crypto. hebern, secret

Update on Kylin OS. Canonical teaming with China to develop Ubuntu Kylin

Almost four years ago, I posted about the Chinese "secure OS" called Kylin. I did not hear much about Kylin since then. That changed this week when Canonical announced it is teaming up with the China Software and Integrated Chip Promotions Centre (CSIP) and National University of Defense Technology (NUDT) to develop a new national OS for China.

While the name includes "Kylin", it appears that the Ubuntu Kylin will be quite different than the earlier Free BSD based Kylin OS. The new Kylin appears to be an Ubuntu distro strongly geared for the Chinese users. According to the Canonical announcement:

Ubuntu Kylin goes beyond language localisation and includes features and applications that cater for the Chinese market. In the 13.04 release, Chinese input methods and Chinese calendars are supported, there is a new weather indicator, and users can quickly search across the most popular Chinese music services from the Dash. Future releases will include integration with Baidu maps and leading shopping service Taobao, payment processing for Chinese banks, and real-time train and flight information. The Ubuntu Kylin team is cooperating with WPS, the most popular office suite in China, and is creating photo editing and system management tools which could be incorporated into other flavours of Ubuntu worldwide.

Although it will share the security traits associated with the Ubuntu Linux distros, there is no special claim being made that this a "secure OS".  The plan is for Ubuntu Kylin to be eventually expanded to include other platforms, including servers, mobile phones, and tablets.

Ubuntu Kylin should be easier to obtain than the other Kylin. (I tried to find a reliable source for it but hit too many dead ends back in 2009.) Ubuntu Kylin is scheduled to released along with the Ubuntu 13.04 releases in April. When I know the official distribution URL, I'll post it.

Meanwhile, you can check out the project's Wiki at (English) and (Chinese).

Other articles about Ubuntu Kylin:

crypto. hebern, secret

Brian Krebs: Russian Police Translate Only the Good News (They're not the only ones)

On December 16th, Brian Krebs had an interesting post on how "Russian Police Only Translate the Good News".  He explained how the Russian Interior Ministry (MVD / МВД) English language content is generically positive. To get a fuller picture of what's happening, you have to go to the Russian language content. (It is where I usually find MVD press releases about computer crimes.)

Brina Krebs also noted that Jeffrey Carr, who tracks cyber-conflict issues, noticed that Chinese government sites tend to do the same thing. Carr said, “If you want a starting point for finding out what’s really going on in these countries, you have to use something like Google translate."

Exactly so!

The Importance of Going Beyond English (or Whatever Language You Know)

Better yet, as you use tools like Google Translate, seek to learn the languages of the countries in which you're interested. If you can spend time time browsing their government and media sites to get a feel for certain keywords.

Look up up expressions of interests. For example, it can be helpful to get an idea of certain acronyms and jargon on the foreign sites. If dealing with Russian law enforcement & crime issues, knowing the acronym "ОПГ"  (OPG) for "Организованная преступная группа" (Organizovannaya prestupnaya gruppa" - Organised Criminal Group) can be useful. (Here's a useful Glossary of Russian Police & Security Service Acronyms and Abbreviations [pdf])

Google Chrome is an excellent browser since it gives an option for translating the page you are viewing and allows you to easily go back to the original. I left some some useful tips on a Vere Software blog post about Google Tools for Investigators. See its comment section.

For this and other reasons, I highly recommend that people studying and going into the info security field learn another language.

Which one? Depends upon your interests, but there is no absolute must-study. Russian and Chinese are particularly useful. Arabic and Farsi might be quite fitting for other security concerns. But there are some interesting info security happenings in Spanish, Portuguese, German, and other languages. Just learning another language, especially one that is quite different from your native language is, in itself, a big help. It helps you to be more open to still other languages and how to use various tools. (It also helps to learn the limitations of the tools.)

Jonathan D. Abolins

crypto. hebern, secret

Putin is calling for Russian government to move to GNU/Linux

Glyn Moody today posted on his "Open..." blog: "Putin Orders Russian Move to GNU/Linux". I won't repeat the good overview Glyn Moody has already written. Read his post for the info and a look at the proposed timetable for the transition. Also see his other posts about Russia and open source software.

