The World's Most Dangerous Password

NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"

Someone's gotta say it

[Roland+Piquepaille]

What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it?

Stupid David played with the WOPR again!

Re:Someone's gotta say it

[JMandingo]

A flight attendant invited me to a party a few years back, and it was mostly pilots and flight attendants at the party. All getting sloshed, of course - pilot and flight attendants DRINK. Since most airline pilots started their careers in the military I got to spend a lot of the evening listening to 'war' stories.

One pilot I talked to used to copilot one of the two big planes (747s?) that they send up that can launch all the missiles remotely in case NORAD gets knocked out. He told a story about how they would run all these drills where they would scramble, get in the air immediately, and then get transmitted codes from the ground. They would unscramble the codes as "do not launch" and then return to base without transmitting anything to the silos, drill over.

According to him, on one of these sorties received the "launch" code in error. So they asked the ground to repeat the transmission. Which they did, and it was the same. So they took a chance and broke protocol and radio'd the ground and told them that they had just sent the "launch" codes, and did they really want them to transmit this along to the silos? Of course the ground told them to cease and return to base.

Scary truth or dunken bravado? Who knows.

Re:Someone's gotta say it

[netsharc]

You were at a party with stewardess, ehm I mean flight attendants..? Who cares about the war stories, did you score???

At least they're default routers...

Username: cisco

password: cisco

'nuff said.

Re:At least they're default routers...

[ronsonal]

While we're on the subject, and before this gets out of hand, just a reminder to everyone about

The Default Password List

Indispensible tool.

Hilarious

[sam0ht]

Funniest thing I've read all day. Makes lots of seemingly 'implausible' films about unauthorised nuke launches and hacking, a lot less implausible.

'Hmm.. it's asking for a password ? Try zero zero zero'

At least it wasn't...

[Draconix]

12345 Though now we know the President's suitcase combination. :)

Re:At least it wasn't...

[sik0fewl]

Damn, beat me to it. Here it is anyway since you left out Skroob's quote :)

ROLAND: No, wait, wait. I'll tell. I'll tell.

HELMET: I knew it would work. All right, give to me.

ROLAND: The combination is one.

HELMET: One.

SANDURZ: One.

ROLAND: Two.

HELMET: Two.

SANDURZ: Two.

ROLAND: Three.

HELMET: Three.

SANDURZ: Three

ROLAND: Four.

HELMET: Four.

SANDURZ: Four.

ROLAND: Five.

HELMET: Five.

SANDURZ: Five.

HELMET: So the combination is one, two, three, four, five. That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.

----

HELMET: We have the combination.

SKROOB: Great. Now we can take every last breath fresh air from planet Druidia. What's the combination?

SANDURZ: One, two, three, four, five.

SKROOB: One, two, three, four, five? That's amazing. I've got the same combination on my luggage.

I can just picture world war 3 starting.

[m0rphin3]

Airman 1: Hey, Jeff, what do you think the secret password is?
Airman 2: Dunno. Try P-A-S-S-W-O-R-D or something.
Airman 1: Nah, it's just numerals. And it's not like the secret code could be 0000000. Nobody would be _that_ stupid.

*ATTENTION - PREPARE FOR GLOBAL THERMONUCLEAR WAR*

Airman 1: What you say!

Re:I can just picture world war 3 starting.

[ktheory]

"OMG! Why are the missiles launching?!" says the guy resting his elbow on the '0' key.

If a hacker

[NIK282000]

If a hacker tried to brute force that, I think it would have been the fastest hack on record.

Reminds me ...

[shadowkoder]

of some of Microsoft's choices for authentication passwords. For example: 1111111111111111 (dont remember how many, but a good guess) for activating a MS Visual studio package. Nice protection for a $1500 license.

Re:Reminds me ...

[cipher+uk]

i believe it was 111-1111111. the sum of the digits of the second area had to equal 7.
so 111-1111111 aswell as 111-2020201 would work. the first 3 numbers could be anything.

this was on a lot of pre-98 microsoft cds.

more info on microsoft cd-keys

The world was different then

[sloshr]

Things have changed on the global level more than just a little bit, and I'd imagine a good deal of the security surrounding the prevention of launches centered around the PHYSICAL security. If the bad guy can't reach the keyboard to enter the codes - well, then, does it matter what the passwords set to?

For better or worse, the system seemed to have worked - there weren't any unauthorized missiles launched that I'm aware of.

