If you’re easily frightened, you may want to skip this one. Hopefully you’re not, because it’s a very cautionary tale about security and selecting passwords, passcodes, passphrases, etc which are truly secure.
A recent post on PoliticsUSA (which links to an original story at todayifoundout.com)at least one quite frightening fact about the US Minuteman nuclear missile program. I will try to summarize the backstory as best I can for those that don’t want to read the original article.
In 1962 President John F. Kennedy signed an order that all nuclear weapon that the US possessed was fitted with an electronic lock called a Permissive Action Link (PAL). The concern was twofold: that other countries could seize US missiles on foreign soil and launch them at targets of their choosing, including the US itself; and US commanders who were mentally unstable yet somehow not deserving of a Section 8 discharge.
Robert McNamara, then Secretary of Defense, supervised the installation of the PALs for the missiles on US soil. However, the Strategic Air Command didn’t care much for McNamara, and behind his back as soon as he left, they reset the codes on the PALs to a code of their choosing.
No, it wasn’t “CPE 1704 TKS”, if for no other reason only numbers could be dialed in.
The code that Strategic Air Command picked was the simple, and wonderfully secure, “00000000”.
Yes, if you had the physical access and could dial eight zeros into the PAL, you could have started World War III. It’s a wonder nobody did, looking back.
Worse, the soldiers themselves had the code, and it was in the checklists in a very thinly disguised form. From the latter article, quoting Dr. Bruce G. Blair who was once a Minuteman launch officer:
Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel.
I know Thanksgiving was last week, but I think we can all be thankful this absolutely blockheaded lack of security didn’t come back to bite us in the end.