It is an interesting development. Russia has been talking about a national operating system but that has not really gotten off the ground.

One problem I'm hearing is the uneasiness that a Russian national OS could isolate Russians from most of the world. But, with the right conditions, it is not necessarily as big of a risk. One hint might be the popularity of the new .рф country code top level domain for Russia, Rather than being seen as isolating Russian in a Cyrillic ghetto, the Cyrillic domain registrations have passed the 500,000 mark and, as this post, the current stats are approaching 700K.  Perhaps, a key factor is that one can have both  .рф and .ru domains, giving flexibility and retain world accessibility. (More info about the .рф ccTLD on my Internationalised Domain Names -IDN Info site.)

Between Putin's support for the move and it's phased transition, this attempt to move to open source OS might succeed. I also hope that the Russian GNU/Linux move will truly keep the code open.


References (The following links go to Russian documents):
  • article "Путин распорядился перевести власть на Linux"
  • Plan (timetable) for the Russian Federal government transition to GNU/Linux 2011-2015 (.doc): "ПЛАН: перехода федеральных органов исполнительной власти и федеральных бюджетных учреждений на использование свободного программного обеспечения на 2011 - 2015 годы"
crypto. hebern, secret

SCADA Security Series on Aruba Network's Blog

Today's Aruba Network's Green Island Blog SCADA security series examines various security vulnerabilities of the sensor/actuator controls used by SCADA, smart grid and energy management systems and how they can be addressed.
crypto. hebern, secret

Pointers for Electric Network Frequency (ENF) Analysis for Audio Forensics

The 1 June 2010 Reigster has an article, Met lab claims 'biggest breakthrough since Watergate';Power lines act as police informers.

An excerpt:
ENF relies on frequency variations in the electricity supplied by the National Grid. Digital devices such as CCTV recorders, telephone recorders and camcorders that are plugged in to or located near the mains pick up these deviations in the power supply, which are caused by peaks and troughs in demand. Battery-powered devices are not immune to to ENF analysis, as grid frequency variations can be induced in their recordings from a distance.

At the Metropolitan Police's digital forensics lab in Penge, south London, scientists have created a database that has recorded these deviations once every one and a half seconds for the last five years. Over a short period they form a unique signature of the electrical frequency at that time, which research has shown is the same in London as it is in Glasgow.

On receipt of recordings made by the police or public, the scientists are able to detect the variations in mains electricity occuring at the time the recording was made. This signature is extracted and automatically matched against their ENF database, which indicates when it was made.
The technique can also be used to detect or rule out covert editing of audio. ENF analysis is made possible by the growing use of digital recording and its greater timekeeping accuracy over analogue.

Digging further in my attempts to learn more about ENF, I searched for info about Dr. Catalin Grigoras, a Rumanian audio forensics expert whose research is the basis for London Met's continuing work.

Dr. Grigoras' Web site has useful links to his papers & presentations (some behind paywalls but few are cost-free):



A Great Cyberwar Glossary

Dateline: 1 April 2010 (Note the date)

I came acorss a cyberwar glossary that deserves to be a classic lexicon, just like Ambrose Bierces' The Devil's Dictionary.

Read the whole document. I especially like the concluding section where Richard "Rick" Forno notes:

Cyberwarfare indeed is a concern  that must be addressed responsibly; however there is such a cacophony of ‘noise’ in public and private discourse on the subject that it is difficult for many to make sense of the actual cybersecurity issues we need to be thinking about as a Nation. Let’s burst the “cyber-bubble” and deal with the real issues, concerns, effects, and consequences of operating in the “cyber” domain instead of relying on and/or believing questionable analysis and dubious statistics presented in sensational reports, statements and oft-cited soundbites.

Better still, let’s all agree that if we want to be proactive in cybersecurity (or cyberwarfare protection) we must ensure our information assets not only are hardened and reinforced but designed with survivability and resiliency in the first place. Doing the former without the latter only will set us up to “lose” in the cyber domain. Our enemies recognize this and will act accordingly, so why don’t we?

Seriously, Amen to that!


crypto. hebern, secret

Getting back to the blog after a summer hiatus

I had been spending most of my public posting time on my Twitter account (@jabolins). The microblogging format worked nicely with a busy summer schedule. Now that I am back on a busy fall schedule, I'll get back to blogging here.

