Slashdot Mirror
The World's Most Dangerous Password
NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"
What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it?
Stupid David played with the WOPR again!
Username: cisco
password: cisco
'nuff said.
This is why we trust politicians, ridiculous as they are, with our lives, and make the warriors answer to them. Because incompetent politics generally inhibits war, while incompetent warriors encourage it. And they're all incompetent - nobody knows the right way to do it.
--
make install -not war
And here I thought that password would be something like, "password" or "login"... Instead, they chose the kind of code an idiot would put on his luggage.
Funniest thing I've read all day. Makes lots of seemingly 'implausible' films about unauthorised nuke launches and hacking, a lot less implausible.
'Hmm.. it's asking for a password ? Try zero zero zero'
As long as everyone outside the department thought it had a good password on it, no one would bother trying to steal one.
;)
So, the passwords were surprisingly effective. FUD at its finest
12345 Though now we know the President's suitcase combination. :)
By reading this you acknowledge that you have read it.
Airman 1: Hey, Jeff, what do you think the secret password is?
Airman 2: Dunno. Try P-A-S-S-W-O-R-D or something.
Airman 1: Nah, it's just numerals. And it's not like the secret code could be 0000000. Nobody would be _that_ stupid.
*ATTENTION - PREPARE FOR GLOBAL THERMONUCLEAR WAR*
Airman 1: What you say!
for great justice
If a hacker tried to brute force that, I think it would have been the fastest hack on record.
Dear aunt, let's set so double the killer delete select all
If it gets cracked. I cant imagine anyone who had ACCCESS to ust this password having used it, the fact that were all still here shows it was perfectly secure, dont forget its not like some script kiddie could hop on the "Net" and use this password. There were some SERIOUS layers of physical security.
ROLAND: No, wait, wait. I'll tell. I'll tell.
HELMET: I knew it would work. All right, give to me.
ROLAND: The combination is one.
HELMET: One.
SANDURZ: One.
ROLAND: Two.
HELMET: Two.
SANDURZ: Two.
ROLAND: Three.
HELMET: Three.
SANDURZ: Three
ROLAND: Four.
HELMET: Four.
SANDURZ: Four.
ROLAND: Five.
HELMET: Five.
SANDURZ: Five.
HELMET: So the combination is one, two, three, four, five. That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.
HELMET: We have the combination.
SKROOB: Great. Now we can take every last breath fresh air from planet Druidia. What's the combination?
SANDURZ: One, two, three, four, five.
SKROOB: One, two, three, four, five? That's amazing. I've got the same combination on my luggage.
of some of Microsoft's choices for authentication passwords. For example: 1111111111111111 (dont remember how many, but a good guess) for activating a MS Visual studio package. Nice protection for a $1500 license.
Things have changed on the global level more than just a little bit, and I'd imagine a good deal of the security surrounding the prevention of launches centered around the PHYSICAL security. If the bad guy can't reach the keyboard to enter the codes - well, then, does it matter what the passwords set to?
For better or worse, the system seemed to have worked - there weren't any unauthorized missiles launched that I'm aware of.
As with any mission critical systems, there is redundancy in every aspect of the ICBM system from the authentication to the verification of the target being neutralized. So what if there was a password set to 0000000? There still has to be a number of other things set by others in numerous locations in order to do this. One reason was so that the president could not launch a missile on a bad hair day or a mad general (or group, in fact) could not launch in order to lead a coup.
in addition, the passwords for the different sub-systems would vary as well as require a number of actual physical keys in order to get the nuclear war machine into motion.
If you really think it only takes one password to launch an american military nuke (even if we were in the 60s), you're totally mislead.
Just enter the recall code. Mandrake has told us it's a variation of the letters POE, which probably stands for 'Purity Of Essence' or 'Peace On Earth'. Just try all the variations, and the launch will be aborted. Hooray!
Now stop fighting in the War Room!
I hear there's rumors on the Slashdots
I stumbled over THIS manual about passwords one day, and I found it absolutely amusing!
