The World's Most Dangerous Password 696
NonNullSet writes "Minutemen ICBMs were deployed in the early 1960s, and grew to over 1000 in number. They were allegedly protected from a "rogue launch" by an approach known as PAL (Permissive Action Link). The PAL required that the correct 8-digit launch code be entered by the missiliers before the missile would establish ignition. What if all the PAL codes had been set to '00000000,' and 'everyone' in the Strategic Air Command knew it? That is unbelievably what happened, as described in this article from the Center for Defense Information. Not exactly a great example for getting people to choose difficult passwords!"
trust (Score:4, Insightful)
Re:trust (Score:3, Insightful)
As has been clearly demonstrated recently in Iraq...
Oh wait, nevermind.
Does it really matter? (Score:4, Insightful)
So, the passwords were surprisingly effective. FUD at its finest
The world was different then (Score:5, Insightful)
For better or worse, the system seemed to have worked - there weren't any unauthorized missiles launched that I'm aware of.
Totally wrong. (Score:4, Insightful)
in addition, the passwords for the different sub-systems would vary as well as require a number of actual physical keys in order to get the nuclear war machine into motion.
If you really think it only takes one password to launch an american military nuke (even if we were in the 60s), you're totally mislead.
B00000000M (Score:2, Insightful)
Physical security not the problem (Score:2, Insightful)
Uh, not as easy as typing in the PW (Score:2, Insightful)
The real world isn't like War Games pple. Can't just launch your modem into NORAD and play a game.
Parinoid (Score:3, Insightful)
I think this shows how parinoid they were. By having everyone in the chain of command know the password(s) for launch they enabled the ability for a launch to happen even if the right people weren't around.
So that if there was a launch against the US and no one was able to react fast enough in the chain of command and order the launch, then Joe Anybody could still affect the launch.
I know it's flawed logic but I'm just trying to present a different side of the issue.
Re:Its only a bad password (Score:5, Insightful)
*zoom back three years* "the fact that noone has ever deliberately flown a jumbojet into a building shows it is perfectly secure" I hope the military has some better understanding of risk analysis
There were serious layers of physical security? How serious? Just as serious as their passwords? Besides, the brass may be tough but the grunts guarding it are not above blackmail or greed.
Good security is layered. That also means that breach of security shouldn't be caused by a single failure. But in reality it often turns out one or no layers of security are actually *working* because everybody assumes the other layers will cover for it.
Kjella
You're an idiot (Score:4, Insightful)
The fact that everyone in SAC knew them means that if a terrorist had gotten to a low level in position in SAC he would have known the codes. At this point your detterent is useless. If the code was distributed on a proper need to know basis then this wouldn't be possible.
This isn't fud, mcnamara himself was outraged, those locks were there for a damn good reason. That password should NOT be available to everyone in SAC regardless their security clearance. It is should be strictly need to know.
Disclaimer at the beginning of Dr Strangelove (Score:3, Insightful)
Throws that one out the window then?
Mein Fuehrer! sorry.. Mr President.
The article really is quite fascinating (Score:5, Insightful)
Re:trust (Score:5, Insightful)
In the current political establishment in the US, it is the politicians & Pentagon civilians who are promoting war, and the officers were generally very skeptical of what they were doing.
Basically one portion of the political elite has decided that we should start acting like Israel if we are to maintain political power in the world, and they have gone on the offensive, entering into many regional conflicts around the world. I would argue this goes back to the Clinton administration at least; Wolfowitz and Pearle have taken it to the logical extreme.
Remember how skeptical retired General Clark was of the war when he became a politician? So was Eisenhower; he warned us of the military-industrial complex, which becomes dangerous because the big money/corporate side of it has lots of influence on Washington politicians. Guys with military experience often know better than the politicians, and this is why Kerry or McCain would be much better leaders than the wide array of war cheerleaders in power now who avoided the draft in various ways [see last couple of weeks of doonesbury].
The writeup is misleading.... (Score:5, Insightful)
The story here, then, is not that a bad password was chosen, but that somebody decided to disobey orders by disabling the password, and that the higherups were completely in the dark about it.
