Wednesday, May 07, 2014

Still Alive

Dear reader. Just a short note to say that we're still alive and kicking. Due to a scandalous lack of free time I didn't had the opportunity to add new posts. I hope to continue soon. Keep the lines open...

Thursday, November 14, 2013

Windscale's Fatal Race for the Bomb

The Windscale Reactor
In the 1950s, Britain was pressured to develop its own nuclear bomb, in the hope to become a nuclear partner to the United States. As a nuclear power, Britain would retain its status as a superpower and a partnership with the U.S. could give them access to vital nuclear science.

To produce plutonium, the essential fission material for the bomb, they build the Windscale reactor, the first ever nuclear reactor in Britain. Political pressure for an urgently needed success and the risks they had to take to meet the deadline had their inevitable effects on the security.

To keep up with the United States,  who by then already had their own hydrogen bomb, Britain cranked up the production of plutonium and tritium. The aluminium cooling fins of the fuel cartridges had been reduced to dissipate less heat. The resulting higher temperature increased reaction in the core, producing more of the badly needed fission material.

Not designed to operate under these conditions, the graphite core increasingly suffered from so-called Wigner energy, which caused sudden local heat releases at irregular intervals. On 10 October 1957, some of the refitted cartridges, containing enriched uranium and lithium-magnesium, caught fire and overheated the reactor's graphite core. In an attempt to cool down the reactor, the operators increased the airflow, causing the fire to spread throughout the reactor core. The fire was eventually extinguished after 48 hours by pumping water into the fuel channels.

In contrast to modern closed-circuit water-cooled reactors, the Windscale design used airflow to control the reactor core temperature, evacuating excessive heat through a large chimney into the air. Consequently, the fire caused a release of nuclear material across Britain and Europe, making it both the first and worst ever nuclear incident in Western Europe, rated 5 on the 7-point INES scale (Chernobyl in Eastern Europe rated 7). The air-cooled core design, used for the first time in Windscale, has been abandoned since.

The truth about the cause of the Windscale incident was kept secret for political reasons. It was one of the more sinister episodes of the Cold War race for the bomb, and hardly mentioned in history. The dismantling of Windscale's iconic chimney started last September. More about this technically challenging work on the Sellafield website which includes the complete demolition program, and on World Nuclear News. The BBC website has some historical images of Windscale.

There's an excellent BBC documentary about the Windscale nuclear disaster that you can watch here below or alternatively via this youtube link.

Sunday, November 03, 2013

The Atomic Age - Black on White

Following up on my Camp Century post about the use of a small nuclear power reactor in Greenland, I would like to recommend two fascinating websites about atomic energy and nuclear weapons.

Mark's weblog Atomic Skies covers a wide range of applications of atomic energy. He presents both technical and historical facts, based on publicly available papers. Some of the installations, devices and ideas, conceived in the early years of atomic energy, were pretty amazing. This mysterious energy inside that tiny atom produced both some of the weirdest and some of the most brilliant inventions, from nuclear air planes to today's pretty secure nuclear reactors.

Alex Wellerstein is an historian of science at the American Institute of Physics. Alex is the author of the Nuclear Secrecy Blog and historical documents are his natural biotope. His work covers the complete nuclear era but focuses mainly on the development of the atom bomb during WW2 and the early Cold War years. He explains in an excellent way the military, technical, as well as the historical aspects of the bomb and the men who developed it.

Together, Atomic Skies and  Nuclear Secrecy Blog are good for countless hours of fascinating reading. Highly recommended

Wednesday, October 16, 2013

New Style Codebreaking

I refrained - barely - from comments on the notorious Snowden case for many months. Unless you were involved in a NASA settlement project on Mars, you will know Edward Snowden by now, the former National Security Agency contractor who blew the whistle, or better, the lid from NSA's Pandora box.

I waited because I believed that the initial headlines would quickly fade away - as they did - and the really interesting bits were still to come in the following months, both directly by the Snowden papers and indirectly through tremors all over the security and intelligence branches.

Although only a fraction has surfaced by now, the available information already proved more than enough to make spectacular headlines that - as also expected - hardly appear in the news, are completely ignored and underestimated, not only by the average user, but even - and this is far worse - by professional organisations and governments.

Intelligence historian Matthew Aid just published an enlightening article on NSA's New Code Breakers (alternative read via Fortuna's Corner), detailing how NSA shifted in the past decade its focus from codebreaking to non-cryptanalytic techniques, as there are, black bag operations (surreptitious entry, theft...), hacking and - this a nice euphemism - Tailored Access Operations (sophisticated spyware).

