© 2005 All Rights Reserved. Do not distribute or repurpose this work without written permission from the copyright holder(s).
Printed from https://www.damninteresting.com/retired/ive-got-the-same-combination-on-my-luggage/
This article is marked as 'retired'. The information here may be out of date, incomplete, and/or incorrect.
America’s gaggle of “Minuteman” long-range nuclear missiles went on line for the first time during the Cuban missile crisis in 1960 1962. But the world was supposedly protected from mutual assured destruction by the “Permissive Action Links” (PALs) which required an 8-digit combination in order to launch. Robert McNamara, then the U.S. Secretary of Defense, personally oversaw the installation of these special locks to prevent any unauthorized nuclear missile launches. He considered the safeguards to be essential for strict central control and for preventing nuclear disaster.
But what Secretary McNamara didn’t know is that from the very beginning, the Strategic Air Command (SAC) in Omaha had decided that these locks might interfere with any wartime launch orders; so in order to circumvent this safeguard, they pre-set the launch code on all Minuteman silos to the same eight digits: 00000000.
For seventeen years, during the height of the nuclear crises of the Cold War, the code remained all zeros, and was even printed in each silo’s launch checklist for all to see. The codes remained this way up until 1977, when the service was pressed into activating the McNamara locks with real launch codes in place. Before that time, the the lack of safeguards would have made it relatively easy for a small group of rogue silo officers or visitors to implement an unauthorized nuclear missile launch.
From the Center for Defense Information article:
Technically, crew members can launch a nuclear attack with or without approval from higher authority. Unless PAL or its equivalent forecloses this option, as many as 50 missiles could be illicitly fired.
Military personnel, e.g. maintenance airmen, and civilian contractors who possessed minimal security credentials were granted LCC access, and annually thousands of visitors holding no clearance whatsoever were permitted access to operational LCCs. In the interest of public relations, the Air Force permitted ready access to the Minuteman launch network by practically anyone desiring it.
One must also recite the obvious point that silos and launch control centers are loated [sic] in desolate reaches of the heartland. Reaction times to mount a counterterror offensive pinpointed at one or a few of these facilities would be measured in hours, not minutes or seconds.
The men and women running SAC in 1960 essentially put the entire planet’s population at risk by deliberately disabling the PAL safety mechanisms. Perhaps we should keep that in mind before we put too much trust in the people charged with our nation’s defense.
Note: The facts cited in this article have been disputed, though they are in agreement with the information from the Center for Defense Information. But skepticism is a healthy thing, and grains of salt are always go well with information obtained online.
© 2005 All Rights Reserved. Do not distribute or repurpose this work without written permission from the copyright holder(s).
Printed from https://www.damninteresting.com/retired/ive-got-the-same-combination-on-my-luggage/
Since you enjoyed our work enough to print it out, and read it clear to the end, would you consider donating a few dollars at https://www.damninteresting.com/donate ?
It’s interesting to look back at scary historic periods.
I think that the term “men and women working” is biased. You’re lumping common folks into a group of a very few who were “following orders:.
jocomo said: “I think that the term “men and women working” is biased. You’re lumping common folks into a group of a very few who were “following orders:.”
Biased against whom? The people who were in charge of SAC– the same people who made the decision to circumvent the locks– were men and women so far as I know. True, they may have all been men given the time period (1960), but that would be a biased assumption.
Perhaps you thought I meant that ALL of the poeple working at SAC were at fault, but that isn’t the case.
Hmm, nothing like a case of retroactive heebie jeebies to start off a Sunday morning. I will say this, for what it’s worth. As a former airman I know that the training recieved by Air Force personnel is very rigorous, and there is little tolerance for rogue behavior, especially in someplace as sensitive as a missile silo, and since there never was an unauthorized launch prior to 1977 everything worked out ok, but it is still disturbing. All the more so because, if you read the news of late, it seems that military protocols and procedures have actually become more lax in recent years. On the plus side, the majority of our land based nuclear arms are rapidly becoming quaint curiosities, as the missile submarines bear the lion’s share of the US nuclear capability. (actually I don’t know if that’s as comforting a thought as I intended it to be.)
I’m having a Dr. Strangelove moment.
One thing I considered… wouldn’t basic cracking logic exploit this code within the first couple of tries. If we assume that a person knew the code was 8 digits long and was going to utilize a basic cracking mechanism of starting with the first set and incrementing by 1 each time I believe ‘00000000’ would have been the first set of numbers in the routine and BINGO! you’re in.
