of dollars the airlines cannot afford
because they are going broke. Nor is there enough time. The most
innovative anti-hijacking tool in the American arsenal, has now become
the biggest known threat to American national security.
     For the purpose of public reassurance I would like to publish a
complete list of aircraft which cannot be affected by Home Run, but I
cannot do so for legal reasons. Any aircraft manufacturer not on the list
might feel inclined to sue me for defamation and I can’t afford that.
However, there is nothing to stop me publishing my personal choice of
aircraft for a flight from, say, Atlanta to Singapore via JFK, Frankfurt,
and Kuala Lumpur.
     From Atlanta to JFK I would probably travel on a Boeing 737, and
connect with a Boeing 777 for the onward flight to Frankfurt.  At
Frankfurt I would probably board an Airbus A340 for Kuala Lumpur, and
finish the journey on a DC9 or a Fokker 100. Naturally I might be unlucky
and pick an aircraft with an intoxicated pilot, or an unrelated
mechanical problem, but apart from those minor risks I’d feel pretty

Update 15 October 2001

     After this page had been hit on by more than 10,000 curious
visitors, the current  issue of "Business Week" (22Oct)  decided to
publish an unusual letter, suggesting that the events of the 11th of
September would have ended rather differently if there was a capability
for Ground Tower Control to "take over the controls of a hijacked plane"
(issue still available at any US newsagent).
      Remember, the American Federal Government kept Reagan National
airport in downtown Washington, DC shut, despite the fact that none of
the "hijacked" planes came from there. However, if it were possible to
"take over the controls" of a plane, then it would take less than a
minute for planes close to DCA airport to be diverted to a target
anywhere in the capital. There were just two aircraft types involved on
the 11th of September.
      Eventually, after much reluctance, the government has now opened up
Reagan National airport again, but ONLY for planes with less than 156
seats. Now what kind of planes previously operating happily out of Reagan
National will this new "seating" restriction exclude? Hint: Among a few
others, the Boeing 757 and 767.
      Cynics might be tempted to conclude that, as usual, "important"
politicians and bureaucrats are being provided with discreet special
protection from Home Run, while everyday Americans are left to take their
chances as best they can, and run the continual risk of being shot down
by one of their own F16 fighters. Ignorance may be bliss for some folk,
but not for those who have studied this page and realized the

The author is a former member of the
Society of Licenced Aeronautical Engineers &
Technologist, London

This report may be republished unedited
for non-commercial  reasons in the
interests of public safety