Hacking Nuclear Command and Control 256
The Walking Dude writes "The International Commission on Nuclear Non-proliferation and Disarmament (ICNND) has released an unclassified report exploring the possibility of cyber terrorists launching nuclear weapons. Ominous exploits include unreliable early warning sensors, unsecure nuclear weapons storage, transportation blunders, breaches in the chain of command, and the use of Windows on nuclear submarines. A traditional large-scale terrorist attack, such as the 2008 Mumbai attacks, could be combined with computer network operations in an attempt to start a nuclear war. Amidst the confusion of the traditional attack, communications could be disrupted, false declarations of war could be issued on both sides, and early warning sensors could be spoofed. Adding to this is the short time frame in which a retaliatory nuclear response must be decided upon, in some cases as little as 15 minutes. The amount of firepower that could be unleashed in these 15 minutes would be equivalent to approximately 100,000 Hiroshima bombs."
People in the know (Score:5, Interesting)
I don't believe that Al Qaida could weasel their way into the control systems for missiles, unless they come across somebody smart enough and crazy enough to be of value to them. I don't believe there is any systematic reason why this could not happen, it is just very unlikely.
At the moment it is much easier for the terrorists to work with the tools they know.
Researching Kaczynski for this post has got me thinking. With his background he could have gone into a field where he gained access to some critical systems. Lots of secure areas employ mathematicians. But then he might not have had the time and resources to develop his nutty ideas. He had to withdraw somewhat to do that. Was the Jack D Ripper character a realistic possibility? Or would a maniac have been unable to rise to a position of responsibility?
Re:Windows on submarines? (Score:4, Interesting)
I've heard about it for a while now - it's not overly new news in the UK.
At least they're not wasting resources on Vista/7 - they're using Windows XP [theregister.co.uk], which is nice and secure(!) As the El Reg article points out, though, at least the submarine is generally a stand-alone network, which should protect it from a lot of vulnerabilities (although not all [itpro.co.uk])
Re:People in the know (Score:3, Interesting)
"But then he might not have had the time and resources to develop his nutty ideas. He had to withdraw somewhat to do that."
I'd have to take issue with Kaczynski being a nut, if you actually read anything he wrote he seemed more like a misguided malcontent who channelled his frustration towards violence out of knowing powerless than someone was who was "crazy".
He understood some of the problems of modern society very well even if he did not always frame them in a way that other people would agree with, the essence of what he wrote here:
http://cyber.eserver.org/unabom.txt [eserver.org]
He has it right that the model of society we currently use exacerbates and creates un-needed psychological stresses on human beings and that human beings are quite immature (See: George W getting elected, War in IRAQ and all that).
Some people born into this system adjust having known no other way of life, others don't and end up on social assistance.
Personally I think calling people crazy is a intellectually lazy way of not being able to criticize the deficiencies of a society, usually societies outcasts tell us a lot more about society then human beings would like to admit.
The "rational" people never seem to be able to adequately criticize their own faults nor have the degree of introspection necessary to smell the stench of their own rotten selves or society.
Re:Windows on submarines? (Score:5, Interesting)
at least the submarine is generally a stand-alone network
My next-door neighbour, a middle-ranking officer on the UK's Vanguard fleet of nuclear submarines, asked me to fix his laptop ready for the recent 3-month wargame off Florida. Naturally, the "fix" was as simple as identify trojan, format, re-install MS-Windows, install Avast, advise him not to run keygens he'd randomly downloaded off a torrent, and slip an Ubuntu live CD into the laptop bag in the hope it'd pique his interest.
As I returned it to him, I said "I turned WiFi and Bluetooth off by default. I assume you'd get in trouble if your stealth-sub got spotted by something as simple as your opponent searching for available networks."
Apparently he'd never thought of that. And regaled me with stories of how long undersea voyages are just one huge wireless LAN party and movie fileswap meet. And asked me to turn WiFi and BT back on.
Nuclear subs are just one huge Faraday cage, right? Right? No really, they are... aren't they?
Re:oh yes (Score:3, Interesting)
Why? Because you believe that nobody in the US Department of Defense would be stupid enough to have a Windows machine as part of a nuclear weapons control system, or because you believe that including Windows in anything built by DoD and its contractors couldn't really make the system significantly more vulnerable?
Re:People in the know (Score:2, Interesting)
at least for the sub-set of Earthian mathmaticians.
Re:We don't live in a comic-book universe... (Score:2, Interesting)
The problem isn't the hacker-launched missiles themselves; rather, the problem comes when everyone else starts launching in reaction. There's an axiom in strategic nuclear planning that "if one flies, they all fly". Basically, once the first launch is detected, everyone else has less than half an hour to make a decision. They don't know if it's just a rogue missile or the start of an attack, and they face the dilemma of doing nothing and letting all their forces be wiped out if that's the case. Therefore, they launch too. And so on. It snowballs into global nuclear war.
This is the best case I can think of for at least a limited BMD system. You aren't going to stop a full attack, but a limited system with good coverage can pick off the one stray launch set off by an accident, coup, crazy madman, terrorist, or what-have-you. Down that one missile (or handful of them), and you now have a chance to make a phone call or two on the dedicated hotline, figure out exactly what the heck is going on, and hopefully get everyone calmed down.