My thought is that even if you are to compromise the process with this bypass you would have at least had even minor complexity. Granted it was a differet time with emotions guiding decisions of this nature…
I just checked this out and there’s a post that mentions that all the missiles were set INITIALLY to 00000000 at all times so that when you had to enter in the unlock codes it was easier than starting at a random number.
http://msgboard.snopes.com/message/ultimatebb.php?/ubb/get_topic/f/47/t/000383/p/1.html (post by Warlock)
For some reason the words ‘Military Intelligence’ are coming to me, in a rather sarcastic tone.
I grew up with fears of nuclear war in the 70s and 80s, so it kind of makes me think i wasn’t worried enough back then (though you wouldn’t have guessed it from the graphic nightmares).
Nothing like filling the internet with more useless misinformation…
The missiles were NOT pre-programmed with the launch codes. The code entry panels were ordered to be pre-set to “00000000” so as to facilated rapid entry of the actual code once is was given. It’s just common sense. It’s faster to enter a random 8 digit code into a console that reads “00000000” than one that reads “31490344”.
This is just another example of a blog that uses incorrect information, snowballs it and compounds it into an urban legend classification.
DocJohnson said: “This is just another example of a blog that uses incorrect information, snowballs it and compounds it into an urban legend classification.”
Did you read the Center for Defense Information (CDI) story linked at the bottom of this article? CDI is a reliable, reputable source. It directly contradicts your statements, and backs up this story. You can say that the CDI story is innaccurate if you like, but can you back that up with some strong evidence from a trustworthy source? Until then, you’ve got bupkis.
Incidentally, an unsupported message posted on a message board by some anonymous person is NOT a reliable source. The Snopes bulletin boards are just a user-contributed discussion area, and are not subject to any fact-checking.
If it turns out this story is wrong, I’ll certainly post a correction, but right now all I see is one bit of anonymous, andecdotal evidence in contradiction.
American society must be utterly ignorant, gullible or just plain stupid if they believe crap like this.
Well, maybe it’s not true, and the Center for Defense Information is lying to everyone. But some people must be utterly ignorant, gullible, or just plain stupid if they believe that it can’t be true despite the evidence. Government is inept due to entropy. It CAN and MUST do stupid things.
In this country, we obey the laws of thermodynamics!
The problem, Alan, isn’t that the story or your post is wrong (factually incorrect). The problem is the first time someone reads the story on the Internet while multitasking as we all do, this person might (will) get the idea that somehow the SAC intercontinental ballistic missile network were somehow insecure. This assumption IS incorrect. The codes you speak of are simply one of many layers of multiple redundancy that military folks are used to. I spent five years at a SAC base in North Dakota and can tell you that the multiple layers are overkill. If a layer or two is bypassed for convenience, it show intelligence, not blind obedience. We were secure.
According to the CDI article, with the PAL locks in place, a group bent on launching unauthorized nuclear missiles would need to gain access to three things:
1) Four people… two individuals at each of two Launch Control Centers (LCCs) at the same time. Not terribly difficult, considering the amount of tourism then allowed at these facilities according to the article. Or of course the launch officers themselves could also conspire to do this.
2) The two launch keys, which are stored on the LCC sites. Armed men could procure these keys easily once on-site. In the event of an inside job, they already have these keys.
3) The 8-digit PAL codes which are not stored on-site, and would only be transmitted in the event of executive orders authorizing a launch. Extremely difficult to procure, or to circumvent with brute-force tactics.
Of course before 1977, #3 was NOT needed, since the PAL locks were disabled by SAC.
So for seventeen years, indeed we had SEVERAL safety mechanisms in place to prevent massive loss of human life and the possible extinction of the human race. The people running SAC only sabotaged the most secure one. The world was perfectly safe! Cough.
This is all swill except for a few of the comments of those who were there. I wrote the theory of operation for the Air Force Technical Order “Launch Enable System for Atlas, Titan, and Minuteman” in 1960, while at ITT, a prime contractor for ground support. A launch could only be enabled with a signal from both Command Post Two at SAC and from Air Force One, the Flying Command Post. Both the much touted book and movie, “Fail Safe” were also crocks, based on a false premise. At least our government was wise not to counter that science fiction. It’s been 45 years, will it ever go away?
“America’s gaggle of “Minuteman” long-range nuclear missiles went on line for the first time during the Cuban missile crisis in 1960. “
If you’re going to post a factual comment, make sure the facts are correct. The Cuban missile crisis was in 1962.
zanm said: “If you’re going to post a factual comment, make sure the facts are correct. The Cuban missile crisis was in 1962.”
