Interesting People mailing list archives
The worst case of password abuse - ever.
From: dave () farber net
Date: Tue, 01 Jun 2004 11:31 -0400
...... Forwarded Message ....... From: "Trei, Peter" <ptrei () rsasecurity com> To: dave () farber net Date: Tue, 01 Jun 2004 10:58:50 -0400 Subj: The worst case of password abuse - ever. [For IP, if you wish] This is just Strangelovesque.... What was the password which controlled the firing of America's ICBMs for years during the height of the Cold War? 00000000 That's right. For *all* of them. The Permissive Action Link codes for all of Americas missiles provided less protection than on an average suitcase. [It's fair to note that there were a lot of other controls, such as the dual key system. However, it appears that a pair of rogue controllers could have unleashed Armmagedon - pt] Peter Trei ---------------- http://www.cdi.org/blair/permissive-action-links.cfm Bruce Blair's Nuclear Column Home Page <http://www.cdi.org/blair/> Keeping Presidents in the Nuclear Dark (Episode #1: The Case of the Missing "Permissive Action Links") Bruce G. Blair, Ph.D <http://www.cdi.org/aboutcdi/bruce_blair1.html>, CDI President, bblair () cdi org <mailto:bblair () cdi org> Feb. 11, 2004 Last month I asked Robert McNamara, the secretary of defense during the Kennedy and Johnson administrations, what he believed back in the 1960s was the status of technical locks on the Minuteman intercontinental missiles. These long-range nuclear-tipped missiles first came on line during the Cuban missile crisis and grew to a force of 1,000 during the McNamara years - the backbone of the U.S. strategic deterrent through the late 1960s. McNamara replied, in his trade-mark, assertively confident manner that he personally saw to it that these special locks (known to wonks as "Permissive Action Links") were installed on the Minuteman force, and that he regarded them as essential to strict central control and preventing unauthorized launch. When the history of the nuclear cold war is finally comprehensively written, this McNamara vignette will be one of a long litany of items pointing to the ignorance of presidents and defense secretaries and other nuclear security officials about the true state of nuclear affairs during their time in the saddle. What I then told McNamara about his vitally important locks elicited this response: "I am shocked, absolutely shocked and outraged. Who the hell authorized that?" What he had just learned from me was that the locks had been installed, but everyone knew the combination. The Strategic Air Command (SAC) in Omaha quietly decided to set the "locks" to all zeros in order to circumvent this safeguard. During the early to mid-1970s, during my stint as a Minuteman launch officer, they still had not been changed. Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel. SAC remained far less concerned about unauthorized launches than about the potential of these safeguards to interfere with the implementation of wartime launch orders. And so the "secret unlock code" during the height of the nuclear crises of the Cold War remained constant at 00000000. After leaving the Air Force in 1974, I pressed the service, initially by letters addressed to it and then through congressional intermediaries, to consider a range of terrorist scenarios in which these locks could serve as crucial barriers against the unauthorized seizure of launch control over Minuteman missiles. In 1977, I co-authored (with Garry Brewer) an article ( reprinted below <http://www.cdi.org/blair/permissive-action-links.cfm#attachment>) entitled "The Terrorist Threat to World Nuclear Programs" in which ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- The worst case of password abuse - ever. dave (Jun 01)