Re:Does it really matter? (Score:2, Insightful)
KFG
Re:trust (Score:5, Insightful)
You, sir, are completely incorrect in your assertation. Once upon a time, you might have been largely correct--back in the days when those who had military power were the same people as those with political power (Napoleon for example) the warriors would be the ones to start the wars.
OTOH, looking at the history of 20th century US wars, not one was started by soldiers. Politicians are the ones who lead us into wars. Soldiers are the ones who die fighting them. Learn the difference.
Re:trust (Score:4, Insightful)
Indeed; incompetent politics can start wars as well as prevent them.
If Saddam Hussein didn't have WMDs, all he had to do was cooperate with the inspecters, verify he didn't have them, and there would have been no war. He'd still be alive, running the country, and killing whoever he pleased, whenever he pleased.
Instead, he let his ego get in the way of his politics, he fought the inspecters tooth and nail, and it ended up running his regime into the ground.
(There's some more to the story then that, such as how stupid it is to run a "shoot the messenger" regime if you actually want to survive, but that outline is true.)
Incompetent politics can definately start wars.
(Oh, you were trying to blame the current President? Maybe if he'd actually started this war that would make sense, but since there is an unbroken string of broken UN resolutions dating back to Saddam's invasion of Kuwait, I'd say it makes just as much sense to call this a continuation of that, Saddam's Greatest Mistake. Not saying Bush is blameless, just saying that if you want to point at one person who's utterly incompetent politics for over a decade started this war, it's much, much more rational to point at Saddam. One little thing he had to do to remove any pretense, and his ego wouldn't let him do it.)
Don't underplay this, it's still bad... (Score:3, Insightful)
And let's be blunt here. A single Minuteman launched at a major world city could kill millions of people. Doesn't it make you even slightly nervous that the military was prepared to discard one of the layers of security in the interests of making it easier to launch them, and lie to their bosses about it?
Poor ICBM security ...who cares? Right? (Score:5, Insightful)
RTFA. Blair and Brewer point out that, at the time, the military wanted to improve their public relations and would give TOURS of LCC's! B&B repeatedly point out that virtually anyone who asked could get access! The physical security was crap and the codes weren't in place. IE, any moderately funded and motivated terrorist group could have had a field day if they'd know about this severe weakness.
"Four individuals (two persons in each of two separate LCCs in the same squadron) acting in concert could succeed in mechanically launching one or more missiles." In seconds. Not minutes or hours.
"[...] annually thousands of visitors holding no clearance whatsoever were permitted access to operational LCCs."
"Located in each LCC are two launch keys, one for each member of the crew, and the codes needed to authenticate presidential launch directives. Only the launch keys, not the codes, are physical prerequisites for generating valid launch commands, the purpose of the codes being exclusively that of authenticating an execution directive."
B&B make it sound as if you happened to be on a tour and decided to overpower the minimal security force (two crew members + a couple of guards at best (isolated locations, remember?) then it's good to go - you already know the launch codes because it's always all zero's. Or, even worse:
"Technically, crew members can launch a nuclear attack with or without approval from higher authority. Unless PAL or its equivalent forecloses this option, as many as 50 missiles could be illicitly fired. Moreover, unless adequate precautions were instituted, an even more drastic option would be available. Crew members could conspire in the formatting and transmittal of strategic strike directives, deceiving the full contingent of Strategic Air Command (SAC) LCCs, as well as higher authorities, into reacting to a spurious launch directive as if it were valid and authentic. Or they could render the U.S. strategic force virtually impotent by formatting and transmitting messages invalidating the active inventory of presidential execution codes. Finally, crew members could aid accomplices in stealing thermonuclear warheads from missiles on active alert."
Keep in mind that Blair was working in an LCC as a crew member in the mid-70's. He was obviously in a unique position (which virtually none of us were or are) to write this paper. His direct observation on how to subvert the access/security controls on the ICBM's trump anyone else's estimate on what might or might not happen. His letters and paper in 1977 are basically what got those locks activated in... 1977.
It is especially hypocritical that the majority of the Slashdot comments were fine with this poor use of a password mechanism. In your own place of business you most likely would NEVER allow this to happen and you just run some servers - as opposed to ICBM's capable turning your city into a big kitty litter box. Don't defend the actions of those in charge in the 60's and 70's. They were flat out wrong and frankly should have been thrown in military prison for such a massive security breach.