D’oh… that was an artifact from an incomplete edit while writing the article… I originally wrote that they were in service since 1960 (which is true), but changed it to be based on when they first went online… I just forgot to update the year to ’62 before publishing. Fixed.
I stumbled across this site by accident and was compelled to respond. First; You should have a picture of a Minutemen not a Titan II since that is the subject missile. Second; Doc Johnson is correct! Zero’s are the base setting having nothing to do with actual launch codes which are changed on a random basis and carried by an individual that is “ALWAYS” close to the President. The case is called the “Football” and is handcuffed to this individual. It requires two combinations to open the case. The President only has “One”! Each capsule is in a wing with nine other capsules. Valid launch votes must be received by all ten capsules to allow launch initiation. A rogue capsule will be inhibited by the other members of the wing. You cannot walk into a minuteman LCC and just launch missiles. Get real people! It is the safest system on the planet! Only nuclear subs have the autonomy to launch with discretion.
It’s amazing how many people are willing to believe that the USA government could not, either on purpose or otherwise, screw up something like this. I’m not saying they definitely did, but I wouldn’t be shocked.
It doesn’t matterwhat the Center for Defense Information says. Vickinutah has the straight story.
Sigh… You’re arguments are severely flawed. You are assuming that since we have a very secure system today, that the same, very secure, system existed in the past.
Today’s system could currently be the safest secuity system on the planet, but this was back in the 60’s and 70’s. Things have changed since then, which this post explains.
If the article from the Center for Defense Information is wrong, then that’s fine. But unless you have some evidence to show that the system was just as secure back then, then your argument is mute.
Oh, FYI, US missile subs no longer have the capability to launch autonomously. A rouge sub crew cannot, by themselves, launch a missile. They changed that back in the 90’s.
I was there.
You were there, AND? You’re saying that ‘00000000’ was the default combination to be changed once the system is set up? Great – so then the system was not SET to the dumb combination, but instead a concious decision was made to KEEP the dumb default. What exactly is the difference? The fact is that for 15 years the combination was NOT changed as it should have been.
So then the president has a person carrying around a briefcase that is difficult to open without the right codes? How useful when the settings remain at the default ‘00000000’ and all concerned are aware of the fact. I feel so safe that the president doesn’t have both codes needed to open the briefcase and read out the wonderfully secure combination of ‘00000000’ to make sure – yep that’s what it is. Hail to the BLAM!
Alan, I have to bow to your editorial wisdom of noting that some of the published facts that you quoted in this article are in dispute, as opposed to the more popular ‘all or nothing’ route where one side of a dispute is declared correct when neither side can be verified. With all due respect to Vickinutah and DonWhit, statements about being there are not likely to be verifiable to/by anyone outside of the defense department. Healthy skepticism is a necessary element both on the Internet and with paper media, and it does need regular exercise.
PAL lock was set to zero for a good reason, to accomplish an emergency code change if the J-CODE became compromised on the MCU. Enabling individual codes on the PAL lock was deemed unnecessary with certain exceptions that never was allowed to present itself. The next generation of security protocols are a bit more “optimal.”
“The men and women running SAC in 1960 essentially put the entire planet’s population at risk by deliberately disabling the PAL safety mechanisms. Perhaps we should keep that in mind before we put too much trust in the people charged with our nation’s defense.”
That Trust was well placed! You should be grateful to the Men And Women of our military whom were so focused, virtuous, and dutiful to protect your butt so you could have the freedom to write your dribble. I think you owe them all an apology and a thank you for the fine job that has been done to date in safegaurding this country and the individual rights we all are privilidged to enjoy.
Splendid article! A real pearl to read. But in many ways the article is dwarved by these (must use the word, sorry – my handicap) illustrious replys!
Has anyone noticed how hard it actually is to not-reply to a message line such as this? I read the comments and frankly one can not agree with really anyone but those who seem to be quoting “official sources”.
It’s clearly a fact that the article which Alan mentions does infact exist and it seems to be of a official US agency. I, living altogether some where else, have no idea that is the agency real or not – it seems to be referred here and there… But I think that Alan actually did something even better than an annoying friday can do to a driver when it’s 4-5pm., on .. a .. friday ;) How come is this such a emotional topic? I think that all countries do odd things at points. And _certainly_ all countries are either implied or acccused of having done something odd or bad. Naturally truth must be defended (not sarcastic here), but altough Alan didn’t explicitely imply in his article that the source, infact, might be wrong, I’m quite certain that he didn’t try to imply that it was fool proof. So come on, some slack maybe? It’s not as if CCCP implied for years (come on, prove me wrong) that the US started the first real bang-and-boom of WWII (I’m finnish, yet I wasn’t there. I wasn’t even born then).