I here have a scan of a manual (funny as hell)

[Lord+Graga]

I stumbled over THIS manual about passwords one day, and I found it absolutely amusing!

maybe this is just the duress password

[pedantic+bore]

Maybe this is a fake password. Only a few people know the real password, but "everyone" knows this one. Anyone foolish enough to try to use it would immediately find themselves in a world of trouble.

Re:hmm

[nightgeometry]

It was Edgar Allan Poe, The Purloined Letter

And damn good it is too.

Re:WOPR's 'guesses'

[MattGWU]

I'll thank you to refrain from posting my root password in this public forum.

The writeup is misleading....

[33degrees]

According to the article, someone in the chain of command decided that they didn't want this safeguard, and ordered that the password be set to 00000000 and the dials used to enter the password left in that position; in effect, the equivalent of having a blank password so that you don't have to bother entering it.

The story here, then, is not that a bad password was chosen, but that somebody decided to disobey orders by disabling the password, and that the higherups were completely in the dark about it.

Poor ICBM security ...who cares? Right?

[Exocet]

That seems to be the concensus at this point. People have repeatedly pointed out that the *physical* security was VERY VERY STRICT. Just because the password, a deterrant that top-level people thought was VERY VERY necessary was completely missing ...oh, that's fine. They still have keys and ummm other stuff, right?

RTFA. Blair and Brewer point out that, at the time, the military wanted to improve their public relations and would give TOURS of LCC's! B&B repeatedly point out that virtually anyone who asked could get access! The physical security was crap and the codes weren't in place. IE, any moderately funded and motivated terrorist group could have had a field day if they'd know about this severe weakness.

"Four individuals (two persons in each of two separate LCCs in the same squadron) acting in concert could succeed in mechanically launching one or more missiles." In seconds. Not minutes or hours.

"[...] annually thousands of visitors holding no clearance whatsoever were permitted access to operational LCCs."

"Located in each LCC are two launch keys, one for each member of the crew, and the codes needed to authenticate presidential launch directives. Only the launch keys, not the codes, are physical prerequisites for generating valid launch commands, the purpose of the codes being exclusively that of authenticating an execution directive."

B&B make it sound as if you happened to be on a tour and decided to overpower the minimal security force (two crew members + a couple of guards at best (isolated locations, remember?) then it's good to go - you already know the launch codes because it's always all zero's. Or, even worse:

"Technically, crew members can launch a nuclear attack with or without approval from higher authority. Unless PAL or its equivalent forecloses this option, as many as 50 missiles could be illicitly fired. Moreover, unless adequate precautions were instituted, an even more drastic option would be available. Crew members could conspire in the formatting and transmittal of strategic strike directives, deceiving the full contingent of Strategic Air Command (SAC) LCCs, as well as higher authorities, into reacting to a spurious launch directive as if it were valid and authentic. Or they could render the U.S. strategic force virtually impotent by formatting and transmitting messages invalidating the active inventory of presidential execution codes. Finally, crew members could aid accomplices in stealing thermonuclear warheads from missiles on active alert."

Keep in mind that Blair was working in an LCC as a crew member in the mid-70's. He was obviously in a unique position (which virtually none of us were or are) to write this paper. His direct observation on how to subvert the access/security controls on the ICBM's trump anyone else's estimate on what might or might not happen. His letters and paper in 1977 are basically what got those locks activated in... 1977.

It is especially hypocritical that the majority of the Slashdot comments were fine with this poor use of a password mechanism. In your own place of business you most likely would NEVER allow this to happen and you just run some servers - as opposed to ICBM's capable turning your city into a big kitty litter box. Don't defend the actions of those in charge in the 60's and 70's. They were flat out wrong and frankly should have been thrown in military prison for such a massive security breach.

Re:WOPR's 'guesses'

[the_mad_poster]

I think a +5, Informative on a joke about posting a root password to the world is as funny as the joke itself. It's like the mods adding to the original joke: "Here everyone, r00t this guy."

Re:trust

" but since there is an unbroken string of broken UN resolutions dating back to Saddam's invasion of Kuwait, I'd say it makes just as much sense to call this a continuation of that"

Then I guess we'll be taking out Israel next, for all the UN resolutions they've broken/ignored?

Re:who modded that insightful?

[ActiveSX]

It's factually inaccurate and overly simplistic.

From page 164 of The Glossary of Slashdot, 2003 Edition:

insightful (mod); ihn sait fEl
- Factually inaccurate and overly simplistic.

Re:trust

[Bald+Wookie]

Yes, announcing that you don't have significant weapons and appearing weak is a good idea when you have a powerful and belligerent Iran next door.

