Why ‘Destruct Zero’
No one asked, but this is the story about how my life got flip turned upsi…no, wait. Not that story. This is why the blog is called Destruct Zero.
I’m a security enthusiast. Yes, it may sound weird that such a thing exists but I truly am fascinated by all things related to confidentiality, integrity, accessibility, and the resulting security of private information. The ins-n-outs and hows-n-whys of when and where personal information is disclosed without permission is incredibly compelling to me.
So, on to the story. During a recent viewing of Star Trek III: The Search for Spock I became fascinated by the apparent lack of security exhibited by the Federation’s Finest. In the film, Admiral James T. Kirk and company are faced with a major decision: destroy Enterprise and give themselves a fighting chance to keep searching for their friend and crew member, Spock, or have their beloved ship boarded and be captured by Kirk’s arch enemies the Klingons.
Faced with a grim future no matter what they choose. they decide to destroy the ship. To accomplish this they gather around a computer terminal and provide voice commands instructing the computer to initiate the auto destruct system. (Spoiler alert – all good starships come fully equipped with bombs throughout their hull)
Kirk, Scotty, and Chekov find themselves huddled around a darkened bridge console, illuminated by the flashing red alert lights familiar to all Trekkies.
Admiral James Tiberius Kirk begins the sequence:
Kirk: “Destruct sequence 1, code 1 1 A.”
Scotty: “Destruct sequence 2, code 1 1 A 2B.”
Chekov: “Destruct sequence 3, code 1 B 2B 3.”
Computer: “Destruct sequence completed and engaged. Awaiting final code for one minute countdown.”
Kirk: “Code zero zero zero. Destruct. Zero”
That’s all it took to set the auto destruct on the flagship of the Federation. Here we are, in the 24th century and secure passwords or passphrases are apparently not something anyone has ever thought of. Sure, I understand that in 1984 when this film was released there was a different level of familiarity with computers and technology and Hollywood science fiction writers likely did not have a compelling reason to think these codes wouldn’t be sufficient in the 24th century world they were creating.
Nonetheless, hearing these codes read aloud on the battle scarred bridge of my very favorite spaceship gave me pause. I began to wonder just how secure was this system that could bring about the destruction of the mighty Enterprise?
According to Dashlane’s Password Checker, Kirk’s ‘1 1 A’ code would take a computer one solitary microsecond to crack, Scotty’s ‘1 1 A 2B’ would crumble in two milliseconds, and Chekov’s ‘1 B 2B 3’ would be foiled in just 54 milliseconds. The final failsafe, the final authorization from our favorite Admiral, ‘Destruct 0’ would be cracked in 42 minutes.
Using measurements of computers in use today it would take less than an hour’s worth of computing to crack the auto destruct sequence and blow up the ship.
Things hadn’t changed much a few movies later when hackers were able to modify Enterprise’s weapons computer to falsely indicate they had fired on Chancellor Gorkon’s ship, Kronos One, crippling it.
Returning to the 21st century, I recently read of an audit conducted by the Government Accountability Office (GAO) on certain United States Department of Defense weapons systems. In part, the report drew attention to a critical mistake made by operators of these systems: they had never changed the default passwords and usernames implemented by the manufacturer. These weapons systems were compromised by security auditors within 9 seconds. Nine seconds. To compromise and take control of United States military weapons systems.
Can we do better in our personal and professional lives? Yeah, I think we can. And we should start today.
G O D S A V E T H E R E P U B L I C