One of the things I was tracking this summer was the July DDoS attacks upon South Korean and US sites. Very interesting how quickly some people were blaming North Korea for the attacks and even suggesting strong measures against the dictatorship. Cyber-attribution is a tricky matter and there's a big risk of "Ready, FIRE, oh, well, aim...." mishaps.

Another interesting thing I was look at this summer was the Internet activities following the disputed Iranian elections. This included net censorship and counter-measures, people (including me) "greening" their Twitter avatars, etc.

These two things often raised the "cyberwar" theme and I will address the topic in a few weeks.

Jonathan D. Abolins

  • Current Mood
    chipper chipper
crypto. hebern, secret

PRC's Kylin secure OS: Part of cyber-war or cyber-security?

Adding some updates with indications. - 13 May 2009. More updates. - 1 June 2009.

Kylin logo Today, I was in the midst of info security discussions about a Chinese operating system called "Kylin".

This set of discussions was launched by a Washington Times article by Bill Gertz today, "China blocks U.S. from cyber warfare". The article claimed:
China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies.

The secure operating system, known as Kylin, was disclosed to Congress during recent hearings that provided new details on how China's government is preparing to wage cyberwarfare with the United States.

The hearings mentioned by the Washington Times included the 30 April 2009 US-China Economic and Security Review Commission's Hearing on China’s Propaganda and Influence Operations, Its Intelligence Activities that Target the United States, and the Resulting Impacts on U.S. National Security. At that hearing, Mr. Kevin G. Coleman, Senior Fellow with the Technolytics Institute was on the panel concerning Chinese cyber-espionage directed at the US. In his opening statements, Coleman stated:
Chinese authors believe the United States already is carrying out offensive cyber espionage and exploitation against China. China therefore must protect its own assets first in order to preserve the capability to go on the offensive. While this is a highly unpopular statement, WE ARE IN THE EARLY STAGES OF A CYBER ARMS RACE AND NEED TO RESPOND ACCORDINGLY!

This race was intensified when China created Kylin, their own hardened server operating system and began to convert their systems back in 2007. This action also made our offensive cyber capabilities ineffective against them given the cyber weapons were designed to be used against Linux, UNIX and Windows. Refer to our report - RED SOS.
(I was not able to find the RED SOS report online yet.)

Looking at my Twitter feeds throughout the day, I was seeing much tweeting about Kylin OS. Then, I mentioned the topic to Heike of The Dark Visitor blog about Chinese hackers. As I kept learning more about Kylin, it became clear that I should compile the information and post it on this blog.

The Kylin Web Site

Kylin's Web site is at
[Rough rendition of the site into English via Google Translate]

By the way, some people have noted that, ironically, the site for a secure OS has an SQL injection vulnerability.

Kylin OS History

I learned that the Kylin OS has been around for several years, going back to 2001.

China Military Online, a Web site sponsored by the PLA Daily of the Chinese Peoples Liberation Army, reported in February 2005 of the development of Kylin as a the PRC's own operating system that could replace foreign OSes. The Kylin OS was developed by the University of Science and Technology for National Defense (affiliated with the PLA). The project began when...
In 2001, the central government decided to assign the mission of developing an operating system with independent intellectual property right, a major special project of the state's "863 Hi-tech Program", to the Computer Science Institute of the National University of Defense Technology. Upon receiving the mission, the institute swiftly organized a strong scientific and technological task group to brave difficulties and hardships and make bold innovations. Eventually, the group succeeded in making breakthroughs in a series of core technologies and developed the first 64-bit operating system with high security level (B2 class)-the Kylin server operating system. The system is not only compatible with the mainstream operating systems in the world, but also supports several multiple microprocessors and computers of different structures. In addition, the system is also the first operating system without Linux kernel that has obtained Linux global standard authentification by the international Free Standards Group (FSG).
In December 2006, Xinghua reported about Kylin OS. One of the things this report mentioned was that the University had signed an agreement with the LENOVO for production and application of the Kylin system.

FreeBSD Roots?

Information Warfare Monitor has a post "Kylin operating system plagiarized from the FreeBSD5.3?" and pointed to the Dancefire site with it comparison of Kylin and FreeBSD 5.3. The similarities between the two OSes reportedly reached 99.45 percent.

