Microsoft S/w bug puts Russian nukes at risk

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Nukes: A Lesson From Russia By Bruce G. Blair Washington Post Wednesday, July 11, 2001; Page A19

Although the United States spends nearly $1 billion every year to help Russia protect its vast storehouse of nuclear weapons materials from theft or sale on the black market, few Americans know how this aid helps strengthen America's own nuclear safeguards.

Russian experts at the Kurchatov Institute, the renowned nuclear research center in Moscow, recently found what appears to be a critical deficiency in the internal U.S. system for keeping track of all bomb-grade nuclear materials held by the Energy Department -- enough material for tens of thousands of nuclear bombs.

Kurchatov scientists discovered a fatal flaw in the Microsoft software donated to them by the Los Alamos National Laboratory. This same software has been the backbone of America's nuclear materials control system for years. The Russians found that over time, as the computer program is used, some files become invisible and inaccessible to the nuclear accountants using the system, even though the data still exist in netherworld of the database. Any insider who understood the software could exploit this flaw by tracking the "disappeared" files and then physically diverting, for a profit, the materials themselves.

After investigating the problem for many months, the Russians came to believe that it posed a grave danger and suspended further use of the software in Russia's accounting system. By their calculations, an enormous amount of Russia's nuclear material -- the equivalent of many thousands of nuclear bombs -- would disappear from their accounting records if Russia were to use the flawed U.S. software program for 10 years.

Then, in early 2000, they did something they didn't have to do: They warned the United States, believing that an analogous risk must exist in the U.S. system. Although neither Los Alamos nor the U.S. Department of Energy has publicly acknowledged the possibility that innumerable files on American nuclear materials might have disappeared, the Russian warning caused shock waves at the highest levels of the Energy Department.

Unlike the Russians, who did not throw away their manual records of their nuclear stockpile -- the infamous shoe box and hand-receipt system that U.S. assistance was intended to supersede -- the United States has long since discarded its old written records. To reconstruct a reliably accurate accounting record, the Energy Department may need to inspect all of America's nuclear materials -- a huge task that could cost more than $1 billion and still might not detect the diversion of some material, should it have occurred.

The importance of the goodwill and trust that had grown up between American and Russian nuclear experts over years of working together in this area is clear. When the Russian scientists first discovered the computer flaw, the initial reaction in some high-level Moscow circles was to suspect an American Trojan horse, a bug planted deliberately to undermine Russian security. After complaints by their Russian counterparts, scientists at Los Alamos suggested that the Russian scientists instead use a later version of the same program. Kurchatov then discovered the upgraded program not only contained the same bug (though much less virulent) but also had a critical security flaw that would allow easy access to the sensitive nuclear database by hackers or unauthorized personnel.

But trust overrode suspicion. The Russians concluded that the glitches were innocent errors, not devious traps. Thus, they feared the U.S. database, unbeknown to Americans, was not only prone to lose track of nuclear materials but was also accessible to unauthorized users. Russia reported both problems to Los Alamos, which subsequently verified the defects, as did Microsoft. Though a fix remains elusive, Kurchatov scientists also have shared a partial repair they developed.

This Russian feedback may be causing American embarrassment -- U.S. officials apparently have tried to muzzle the Russians and censor their scientific papers on the fiasco -- but it surely represents a high return on the American investment in Russian nuclear security. The lesson is that nuclear cooperation is a two-way street, is paying off and deserves continuing support.

The writer, a former Minuteman missile launch officer, is president of the Center for Defense Information.

© 2001 The Washington Post Company Nukes: A Lesson From Russia

By Bruce G. Blair

Wednesday, July 11, 2001; Page A19

Although the United States spends nearly $1 billion every year to help Russia protect its vast storehouse of nuclear weapons materials from theft or sale on the black market, few Americans know how this aid helps strengthen America's own nuclear safeguards.