Now I realize that the movie wasn't nearly as stupid as reality.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
00000000 was the name of Secretary of Defense McNamara's dog.
I work for an outsourcing group for telco (V something). We are non union, so they abuse us over the hourly union people.
t up
This isn't a joke, after all the hacking, the passwords are still the same! Even after Palifornia passed the law about reporting security break ins, they still are not reported!
Here is a sample list of actual of passwords I've kept track.
lucent:lucent
nortel:nortel
nortel:etas
admin:setup
admin:admin
admin:config
setup:se
root:toor
FOA WCDMA hardware that all you need to do is telnet too (no ssh) and run a simple password guessing program, and gain access.
IT's worse than you think.
I think this shows how parinoid they were. By having everyone in the chain of command know the password(s) for launch they enabled the ability for a launch to happen even if the right people weren't around.
So that if there was a launch against the US and no one was able to react fast enough in the chain of command and order the launch, then Joe Anybody could still affect the launch.
I know it's flawed logic but I'm just trying to present a different side of the issue.
Maybe this is a fake password. Only a few people know the real password, but "everyone" knows this one. Anyone foolish enough to try to use it would immediately find themselves in a world of trouble.
Am I part of the core demographic for Swedish Fish?
It was Edgar Allan Poe, The Purloined Letter
And damn good it is too.
The best is the enemy of the good
So assuming the article's correct: a) there wasn't even one password in the launch process at the time, only physical keys, b) four people in the right place could launch nuclear missiles, and no countermeasures would have been able to stop them, and c) given the lack of stringent security in allowing visitors access to those sites, it's not inconceivable that outsiders could have seized the opportunity to take control of two launch centers.
now i have to change the codes on all my nuclear weapons :<
The fact that everyone in SAC knew them means that if a terrorist had gotten to a low level in position in SAC he would have known the codes. At this point your detterent is useless. If the code was distributed on a proper need to know basis then this wouldn't be possible.
This isn't fud, mcnamara himself was outraged, those locks were there for a damn good reason. That password should NOT be available to everyone in SAC regardless their security clearance. It is should be strictly need to know.
Photos.
About 15 years ago, when our new computer labs were first opened, five key combination locks were put on the doors, with the access code set to the default.
15 years later and 5000 miles away on a continent on the other side of the planet, I'm on the walking trails beside our hotel and come across a gate on the boundary fence which has the exact same combination lock. And yes, it had the exact same access code.
According to the article, someone in the chain of command decided that they didn't want this safeguard, and ordered that the password be set to 00000000 and the dials used to enter the password left in that position; in effect, the equivalent of having a blank password so that you don't have to bother entering it.
The story here, then, is not that a bad password was chosen, but that somebody decided to disobey orders by disabling the password, and that the higherups were completely in the dark about it.
That seems to be the concensus at this point. People have repeatedly pointed out that the *physical* security was VERY VERY STRICT. Just because the password, a deterrant that top-level people thought was VERY VERY necessary was completely missing ...oh, that's fine. They still have keys and ummm other stuff, right?
RTFA. Blair and Brewer point out that, at the time, the military wanted to improve their public relations and would give TOURS of LCC's! B&B repeatedly point out that virtually anyone who asked could get access! The physical security was crap and the codes weren't in place. IE, any moderately funded and motivated terrorist group could have had a field day if they'd know about this severe weakness.
"Four individuals (two persons in each of two separate LCCs in the same squadron) acting in concert could succeed in mechanically launching one or more missiles." In seconds. Not minutes or hours.
"[...] annually thousands of visitors holding no clearance whatsoever were permitted access to operational LCCs."
"Located in each LCC are two launch keys, one for each member of the crew, and the codes needed to authenticate presidential launch directives. Only the launch keys, not the codes, are physical prerequisites for generating valid launch commands, the purpose of the codes being exclusively that of authenticating an execution directive."
