Slashdot Mirror
The World's Most Dangerous Password
NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"
This is why we trust politicians, ridiculous as they are, with our lives, and make the warriors answer to them. Because incompetent politics generally inhibits war, while incompetent warriors encourage it. And they're all incompetent - nobody knows the right way to do it.
--
make install -not war
As long as everyone outside the department thought it had a good password on it, no one would bother trying to steal one.
;)
So, the passwords were surprisingly effective. FUD at its finest
Things have changed on the global level more than just a little bit, and I'd imagine a good deal of the security surrounding the prevention of launches centered around the PHYSICAL security. If the bad guy can't reach the keyboard to enter the codes - well, then, does it matter what the passwords set to?
For better or worse, the system seemed to have worked - there weren't any unauthorized missiles launched that I'm aware of.
As with any mission critical systems, there is redundancy in every aspect of the ICBM system from the authentication to the verification of the target being neutralized. So what if there was a password set to 0000000? There still has to be a number of other things set by others in numerous locations in order to do this. One reason was so that the president could not launch a missile on a bad hair day or a mad general (or group, in fact) could not launch in order to lead a coup.
in addition, the passwords for the different sub-systems would vary as well as require a number of actual physical keys in order to get the nuclear war machine into motion.
If you really think it only takes one password to launch an american military nuke (even if we were in the 60s), you're totally mislead.
I think this shows how parinoid they were. By having everyone in the chain of command know the password(s) for launch they enabled the ability for a launch to happen even if the right people weren't around.
So that if there was a launch against the US and no one was able to react fast enough in the chain of command and order the launch, then Joe Anybody could still affect the launch.
I know it's flawed logic but I'm just trying to present a different side of the issue.
I cant imagine anyone who had ACCCESS to ust this password having used it, the fact that were all still here shows it was perfectly secure, dont forget its not like some script kiddie could hop on the "Net" and use this password. There were some SERIOUS layers of physical security.
;)
*zoom back three years* "the fact that noone has ever deliberately flown a jumbojet into a building shows it is perfectly secure" I hope the military has some better understanding of risk analysis
There were serious layers of physical security? How serious? Just as serious as their passwords? Besides, the brass may be tough but the grunts guarding it are not above blackmail or greed.
Good security is layered. That also means that breach of security shouldn't be caused by a single failure. But in reality it often turns out one or no layers of security are actually *working* because everybody assumes the other layers will cover for it.
Kjella
Live today, because you never know what tomorrow brings
The fact that everyone in SAC knew them means that if a terrorist had gotten to a low level in position in SAC he would have known the codes. At this point your detterent is useless. If the code was distributed on a proper need to know basis then this wouldn't be possible.
This isn't fud, mcnamara himself was outraged, those locks were there for a damn good reason. That password should NOT be available to everyone in SAC regardless their security clearance. It is should be strictly need to know.
Photos.
According to the article, someone in the chain of command decided that they didn't want this safeguard, and ordered that the password be set to 00000000 and the dials used to enter the password left in that position; in effect, the equivalent of having a blank password so that you don't have to bother entering it.
The story here, then, is not that a bad password was chosen, but that somebody decided to disobey orders by disabling the password, and that the higherups were completely in the dark about it.
That seems to be the concensus at this point. People have repeatedly pointed out that the *physical* security was VERY VERY STRICT. Just because the password, a deterrant that top-level people thought was VERY VERY necessary was completely missing ...oh, that's fine. They still have keys and ummm other stuff, right?
RTFA. Blair and Brewer point out that, at the time, the military wanted to improve their public relations and would give TOURS of LCC's! B&B repeatedly point out that virtually anyone who asked could get access! The physical security was crap and the codes weren't in place. IE, any moderately funded and motivated terrorist group could have had a field day if they'd know about this severe weakness.
"Four individuals (two persons in each of two separate LCCs in the same squadron) acting in concert could succeed in mechanically launching one or more missiles." In seconds. Not minutes or hours.
"[...] annually thousands of visitors holding no clearance whatsoever were permitted access to operational LCCs."
"Located in each LCC are two launch keys, one for each member of the crew, and the codes needed to authenticate presidential launch directives. Only the launch keys, not the codes, are physical prerequisites for generating valid launch commands, the purpose of the codes being exclusively that of authenticating an execution directive."