Russian experts at the Kurchatov Institute, the renowned nuclear research center in Moscow, recently found what appears to be a critical deficiency in the internal U.S. system for keeping track of all bomb-grade nuclear materials held by the Energy Department -- enough material for tens of thousands of nuclear bombs.

Kurchatov scientists discovered a fatal flaw in the Microsoft software donated to them by the Los Alamos National Laboratory. This same software has been the backbone of America's nuclear materials control system for years. The Russians found that over time, as the computer program is used, some files become invisible and inaccessible to the nuclear accountants using the system, even though the data still exist in netherworld of the database. Any insider who understood the software could exploit this flaw by tracking the "disappeared" files and then physically diverting, for a profit, the materials themselves.

After investigating the problem for many months, the Russians came to believe that it posed a grave danger and suspended further use of the software in Russia's accounting system. By their calculations, an enormous amount of Russia's nuclear material -- the equivalent of many thousands of nuclear bombs -- would disappear from their accounting records if Russia were to use the flawed U.S. software program for 10 years.

Then, in early 2000, they did something they didn't have to do: They warned the United States, believing that an analogous risk must exist in the U.S. system. Although neither Los Alamos nor the U.S. Department of Energy has publicly acknowledged the possibility that innumerable files on American nuclear materials might have disappeared, the Russian warning caused shock waves at the highest levels of the Energy Department.

Unlike the Russians, who did not throw away their manual records of their nuclear stockpile -- the infamous shoe box and hand-receipt system that U.S. assistance was intended to supersede -- the United States has long since discarded its old written records. To reconstruct a reliably accurate accounting record, the Energy Department may need to inspect all of America's nuclear materials -- a huge task that could cost more than $1 billion and still might not detect the diversion of some material, should it have occurred.

The importance of the goodwill and trust that had grown up between American and Russian nuclear experts over years of working together in this area is clear. When the Russian scientists first discovered the computer flaw, the initial reaction in some high-level Moscow circles was to suspect an American Trojan horse, a bug planted deliberately to undermine Russian security. After complaints by their Russian counterparts, scientists at Los Alamos suggested that the Russian scientists instead use a later version of the same program. Kurchatov then discovered the upgraded program not only contained the same bug (though much less virulent) but also had a critical security flaw that would allow easy access to the sensitive nuclear database by hackers or unauthorized personnel.

But trust overrode suspicion. The Russians concluded that the glitches were innocent errors, not devious traps. Thus, they feared the U.S. database, unbeknown to Americans, was not only prone to lose track of nuclear materials but was also accessible to unauthorized users. Russia reported both problems to Los Alamos, which subsequently verified the defects, as did Microsoft. Though a fix remains elusive, Kurchatov scientists also have shared a partial repair they developed.

This Russian feedback may be causing American embarrassment -- U.S. officials apparently have tried to muzzle the Russians and censor their scientific papers on the fiasco -- but it surely represents a high return on the American investment in Russian nuclear security. The lesson is that nuclear cooperation is a two-way street, is paying off and deserves continuing support.

The writer, a former Minuteman missile launch officer, is president of the Center for Defense Information.

© 2001 The Washington Post Company http://www.washingtonpost.com/wp-dyn/opinion/A44053-2001Jul10.html

-- Rich Marsh (marshr@airmail.net), July 21, 2001

Answers

This is the "Sequel" to the Y2K Bugs, and needs to be publicized highly!

This major Information Technology bug may well rival -- or even surpass -- the Y2K Bugs, in its importance and potential threat to our civilization.

This shows that Man's overdependence on Information Technology may still be Man's "undoing". And, since the public perception is that Y2K was a total non-event, the public still is not aware of the sheer magnitude of the threat to our civilization that overdependence on Information Technology poses.

As a Christian, I view the NASDAQ tower, where most Information Techlology stocks are traded, as being the modern day "Tower Of Babel".

-- Robert Riggs (rxr.999@worldnet.att.net), July 21, 2001.


Moderation questions? read the FAQ