B&B make it sound as if you happened to be on a tour and decided to overpower the minimal security force (two crew members + a couple of guards at best (isolated locations, remember?) then it's good to go - you already know the launch codes because it's always all zero's. Or, even worse:
"Technically, crew members can launch a nuclear attack with or without approval from higher authority. Unless PAL or its equivalent forecloses this option, as many as 50 missiles could be illicitly fired. Moreover, unless adequate precautions were instituted, an even more drastic option would be available. Crew members could conspire in the formatting and transmittal of strategic strike directives, deceiving the full contingent of Strategic Air Command (SAC) LCCs, as well as higher authorities, into reacting to a spurious launch directive as if it were valid and authentic. Or they could render the U.S. strategic force virtually impotent by formatting and transmitting messages invalidating the active inventory of presidential execution codes. Finally, crew members could aid accomplices in stealing thermonuclear warheads from missiles on active alert."
Keep in mind that Blair was working in an LCC as a crew member in the mid-70's. He was obviously in a unique position (which virtually none of us were or are) to write this paper. His direct observation on how to subvert the access/security controls on the ICBM's trump anyone else's estimate on what might or might not happen. His letters and paper in 1977 are basically what got those locks activated in... 1977.
It is especially hypocritical that the majority of the Slashdot comments were fine with this poor use of a password mechanism. In your own place of business you most likely would NEVER allow this to happen and you just run some servers - as opposed to ICBM's capable turning your city into a big kitty litter box. Don't defend the actions of those in charge in the 60's and 70's. They were flat out wrong and frankly should have been thrown in military prison for such a massive security breach.
Exocet Industries - Taking over the world, one computer at a
I'd be more worried about the password for this [...]
Don't be. I'm a microbiologist and personally I think all this noise about bioweapons is a lot of nonsense. None of it has been shown to work in practice, while nuclear weapons have, and are a hell of a lot simpler, and thus scarier.
Alibek would just have been one of the numerous unemployable ex-Soviet scientists if he hadn't exaggerated the technology of a country that had little to no biological infrastructure (thanks to Trofim Lysenko, who managed to get nearly every competent Soviet biologist killed off from 1930-1960)
However, there's no question that all this hysteria has pumped money into microbiology -- the institute where I work has gotten quite deeply into anthrax research, despite B. anthracis basically being boring B. subtilis with a bad attitute.
I beg to differ. Having formerly done security system installations, this is a quite common practice, especially if you're dealing with security gueards. A large casino I worked for used '2222' for its security codes. McCarren Airport (Las Vegas) prior to 9/11 had '1234' for its password to get into "secure" areas.
It has to be something the lowest common denominator on the security team can remember.
Terrorist 1: "We have done it! We have infiltrated the missile silos! Death to the [insert appropriate derrogatory term for American]s! Victory is ours!"
Terrorist 2: "Mua-ha-ha-ha-ha! Let us hurry and launch the missiles! Wh... what is this?"
Terrorist 1: "It... it appears to be some sort of security mechanism... What do we do?!?"
Terrorist 2: "We have no choice. We must try every combination and hope to find the correct sequence before we are captured. We will start from '00000000' and count upwards."
Terrorist 1: "Are you insane? Even if we could test one sequence per second, it would take us tens of thousands of hours to find the code! Our fingers would be worn into nubs so short that we wouldn't be able to depress the launch button! We could even die of starvation first!"
Terrorist 2: "You're right. We've failed."
I couldn't find this particular scene in the canon anywhere, although, "A Scandal in Bohemia" from The Adventures Of Sherlock Holmes , seems to fit somewhat.
Show me on the doll where his noodly appendage touched you.
It's factually inaccurate and overly simplistic.
The weapons inspectors were in Iraq, and were getting cooperation from the government there, until the eve of the war. They had to leave because the Bush administration began it's push to war. Yes, there had been difficulty with compliance in the past, but things were going differently this time.
Apart from a single, probably Iran-Iraq war vintage chemical shell, no WMD have been found in the country. Further, all the scientists that have been interogated, as well as all the documentation found, indicate that they had no WMD, at the very latest, past 1998. 6 years ago.