Right, to my real comment. Be the truth one way or another or maybe even out there, the fact is that nukes, be they handled with exceptionaly brave people or not, don’t really seem the answer. A nuke is a very big and powerful bomb, need I say more? (yes, I’ve done my service, I’ve seen bombs, I have the knowledge basis needed to see the purpose of a defencive bomb as an oxymoron) Though nice to hear that they were handled be rigorous people. (not being sarcastic here either – it’s just refressing to hear in todays world that some people seem to believe firmly in something. I believe in my things :)
I understand that this reply could be viewed as a flame or an attempted insult towards other replyers. It’s not. Its just a bewildered reply to the multitude of emotion an article of this kind can cause. I enjoyed reading the article and the replys. I am sorry if I manage to offend anyone. I edited this a few times before pushing the send button, but even as I write this line it already seems diluted.
My comment on this article is that Alan Bellows does not know much about the various versions of the Minuteman Weapon System. Fist of all the illustration for the article is a Tifton II Missile not a Minuteman. Just because there is a cell in the D37 computer that may contain eight octal zero does not mean that the missile software paid any attention to it. The Minuteman Modernized Launch Control Centers (LCC) did not even have a position in the equipment racks to send an eight digit octal command until 1970 and it was used for the Cancel Launch In Process command. After the requirement was super ceased the control panel was used to insert weather words, correction octals , The Minuteman II Mark 11C reentry vehicle was subsonic on reentry an subject to float in the target island due to air density and cross winds. The octal provides a modified aiming point to make the reentry vehicle strike the planned aiming point. The coded command octals for execution checklist could not be implemented until Boeing and Sylvania put in a hard ware modification to the Launch verification panels and the D37 computer software t pay attention to the octal and this was implemented for both Minuteman II and III in both the Boeing and Sylvania LCC configurations. The whole procedure was done for a manpower cost reduction to reduce the number of combat crews and have the perform longer tours at their console positions in the LCCs. This allowed one crew member to be able to sleep in the LCC when they were pilling 24 to 72 hour alerts in the LCCs. And that was implemented about 1977.
I was a Minuteman Launch Crew Commander and Deputy Commander and later served at HQ Strategic Air Command, now USSTRATCOM as a real time analyst of the Strategic Automated Command Control System. [System Supervisor, Command Control War Plans Computer Division]
I wonder if the effects of increased trust by having the codes printed on there actually *decreased* the potential for mutiny by showing that the military (as opposed to civ gov’t) was on the avg. missilers’ side.
It was not uncommon for weapon system designers to pre -build features or put hooks into software for easy modifications to a weapon system to be sold to DOD in a future contract Boeing as well as other contractors would do it in a routine basis. Especially when it is a feature you know the DOD customer wants but does not have the budget authorization to get it on the original contract but it can be added as a supplement in a future budget cycle or future contract modification. The all then vendor has to do is to turn it on and put past ups [decals] on the hardware configuration panels to use it.
“military folks are used to”, “overkill”, “layer or two is bypassed for convenience, it shows intellegence”; Is anyone else thinking Chernobyle?
This is exactly the problem that scares me immeasurably. Ban the nukes, completely.
This is a Groucho. Military music, military justice, military intellegence.
There is no way to peace. Peace is the way. Mohandis Gandhi
“RETIRED USAF” ROCKS!!! THANK-YOU!!! TO ALL VETERANS!
johnb3491 you and all of you namby-pamby ilk are an abomination to this nation! there is a reason the Colt .45 was and is called “THE PEACE MAKER”.
it is stupid ignorant pacifist thinking that allowed the majority of europe to fall under NAZI control! this whole “peace, love, and hug the trees” mentality is going to bring the end of AMERICA faster than anything the reds ever could have tried. come on people get your heads out of your arses and think for yourselves instead of gulping down the Kool-aid that the media and our higher education system is feeding you!!!!!!
USE YOUR BRAINS!!!!!!! COMMON SENSE TELLS YOU THAT KIND OF THINKING IS WRONG!!!!! JOHN I BET YOU WHERE ONE OF THE KIDS THAT GAVE-UP HIS LUNCH MONEY TO THE SCHOOL BULLY ARE’NT YOU!!!
DI, but I am sure some Soviet LCCs would have been less secure.
Well sure. By that logic, the safest combination would be 99999999.
Matt, 99999999 is not a valid Octal number both the DSAP in the LCC and the D37 in the Minuteman IIF Missile are octal computers.
The range of values for an pctal computer are 00000000 = 7777777 in the minuteman weapon system.