B&B make it sound as if you happened to be on a tour and decided to overpower the minimal security force (two crew members + a couple of guards at best (isolated locations, remember?) then it's good to go - you already know the launch codes because it's always all zero's. Or, even worse:
"Technically, crew members can launch a nuclear attack with or without approval from higher authority. Unless PAL or its equivalent forecloses this option, as many as 50 missiles could be illicitly fired. Moreover, unless adequate precautions were instituted, an even more drastic option would be available. Crew members could conspire in the formatting and transmittal of strategic strike directives, deceiving the full contingent of Strategic Air Command (SAC) LCCs, as well as higher authorities, into reacting to a spurious launch directive as if it were valid and authentic. Or they could render the U.S. strategic force virtually impotent by formatting and transmitting messages invalidating the active inventory of presidential execution codes. Finally, crew members could aid accomplices in stealing thermonuclear warheads from missiles on active alert."
Keep in mind that Blair was working in an LCC as a crew member in the mid-70's. He was obviously in a unique position (which virtually none of us were or are) to write this paper. His direct observation on how to subvert the access/security controls on the ICBM's trump anyone else's estimate on what might or might not happen. His letters and paper in 1977 are basically what got those locks activated in... 1977.
It is especially hypocritical that the majority of the Slashdot comments were fine with this poor use of a password mechanism. In your own place of business you most likely would NEVER allow this to happen and you just run some servers - as opposed to ICBM's capable turning your city into a big kitty litter box. Don't defend the actions of those in charge in the 60's and 70's. They were flat out wrong and frankly should have been thrown in military prison for such a massive security breach.
Exocet Industries - Taking over the world, one computer at a
I think a +5, Informative on a joke about posting a root password to the world is as funny as the joke itself. It's like the mods adding to the original joke: "Here everyone, r00t this guy."
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
As opposed to, say, 1970's vintage soviet tanks in poor repair, and an army without equipment like boots and uniforms. The condition of the army and its material was, very likely, well known to the Iranians.
Yes, I'd say WMD, or the threat thereof, would be the only significant weapons you could bring to bear.
The question is, do you stop to consider facts before you make your arguments? A little less blindly jingoistic support for our president, a little more thought is in order.
That's why 'man in the loop' is worth keeping. Fully automated systems are not just 'risky', but absolutely totally insane.
You read about trying to cut people out of the loop to save costs, think about this and just pay the $40k/year salary, for goodness sake.
A.
Including the Kremlin.
Computers are useless. They can only give you answers.
-- Pablo Picasso
I'm going with drunken bravado. If such a thing occurred, you can bet that it would be pretty highly classified.
:-)
:-)
I have a friend who is retired on disability (injured in an explosion) from the Air Force. He worked on classified stuff, and while I know what platforms he worked on, and that some planes can go a lot faster than their published ratings say they can (that is not classified), that's about it. In fact, even though the air frames he worked with are no longer in service and will never be used again, he still can't talk about them. Nor is he allowed to ever be hypnotized. He could be prosecuted for allowing anyone to hypnotize him.
But what he did is a lot less secret than a screwup of the magnitude you describe here would be, considering that governments don't like embarrassing screwups involving secret and lethal programs to be widely known. I'm sure they would classify the hell out of something like that.
Granted, that doesn't mean that a person can't get drunk and spill the beans, but I don't buy it. People know how stories get around. Heck, somebody might even post it on Slashdot
The number of people who have flown those planes can't be that large, so if they knew somebody leaked this story and that he claimed to have been the co-pilot, it wouldn't be hard for them to find him and have a little chat with him, or even prosecute him. My dad and brother both served in the army and I've had several friends who were in the military. None of them talks about anything that is secret, or was secret years ago.
One of my friends is still an active reservist and occasionally disappears for long stretches of time and does stuff he can't talk about except to say that he was called up. All I know about his military service is that I'm pretty sure he was an active-duty seal but he won't even talk much about that. I've surmised it from a few things I've heard him say, plus knowing that he was in the Navy when he was active duty. I have no idea what his current reserve job is. He can't/won't say anything about it, not even when falling down drunk. He's quite security conscious (paranoid, even) even by the standards by which security admins (his civilian gig) are measured, and he speaks a language that is not commonly spoken by Americans, especially not native-born, native English-speaking ones from the midwest. Whether either of those traits has anything to do with his military work, I couldn't say. If he ever gets out from under stop-loss (he was under stop-loss even _before_ 9/11), I don't think he'll re-up. But even then he'll be an inactive reserve and they can call him up at need. He may be doing whatever it is he does for a long time to come, whether he wants to or not.
Even though I haven't said anything secret here, I'm gonna post this one AC anyway. Heheh, my UPS just tripped for a few seconds as I was typing this. Voltage fell enough to dim all the lights. Coincidence? Maybe