Finally, most of the intelligence about Iraq's WMDs now appear to have been put forward by the Ahmed Chalabi and the INC. Much of it was uncorroborated, and contradictory evidence was discarded in the lead up to the war by the Office Of Special Plans. This group, in the DOD, stovepiped supporting evidence to ensure that the president would have the justification required to wage war; any evidence that did not support the cause or that directly worked against war in Iraq was discarded.
Sorry, kid. The president of the US started this. He made the order. He chose this. We didn't have to go to war, and there was no pressing national interest for the US in going to war there. There were NO links to Al Qaida or other terrorist groups, and his army was in a vastly degraded state. He posed a danger at most to his own people. And yes, that's an awful thing, but it's not our job to go policing the world.
Finally, regarding the inspectors and their fights with Saddam in the past - it's very likely that he didn't cooperate because he didn't want to appear weak. It's a common reaction, hiding one's weaknesses from others so as to seem strong and keep oneself safe from attack.
As opposed to, say, 1970's vintage soviet tanks in poor repair, and an army without equipment like boots and uniforms. The condition of the army and its material was, very likely, well known to the Iranians.
Yes, I'd say WMD, or the threat thereof, would be the only significant weapons you could bring to bear.
The question is, do you stop to consider facts before you make your arguments? A little less blindly jingoistic support for our president, a little more thought is in order.
He has a rather obvious agenda, as you can tell from his introduction.
Its his word against common sense for some of his statements, and i personally dont belive him.
---- Booth was a patriot ----
At least on the NES. The vault door to Fred's lab is locked by a keypad, and the combination is whatever the high score on Meteor Madness (second floor arcade room) happens to be. All you have to do is get the key to the outer door, get captured by Nurse Edna or Weird Ed, and get tossed in the basement before Fred plays Meteor Madness. Do this and the combination for the door is all zeros! :D
Found this out the hard way when I was a kid- I was stuck and didn't know where to look for the code, so I figured I'd brute force it (yes, I was BORED), and.... surprise, it worked on the first go. Found out it was tied to the arcade machine when I inadvertently closed the door and tried to open it again later.
Man, that game kicked all of the ass.
>Don't be. I'm a microbiologist and personally I think all this noise about bioweapons is a lot of nonsense.
Mother Nature's bioweapons did a devastating job on the native populations of the Americas when the Europeans arrived.
If reports are true, an accidental release of weaponized Soviet smallpox killed several vaccinated people at Aralsk in 1971. The reports may not be true -- Dr. Donald Henderson(*) is skeptical and he knows smallpox well.
Bioweapons are bad candidates for military weapons because they're hard/impossible to control once released. Artillery shells go exactly where they're told and don't mutate in midair. Generals don't like *uncontrollable* destruction. Terrorists might.
(*)Leader of the worldwide effort that eradicated smallpox last century. Deserves a statue for winning the war against a virus which had killed more people than Stalin, Hitler and Pol Pot put together.
Has anyone seen crimson tide? It is a worst case senerio where a nuke sub gets a 1 hour launch command. The sub is hit and com goes down in the middle of a message. The Captian wants to launch and CO does not. There is an option for just the Captain and not the CO to launch. The navy acctually changed protocall after the movie came out to prevent this senerio.
Gee, you KNOW alot.
Having worked in this field I'll tell you:
1. A civilian is never allowed in a live LCC.
2. The crew is sealed in the live LCC's.
3. To get access to a live LCC is much more then cutting the chain link.
4. Even if you got into one, you need to get into two to do anything.
5. Nevermind the hoards of SP's and armed Helicopters descending around you.
6. While crew members can send messages between LCCs (and I believe between bases, I can't recall) these messages are not and can not be EAM's which are only sendable from the NCA via special terminals.
7. Even if you could send the EAM, who would believe an order coming from the wrong originator.
8. The comm systems in question are not as stupid as e-mail, they are part of a dedicated MLS (b3) system.
9. Nuclear command and control has always relied on personal responsibility, do you think nuclear submarine commanders or the alert bomber force can/could not just decide to launch, or are you deluded enough to think they have some crm114 gizmo that overrides them?
