Remember all those cold war movies where nuclear missile crews are frantically dialing in the secret codes sent by the White House to launch nuclear-tipped intercontinental ballistic missiles? Well, for two decades, all the Minuteman nuclear missiles in the US used the same eight-digit numeric passcode to enable their warheads: 00000000.
That fact, originally revealed in a column in 2004 by then-president of the Center for Defense Information Dr. Bruce G. Blair, a former US Air Force officer who manned Minuteman silos, was also mentioned in a paper by Steven M. Bellovin, a computer science professor at Columbia University who teaches security architecture. Both of these sources were cited this week in an article on the site Today I Found Out written by Karl Smallwood, as well as in an article in the UKs Daily Mail.
The codes, known as Permissive Action Links PALs, were supposed to prevent the use of nuclear weapons—and the nuclear weapons under joint control with NATO countries in particular—without the authorization of the president of the United States. The need for such controls became clear during the 1963-1964 Cyprus crisis, when NATO members Turkey and Greece were reportedly seeking control of NATO nuclear weapons—to use on each other.
via Launch code for US nukes was 00000000 for 20 years | Ars Technica.
The vulnerability of computer networks to hacking grows more troubling every year. No network is safe, and hacking has evolved from an obscure hobby to a major national security concern. Cybercrime has cost consumers and banks billions of dollars. Yet few cyberspies or cybercriminals have been caught and punished. Law enforcement is overwhelmed both by the number of attacks and by the technical unfamiliarity of the crimes.
Can the victims of hacking take more action to protect themselves? Can they hack back and mete out their own justice? The Computer Fraud and Abuse Act (CFAA) has traditionally been seen as making most forms of counterhacking unlawful. But some lawyers have recently questioned this view. Some of the most interesting exchanges on the legality of hacking back have occurred as dueling posts on the Volokh Conspiracy. In the interest of making the exchanges conveniently available, they are collected here a single document.
The debaters are:
Stewart Baker, a former official at the National Security Agency and the Department of Homeland Security, a partner at Steptoe & Johnson with a large cybersecurity practice. Stewart Baker makes the policy case for counterhacking and challenges the traditional view of what remedies are authorized by the language of the CFAA.
Orin Kerr, Fred C. Stevenson Research Professor of Law at George Washington School of Law, a former computer crimes prosecutor, and one of the most respected computer crime scholars. Orin Kerr defends the traditional view of the Act against both Stewart Baker and Eugene Volokh.
Eugene Volokh, Gary T. Schwartz Professor of Law at UCLA School of Law, founder of the Volokh Conspiracy, and a sophisticated technology lawyer, presents a challenge grounded in common law understandings of trespass and tort.
via The Hackback Debate | Steptoe Cyberblog.
For those of you interested in security issues, tomorrow (9/6) the Indiana University Center for Applied Cybersecurity Research is hosting a talk by Michael Bailey called “The Need for Ethical Security Research, or Why If We Don’t Get Our Act Together Soon, We Will All Be in Some Really Hot Water.”
The talk is at noon, and if you decide to attend, I will be forgiving about being a little late to class. Lunch will be provided!
Below is the talk abstract and speaker bio. More information here.
Research on rapidly advancing information and communication technology (ICT) has exposed gaps between what researchers could do and what they should do. Existing research in security, networking, and distributed systems—malware, botnets, click fraud, phishing spam, vulnerability analysis, reverse engineering, denial-of-service attacks, underground markets, etc.—routinely raise issues of risks including physical, psychological, legal, social, and economic harms. Existing work in ethics, in particular normative ethics, provides a variety of formal mechanisms for reasoning about the correctness of one’s behavior, but the application of these methods in these domains has been hampered due to a lack of community consensus on principles, a dearth of practical experience in formal ethical decision making, and gaps and inconstancies in enforcement and oversight. This talk highlights the need to tackle these thorny issues and discusses a number of community efforts aimed at addressing them.
As an Associate Research Professor at the University of Michigan, Dr. Bailey performs research on the security and availability of complex distributed systems (e.g., the Internet). Before coming to the University of Michigan, Dr. Bailey was the Director of Engineering at Arbor Networks and a programmer at Amoco Corporation (now BP). He holds degrees from the University of Michigan, DePaul University, and the University of Illinois-Urbana.