In other words: why decrypt it when you can steal it before it is encrypted. Now, the problem isn't NSA's capability to intercept and cryptanalyse your communications. After all, this is (or at least was) their primary task. The problem is that they now, on a massive scale, steal your data from on-line services or by breaking into your computer. They call it data mining, but it's actually data theft, and NSA is not to blame for that.

Several years ago, I wrote about how insecure computers are, the flawed security of public key cryptography (used all over the world for virtually everything), the current so-called state-of-the-art crypto algorithms and why it is useless to run crypto or anti-virus software on personal computers to protect your privacy. The security guru's (the experts after all) surely disagreed... until now.

Of course, anyone with only a bit of knowledge about security knows (but not all admit) that there's no such thing as a secure computer or privacy on the Internet. I always tried to convince people that secure communications meant putting your personal computer aside and use alternative "old school" methods.

These include personal conversation, dedicated off-line crypto devices or even return to one-time pad encryption, the unbreakable system (yes also unbreakable for NSA) which was - for good reasons - very popular until the 1980's for military and government communications. Solid and secure communications, even unbreakable, isn't new. It was already available half a century ago.

Crypto developers don't like to hear this, but the truth is that secure communications is pretty easy. Crypto security is not a complex mathematical problem but a technical-logistical problem. If you can get enough key material to the correspondents, you can provide perfect security. Today, mass key distribution and truly unbreakable encryption are perfectly possible with current hardware technology, albeit not when running it on the junk computers they sell today. However, it's also perfectly possible to develop secure computers for the commercial market.

Of course, it would present an enormous challenge to switch from the current insecure systems to solid encryption technology. But who's to blame for that? This would also require a new architecture for computers, focused on performance and watertight security, not focused on all kinds of legalised commercially driven back-doors to sell slash fed you with updates, spam and addware.

Computers don't install malicious software by themselves. They do exactly what you tell them to do, and they never do what they are not programmed for. It's that simple. Computer security is easy to accomplish, both in hardware and software, without compromising performance or comfort, if you're willing to.

The problems with our computers already started in the 1980s, with the rapidly expanding computer business. The cryptologists had to devise new solutions to cope with the exponentially expanding communications and the related key distribution However, that's exactly where it went wrong. Badly wrong.

Instead of focusing on how to solve secure key distribution for highly secure crypto algorithms, they choose the path of developing easy-to-use and so-called unbreakable public key cryptography: use traditional (yes, insecure) crypto algorithms to encrypt data, under control of a shared key of limited size. Instead of large keys and secury encryption they choose small keys and mathematical (at least in theory) secure encryption. They chose lazy over hard.

It's obvious that practical is quite different from secure. Recent events and the collapse of digital privacy and security - because that's exactly what happens now - proves the cryptologists approach to be a fatal mistake. I don't hear them boast about their crypto security now, nor do I see them provide solutions to today's eavesdropping catastrophe. Because they can't. And they know it.

The computer companies and their software developers are also to blame for the incompetence of the cryptologists, and some are even accomplices to the current privacy collapse. They decided to build in all kinds of processes, running behind our backs, to automatically install software, change system files and send information about your system and your data. And all this at the request of virtually anyone. Of course, some of these processes are useful to improve performance and compatibility. But the computer should only run trusted useful software, and yes, it's perfectly possible to tell the computer to do only that.

However, most open-the-backdoor processes are developed for nothing more than purely commercial proposes (yes, also those updates for so-called compatibility) or even developed by intelligence agencies that take a walk with your privacy. Even more worrying, some well known companies are kind enough to provide assistance to those agencies who believe privacy is the right to pry. Oh well, isn't privacy a conjugation of piracy? I don't hear them boast about their anti-virus and firewalls now, nor do I see them provide solutions to today's eavesdropping catastrophe. Because they don't want to. And they don't care.

I also wrote, years ago, about the consequences of these wide open gates: crypto and security software developers have absolutely no clue, I say again, no clue whatsoever, of all unidentified spyware, add-ons,  plug-ins and - as we recently discovered - government made "tailored access operations" software that is running on your computer. Consequently, security vendors are constantly one step behind, thus promising what they cannot deliver. They tell you that you need them. Indeed, their software is so bad that your computer constantly crashes or leaks like a sieve, if you don't constantly plug it... with their other lame software, of course.