In my place of business I'd have no problem with a null password if all access to the server required two trusted administrators with keys that are kept stored in seperate combination locked safes. In fact, a password beyond the assertion of two trusted people would be stupid, and if you don't trust the people allowing them access to the keys would also be stupid.
Your scenario would be something like this:
1. Something needs done to the server, so you call the CIO
2. He gives you and your other Sys Admin a one-time password for the server.
3. You two go open your safes with your combos (each of you only know one of these combos)
4. You remove your keys and open the server locks.
5. You enter the password you got from the CIO
6. You do your business, and relock the server
7. You put your keys away
Damn, I'd hate to work in your shop. Most of us only have trusted sys admins and single passwords.
Dan
Including the Kremlin.
Computers are useless. They can only give you answers.
-- Pablo Picasso
I worked with the Minuteman Missile System for eight years. I was a member of a three man Combat Targeting Team. Our task was aiming the missile and selecting the targets by programming the onboard computer.
A lot of really strange things can happen in the military involving authentication, encrypting and decrypting information and in the whole target selection process itself.
Perhaps one of the weirdest occurences that I was personally aware of was when a missile dropped off of "Strategic Alert" (Green Status). There was a two man team of airmen checking out a communications problem in an adjoining building.
Another team arrived on site and entered into the launch facility and saw that the Nuclear Warhead was missing. Needless to say this scurried people from all over with all kinds of alerts being issued... Losing a nuclear weapon was pretty much frowned upon, needless to say.
It turned out that the warhead had fallen off of the missile to the bottom of the launch tube 100 feet below.
The problem was traced to a fuse being changed on the communication box in the soft support building with a screwdriver rather than a fuse puller.
There was a undetected defect in the onboard computer which combined with the shorting of the communications fuse caused the computer to send the "Fire Retro rockets" signal to the RV (nuclear reentry vehicle)
Another time I was programming the computer with its needed information when some "never seen before" status lights lit. D-1 and D-3 which if I remember correctly was "Launch Commanded" and "Launch in Progress".
Normally an individual has to look up these codes in a reference manual. Being the nerd I was back then, I had memorized all of the codes. So I had only a few seconds to react and I proceeded to pop some circuit breakers that would shutdown parts of the operation in case the status was real.
Our job was not to troubleshoot any further at that point so I never found out whether the computer was intending on really launching or if there were two defective lamp drivers.
Of course there is a policy that two trained people always had to be present (two man concept) to ensure that nothing illegal was attempted.
The members of the targeting team were always armed while couriering and programming the launch codes and other vital information into the missile.
And in the end, the love you take is equal to the love you make
Steve Bellovin has a fascinating page on the subject here
The quote at the beginning has become one of my favourite metaphors for describing a process that should be close to impossible:
"Bypassing a PAL should be, as one weapons designer graphically put it, about as complex as performing a tonsillectomy while entering the patient from the wrong end."
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
In short, perhaps if someone could gain access to a capsule they could have commanded a lauch, but they'd have had to subvert 2 complete LCC crews to command an immediate launch, and that's just not likely, even if the PALs were not active. One LCC could not command an immediate launch, and would have been overriden by the other capsules in the flight had it attempted to. As discussed above, penetrations of the control center or the actual missile facility could not yield results before an overwhelming response ended the threat. The way we were watched (and the capsule crews were more watched than we were) I doubt four people so profoundly without anyone noticing.
As for the "bad guys" gaining access to a warhead from the missile site... not a chance. First, to do that they'd have to penetrate the missile facility (not less than 12 hours work) without setting off any alarms and without any of the heavy equipment being noticed be the frequent roving patrols. Penetrating the LCC would not give anyone "access" to the warheads, as the LCC did not control the locks at the missile site, they just monitored them.
The only significant risk of the warhead falling in the "wrong hands" was during transport, and I can speak from personal experience that those movements were exceptionally well prepared monitored, and armed, with air support close by at all times.
Confined though we are, infinity dwells within.