Re:trust (Score:4, Insightful)
And the incompetent warriors at the top of the Pentagon went in without an exit strategy - just an exit fantasy of slavish Iraqi gratitude. Their further incompetence at fighting a guerilla war, which has been standard warfare since their incompetence in Vietnam certified it, has kept the war going. To stave off the inevitable "support the troops" replies, I note that the troops actually fighting are tactically competent, topping the world in killing power. Too bad their strategy leaders in the Pentagon don't support them as well as we do.
So we've got political competence combined with warrior incompetence, and a war. Probably the worst war the US has seen since WWII - and there's no limit to what's to come. I never felt so bad about being right.
Re:trust (Score:5, Insightful)
Re:Hilarious (Score:3, Insightful)
failsafe (Score:2, Insightful)
Re:trust (Score:5, Insightful)
Yes, announcing that you don't have significant weapons and appearing weak is a good idea when you have a powerful and belligerent Iran next door.
Re:You're an idiot (Score:3, Insightful)
I can imagine people laughing, "Guess what? The code to the bombs is all zeros!" You'd want to share that nugget!
A worthless code does not inspire respect.
Re:WOPR's 'guesses' (Score:5, Insightful)
I think a +5, Informative on a joke about posting a root password to the world is as funny as the joke itself. It's like the mods adding to the original joke: "Here everyone, r00t this guy."
Re:trust (Score:2, Insightful)
Re:trust (Score:2, Insightful)
Instead, he let his ego get in the way of his politics, he fought the inspecters tooth and nail, and it ended up running his regime into the ground.
And the Islamic Regime next door, three times larger than his country would just sit idly by and ignore the undefended neighbour with which they had a rather serious war with not so long ago.
Or maybe he took the gamble that the US wouldn't be stupid enough to take him seriously or at least not stupid enough to inflict the occupation of a serious chunk of the middle east upon themselves.
Of course he lost the gamble, but to me he seemed to be playing with the odds.
Security against whom? (Score:3, Insightful)
Layers which were run by the military, to keep non-military people out of military property. The PAL code was a different animal altogether.
The PAL code was supposed to be owned by the civilian leadership as a way to keep control over missiles in the hands of the military. Instead of being another layer of security, it was an orthogonal measure to all the others.
Civilian control is a Very Good Idea. If you want to know why, read some quotes from General Curtis LeMay sometime.
Security auditors need to look for conflicts of interest like this one, where the people who control a password are at odds with the people who benefit from it.
Re:trust (Score:5, Insightful)
Then I guess we'll be taking out Israel next, for all the UN resolutions they've broken/ignored?
Re:maybe this is just the duress password (Score:2, Insightful)
Actually that makes a lot of sense that this would be a duress password. After all, if you stole a nuke and wanted to set it off but didn't have the 8 digit code what would most people do? They would start with 00000000 and start counting up. And with up to 60 million combinations to try there would be plenty of time for Delta Force to show up.
Re:trust (Score:2, Insightful)
Please... Bush didn't invade Iraq to defend UN resolutions. This is proven by the fact that 1) he never used force to defend UN resolutions before Gulf War II, and 2) he never used force to defend UN resolutions after Gulf War II . UN resolutions were a pretext for the war, not the reason for the war.
Re:trust (Score:5, Insightful)
Link me to the UN resolution that gives the US executive power and the ability to act as its security council without oversight or resolution.
wlll (Score:4, Insightful)
Yes, I'd say WMD, or the threat thereof, would be the only significant weapons you could bring to bear.
The question is, do you stop to consider facts before you make your arguments? A little less blindly jingoistic support for our president, a little more thought is in order.
Re:Someone's gotta say it (Score:5, Insightful)
You read about trying to cut people out of the loop to save costs, think about this and just pay the $40k/year salary, for goodness sake.
Re:trust (Score:2, Insightful)
Bush starts swinging his arm like a windmill and yells "If you get hit, it's your own fault [snpp.com]".
Saddam promptly gets hit and you're blaming Saddam for not getting out of the way!