Can you imagine buying a car that requires a daily check by the constructor to solve ever returning security issues? Hopefully not the breaks today? Dooh! You'd sue them! We all know what the problem is. Commercial profit. Forget all their excuses, they are unwilling to provide a solid and secure product. Is there another word for it than money driven arrogance towards the customer? By now it should be clear that they really screwed you, in your wallet and in your privacy. Does it sound harsh? It should.

Note that there are many excellent security experts who deserve our respect, but give me one good computer security slash crypto expert (the problem solving kind of expert, not problem exploiting expert). They now roll themselves in poor excuses ranging from "it's a complex problem" over "the algorithm is fine but the platform bad" to "the current threats are illegal practises", but that's exactly what they are supposed to protect us from. They are simply incompetent. Period.

Computer security and privacy are currently non-existent, and this also count - even more - for tablets and smart phones. It's about time that everyone starts realising that we completely depend on those machines for all our communications and that politicians, who - I am told - represent us, start to act and make laws that protect us. Until then (and "then" won't be the near future) you should think about what you type on your keyboard. In plain English: nothing you type or store digitally is safe from being read, exploited and misused by others. Get it? Just ask, from all people, that poor former CIA chief, general Petraeus. The Russian clearly got the point.

Do not misunderstand. I'm not against legally authorised surveillance (only on the bad guys), nor do I oppose to intelligence agencies and their work. However, some agencies and companies forget that privacy is a basic human right and all to easily use the pretext of fight against crime and terror as an excuse to snoop on you and me. Make sure to read Matthew Aid's piece on NSA's capabilities. Frode Weierud presented an excellent view on the PRISM and OCEO data mining programs, another dubious NSA surveillance trick. The Guardian has an excellent interactive page with discussions on NSA and privacy (scroll down their page to watch all interviews). More on NSa's collection programs and crypto backdoors in Bruce Schneier's November Crypto-Gram issue and his post on metadata.

Update: with new information continuously surfacing and being confirmed, it seems that the U.S. war on terror backfires and NSA will get blamed for that. More allies are questioning the unrestricted dragnet collection of data on their country, its government agencies and citizens, and do not accept the excuse of war on terror.

While NSA can still claim to respect all U.S. laws and denies eavesdropping on its own citizens, their allies, especially those in Europe with a tradition of strict laws on privacy, are turning against the no-rules collection of intelligence. By now, this also affects the carefully build relations between the U.S. and its allies. Has NSA shot itself in the cyber foot? Even the U.S. public concern grows on both their own privacy and the effects of the international turmoil on their country.

It is not because the technology allows to collect information on a massive scale that you should actually do this, or that it is smart to do so. When even U.S. congressional oversight has no clear picture of NSA's operations, then how can, for instance, Europe be sure that the same technology is not used for industrial or corporate espionage, or to obtain foreknowledge on economic negotiations? Nothing new there. Technology equals power and history has shown, and will continue to show, that power corrupts. The intelligence archives are full of such examples.

However, if their allies (just as U.S. citizens by the way) have no idea of what information was collected and whether it was misued or not, then there is a crisis of confidence between partners. Answers like "we cannot discuss sensitive issues", "we assure you we do nothing wrong" or "we confirm nor deny" are hardly conducive to restore trust. Eavesdropping on friendly heads of states has nothing to do with war against terror, it's blunt offensive espionage. In the end, such a policy can have more adverse than beneficial political and economical effects to the U.S. (and the terrorists will be glad to hear that).

Intelligence collection on both friend and foe isn't new, but the technology has changed enormously since ECHELON, the first worldwide SIGINT collection network. Is the wide scale data mining proportional to the goal? Doesn't damaging international relations and redefining basic rights on privacy gets pretty close to admitting that the terrorists won? Of course, it's not up to NSA to justify anything, they only execute what they are told to do (if otherwise, there's a serious problem). Only the politicians are accountable.

Is the Foreign Intelligence Surveillance Act (FISA) in need of an update that includes rules on intelligence gathering abroad? In any case, given the possible impact on international relations, no intelligence agency should independently determine the means and rules to achieve the goals that were set by the politicians, because inappropriate or disproportional means will eventually do more harm than good. Since NSA and U.S. laws (and for that matter also GHCQ, GCSB, ADSD, DGSE, BSI and many others) perceive privacy and secrecy differently than the friends they snoop on, there might be a need for a different (not necessarily more) oversight, with new rules that addresses the distrust and concerns about privacy. Case far from closed.

Despite all the sorrow, a bit of cheerfulness (well, sort of): the story of the humorous logo that is not to be confused with the NSA logo!