Given a choice of fighting Iran or the US, I'd take Iran every single time.

My God....

[AvantLegion]

... I protect my porn better than that!

Re:WOPR's 'guesses'

[MattGWU]

Ok. The thing is...that's not my ACTUAL root password. It's a joke. The thing about it is, that string is a perfectly good root password. It has letters. It has digits. It's not in the dictionary. It's not pronouncable. Therefore, it was perfectly cromulent to use it in the context of a root password. I twisted that into a joke by suggesting it was my root password, and expressing dissatisfaction that it was published to the world. How he came to get the root password, I have no ideas, as it was not, as I previously stated, my actual root password. Really, *any* of my root passwords.

Finally, the fact that this alledged 'root password' does not contain punctuation or non-printable characters was not held against it. It still works for the purposes of this joke. Lets hope they remain safely anonymous by not responding to this thread to express their outrage and incredulity.

My thoughts, however, go out to all the sysadmins out there who really DID have their root password outed this evening.

Thank you for your time, and have a pleasent tomorrow.

Re:trust

[Mostly+a+lurker]

If Saddam Hussein didn't have WMDs, all he had to do was cooperate with the inspecters

Well, according to Dr Hans Blix (the head of the inspection commission) Iraq was cooperating fairly well. The message that cooperation was inadequate was coming from the same source that was claiming incontrovertible evidence of ongoing WMD activity. Most of the world wanted inspections to continue, based on the doubts raised by the US, in spite of the fact that inspections were revealing nothing.

Re:WOPR's 'guesses'

[tintub]

"Here everyone, r00t this guy."

That means something quite different here in Australia! I'll pass, thanks :)

Sounds a bit Alarmist

[rstovall]

I was in SAC from 1978 - 1982, as a missile maint. tech. (a.k.a. "Missile Monkey"). While I can't speak to security prior to that time, I can say that by 78:

• Security clearances for all personnel associated with the program were extreme... mine took over 6 months, and I know they talked to many people.
  
• To the best of my knowledge, PALs were active by that time, though I was not launch crew. Certainly we were trained that PALs were a factor.
  
• The warheads were physically configured such that they could not fully arm until they had experienced the stresses of launch and reentry. There was no way to set them off "in the tube".
  
• Visits to the actual capsules in the LCC (Launch Control Center) by non-military were limited to the training simulator.
  
• While the LCF (Launch Control Facility) appears to be a soft facility on the surface (simple wooden buildings, chain link fences, lightly guarded) nothing up there matters as far as control over the weapons. Only the LCC, the actual capsule a classified number of feet underground, matters and physically it's very imposing. There is no way to open a capsule in short terms from outside (the only accuators for the door locks are inside) and would certainly be a matter of many days even with modern equipment. Of course, even a minor violation the "topside" security was immediately and vigourously responded to, so these sites are not trivially penetrated as the author implies.
  
• The missile sites were in some ways tougher. Even an authorized entrance to the hardened facility where everything worked properly took a minimum of 30 minutes plus the worse case time it would take for a security team to respond to that site. If any of the locks failed (I had it happen twice in the 3 years I was in the field) the break in procedure involved two jackhammers, a 16 ton crane, a load of other equipment and two days.. if pressed, I suspect it could have been done in one very long day. Of course, that would set number of alarms, including seismic and radar. Short of entering the hardened launch facility (the launch tube) there is no way to affect the missiles status.. you could not cause of prevent a launch from outside.
  

In short, perhaps if someone could gain access to a capsule they could have commanded a lauch, but they'd have had to subvert 2 complete LCC crews to command an immediate launch, and that's just not likely, even if the PALs were not active. One LCC could not command an immediate launch, and would have been overriden by the other capsules in the flight had it attempted to. As discussed above, penetrations of the control center or the actual missile facility could not yield results before an overwhelming response ended the threat. The way we were watched (and the capsule crews were more watched than we were) I doubt four people so profoundly without anyone noticing.

As for the "bad guys" gaining access to a warhead from the missile site... not a chance. First, to do that they'd have to penetrate the missile facility (not less than 12 hours work) without setting off any alarms and without any of the heavy equipment being noticed be the frequent roving patrols. Penetrating the LCC would not give anyone "access" to the warheads, as the LCC did not control the locks at the missile site, they just monitored them.

The only significant risk of the warhead falling in the "wrong hands" was during transport, and I can speak from personal experience that those movements were exceptionally well prepared monitored, and armed, with air support close by at all times.