Schneier on Security
A blog covering security and security technology.
« The Iranian Firewall |
| Research on the Security of Online Games »
June 23, 2009
John Walker and the Fleet Broadcasting System
Ph.D. thesis from 2001:
An Analysis of the Systemic Security Weaknesses of the U.S. Navy Fleet Broadcasting System, 1967-1974, as exploited by CWO John Walker, by MAJ Laura J. Heath
Abstract: CWO John Walker led one of the most devastating spy rings ever unmasked in the US. Along with his brother, son, and friend, he compromised US Navy cryptographic systems and classified information from 1967 to 1985. This research focuses on just one of the systems compromised by John Walker himself: the Fleet Broadcasting System (FBS) during the period 1967-1975, which was used to transmit all US Navy operational orders to ships at sea. Why was the communications security (COMSEC) system so completely defenseless against one rogue sailor, acting alone? The evidence shows that FBS was designed in such a way that it was effectively impossible to detect or prevent rogue insiders from compromising the system. Personnel investigations were cursory, frequently delayed, and based more on hunches than hard scientific criteria. Far too many people had access to the keys and sensitive materials, and the auditing methods were incapable, even in theory, of detecting illicit copying of classified materials. Responsibility for the security of the system was distributed between many different organizations, allowing numerous security gaps to develop. This has immediate implications for the design of future classified communications systems.
EDITED TO ADD (9/23): I blogged about this in 2005. Apologies; I forgot.
Posted on June 23, 2009 at 1:30 PM
• 20 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
John Walker is a lousey, no good, sociopathic, double crossing, mashup of new york subway gutter sleaze and what you find on the bottom of the seats at movie theaters whose only good deed would be to take his last breath. May he burn.
@Custer "John Walker is [a very naughty boy]."
Well yes, but the point is that this system should have been designed so that one such miscreant couldn't break it wide open.
At the same time as the USSR was paying a small amount for this data the USA was spending a huge amount to tap undersea cabling in USSR territorial waters for similar data.
@Custer: Incompetent security system design (and this seems to be a rather gross example) is never the fault of the attacker. Incidentially, John Walker is a spy, but nothing of the things you call him.
This guy may even be a patriot...for a different country. (A concept I find many US citizens have trouble understanding.)
@Gweihir: This guy may even be a patriot...
I could understand this except for one fact. Walker didn't turn spy for any ideological or political beliefs. He was simply in it for the money.
@Gweihir: Gratuitous, condescending, unnecessary, and banal. Also, just wrong. Just what I expect from citizens of ...
Also, while poor security design is certainly something to be condemned in this case, it is NOT an excuse for exploitation. I am appalled at the sheer lack of morality such a worldview implies. For shame.
"Walker didn't turn spy for any ideological or political beliefs. He was simply in it for the money."
Which makes him a capitalist, or maybe just a mercenary.
@Gweihir: Patriot? Nope, not Walker. He was gutter-sucking two-timing slime. Case in point: he wanted his daughter to have an abortion so she could better advance in the Navy and therefore be a productive part of the family spy ring. He was discovered when he stiffed his alcoholic, broke ex-wife once too often and she called the Navy. If she knew he spied, why did he repeatedly dis her? I don't know but it was his undoing.
Aren't people always part of the system? If they are part of the system then they are/can be part of the security controls. Aren't security controls measured by the level you can trust them not to fail?
Have you ever listened to the man's interviews? Do. What is said above is true. He claims he was a GREAT employee ... to both governments.
He was no red. He went to the Soviet embassy, they didn't recruit him.
He was also paid a couple of million. He convinced his children to engage in treason. (and when you betray your country you are treasonous. It's not like he was a Soviet planted here.)
Funny thing. His probable handler? KGB General Oleg Danilovich Kalugin was naturalized a US Citizen a couple years back. Naturalized real fast compared to my immigrant friends. He says he never turned over any Soviet asset but my rough estimate puts it about the time of Breach. (speculation of course no one who knows anything ever talks to me)
I read this the first time. It's very interesting.
Hmm, might have been appropriate to update with a comparison to the Cuban spy couple and their use of low-tech to evade detection
"A retired State Department officer and his wife who are accused of spying for Cuba appear to have avoided capture for 30 years because their communications with the Caribbean island were too low-tech to be detected by sophisticated U.S. monitors."
> Also, while poor security design is certainly something to be condemned in this case, it is NOT an excuse for exploitation. I am appalled at the sheer lack of morality such a worldview implies. For shame.
Catching the bad guy, or plugging the specific design flaw, whether for poor systems design or poor security design, is not the final answer either.
This paper is good as it analyzes types of failures that arise from the sorts of organizations and systems we tend to build. So, if you don't pay attention you will build another system that can be exploited by the next bad guy who comes along.
Calling the bad guys bad names or trying to attach moral certitude to evaluation techniques misses the point and leaves systems at all levels vulnerable.
that sounds like the "numbers stations" http://en.wikipedia.org/wiki/Numbers_station which are a well known means of sending instructions to spies. As a radio ham I often came across them when listening to the broadcast bands. Perhaps the reason that 'they' did not succeed in 'cracking' it is that you need to listen and write down the numbers, a boring task, before you could feed the numbers into the computers for analysis.
@ed "Which makes him a capitalist, or maybe just a mercenary"
Uh no. If I entrust you with something as my employee and you hock it for cash? Makes you a thief.
"that sounds like the "numbers stations"... ... which are a well known means of sending instructions to spies....
Perhaps the reason that 'they' did not succeed in 'cracking' it is that you need to listen and write down the numbers, a boring task, before you could feed the numbers into the computers for analysis."
Err no. Numbers stations are routienly recorded and the transcribing is done automaticaly along with timing analysis etc.
The problem is "One Time Pads" provided they are generated and used properly the system is uncrackable.
The Soviets once made a mistake with OTP's and re-issued some that had been used. The data cruching that was carried out by the NSA & GCHQ analysts picked it out.
Having learnt the lesson (possibly by UK spys or a US analyst) it is unlikley that they repeated it in other areas such as numbers stations.
Have a look at,
[venona "one time pad" reuse]
Also try using "verona" as for some reason it is often mistakenly called that.
@Jeffco: "Uh no. If I entrust you with something as my employee and you hock it for cash? Makes you a thief."
If I employ you in the military, and you sell secrets to an enemy state, then it makes you a traitor. Lets not sugarcoat what this jerk did.
"If I employ you in the military, and you sell secrets to an enemy state, then it makes you a traitor. Lets not sugarcoat what this jerk did."
The problem with calling somebody a traitor is the implication that they are effectivly a hero for whom they commited their act of treason (see story of Kim Philby et al). And thus they can try to take a moral highground.
What he did lacked any other ethic other than greed. He chose freely to sell what ever morals he might of once had for "forty pieces of silver".
Don't give what he did any opening of self justification. For a person without morals as he appears to be will jump on the opportunity without shame, simply because they have none.
@ Clive Robinson
@Clive Robinson "For a person without morals as he appears to be will jump on the opportunity without shame,"
Jonathan Pollard is another exemplar of that class. He continues to claim patriotism in all his acts.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.