Wednesday, October 02, 2013

Camp Century - Greenland Going Nuclear

Constructing the reactor building
In 1960, the U.S. Army started the construction of Camp Century on a remote icy plain in Greenland. Located in the Arctic Circle, east of the Canadian Arctic Archipelago and right between the United States and Russia, Greenland was, and still is, part of the Kingdom of Denmark.

The United States had obtained permission from the Danish government to build an arctic research complex to conduct experiments of construction under arctic conditions, the use of small nuclear power plants in remote environments and various other scientific experiments.

A least, that was the official version, presented to the Danish government. The real reason for this arctic adventure in the height of the Cold War was less scientific. Camp Century was part of the top secret Project Iceworm, the construction of an underground, or rather, under-ice network of nuclear missile launch sites. This would enable medium-range nuclear missiles to hit Moscow in the event of a nuclear war.

Camp Century Layout
(click to enlarge)
Camp Century gradually grew into a large complex of prefabricated buildings, buried in large covered trenches underneath the ice. The three kilometers long complex included sleeping for some 200 inhabitants, research buildings, a communications center, mess hall and kitchen, truck maintenance hall, showers, infirmary with operating room, chapel, library, recreation rooms, a theatre and various other buildings.

The PM-2A, the first ever portable nuclear power reactor, delivered two Megawatt electrical power to the settlement, with a diesel-electric generator as back-up. Four ramps, descending into the trenches, and sixteen vertical escape hatches were the only visible parts of the complex.

Camp Century Main Entrance. Image credits: Jon Fresch

In 1963, after three years of operation, Project Iceworm came to a halt when geologists discovered that the ice sheet, which they believed to be rather solid and permanent, moved and deformed much faster than expected. They calculated that the shifting ice would destroy the future underground missile silos within less than two years. By 1965, the nuclear reactor was dismantled, shipped back to the United States and all personnel evacuated. The camp eventually closed down completely in 1966.

Goodbye nuclear missile outpost. All quiet on the northern front...

... until 1968, when a B-52 strategic bomber, carrying four hydrogen nuclear bombs, crashed at Thule Air Base, 240 kilometers from Camp Century. The B-52's mission was part of U.S. Air force Operation Chrome Dome, the airborne alert for rapid first strike and retaliation, running since 1960. It was the first tip to be lifted from the veil of Greenland's nuclear secret (and the deathblow for Chrome Dome).

Only in 1995, Denmark (which claimed a nuclear-free zone policy since 1957) initiated a thorough investigation into the crash and what those nukes were doing there. The outcome caused a major political scandal in Denmark, called Thulegate. The final report, commissioned by the Danish parliament, was published in 1997. The report, based on declassified U.S. documents, finally revealed both the officially denied recurrent nuclear-armed overflights and the plans to construct no less than 600 nuclear missile silos on Greenland's icy plains.

Today, we can only guess about the true effects of both the nuclear power plant and the heavily polluting plane crash on the apparently not-so-environmentally-clean Greenland. Oh well, the wind has died down, the story is long forgotten and problem solved. Or not? Amazing how quickly such spicy Cold War stories perish.

Below you find a fascinating 1963 U.S. Army documentary about the construction of Camp Century, which "incidentally" forgets to mention Project Iceman. At that time, it was a smart move to show the "research" camp in the media to appease any suspicion from the Soviets about its real purpose. Although portrayed idealistic, the documentary is a great example of the 1960s Cold War mindset. I love those movies!

The Defense Technical Information Center has the complete Technical Report of Camp Century, drafted in 1965. Atomic Skies has an excellent description of Camp Century and Project Iceworm. Some interesting information, images and documents are found at Frank Leskovitz' Science Leads the Way. There's a pod cast about the camp at Allan Bellows Damn Interesting and here's a nice ironic view on the camp's secret history.

More on Project Iceworm in Chapter III, p. 53-56 of the History of the U.S. Army Engineer Studies Center and on Wikipedia. Finally, you can read more about the B-52 crash at Thule AB in 1968 and USAF Col Leonard Otten wrote about Project Crested Ice (from page 87), the Thule crash cleanup.

As a side note, the 1961 SL-1 incident in Idaho, explosion and meltdown inclusive, shows that planting small nuclear reactors in the arctic wasn't really a great idea, at least not in those days. A nice government documentary about the SL-1 shows why. However, it didn't stop the Army Nuclear Power Program (ANPP) from planting new ones in Antarctica and Alaska, to name a few of the eight locations. The ANPP program ended in 1977. Whew!