Lots of countries have a string of broken UN resolutions. It was undoubtedly a new war. Ask Bush even. Every indication before the war and subsequent evidence since the war is that Bush wanted to invade Iraq since before Sep-11-2001. The UN process was just a stopgap measure to buy time. Previous behavior in 1998 has already shown that US intelligence are willing to subvert the UN process to spy on Iraq. In hindsight, there was nothing Saddam could have done to avoid a war short of handing the keys of Iraq over to Bush.
Re:trust (Score:3, Insightful)
Re:trust (Score:5, Insightful)
Given a choice of fighting Iran or the US, I'd take Iran every single time.
More american self-rightousness (Score:2, Insightful)
Then who gave the order to invade Iraq? The president of Brazil? Typical american-centric self-rightousness brainwashing flagwaving crap we hear over and over and over. Just like America didn't invade Cuba, wasn't involved in the Vietnam War, wasn't in Korea, didn't partake in the overthrow of governments in Cental Amerca, etc, etc, etc.
I recently was chatting on IRC to some american who thought WWII was not a world war until the US got involved, and that John Glenn was the first Astronaut-not in the US, but in the world. If that is what is being taught in american schools then the original posting doesn't really suprise me.
unbroken string of broken UN resolutions dating back to Saddam's invasion of Kuwait
And this justifies the invading Iraq? Everyone knows the UN is just a puppet group controlled by americans. Hey bub, read the news once in a while. There's atrocities being committed over the world that made Saddam look like he was running a daycare center. Where is the US in these conflicts? No where! Why? Because there is no oil. Iraq is about oil! It was in Desert Storm, it is now. Not about getting rid of "Evil-dooers". Military spending and weapons sales make up a huge part of US GNP-do you really think the US wants a world of peace? Holding hands and getting along means no arms sales-they need a destabalized world to keep up arms sales, and the Iraq occupation certainly has done that.
Was this... (Score:3, Insightful)
Re:WOPR's 'guesses' (Score:2, Insightful)
Re:Totally wrong. (Score:3, Insightful)
It isn't? Could have fooled me.
I think we can depend on the most powerful man on the planet to memorize the most important 8-digit password on the planet. You remember your phone number don't you? Besides, I happen to remember just about every movie dealing with the issue having the launch codes written-down on a piece of paper in a locked briefcase.
In any case, I would MUCH, MUCH, MUCH, MUCH rather have it be too difficult to launch a doomsday weapon, than too easy. We are talking about purely offensive weapons you realize. It's not as if they will save lives if they are launched a little bit sooner.
MAD - Mutually Assured Destruction (Score:5, Insightful)
Including the Kremlin.
Re:trust (Score:2, Insightful)
Re:trust (Score:2, Insightful)
He's way ahead of you. You seem to be steeped in the parodies you read in Tom Tomrrow and Doonesbury cartoon strips.
Get a grip and stop treating 'the other side' like the evil characters in comic books.
And get used to the idea that there's real change going on in Iraq, and that things are getting better there for the regular people who live there. It pisses off all sorts of fringe players, but it's the truth.
Stupid passwords (Score:3, Insightful)
I told the project manager, hey look doesn't this need to be changed? Everyone, including the other big player in the market, can walk in and grab the code. Manuals included.
But they just don't care. "It's a low risk".
Re:trust (Score:5, Insightful)
We overthrew an deomcratically elected gvmt in Iran in 1953 and supported the subsequest Iranian governments in large style.
When the Shah oppressed his people without consience for more than 20 years, and was finally thrown out, the Iranian revolution occured in 1979.
Jimmy Carter was elected in 1976 and had little time to reverse the course set by Eisenhower and the following administrations.
To blame Carter for the disaster that Eisenhower created in Iran is simply a foolish and ignorant thing to do.
And it's no wonder after US sponsered oppression that the Iranians hated us.
(And thus follows Iraq. We hate Iran. Saddam hates Iran. Lets arm that despot to attack Iran. Oops - that wasn't such a great plan... And thus follows our ignorant, evil, and "to-hell-with-the-rest-of-the-world-as-long-as-we
Cheers,
Greg
Re:trust (Score:2, Insightful)
Clinton attacked Iraq in 1998 [cnn.com]. That was 6 years after the first war.