The interesting Kylin information is under the Dancefire site's News section, which is in Chinese. The good news for those of us who cannot read Chinese is that Google Translate does a passable rendition of the texts. (Kylin is rendered by Google as "Kirin". I don't think it has anything to do with the Japanese beer. Does it?)

ADDED 1 June 2009: Jumper at The Dark Visitor blog has been taking a look at Kylin and has a good posting there.

How "Secure" is This "Secure OS"? [added 13 May 2009]

Much of the reporting about Kylin, including the PRC's PR about the OS, seems to take the claims it is a "secure OS" at face value. But I have not yet come across any extensive security testing of Kylin. Also, I am wondering how much ongoing security support for Kylin is there. I mean things such as security patches, forums, etc.

Security researcher Dancho Danchev raises several excellent points that challenge the notions that the PRC's (or any other country's) "secure OS" poses a real threat to the US cyber-offensice capabilities.  Danchev writes regarding the "re-branding" of FreeBSD as Kylin and about the limits of "national security OSes":
All warfare is indeed based on deception, especially when you’re re-branding.

The rush to participate in the “national security operating system” arms race is pretty evident across the world, with the European Union’s secure OS Minix, the U.S Air Force new ‘secure distribution of Windows XP‘ and Russia’s interest in a similar secure OS.

What everyone appears to be forgetting is the fact that security is proportional with usability, and as well as the fact that complexity is the worst enemy of security.
Then, Danchev provides the example of a US penetration test of a US government site and found "763 high-risk, 504 medium-risk, and 2,590 low-risk vulnerabilities, such as weak passwords and unprotected critical file folders.” The assortment of applications on the systems and their complexity gave ample footholds for exploitation. Then, there are human factors, including human foibles, that can affect security. Although better designed or hardened OSes can help, they are but one component of security.

So is the PRC's Kylin a Part of Cyber-Warfare, Cyber-Security, or Both?

It's both. (Note, I am leery of the cyber-warfare term. It can encourage massive, costly projects and bad analogies.)

I understand Mr. Coleman's concerns about cyberwarfare aspects and how the PRC's cyber-defence could hinder US cyber cababilities against their systems. But, we should not deem overall attempts to have more secure operating systems as "warfare" in a sinister sense per se. Improving cyber-security is something that we all should be doing. Being "peaceful" in the networked world does not mean having servers running unpatched Windows. The US, UK, etc. should be encouraging their government, corporate, and infrastructure systems to be better secured. (The US has done projects such NSA's work on Security Enhanced Linux. Some might call that as an example of US cyber-warfare.)

Special thanks to

Jonathan D. Abolins

crypto. hebern, secret

I'm speaking at NJ Infragard meeting Tues 21 April 2009 on pandemic flu

Normally, I'd be speaking about computer "pathogens" but, for a change, I'll speaking at the New Jersey Infragard chapter April meeting. The meeting's theme is Pandemic Flu Planning.

My presentation is:
Lessons for the 21st Century from the 20th Century History of the Flu:

There were three major influenza pandemics in the 20th Century. The 1918-19 "Spanish Influenza" was particularly deadly, killing anywhere between 30 and 50 million people around the world. The 1957-58 Asian flu was not as deadly, but still killed about 70,000 Americans. The "mildest" pandemic, Hong Kong Flu of 1968-69, caused about 34,000 US deaths. Then there was the 1976 "Swine Flu" abortive pandemic and a nationwide vaccination program which some called a fiasco.

What lessons for today can we glean from these events decades ago? This presentation will point out lessons to help us to better prepare for future pandemics.
Also speaking will be Heather Benamati, MPH, CHES, Health Services, Human Services Coordinator of the Bernards Township Health Department. She focus upon public health aspects of pandemic flu preparedness. There will be a third speaker who'll cover business contingency planning.

Date: Tuesday, April 21, 2009
Time: 9:30 am to 10:00 am - networking session
10:00 am to 1:00 pm - the Chapter meeting
73 Mountain View Boulevard
Basking Ridge, New Jersey
[Map] [Directions]
Parking will be available at the Credit
Union for attendees.