Tikalon Header Blog Logo

The US Cyber Command

July 14, 2010

The internet has been likened to the wild west. [1] The wild west was tamed through the efforts of the US Marshalls, among whom is the notable Wyatt Earp. The internet is being tamed by a new federal agency, The United States Cyber Command, which began operations on May 21, 2010, at Fort Meade, Maryland.[2] Fort Meade was an obvious place to locate this new command, since it's also the home of the National Security Agency.

The Mission statement of the United States Cyber Command is as follows:
"USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

United States Cyber Command Logo

United States Cyber Command Logo.


What's interesting about the command logo (pictured) is the barely visible text string, 9ec4c12949a4f31474f299058ce2b22a, in an inner ring. Computer people immediately recognize this to be a 32-digit hexadecimal number that represents a 128-bit binary number. A secret message? The 128-bit length is an almost certain indication that this is either a cryptographic key or a security feature called a message digest, or hash. More than one internet source has discovered that this number is the md5 hash of the Cyber Command mission statement, as I verified on my own (Linux) computer:
$ echo -n "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." | md5sum
9ec4c12949a4f31474f299058ce2b22a -
What's an md5 message digest? Message-Digest Algorithm 5, known as md5, is a method to verify that a document hasn't been modified. It's a complicated algorithm that's designed to prevent more than one document giving the same digital signature. To use as an example a part of the US Declaration of Independence referenced in a previous article (Isotope Forensics, July 8, 2010), changing the same word as Thomas Jefferson
$ echo -n "He has constrained our fellow Citizens taken Captive on the high Seas to bear Arms against their Country" | md5sum
7804737b8d4eb3f8542ce236f7b62d38 -
$ echo -n "He has constrained our fellow Subjects taken Captive on the high Seas to bear Arms against their Country" | md5sum
7b74804bd69ad5e92658ed24f54374d4 -
This was a change of an entire word, but modification of just a single character causes a huge change in the hash result. In the following example, I just changed the upper case "C" in Citizens to lower case:
$ echo -n "He has constrained our fellow Citizens taken Captive on the high Seas to bear Arms against their Country" | md5sum
7804737b8d4eb3f8542ce236f7b62d38 -
$ echo -n "He has constrained our fellow citizens taken Captive on the high Seas to bear Arms against their Country" | md5sum
d957359c805310bcc4ad63cb61404134 -
What's interesting about the Cyber Command's use of md5 in their logo is that md5 has been cryptographically broken. Computer security experts have been able to produce different files that give the same md5 result, something that's called a "collision." If your purpose is just to see whether someone has changed a word or two in an important document, md5 is just fine. The documents that were shown to cause a collision were wildly different. A more secure algorithm, SHA-2, is replacing md5 in sensitive applications. Using sha256 will give you 256 bits of security; viz.,
$ echo -n "He has constrained our fellow Citizens taken Captive on the high Seas to bear Arms against their Country" | sha256sum
a80f130cff27ac03accdafb0a36186c89e2cef586fa2dfbcf5120ded640c03d6 -

References:

  1. Mike Sachoff, "IBM Calls Internet Wild West," WebProNews, August 26, 2009.
  2. The United States Cyber Command Page on Wikipedia.
  3. Noah Shachtman, "Cyber Command: We Don't Wanna Defend the Internet (We Just Might Have To)," Wired, May 28, 2010.
  4. Noah Shachtman, "Crack the Code in Cyber Command's Logo," Wired, July 7, 2010.

Permanent Link to this article