Sarin was found last week. [globalsecurity.org]
The point is that the ultimatums had been layed down time and time again over the past 10 years and nothing had been done about their non-compliance. Someone finally steps in and decides to do something about it and he gets shit for it. I don't see you whining about Clintons attack. Bush did what should've been done years ago, possibly even the moment the inspectors were first kicked out, back in 1998. Or have we forgotten that regime change was a US policy since Clinton was in office.
Re:Someone's gotta say it (Score:3, Insightful)
I have a friend who is retired on disability (injured in an explosion) from the Air Force. He worked on classified stuff, and while I know what platforms he worked on, and that some planes can go a lot faster than their published ratings say they can (that is not classified), that's about it. In fact, even though the air frames he worked with are no longer in service and will never be used again, he still can't talk about them. Nor is he allowed to ever be hypnotized. He could be prosecuted for allowing anyone to hypnotize him.
But what he did is a lot less secret than a screwup of the magnitude you describe here would be, considering that governments don't like embarrassing screwups involving secret and lethal programs to be widely known. I'm sure they would classify the hell out of something like that.
Granted, that doesn't mean that a person can't get drunk and spill the beans, but I don't buy it. People know how stories get around. Heck, somebody might even post it on Slashdot
The number of people who have flown those planes can't be that large, so if they knew somebody leaked this story and that he claimed to have been the co-pilot, it wouldn't be hard for them to find him and have a little chat with him, or even prosecute him. My dad and brother both served in the army and I've had several friends who were in the military. None of them talks about anything that is secret, or was secret years ago.
One of my friends is still an active reservist and occasionally disappears for long stretches of time and does stuff he can't talk about except to say that he was called up. All I know about his military service is that I'm pretty sure he was an active-duty seal but he won't even talk much about that. I've surmised it from a few things I've heard him say, plus knowing that he was in the Navy when he was active duty. I have no idea what his current reserve job is. He can't/won't say anything about it, not even when falling down drunk. He's quite security conscious (paranoid, even) even by the standards by which security admins (his civilian gig) are measured, and he speaks a language that is not commonly spoken by Americans, especially not native-born, native English-speaking ones from the midwest. Whether either of those traits has anything to do with his military work, I couldn't say. If he ever gets out from under stop-loss (he was under stop-loss even _before_ 9/11), I don't think he'll re-up. But even then he'll be an inactive reserve and they can call him up at need. He may be doing whatever it is he does for a long time to come, whether he wants to or not.
Even though I haven't said anything secret here, I'm gonna post this one AC anyway. Heheh, my UPS just tripped for a few seconds as I was typing this. Voltage fell enough to dim all the lights. Coincidence? Maybe
Re:trust (Score:1, Insightful)
Corrections (Score:3, Insightful)
Hussein never kicked any inspectors out, they were withdrawn by the UN.
War was and is the last resort (we don't want to kill people)
Hussein tried to surrender on the eve of war, but bush didn't want to listen to him. How does that fit in with war being the last resort?
The troops in Iraq are there because they want to be (we don't draft people)
I am sorry but that is the biggest pile of shit I have ever heard. The people in our military signed up to defend THIS country (USA). If our recruiting posters had told of how they would be sent to foriegn lands where the locals don't want them there, to be shot at so the president can distract us from his failings in the war on terror (Iraq and Bin Laden are 2 completely separate issues), how many do you think would have signed up? I thought about enlisting myself after 9/11, but I realized this would happen, and thought better of it.
the people in Iraq want us there (despite what the liberal media shows you)
Where are you getting these facts? Last I heard, a survey of Iraqis showed that most are glad that Hussein is gone, but want us to get the hell out, and the portion who are saying that the invasion was not worth it, and would rather have Hussein back is growing rapidly.
They don't show you the good things that our troops are doing to rebuild that country.
NPR (that is liberal media, right?) has done several stories on that very thing.
These insurgents *hate* Americans and everything we stand for, and have declared war on US
No, that is Al Qaida, the insurents were not filled with hatred for us, until we showed up in their yards.